Home | 简体中文 | 繁体中文 | 杂文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品与服务 | Email

10.6. DMZ to Untrust (nat src)

set policy id 94 from "Untrust" to "DMZ"  "Any" "Any" "ANY" permit log
set policy id 94 disable
set policy id 94
exit
set policy id 95 from "DMZ" to "Untrust"  "Any" "Any" "ANY" nat src permit log
set policy id 95
exit
set policy id 96 from "Trust" to "DMZ"  "Any" "Any" "ANY" permit
set policy id 96
exit
set policy id 97 from "DMZ" to "Trust"  "Any" "Any" "ANY" permit log
set policy id 97
exit
		

未设置nat src,DMZ 将不能访问外网

comments powered by Disqus