华赛防火墙的配置 NAT DMZ 等命令
[PIX-Vlanif1] ip address 192.168.10.1 24
[PIX]interface vlan 2
[PIX-Vlanif2] ip address 192.168.20.1 24
将接口加入VLAN
[PIX]vlan 1
[PIX-vlan1]port Ethernet 1/0/0
[PIX]vlan 2
[PIX-vlan2]port Ethernet 1/0/1
第四步:配置TRUST区域 DMZ区域 UNTRUST区域 将端口加入这些区域
[PIX]firewall zone trust
[PIX-zone-trust]add interface Vlanif 1
[PIX]firewall zone DMZ
[PIX-zone-dmz]add interface Vlanif 2
WAN口默认的是属于UNTRUST区域的不用设置
第五步:配置默认路由
[PIX]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
记住 192.168.1.1 这个是我写的 你一定要改成你的下一跳网关
第六步:配置NAT
[PIX]acl 2000
[PIX-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[PIX]acl 2001
[PIX-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255
[PIX]nat address-group 1 192.168.1.56 192.168.1.56
[PIX]nat address-group 2 192.168.1.57 192.168.1.56
[PIX]firewall interzone trust untrust
[PIX-interzone-trust-untrust]nat outbound 2000 address-group 1