Firewall Configuration Example

559

wwwserver address 129.38.1.3. The enterprise address to the outside is 202.38.160.1.Address conversion has been configured on the router so that the internal PC can access the Internet, and the external PC can access the internal server. By configuring a firewall, the following are expected:

Only specific users from external network can access the internal server.

Only a specific internal host can access the external network.

In this example, assume that the IP address of a specific external user is 202.39.2.3.

Figure 172 Sample networking of firewall configuration

129.38.1.1

129.38.1.2

129.38.1.3

Ftp server

Telnet server

www server

Enterprise Ethernet

129.38.1.4

Specific internal PC

129.38.1.5

Router

202.38.160.1

WAN

Specific external PC

1Enable firewall

[Router]firewall enable

2Configure firewall default filtering mode as packet pass permitted

[Router]firewall default permit

3Configure access rules to inhibit passing of all packets

[Router] acl 101

[Router-acl-101]rule deny ip source any destination any

4Configure rules to permit specific host to access external network, to permit internal server to access external network.

[Router-acl-101]rule permit ip source 129.38.1.4 0 destination any

[Router-acl-101]rule permit ip source 129.38.1.1 0 destination any

[Router-acl-101]rule permit ip source 129.38.1.2 0 destination any

[Router-acl-101]rule permit ip source 129.38.1.3 0 destination any

5Configure rules to permit specific external user to access internal server

[Router] acl 102

[Router-acl-102]rule permit tcp source 202.39.2.3 0 destination

202.38.160.1 0

Page 563
Image 563
3Com 10014299 manual Enable firewall, Configure access rules to inhibit passing of all packets, Routerfirewall enable