EVE-NG-Huawei firewall USG6000v connects the internal and external networks, and can access the FTP server through the public IP
All images are in the Baidu Cloud link on EVE-NG's first blog and can be downloaded by yourself. If you need a ready-made self-made image, send me a private message, and Baidu Cloud Disk will share it with you for free.
Network diagram
Project requirements introduction
1.企业内网用户和FTP服务器均在同一网段10.3.0.0/24,且均放在Trust安全区域。
2.Win模拟外网用户,IP地址采用向端口G1/0/1自动获得,放置至不信任区(模拟外网)。
3.内网用户和外网用户均通过公网地址1.1.1.1和端口2121访问FTP服务器.
4.内网用户通过公网地址1.1.1.1访问Internet。
Preparation before the experiment Configure the USG firewall WEB side (the same before each experiment)
Password: admin
Warning: The password of the configuration is too weak. Please modify.
Warning: There is a risk on the user-interface which you login through. Please change the configuration of the user-i
nterface as soon as possible.
*************************************************************************
* Copyright (C) 2014-2018 Huawei Technologies Co., Ltd. *
* All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
*************************************************************************
<USG6000V2>system-view
[USG6000V2]interface GigabitEthernet 0/0/0
[USG6000V2-GigabitEthernet0/0/0]ip address 192.168.10.211 24
[USG6000V2-GigabitEthernet0/0/0]server-manager all permit
[USG6000V2-GigabitEthernet0/0/0]quit
[USG6000V2]quit
<USG6000V2>save
Task 1. Log in to the WEB side for simple system configuration
Task 2. Port configuration
Task 3. Configure DHCP on port G1/0/1 Function
Pop-up dialog box
Solution
Enter the firewall configuration command
<USG6000V2>system-view
[USG6000V2]interface GigabitEthernet 1/0/1
[USG6000V2-GigabitEthernet1/0/1]dhcp select interface
[USG6000V2-GigabitEthernet1/0/1]quit
[USG6000V2]quit
<USG6000V2>save
Task 4. Configure strategy
Task 5. Configure NAT address pool
Task 6. Configure source NAT
Task 7. Configure server mapping
Task 8. Configure NAT ALG function
Task 9. Configure FTP function of FTP_Server and build FTP site
Manually configure ip 10.3.0.30/24
Task 10. Verify that the intranet PC can access the Internet.
Task 11. Users on the Internet can access the FTP server through the public address 1.1.1.1 and port 2121.
Task 12: Intranet users can access the FTP server through the public address 1.1.1.1 and port 2121
Task 13. Write a wp (experimental process) task book and submit it for inspection and scoring.