2024年4月4日发(作者：顾恨荷)

H3C F100防火墙配置实例

要求：内网192.168.88.1

外网 192.168.33.1

开启DHCP 通过

地址转换内网电

脑上网

下面是我的H3C F100的硬

件和软件版本

H3C Comware Software

Comware software, Version 3.40, Release 5102P02

Copyright (c) 2004-2009 Hangzhou H3C Technologies

Co., rights t the

owner's prior written consent, no decompiling

nor reverse-engineering shall be allowed.

H3C SecPath F100-C-EI uptime is 0 week, 0 day, 0 hour,

7 minutes

CPU type: Mips IDT RC32365 150MHz

64M bytes SDRAM Memory

8M bytes Flash Memory

Pcb Version:2.0

Logic Version:1.0

BootROM Version:1.17

[SLOT 0] 5FE (Hardware)2.0, (Driver)2.0,

(Cpld)1.0

[SLOT 1] 1SE (Hardware)1.0, (Driver)1.0,

(Cpld)1.0

1.打开防火墙包过滤

firewall packet-filter enable

firewall packet-filter default permit

2.添加接口至信任区（内网）和非信任区（外

网）

firewall zone trust

add interface Ethernet0/0

firewall zone untrust

add interface Ethernet0/4

3.添加内网接口地址

interface Ethernet0/0

ip address 192.168.88.1 255.255.255.0

4.添加外网接口地址并添加默认路由

interface Ethernet0/4

ip address 192.168.33.99 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 192.168.33.1

5.设置DHCP地址池并启用DHCP功能

dhcp enable

dhcp server ip-pool pool1

network 192.168.88.0 mask 255.255.255.0

gateway-list 192.168.88.1

dns-list 222.85.85.85

6.设置内网的ACL

acl number 2001

rule 0 permit source 192.168.88.0

0.0.0.255

7.设置NAT地址池

nat address-group 1 192.168.33.99

192.168.33.99

8.在外网接口下开始地址转换

interface Ethernet0/4

nat outbound 2001 address-group 1 no-pat

2024年4月4日发(作者：顾恨荷)

H3C F100防火墙配置实例

要求：内网192.168.88.1

外网 192.168.33.1

开启DHCP 通过

地址转换内网电

脑上网

下面是我的H3C F100的硬

件和软件版本

H3C Comware Software

Comware software, Version 3.40, Release 5102P02

Copyright (c) 2004-2009 Hangzhou H3C Technologies

Co., rights t the

owner's prior written consent, no decompiling

nor reverse-engineering shall be allowed.

H3C SecPath F100-C-EI uptime is 0 week, 0 day, 0 hour,

7 minutes

CPU type: Mips IDT RC32365 150MHz

64M bytes SDRAM Memory

8M bytes Flash Memory

Pcb Version:2.0

Logic Version:1.0

BootROM Version:1.17

[SLOT 0] 5FE (Hardware)2.0, (Driver)2.0,

(Cpld)1.0

[SLOT 1] 1SE (Hardware)1.0, (Driver)1.0,

(Cpld)1.0

1.打开防火墙包过滤

firewall packet-filter enable

firewall packet-filter default permit

2.添加接口至信任区（内网）和非信任区（外

网）

firewall zone trust

add interface Ethernet0/0

firewall zone untrust

add interface Ethernet0/4

3.添加内网接口地址

interface Ethernet0/0

ip address 192.168.88.1 255.255.255.0

4.添加外网接口地址并添加默认路由

interface Ethernet0/4

ip address 192.168.33.99 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 192.168.33.1

5.设置DHCP地址池并启用DHCP功能

dhcp enable

dhcp server ip-pool pool1

network 192.168.88.0 mask 255.255.255.0

gateway-list 192.168.88.1

dns-list 222.85.85.85

6.设置内网的ACL

acl number 2001

rule 0 permit source 192.168.88.0

0.0.0.255

7.设置NAT地址池

nat address-group 1 192.168.33.99

192.168.33.99

8.在外网接口下开始地址转换

interface Ethernet0/4

nat outbound 2001 address-group 1 no-pat