H3C F100-E-G的配置问题

假设核心交换机下的5个网段为192.168.1.0----192.168.5.0，且F100和核心交换机互联的网段为172.16.0.0/30，F100上为172.16.0.1/30，核心上的地址为172.16.0.2/30。运营商提供的公网地址用x.x.x.x表示，网关用x.x.x.y表示那么配置如下：

#
 sysname F100-E-G
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 domain default enable system
#
 telnet server enable
#
 port-security enable
#
 undo alg dns
 undo alg rtsp
 undo alg h323
 undo alg sip
 undo alg sqlnet
 undo alg pptp
 undo alg ils
 undo alg nbt
 undo alg msn
 undo alg qq
 undo alg tftp 
 undo alg sccp
 undo alg gtp
#
session synchronization enable
#
acl number 2000
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 1 permit source 192.168.2.0 0.0.0.255
 rule 2 permit source 192.168.3.0 0.0.0.255
 rule 3 permit source 192.168.4.0 0.0.0.255
 rule 4 permit source 192.168.5.0 0.0.0.255
 rule 100 deny

#
vlan 1
#
vlan 2 to 3
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
pki domain default
  crl check disable
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher $c$3$301Ys8DLu+p277bZ+ZQ69uFCk2cEpLY/
 authorization-attribute level 3
 service-type telnet
 service-type web
#
cwmp
 undo cwmp enable
#
interface NULL0
#
interface Ethernet0/0
 port link-mode route
 ip address x.x.x.x 255.255.x.x
 nat outbound 2000
#
interface Ethernet0/1
 port link-mode route
 ip address 172.16.0.1 255.255.255.252
#
interface Ethernet0/2
 port link-mode route
#
interface Ethernet0/3
 port link-mode route
#
interface Ethernet0/4
 port link-mode route
#
ip route-static 0.0.0.0 0.0.0.0 x.x.x.y（配置缺省路由）
#
vd Root id 1
#
zone name Management id 0
 priority 100
zone name Local id 1
 priority 100
zone name Trust id 2
 priority 85
 import interface Ethernet0/1 （把连接内网的Lan接口划分到信任域）
zone name DMZ id 3
 priority 50   
zone name Untrust id 4
 priority 5
 import interface Ethernet0/0 （把连接公网的接口划分到非信任域）
switchto vd Root
 zone name Management id 0
 ip virtual-reassembly
 zone name Local id 1
 ip virtual-reassembly
 zone name Trust id 2
 ip virtual-reassembly
 zone name DMZ id 3
 ip virtual-reassembly
 zone name Untrust id 4
 ip virtual-reassembly
 interzone source Trust destination Untrust
  rule 0 permit
   source-ip any_address
   destination-ip any_address
   service any_service
   rule enable
 interzone source Untrust destination Trust
  rule 0 permit
   source-ip any_address
   destination-ip any_address
   service any_service
   rule enable
#
 load xml-configuration
#
 load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
#
return

红色字体表示必须配置，其他都是设备缺省的配置。