Internal server configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

111

[Device] interface Vlan-interface 20

[Device-Vlan-interface20] nat outbound 2001 address-group 1

[Device-Vlan-interface 20] quit

# Configure connection limit policy 1 to limit user connections sourced from 10.110.10.100. Set the upper
and lower limits to 1000 and 200 respectively.

[Device] acl number 2002

[Device-acl-basic-2002] rule permit source 10.110.10.100 0.0.0.0

[Device-acl-basic-2002] rule deny

[Device-acl-basic-2002] quit

[Device] connection-limit policy 1

[Device-connection-limit-policy-1] limit 0 acl 2002 per-destination amount 1000 200

[Device-connection-limit-policy-1] quit

# Bind connection limit policy 1 to NAT.

[Device] nat connection-limit-policy 1

Internal server configuration example

Network requirements

As shown in

Figure 51

, a company provides two web servers, one FTP server, and one SMTP server for

external users to access. The internal network address is 10.110.0.0/16. The internal address for the FTP

server is 10.110.10.3/16, for the web server 1 is 10.110.10.1/16, for the web server 2 is 10.110.10.2/16,
and for the SMTP server 10.110.10.4/16. The company has three public IP addresses in the range of

202.38.1.1/24 to 202.38.1.3/24. Specifically, the company has the following requirements:

•

External hosts can access internal servers with public address 202.38.1.1/24.

•

Port 8080 is used for web server 2.

Figure 51 Network diagram

Configuration procedure

# Specify IP addresses for the interfaces, as shown in

Figure 51

. (Details not shown.)

# Enter interface VLAN-interface 20 view.

system-view

[Device] interface vlan-interface 20

# Configure the internal FTP server.

FTP server

10.110.10.3/16

Web server 1

10.110.10.1/16

Web server 2

10.110.10.2/16

SMTP server

10.110.10.4/16

Host

Internet

Vlan-int10

10.110.10.10/16

Vlan-int20
202.38.1.1/24

Device