R3166-R3206-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
33
• Type 5.5.5.10 as the external IP address.
• Type 13 8 as the global port.
• Type 192.168.1.2 as the internal IP address.
• Type 13 8 as the internal port.
• Click Apply.
• In the Internal Server area, click Add.
• Select GigabitEthernet1/2.
• Select 6(TCP) as the protocol type,
• Type 5.5.5.10 as the external IP address.
• Type 139 as the global port.
• Type 192.168.1.2 as the internal IP address.
• Type 139 as the internal port.
• Click Apply.
Configuring ALG in the command line interface
Enabling ALG
Follow these steps to enable ALG:
To do... Use the command...
Remarks
Enter system view system-view —
Enable ALG
alg { all | dns | ftp | h323 | ils | msn | nbt |
pptp | qq | rtsp | sip | sqlnet | tftp }
Optional
Enabled for all protocols by default
ALG configuration examples
NOTE:
The following examples describe only ALG-related configurations, assuming that other required
configurations on the server and client have been done.
FTP ALG configuration example
1. Network requirements
As shown in Figure 21, a
company accesses the Internet through a firewall with NAT and ALG enabled.
The company provides FTP services to the outside. The inside network segment of the company is
192.168.1.0/24, and the IP address of the FTP server is 192.168.1.2. Configure NAT and ALG to meet the
following requirements:
• The host in the outside network can access the FTP server in the inside network.
• The company has four public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11, and the
FTP server uses the public network address of 5.5.5.10 to provide services to the outside.