firewall-> get interface all box is not in pure_l2_mode A - Active, I - Inactive, U - Up, D - Down, R - Ready Total interface: 12 Name IP Address Zone MAC VLAN State VSD trust 192.168.3.1/24 Trust 001f.1255.a902 - U - untrust 61.144.230.41/29 Untrust 001f.1255.a901 - U - serial 0.0.0.0/0 Null 001f.1255.a906 - D - tun.1 unnumbered Untrust untrust - D - vlan1 0.0.0.0/0 VLAN 001f.1255.a90f 1 D - null 0.0.0.0/0 Null N/A - U 0 firewall->
set pppoe name "PPPoE" set pppoe name "PPPoE" username "cjf0000@163.gd" password "yVizHVPmNgsYRvCpTP7RsQnxg2VpbQ==" set pppoe name "PPPoE" idle 0 set pppoe name "PPPoE" interface untrust set pppoe name "PPPoE" auto-connect 30
set interface eth4 nat //將介面4設置為nat模式 set interface eth4 route //將介面4設置為路由模式
Route between multiple subnets without a router
set interface trust ip (ip address) (subnet mask) secondary [Enter] save [Enter]
set zone name office //建立一個3層的zone,名為Office set zone name L2-office L2 1 //建立一個2層的zone,名為L2-Office(二層介面必須以L2-開始命名),vlan id 為1。 set interface eth4 zone office //將介面4設置為office zone的介面。 set interface vlan1 ip 10.10.10.10/24 //將vlan1的ip設置為10.10.10.10 set interface vlan1 manage web //開通vlan1介面的web管理功能 set interface vlan1 manage ping //開通vlan1介面的ping功能
set interface eth3 mip 1.1.1.1 host 2.2.2.2 vrouter trust-vr //設置mip,外網ip1.1.1.1 綁定到內網ip 2.2.2.2上 unset interface eth3 mip 1.1.1.1 //取消1.1.1.1的mip設置
unset interface "untrust" mip 61.144.230.44 set interface "untrust" mip 61.144.230.44 host 192.168.3.46 netmask 255.255.255.255 vr "trust-vr" set policy from "Untrust" to "Trust" "Any" "MIP(61.144.230.44)" "HTTP" permit log policy id = 79 set policy id 79 set service "HTTPS" exit
set interface eth3 vip untrust-ip + 21 ftp 192.168.0.10 //設置vip set interface eth3 vip untrust-ip + 8000 ftp 192.168.0.10
set service "OpenSSH" protocol tcp src-port 0-65535 dst-port 22-22 set interface untrust vip 61.144.230.45 + 22 OpenSSH 192.168.3.10 set policy from untrust to trust any vip(61.144.230.45) OpenSSH permit save