天融信防火墙命令集锦
Convergence of Firewall Commands
Helpmode chinesel
区域权限:pf service add name webui(gui/ping/telent) area 区域名 addressname any
regional competence: service add name webui (gui/ping/telent) area Addressname any
web管理服务开启:system httpd start
web management services open: system httpd start
web界面权限添加:pf service add name webui area 区域名 addressname any
web interface privileges added: pf service add name webui area
添加网口ip: network interface eth16 ip add 192.168.4.12 mask 255.255.255.0 label 0
Add web portal/span>: network interface eth16 ip add 192.168.4.12 mask 255.255.255.0 label 0
禁用网口: network interface eth16 shutdown
Disabled portal: & nbsp; network interface et 16 shutdown
启用网口: network interface eth16 no shutdown
Enable web portal: & nbsp; network interface et16 no shutdown
交换模式: network interface eth16 switchport(no switchport路由模式)
exchange mode: & nbsp; network interface et 16 switchport ( no switchport route mode)
区域设置: define area add name E1 attribute 网口 access off(on)《off权限禁止,on权限允许》
Regional settings: & nbsp;define isa add name E1 antibute access off ( )
主机地址: define host add name 主机名 ipaddr 192.1.1.1
Host address: & nbsp; host name hostname
子网地址: define host subnet add name 名字 ipaddr 192.168.1.1 mask 25.255.255.0
subnet address: & nbsp;definine host subnet add name ipiddr 192.168.1.1 mask 25.255.0
自定义服务:define service add name 名称 protocol 6 port 端口号 (6是tcp的协议码)
Custom services: name name name protocol 6 port port port number(>6
vlan添加ip:network interface vlan.0001 ip add 192.168.1.1 mask 255.255.255.0 label 0
vlan Add
web服务器外网访问
web
1)设置 E1 区域
1) Set E1 Section
#define area add name E1 access on attribute eth1
2)定义 WEB 服务器真实地址
2) Defines the real address of the WEB server
#define host add name WEB_server ipaddr 172.16.1.2
3)定义 WEB 服务器访问地址
3) Define WEB server access address
#define host add name MAP_IP ipaddr 202.99.27.199
4)定义服务端口
4) Defines the service port
#define service add name Web_port protocol 6 port 8080
说明:“6”是 TCP 协议的协议码
states: "6" is the code of the TCP protocol
5)设置地址转换规则
5) Setup address conversion rules
#nat policy add srcarea E1 orig_dst MAP_IP orig_service http
trans_dst Web_server trans_service Web_port
路由adls
& nbsp; & nbsp; & nbsp; & nbsp; & nbsp; routeadls
ADS拨号设置
ADS dial-up settings
1)设置 ADSL 拨号参数
1) Set ADSL Dialup Parameters
#network adsl set dev eth0 username adsl1234 passwd 123456 attribute adsl
2)定义外网区域(adsl-a)
2) Defines the outer network area (adsl-a)
#define area add name adsl-a attribute adsl access on
3)配置地址转换策略
3) Configure address conversion policy
#nat policy add srcarea area_eth1 dstarea adsl-a trans_src adsl
4)拨号
4) Dial
#network adsl start
5)查看拨号连接情况
5) See dial-up connection
# network adsl show status
STATE: PHASE_RUNNING
RX_BYTES: 815
TX_BYTES: 2021
RX_PKTS: 13
TX_PKTS: 42
LOCALIP: 168.22.100.3
PEERIP: 168.22.100.1
ELAPS: 586
Dhcp配置
Dhcp
1)配置 Eth1 口的 IP 地址
1) Configure IP address for Eth1
#network interface eth1 ip add 10.10.10.1 mask 255.255.255.0
系统自动为物理接口 eth1 绑定属性“eth1”。
The system automatically binds the properties "eth1" to the physical interface eth1.
2)添加区域对象,指定对区域对象的访问权限为允许访问,并将区域与属性 eth1 绑
2) Add area objects, specify access rights to regional objects as allowed, and bind area to attribute eth1
定。
#define area add name area_eth1 access on attribute eth1
3)开放该区域的 DHCP 服务
3) Opening up DHCP services in the region
#pf service add name dhcp area area_eth1 addressname any
4)配置 DHCP 服务器
4) Configure DHCP Server
首先要配置 DHCP 服务器的地址池
first configures the address pool of the DHCP server
#network dhcp server add_subnet subnet 10.10.10.0 submask 255.255.255.0 gateway
10.10.10.1 sub_start 10.10.10.23 sub_end 10.10.10.33 pri_dns 202.106.0.20
如果需要,DHCP 服务器可以给指定 MAC 地址的主机绑定 IP 地址。
If necessary, the DHCP server can bind the IP address to the host of the specified MAC address.
#network dhcp server add_host name bind macaddr 00:50:04:c3:b0:31 ipaddr
10.10.10.25
5)在 eth1 口启动 DHCP 服务器
5) Start DHCP server at eth1
#network dhcp server start on eth1
6)查看已分配的 IP 情况
6) See allocated IP
#network dhcp show binded
web服务器外网访问
web server extranet access
1)设置 E1 区域
1) Set E1 Section
#define area add name E1 access on attribute eth1
2)定义 WEB 服务器真实地址
2) Defines the real address of the WEB server
#define host add name WEB_server ipaddr 172.16.1.2
3)定义 WEB 服务器访问地址
3) Define WEB server access address
#define host add name MAP_IP ipaddr 202.99.27.199
4)定义服务端口
4) Defines the service port
#define service add name Web_port protocol 6 port 8080
说明:“6,”是 TCP 协议的协议码
notes: , , is the code of the TCP protocol
5)设置地址转换规则
5) Setup address conversion rules
#nat policy add srcarea E1 orig_dst MAP_IP orig_service http
trans_dst Web_server trans_service Web_port
目的地址转换:
nat policy add srcarea adsla orig_dst adsl orig_service anyshare端口 trans_dst 营销系统主机
andpolicialaddsrcarea orig_dspanspan>
nat policy add orig_src any orig_dst adsl orig_service anyshare端口 trans_dst 营销系统主机
区域源地址转换: Source Address Conversion : nat policy add srcarea area_eth11 dstarea adsla trans_src adsl enable yes 访问控制 Access Control firewall policy add action accept srcarea area_eth12 dstarea area_eth11 firewall policy add action accept src any dstarea area_eth11 源地址转换 Source Address Conversion 1)定义区域对象 1) Defines area objects #define area add name area_eth1 access on attribute eth1 #define area add name area_eth0 access off attribute eth0 2)定义内网地址对象 2) Define inner-network address object #define subnet add name 子网 100.x ipaddr 192.168.100.0 mask 255.255.255.0 3)定义 NAT 地址 3) Define NT Address #define host add name nat-ip ipaddr 202.10.10.1 mask 255.255.255.0 定义 NAT 地址池 Defines NT Address Pool #define range add name nat-pool ip1 202.10.10.1 ip2 202.10.10.10 4)定义 NAT 地址转换规则 4) Definition of NT address conversion rules 转换为固定 nat-ip to fixednat-ip #nat policy add dstarea area-eth1 orig_src 子网 100.x trans_src nat-ip enable yes isa-eth1 orig_src 在地址池中动态选择转换后的 IP #nat policy add dstarea area-eth1 orig_src 子网 100.x trans_src nat-pool enable yes policy dstarea a/span> 济南磐龙笔记本交换机维修 www.pldtwx.com Dinan Rock Notebook Switching www.pldtwx.com
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论