EVE-NG--Huawei firewall USG6000v connects the internal and external networks, and can access the FTP server through the public IP

EVE-NG-Huawei firewall USG6000v connects the internal and external networks, and can access the FTP server through the public IP

All images are in the Baidu Cloud link on EVE-NG's first blog and can be downloaded by yourself. If you need a ready-made self-made image, send me a private message, and Baidu Cloud Disk will share it with you for free.

Network diagram

Project requirements introduction

1.企业内网用户和FTP服务器均在同一网段10.3.0.0/24，且均放在Trust安全区域。
2.Win模拟外网用户，IP地址采用向端口G1/0/1自动获得，放置至不信任区（模拟外网）。
3.内网用户和外网用户均通过公网地址1.1.1.1和端口2121访问FTP服务器.
4.内网用户通过公网地址1.1.1.1访问Internet。

Preparation before the experiment Configure the USG firewall WEB side (the same before each experiment)

Password: admin
Warning: The password of the configuration is too weak. Please modify.
Warning: There is a risk on the user-interface which you login through. Please change the configuration of the user-i
nterface as soon as possible. 

*************************************************************************
*         Copyright (C) 2014-2018 Huawei Technologies Co., Ltd.         *
*                           All rights reserved.                        *
*               Without the owner's prior written consent,              *
*        no decompiling or reverse-engineering shall be allowed.        *
*************************************************************************


<USG6000V2>system-view 
[USG6000V2]interface GigabitEthernet 0/0/0
[USG6000V2-GigabitEthernet0/0/0]ip address 192.168.10.211 24
[USG6000V2-GigabitEthernet0/0/0]server-manager all permit
[USG6000V2-GigabitEthernet0/0/0]quit
[USG6000V2]quit
<USG6000V2>save

Task 1. Log in to the WEB side for simple system configuration

Task 2. Port configuration


Task 3. Configure DHCP on port G1/0/1 Function


Pop-up dialog box

Solution

Enter the firewall configuration command

<USG6000V2>system-view 
[USG6000V2]interface GigabitEthernet 1/0/1
[USG6000V2-GigabitEthernet1/0/1]dhcp select interface 
[USG6000V2-GigabitEthernet1/0/1]quit
[USG6000V2]quit
<USG6000V2>save

Task 4. Configure strategy



Task 5. Configure NAT address pool

Task 6. Configure source NAT




Task 7. Configure server mapping


Task 8. Configure NAT ALG function

Task 9. Configure FTP function of FTP_Server and build FTP site

Manually configure ip 10.3.0.30/24

Task 10. Verify that the intranet PC can access the Internet.

Task 11. Users on the Internet can access the FTP server through the public address 1.1.1.1 and port 2121.

Task 12: Intranet users can access the FTP server through the public address 1.1.1.1 and port 2121

Task 13. Write a wp (experimental process) task book and submit it for inspection and scoring.