Packet Filter Firewall Configuration Example - 3Com MSR 50 Series Configuration Manual

Packet Filter Firewall
Configuration Example
To do...
Clean the ACL-based
firewall statistics
Clear the statistics of the
firewall
Network requirements
A company accesses the Internet through Serial 2/0 of Router A, which
■
connects the internal network through an Ethernet port, Ethernet 1/0.
The company provides WWW, FTP and Telnet services to the outside. The
■
internal subnet of the company is 129.1.1.0, on which the internal FTP server
address is 129.1.1.1, the Telnet server address is 129.1.1.2, the internal WWW
server address is 129.1.1.3, and the public address of the company is 20.1.1.1.
NAT is enabled on Router A so that hosts on the internal network can gain
access to the Internet and external hosts can access the internal server.
By using a firewall, the company intends to achieve the following aim: only
■
specific users on external networks are given access to the internal servers, and
only specific host on the internal network are permitted to access external
networks.
Assume that the IP address of a specific external user is 20.3.3.3.
■
Network diagram
Figure 522 Network diagram for packet filter firewall configuration
129.1.1.1/32 129.1.1.2/32
FTP server Telent server
Internal network
Specific internal host
129 .1 .1.4/32
Configuration procedure
# Enable the firewall function on Router A.
<Router> system-view
[Router] firewall enable
# Create advanced ACL 3001.
[Router] acl number 3001
# Configure rules to permit specific hosts to access external networks and permit
internal servers to access external networks.
Configuring a Packet Filter Firewall
Use the command...
reset firewall ethernet-frame-filter { all |
dlsw |interface interface-type
interface-number }
reset firewall-statistics { all | interface
interface-type interface-number }
129 .1 .1.3/32
WWW server
Eth1/0
129 .1 .1.5/24
S2/0
20.1.1 .1/16
v
Router
Remarks
Available in user
view
Available in user
view
v
WAN
Specific external host
20.3.3 .3/32
1797