|
|
EVE懒人版4.0,华为的usg6000v为什么untrust一直无法pingdmz域,试过几种方法都没成功
左边云连接的是centOS7的dns/web服务器
interface GigabitEthernet1/0/0
undo shutdown
ip address 100.1.1.2 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 172.168.100.254 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 192.168.140.250 255.255.255.0
service-manage ping permit
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEtherne1/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1
ip route-static 172.168.0.0 255.255.0.0 172.168.100.1
#
security-policy
rule name easy
source-zone trust
destination-zone untrust
action permit
rule name easy1
source-zone trust
destination-zone dmz
action permit
#
nat-policy
rule name nat123
source-zone trust
destination-zone untrust
source-address 172.168.20.0 mask 255.255.255.0
action source-nat easy-ip
rule name nat111
source-zone trust
destination-zone dmz
source-address 172.168.10.0 mask 255.255.255.0
action source-nat easy-ip
|
-
-
|
发表于 2021-5-11 10:09:46
楼主
