Filter and Firewall
Left running head:
Chapter name (automatic)
780
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
C) Filters for traffic coming from the internet
ALU(config)# ip filter untrust-traffic
ALU(config-filter-untrust-traffic)#match any Internet-mail-
access permit
ALU(config-filter-untrust-traffic)#match any webserver-
access permit
ALU(config-filter-untrust-traffic)#match any RFC-1918 deny
log
ALU(config-filter-untrust-traffic)#match any manage-untrust
permit
ALU(config-filter-untrust-traffic)#default deny
Applying this filter as ‘in’ on Untrust interface
ALU(config-if Serial0/0:0)#ip filter in untrust-traffic
ALU(config)# ip filter out-untrust
ALU(config-filter-out-untrust)#10 match any Internet-access
permit
ALU(config-filter-out-untrust)#20 match any untrust-DMZ-
access permit
ALU(config-filter-out-untrust)#default deny
This filter is applied as "out" filter
ALU(config-if Serial0/0:0)#ip filter out out-untrust
12. Configuring source NAT for all traffic going towards internet
ALU(config)# ip nat source-nat
ALU(config-nat-source-nat)# match any source-nat source-nat
Apply Source NAT on the serial interface as out NAT policy so that all the internal
traffic gets NATed to the public IP of the Serial Interface.
ALU(config-if Serial0/0:0)#ip nat out source-nat
13. Configuring the DNAT rules for the DMZ
ALU(config)# ip nat DNAT
ALU(config-nat-DNAT)#match any Internet-mail-access
destination-nat host 172.16.0.130
ALU(config-nat-DNAT)#match any webserver-access
destination-nat host 172.16.0.131
Apply DNAT rule as a IN nat policy for the mail and webserver access.
ALU(config-if Serial0/0:0)#ip nat in DNAT
To Next Page
Loading...
