Common internal server configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 35
28
[SecPath] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the
Internet.
[SecPath] acl number 2001
[SecPath-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[SecPath-acl-basic-2001] rule deny
[SecPath-acl-basic-2001] quit
# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 0/2.
•
No-PAT
[SecPath] interface gigabitethernet 0/2
[SecPath-GigabitEthernet0/2] nat outbound 2001 address-group 1 no-pat
[SecPath-GigabitEthernet0/2] quit
•
NAPT
[SecPath] interface gigabitethernet 0/2
[SecPath-GigabitEthernet0/2] nat outbound 2001 address-group 1
[SecPath-GigabitEthernet0/2] quit
Common internal server configuration example
Network requirements
As shown in
, a company provides two Web servers, one FTP server, and one SMTP server for
external users to access. The internal network address is 10.110.0.0/16. The internal address for the FTP
server is 10.110.10.3/16, for Web server 1 is 10.110.10.1/16, for Web server 2 is 10.110.10.2/16, and
for the SMTP server 10.110.10.4/16. The company has three public IP addresses ranging from
202.38.1.1/24 to 202.38.1.3/24. Specifically, the company has the following requirements:
•
External hosts can access internal servers with public address 202.38.1.1/24.
•
Port 8080 is used for Web server 2.
Figure 27 Network diagram
Configuration procedure
# As shown in
, configure the IP addresses for the interfaces. (Details not shown.)
# Enter interface GigabitEthernet 0/2 view.
<SecPath> system-view
[SecPath] interface gigabitethernet 0/2
FTP server
10.110.10.3/16
Web server 1
10.110.10.1/16
Web server 2
10.110.10.2/16
SMTP server
10.110.10.4/16
Host
Internet
GE0/1
10.110.10.10/16
GE0/2
202.38.1.1/24
SecPath