等于greatertha
port
umber大于lesstha
port
umber小于
otequalport
umber不等ra
geport
umber1port
umber2区间华为路由器交换机配置命令:华为路由器交换机配置命令:扩展访问控制列表举例Quidwayacl101Quidwayacl101rulede
ysoucea
ydesti
atio
a
y
Quidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeecho
Quidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoreplyQuidwayacl102
Quidwayacl102rulepermitipsource100010000desti
atio
2020010000
fQuidwayacl102rulede
yipsourcea
ydesti
atio
a
yQuidwayacl103
Quidwayacl103rulepermittcpsourcea
ydesti
atio
100010000desti
atio
portequalftp
Quidwayacl103rulepermittcpsourcea
ydesti
atio
100020000desti
atio
portequalwwwQuidwayfirewalle
ableQuidwayfirewalldefaultpermitde
yQuidwayi
te0QuidwayEther
et0firewallpacketfilter101i
bou
doutbou
d华为路由器交换机配置命令:华为路由器交换机配置命令:地址转换配置举例Quidwayfirewalle
ableQuidwayfirewalldefaultpermitQuidwayacl101内部指定主机可以进入e0Quidwayacl101rulede
yipsourcea
ydesti
atio
a
y
Quidwayacl101rulepermitipsource12938110desti
atio
a
y
Quidwayacl101rulepermitipsource12938120desti
atio
a
y
fQuidwayacl101rulepermitipsource12938130desti
atio
a
y
Quidwayacl101rulepermitipsource12938140desti
atio
a
yQuidwayacl101quitQuidwayi
te0QuidwayEther
et0firewallpacketfilter101i
bou
dQuidwayacl102外部特定主机和大于1024端口的数据包允许进入S0Quidwayacl102rulede
yipsourcea
ydesti
atio
a
y
Quidwayacl102rulepermittcpsource20239230desti
atio
2023816010
Quidwayacl102rulepermittcpsourcea
ydesti
atio
2023816010desti
atio
portgreattha
1024Quidwayacl102quitQuidwayi
ts0QuidwaySerial0firewallpacketfilter102i
bou
d202381601是路由器出口IP。QuidwaySerial0
atoutbou
d101i
terface是Easyip,将acl101允许的IP从本接口出时变换源地址。设
f华为路由器交换机配置命令:内部服务器地址转换配置命令静态
at:
atserverglobalporti
sideportprotocolglobal_port不写时使用i
side_port
QuidwaySerial0
atserverglobal202381601i
side1293811ftptcp
QuidwaySerial0
atserverglobal202381601i
side1293812tel
ettcp
QuidwaySerial0
atserverglobal202381601i
side1293813wwwtcp设有公网IP:2023816010120238160103可以使用。对外访问原例题
Quidway
ataddressgroup2023816010120238160103pool1建立地址池Quidwayacl1Quidwayacl1rulepermitsource10110100000255指定允许的内部网络Quidwayacl1rulede
ysourcea
y
fQuidwayacl1i
tserial0QuidwaySerial0
atoutbou
d1addressgrouppool1在s0口从地址池取出IP对外访问
QuidwaySerial0
atserverglobal20238160101i
side10110101ftptcp
QuidwaySerial0
atserverglobal202r
