NAT配置命令
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
NAT配置命令:
sys
acl number 2000 /配置允许进行NAT转换的内网地址段/ rule 0 permit source 192.168.0.0 0.0.0.255
rule 1 deny
#
interface Ethernet0/0
ip address 202.1.1.2 255.255.255.248
nat outbound 2000
quit
save
攻击防范命令:firewall defend all
常见防病毒访问控制列表
acl number 3333
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny udp destination-port eq 1433 rule 15 deny tcp destination-port eq 4444 rule 16 deny tcp destination-port eq 9996 rule 17 deny tcp destination-port eq 5554 rule 18 deny udp destination-port eq 9996 rule 19 deny udp destination-port eq 5554 rule 20 deny tcp destination-port eq 137 rule 21 deny tcp destination-port eq 138 rule 22 deny tcp destination-port eq 1025 rule 23 deny udp destination-port eq 1025 rule 24 deny tcp destination-port eq 9995 rule 25 deny udp destination-port eq 9995 rule 26 deny tcp destination-port eq 1068 rule 27 deny udp destination-port eq 1068 rule 28 deny tcp destination-port eq 1023 rule 29 deny udp destination-port eq 1023
rule 30 permit icmp icmp-type echo
rule 31 permit icmp icmp-type echo-reply
rule 32 permit icmp icmp-type ttl-exceeded rule 33 deny icmp
然后进入相应的内网口和外网口,下发到inbound方向如interface ethernet 1/0
firewall packet-filter 3333 inbound