|
[Quidway] acl number 2001 [Quidway-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255 [Quidway-acl-basic-2001] rule deny # 配置地址池。 [Quidway] nat address-group 1 202.110.10.10 202.110.10.12 # 允许地址转换,使用地址池1中的地址进行地址转换。在转换的时候使用TCP/UDP的端口信息,使用如下配置。 [Quidway-Serial0/0/0] nat outbound 1 address-group 1 # 删除对应配置。 [Quidway-Serial0/0/0] undo outbound 1 address-group 1 # 如果使用一对一的地址转换(不使用TCP/UDP的端口信息进行地址转换),可以使用如下配置。 [Quidway-Serial0/0/0] nat outbound 1 address-group 1 no-pat # 删除对应配置。 [Quidway-Serial0/0/0] undo nat outbound 1 address-group 1 no-pat # 如果直接使用Serial 0/0/0口的IP地址,可以使用如下的配置。 [Quidway-Serial0/0/0] nat outbound 1 # 删除对应配置。 [Quidway-Serial0/0/0] undo nat outbound 1 111111111111111111111111 下面有一些好东东,和你分享 acl number 100 禁ping rule deny icmp source any destination any 用于控制Blaster蠕虫的传播 rule deny udp source any destination any destination-port eq 69 rule deny tcp source any destination any destination-port eq 4444 用于控制冲击波病毒的扫描和攻击 rule deny tcp source any destination any destination-port eq 135 rule deny udp source any destination any destination-port eq 135 rule deny udp source any destination any destination-port eq netbios-ns rule deny udp source any destination any destination-port eq netbios-dgm rule deny tcp source any destination any destination-port eq 139 rule deny udp source any destination any destination-port eq 139 rule deny tcp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 593 rule deny tcp source any destination any destination-port eq 593 用于控制振荡波的扫描和攻击 rule deny tcp source any destination any destination-port eq 445 rule deny tcp source any destination any destination-port eq 5554 rule deny tcp source any destination any destination-port eq 9995 rule deny tcp source any destination any destination-port eq 9996 用于控制 Worm_MSBlast.A 蠕虫的传播 |