华为路由器典型配置

路由器配置详解

最新推荐文章于 2025-02-11 17:16:16 发布

转载最新推荐文章于 2025-02-11 17:16:16 发布 · 711 阅读

文章标签：

#路由器 #华为 #interface #tcp

技术类专栏收录该内容

17 篇文章

订阅专栏

本文详细介绍了路由器的配置细节，包括防火墙设置、访问控制列表（ACL）的定义及应用、接口配置以及路由设置等内容。通过具体配置命令展示了如何保护路由器免受特定类型的数据包攻击，并实现内外网的数据过滤。

[router]dis cur
  Now create configuration...
  Current configuration
  !
    version 1.74
    local-user username service-type administrator password cipher 98_8S,&Ta4_-JE
XJQ<%DJQ!!
    sysname router
    firewall enable
    aaa-enable
    aaa accounting-scheme optional
  !
  acl 1 match-order auto
    rule normal permit source 192.168.1.0 0.0.0.255
  !
  acl 100 match-order auto
    rule normal deny udp source any destination any destination-port equal tftp
    rule normal deny tcp source any destination any destination-port equal 135
    rule normal deny icmp source any destination any
    rule normal deny udp source any destination any destination-port equal 135
    rule normal deny udp source any destination any destination-port equal netbi
os-ssn
    rule normal deny tcp source any destination any destination-port equal 139
    rule normal deny tcp source any destination any destination-port equal 445
    rule normal deny udp source any destination any destination-port equal 445
  !
  acl 101 match-order auto
    rule normal deny tcp source any destination any destination-port equal 135
    rule normal deny tcp source any destination any destination-port equal 445
    rule normal deny udp source any destination any destination-port equal 445
    rule normal deny udp source any destination any destination-port equal 135
  !
  acl 102 match-order auto
    rule normal deny tcp source any source-port range 6881 6889 destination any
    rule normal deny udp source any source-port range 6881 6889 destination any
  !
  interface Aux0
    async mode flow
    link-protocol ppp
  !
  interface Ethernet0
    ip address 192.168.1.254 255.255.255.0
    firewall packet-filter 102 inbound
    firewall packet-filter 101 inbound
    firewall packet-filter 100 inbound
    firewall packet-filter 102 outbound
    firewall packet-filter 101 outbound
    firewall packet-filter 100 outbound
  !
  interface Ethernet1
    ip address 218.X.X.X 255.255.255.X
    nat outbound 1 interface
    firewall packet-filter 102 inbound
    firewall packet-filter 101 inbound
    firewall packet-filter 100 inbound
    firewall packet-filter 102 outbound
    firewall packet-filter 101 outbound
    firewall packet-filter 100 outbound
  !
  interface Serial0
    link-protocol ppp
  !
  interface Serial1
    link-protocol ppp
  !
  quit
  ip route-static 0.0.0.0 0.0.0.0 218.X.X.X preference 60
  !
  return