需求:
1、透明模式2、NAT+多出口
3、进行P2P限制
#
acl number 2000
rule 0 permit
acl number 2001
rule 0 permit
#
acl number 3000
de***ion "policy route"
rule 0 permit ip source 60.2.1.100 0
acl number 3001
rule 0 permit ip source 192.168.1.0 0.0.0.255
#
sysname Eudemon
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local DMZ direction inbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone local edu direction inbound
firewall packet-filter default permit interzone local edu direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone trust edu direction inbound
firewall packet-filter default permit interzone trust edu direction outbound
firewall packet-filter default permit interzone DMZ untrust direction inbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
firewall packet-filter default permit interzone edu untrust direction inbound
firewall packet-filter default permit interzone edu untrust direction outbound
firewall packet-filter default permit interzone DMZ edu direction inbound
firewall packet-filter default permit interzone DMZ edu direction outbound
#
nat address-group 0 70.1.1.1 70.1.1.5
#
firewall mode route
#
firewall statistic system enable
firewall p2p-car default-permit
firewall p2p-car cir 10000
firewall p2p-car cir 20000 1 bb
firewall p2p-car cir 20000 2 bb
#
traffic classifier edu_route_cls
if-match acl 3000
#
traffic behavior edu_route_behav
remark ip-nexthop 60.1.1.100 output-interface Ethernet4/0/1
#
qos policy edu_route_qos
classifier edu_route_cls behavior edu_route_behav
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet4/0/0
de***ion text "intranet"
ip address 60.2.1.1 255.255.255.0
#
interface Ethernet4/0/1
de***ion "edu"
ip address 60.1.1.1 255.255.255.0
#
interface Ethernet4/0/2
de***ion "telecom"
ip address 70.1.1.1 255.255.255.0
#
interface Ethernet4/0/3
#
interface Ethernet4/0/4
#
interface Ethernet4/0/5
#
interface Ethernet4/0/6
#
interface Ethernet4/0/7
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface NULL0
#
time-range bb 00:00 to 24:00 daily
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
qos apply policy edu_route_qos outbound
add interface Ethernet4/0/0
#
firewall zone untrust
set priority 5
add interface Ethernet4/0/2
#
firewall zone DMZ
set priority 50
#
firewall zone name edu
set priority 6
add interface Ethernet4/0/1
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone local edu
#
firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 2001 address-group 0
detect ftp
detect h323
detect sip
detect pptp
detect hwcc
detect http
detect netbios
detect rtsp
detect qq
detect msn
#
firewall interzone trust DMZ
#
firewall interzone trust edu
p2p-car 3001
packet-filter 2000 outbound
detect ftp
detect h323
detect sip
detect pptp
detect hwcc
detect http
detect netbios
detect rtsp
detect qq
detect msn
#
firewall interzone DMZ untrust
#
firewall interzone edu untrust
#
firewall interzone DMZ edu
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
ip route-static 0.0.0.0 0.0.0.0 70.1.1.100
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
1
用户评论