Common internal server configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

28

[SecPath] nat address-group 1 202.38.1.2 202.38.1.3

# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the

Internet.

[SecPath] acl number 2001

[SecPath-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255

[SecPath-acl-basic-2001] rule deny

[SecPath-acl-basic-2001] quit

# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 0/2.

•

No-PAT

[SecPath] interface gigabitethernet 0/2

[SecPath-GigabitEthernet0/2] nat outbound 2001 address-group 1 no-pat

[SecPath-GigabitEthernet0/2] quit

•

NAPT

[SecPath] interface gigabitethernet 0/2

[SecPath-GigabitEthernet0/2] nat outbound 2001 address-group 1

[SecPath-GigabitEthernet0/2] quit

Common internal server configuration example

Network requirements

As shown in

Figure 27

, a company provides two Web servers, one FTP server, and one SMTP server for

external users to access. The internal network address is 10.110.0.0/16. The internal address for the FTP

server is 10.110.10.3/16, for Web server 1 is 10.110.10.1/16, for Web server 2 is 10.110.10.2/16, and

for the SMTP server 10.110.10.4/16. The company has three public IP addresses ranging from
202.38.1.1/24 to 202.38.1.3/24. Specifically, the company has the following requirements:

•

External hosts can access internal servers with public address 202.38.1.1/24.

•

Port 8080 is used for Web server 2.

Figure 27 Network diagram

Configuration procedure

# As shown in

Figure 27

, configure the IP addresses for the interfaces. (Details not shown.)

# Enter interface GigabitEthernet 0/2 view.

system-view

[SecPath] interface gigabitethernet 0/2

FTP server

10.110.10.3/16

Web server 1

10.110.10.1/16

Web server 2

10.110.10.2/16

SMTP server

10.110.10.4/16

Host

Internet

GE0/1

10.110.10.10/16

GE0/2
202.38.1.1/24

SecPath