H3C SecPath FW100-C firewall

firewall_config.cfg

#
 sysname H3C
#
 firewall packet-filter enable
 firewall packet-filter default permit
#
 undo connection-limit enable
 connection-limit default deny
 connection-limit default amount upper-limit 50 lower-limit 20
#
 nat address-group 1 113.106.82.124 113.106.82.125
#
 firewall statistic system enable
#
radius scheme system
 server-type extended
#
domain system
#
local-user helloit.info
 password simple helloit.info
 service-type telnet
 level 3
local-user cyhplc
 password simple helloit.info
 service-type telnet
 level 3
#
acl number 2001
 rule 0 permit source 172.17.0.0 0.0.255.255
#
interface Ethernet1/0
 ip address 172.17.0.254 255.255.0.0
#
interface Ethernet2/0
 speed 10
 duplex full
 ip address 113.106.82.125 255.255.255.224
 nat outbound static
 nat outbound 2001 address-group 1
 nat server protocol tcp global 113.106.82.125 22 inside 172.17.9.101 22
 nat server protocol tcp global 113.106.82.125 www inside 172.17.9.101 www
 nat server protocol tcp global 113.106.82.125 443 inside 172.17.9.101 443
 nat server protocol tcp global 113.106.82.125 ftp inside 172.17.9.101 3389
 nat server protocol tcp global 113.106.82.124 3389 inside 172.17.9.1 3389
 nat server protocol tcp global 113.106.82.124 ftp inside 172.17.9.1 ftp
 nat server protocol tcp global 113.106.82.124 pop3 inside 172.17.9.1 pop3
 nat server protocol tcp global 113.106.82.124 www inside 172.17.9.1 www
 nat server protocol tcp global 113.106.82.124 1080 inside 172.17.9.1 1080
 nat server protocol tcp global 113.106.82.124 8080 inside 172.17.9.1 8080
 nat server protocol tcp global 113.106.82.124 443 inside 172.17.9.1 443
 nat server protocol tcp global 113.106.82.124 smtp inside 172.17.9.1 smtp
 nat server protocol tcp global 113.106.82.124 22 inside 172.17.9.1 22
 nat server protocol tcp global 113.106.82.124 telnet inside 172.17.9.1 telnet
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 add interface Ethernet1/0
 set priority 85
#
firewall zone untrust
 add interface Ethernet2/0
 set priority 5
#
firewall zone DMZ
 set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
 FTP server enable
#
 ip route-static 0.0.0.0 0.0.0.0 113.106.82.126 preference 60
#
 ntp-service unicast-server 202.177.16.121
#
 firewall defend ip-spoofing
 firewall defend land
 firewall defend smurf
 firewall defend fraggle
 firewall defend winnuke
 firewall defend icmp-redirect
 firewall defend icmp-unreachable
 firewall defend source-route
 firewall defend route-record
 firewall defend tracert
 firewall defend ping-of-death
 firewall defend tcp-flag
 firewall defend ip-fragment
 firewall defend large-icmp
 firewall defend teardrop
 firewall defend ip-sweep
 firewall defend port-scan
 firewall defend arp-spoofing
 firewall defend arp-reverse-query
 firewall defend arp-flood
 firewall defend frag-flood
 firewall defend syn-flood enable
 firewall defend udp-flood enable
 firewall defend icmp-flood enable
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
#
return

<H3C>display version
 H3C Comware Software
 Comware software, Version 3.40, Release 1608P04
 Copyright (c) 2004-2007 Hangzhou H3C Technologies Co., Ltd.
 All rights reserved.
 Without the owner's prior written consent, no decompiling
 nor reverse-engineering shall be allowed.
 H3C SecPath F100-C uptime is 4 weeks, 6 days, 17 hours, 12 minutes

  CPU type: PowerPC 859DSL 80MHz
  64M bytes SDRAM Memory
  8M bytes Flash Memory
  0K bytes NvRAM Memory
  Pcb      Version:5.0
  Logic    Version:1.0
  BootROM  Version:2.06
  [SLOT 1] 1FE      (Hardware)5.0, (Driver)1.0, (Cpld)1.0
  [SLOT 2] 1ETH     (Hardware)5.0, (Driver)1.0, (Cpld)1.0