Enabling alg at the cli, Alg configuration examples at the cli, Ftp alg configuration example – H3C Technologies H3C SecPath F1000-E User Manual
Page 65: Network requirements, Configuration procedure
58
Enabling ALG at the CLI
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable ALG.
alg { all | dns | ftp | gtp | h323 |
ils | msn | nbt | pptp | qq | rtsp |
sccp | sip | sqlnet | tftp }
Optional.
Enabled only for FTP by default.
ALG configuration examples at the CLI
The following examples describe only ALG-related configurations, assuming that other required
configurations on the server and client have been done.
FTP ALG configuration example
Network requirements
As shown in
, a company uses the private network segment 192.168.1.0/24, and has four
public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. The company wants to provide FTP
services to the outside.
Configure NAT and ALG on the SecPath so that hosts on the external network can access the FTP server
on the internal network.
Figure 54 Network diagram
Configuration procedure
# Configure the address pool and ACL.
<SecPath> system-view
[SecPath] nat address-group 1 5.5.5.9 5.5.5.11
[SecPath] acl number 2001
[SecPath-acl-basic-2001] rule permit
[SecPath-acl-basic-2001] quit
# Enable ALG for FTP.
[SecPath] alg ftp
# Configure NAT.
[SecPath] interface GigabitEthernet 0/1
[SecPath-GigabitEthernet0/1] nat outbound 2001 address-group 1
# Configure internal FTP server.
Host
FTP server
Local: 192.168.1.2
Global: 5.5.5.10
SecPath
Internet
GE0/1
5.5.5.1/24
192.168.1.1/24