How to configure the ftp server to map to the external network on Huawei firewall
1. Requirements: The
company builds an ftp server, which needs to be mapped to the external network for suppliers to upload files.
However, the company's export line has only one ADSL, and the IP address is automatically obtained and may change at any time.
Therefore, it is necessary to apply for a DDNS domain name and bind it to this external network line.
The supplier accesses the ftp server through this domain name.
2. Prerequisites:
Therefore, in order to achieve this requirement, the required prerequisites:
- Assume that the external network line has been configured to port wan0/0/0, and the network has been tuned;
- Configure the ftp server, IP address: 172.16.100.100
- Apply for a free domain name through the peanut shell domain name ( https://hsk.oray.com/), the domain name is: mydomain.oicp.net
3. Start configuration:
- Log in to the firewall and configure DDNS:
click Network --- DNS --- DDNS, create a new DDNS policy,
enter the free domain name you applied for, select www.oray.cn for the service provider, and enter your login account and password. Bind the interface connected to the ADSL line, as shown in the following figure:
If everything is normal, the successful update can be displayed in the DDNS policy list:
- Configure the security policy to allow access to the firewall through the domain name through the external network.
After configuring according to the above steps, you should be able to access the firewall through the domain name.
- Configure server mapping
because the export line is not ADSL and the IP address is automatically obtained, so it is impossible to configure it on the graphical interface.
Open the firewall command line interface, enter display curr to display the current configuration, and find that the interface configured with the ADSL line is Dialer0
Then enter the following command to configure server mapping:
[ISG6305E] nat server vip-ftp-1 zone untrust protocol tcp global interface Dialer0 2345 inside 172.16.100.100 ftp no-reverse
After configuration, you can see in the graphical interface:
- Configure security policy
Click Policy---Security Policy--- New Security Policy
Select Source Security Zone: untrust
Destination Security Zone: trust
Source Address: any
Destination Address: 172.16.100.100
Service: FTP
After configuration, the external network mapping of ftp server has been configured OK.
- test
Access
via ftp on the external network: ftp://mydomain.oicp.net:2345 access ftp server or ftp client software for access.
Zabbix5.0 Enterprise Distributed Monitoring System: Intensive Talk and Enterprise Application
