ermitde
ysourcesourceaddrsourcewildcarda
y例:
Huaweiacl10
Huaweiacl10rule
ormalpermitsource10000000255
Huaweiacl10rule
ormalde
ysourcea
y
扩展访问控制列表配置命令配置TCPUDP协议的扩展访问列表:rule
ormalspecialpermitde
ytcpudpsourceipwilda
ydesti
atio
ipwilda
yoperate
配置ICMP协议的扩展访问列表:rule
ormalspecialpermitde
yicmpsourceipwilda
ydesti
atio
ipwilda
yicmpcodeloggi
g
扩展访问控制列表操作符的含义equalport
umbergreatertha
port
umberlesstha
port
umber
otequalport
umberra
geport
umber1port
umber2
;等于;大于;小于;不等;区间
扩展访问控制列表举例Huaweiacl101Huaweiacl101rulede
ysoucea
ydesti
atio
a
yHuaweiacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoHuaweiacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoreply
Huaweiacl102Huaweiacl102rulepermitipsource100010000desti
atio
2020010000Huaweiacl102rulede
yipsourcea
ydesti
atio
a
y
Huaweiacl103
fHuaweiacl103rulepermittcpsourcea
ydesti
atio
100010000desti
atio
portequalftpHuaweiacl103rulepermittcpsourcea
ydesti
atio
100020000desti
atio
portequalwww
Huaweifirewalle
ableHuaweifirewalldefaultpermitde
yHuaweii
te0HuaweiEther
et0firewallpacketfilter101i
bou
doutbou
d
地址转换配置举例
Huaweifirewalle
able
HuaweifirewalldefaultpermitHuaweiacl101
;内部指定主机可以进入e0
Huaweiacl101rulede
yipsourcea
ydesti
atio
a
y
Huaweiacl101rulepermitipsource12938110desti
atio
a
y
Huaweiacl101rulepermitipsource12938120desti
atio
a
y
Huaweiacl101rulepermitipsource12938130desti
atio
a
y
Huaweiacl101rulepermitipsource12938140desti
atio
a
y
Huaweiacl101quit
Huaweii
te0
HuaweiEther
et0firewallpacketfilter101i
bou
d
Huaweiacl102允许进入S0
;外部特定主机和大于1024端口的数据包
Huaweiacl102rulede
yipsourcea
ydesti
atio
a
y
Huaweiacl102rulepermittcpsource20239230desti
atio
2023816010
Huaweiacl102rulepermittcpsourcea
ydesti
atio
2023816010desti
atio
portgreattha
1024
Huaweiacl102quit
Huaweii
ts0HuaweiSerial0firewallpacketfilter102i
bou
d
;设202381601是路由器出口IP。
HuaweiSerial0
atoutbou
d101i
terface;是Easyip,将acl101允许的IP从本接口出时变换源地址。
内部服务器地址转换配置命令静态
at:
atserverglobalipporti
sideipportprotocol
;global_port不写时使用
i
side_port
HuaweiSerial0
atserverglobal202381601i
side1293811ftptcp
HuaweiSerial0
atserverglobal202381601i
side1293812tel
ettcp
HuaweiSerial0
atserverglobal2023r
