After finishing it all by myself, I found out that Huawei has its own technical documents, as follows
Web interface version:
http://support.huawei.com/huaweiconnect/enterprise/forum.php?mod=viewthread&tid=375317
Command line version:
http://support.huawei.com/huaweiconnect/enterprise/forum.php?mod=viewthread&tid=408791
The following is organized for myself, it is a memo.
1. First set up access to the intranet server on the external network
a. The left function menu "Security->ACL->Advanced ACL Configuration->New":
Source IP: 192.168.0.0 (assuming the intranet segment is 192.168.0)
Wildcard: 0.0.0.255
Destination IP: external network IP
Wildcard: 0.0.0.0
Action: Allow
Protocol type: IP
b. The left function menu "IP Service->NAT->External Network Access->New":
Interface: Intranet interface
Conversion method: PAT
Source address after translation: specified interface
Designated interface: external network interface
ACL name: the newly created ACL in a above
c. The left function menu "IP Service->NAT->Static NAT->New": here we need to build two
First:
the second:
2. Prohibit external network access to the router's management interface
a. Like a above, create a new ACL that prohibits access to a certain port, usually port 80,443
b. The left function menu "Security->Security Protection->ACL Filtering->New":
interface name: external network interface
IPv4 ACL name: Forbidden ACL built above
Direction: Inflow