Lab requirements: Use a firewall to enable the PC in the Intranet to automatically obtain the IP address, and use NAT translation to enable hosts in the Intranet to access the Internet normally.
Lab device: H3C Firewall
Topology:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4D/37/wKioL1RNzzDSp6SJAABrp3LmC1E831.jpg "Title =" 1.png" alt = "wkiol1rnzzdsp6sjaabrp3lmc1e831.jpg"/>
Because the network environment is in the LAN (192.168.102.0/24), users in the LAN can access the Internet, so use the 192.168.102.0/24 network segment to simulate the internet.
Configure the Firewall:
Interface ethernet0/0
IP address 192.168.30.1 24
Quit
Interface ethernet0/4
IP address 192.168.102.84 24
Quit
IP route-static 0.0.0.0 0.0.0.0 192.168.102.1
Firewall zone trust establishes a trusted domain
Add interface Ethernet 0/0 join a trusted domain
Add interface Ethernet 0/4
DNS server 211.138.24.66
DNS resolve
Rule 10 permit source any
Number 2000 match-order auto
Nat address-group 1 192.168.102.84 192.168.102.84
Int ethernet0/4
Nat outbound 2000
DHCP enable
DHCP server IP-pool aaa
Network 192.168.30.0
Gateway-list 192.168.30.1
DNS-list 211.138.24.66
Open the PC, automatically obtain the IP address, access the Internet, and successfully access Baidu.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4D/36/wKiom1RNz62TLw_eAAE4fiTKyY0190.jpg "style =" float: none; "Title =" 2.png" alt = "wkiom1rnz62tlw_eaae4fitkyy0190.jpg"/>
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/36/wKiom1RNz62BNL6AAANCmcNAi-0340.jpg "style =" float: none; "Title =" 3.png" alt = "wKiom1RNz62BNL6AAANCmcNAi-0340.jpg"/>
If an Internet user needs to access the Intranet, set DNAT as follows:
Int, Ethernet 0/4
Nat server protocol TCP global 192.168.102.84 3389 inside 192.168.30.1 3389
This article is from "Wang chaofeng's blog", please be sure to keep this source http://wangcf1009.blog.51cto.com/8589325/1568389
H3C firewall implements Nat + DHCP