帮你发个教程自己研究下吧。
#
sysname RouterA
#
firewall enable /使能防火墙功能/
firewall default deny /配置防火墙缺省操作为deny/
#
radius scheme system
#
domain system
#
acl number 2000 /定义用于NAT转换的ACL/
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 deny
#
acl number 3001 /定义用于包过滤的ACL/
rule 0 permit ip source 192.168.1.0 0.0.0.127
/内网地址192.168.1.0/25访问外网不作限制/
rule 1 permit tcp source 192.168.1.128 0.0.0.127 destination-port eq pop3
rule 2 permit tcp source 192.168.1.128 0.0.0.127 destination-port eq smtp
/内网地址192.168.1.128/25只能收发邮件/
#
interface Ethernet1/0/0
ip address 192.168.1.1 255.255.255.0
firewall packet-filter 3001 inbound /对inbound流量使用包过滤/
#
interface Serial2/0/0
link-protocol ppp
ip address 202.101.1.2 255.255.255.252
nat outbound 2000
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 202.101.1.1 preference 60
#
user-interface con 0
user-interface vty 0 4
#
return
安全专区-防火墙-出站通信策略
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024