ENSP2.0 模拟 NAT+Firewall+DNS+DHCP 功能，主要涉及在华为路由器上面，如何实现防火墙特性、NAT、DNS、DHCP 功能.

掌握目标
1、路由器 DHCP 客户端配置（模拟 PC）
2、防火墙特性配置
3、NAT 配置
4、DNS 与 DHCP 的配置掌握

一、实验拓扑：
二、PC 的配置

sysname PC
dhcp enable
dns resolve
dns server 8.8.8.8

interface GigabitEthernet0/0/0
ip address dhcp-alloc
三、网关路由器的配置

sysname GW

dhcp enable
dns resolve
dns server 8.8.8.8

acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
acl number 3001
rule 5 deny icmp icmp-type echo
rule 10 permit ip

firewall zone trust
priority 10

firewall zone untrust
priority 5

firewall zone Local
priority 15

firewall interzone trust untrust
firewall enable
packet-filter 3001 inbound
detect aspf ftp
detect aspf sip
detect aspf rtsp
detect aspf http

interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
zone trust
dhcp select interface
dhcp server dns-list 8.8.8.8

interface GigabitEthernet0/0/1
ip address 211.1.1.2 255.255.255.0
nat outbound 3000
zone untrust

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 211.1.1.1

user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei
user privilege level 3
四、公网路由器的配置

sysname INTERNET

ip host www.baidu.com 100.100.100.100
ip host www.google.com 200.200.200.200
dns resolve
dns server 8.8.8.8
dns proxy enable

interface GigabitEthernet0/0/0
ip address 211.1.1.1 255.255.255.0

interface NULL0

interface LoopBack0
ip address 100.100.100.100 255.255.255.0

interface LoopBack1
ip address 200.200.200.200 255.255.255.0

interface LoopBack100
ip address 8.8.8.8 255.255.255.0

user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei
user privilege level 3
五、测试 PC 上网
ping www.google.com
telnet www.baidu.com
dis access-user
dis ip inter bri
六、测试网关的状态
[GW]dis nat session all