networking information please see the attachment. MCU version is V100R007C02. public ip can ping GE1 ip, but GE1 ip can not ping public ip.
according to the judgement, if GE1 port use the firewall mode, MCU will use GE0 port to ping other ip by default,so it gives us a illusions that network is a problem, we waste a lot of time to check the network.we can try to adjust the GE0 and GE1 port(you can refer to the attachment) and configuration. now both sides can ping each other.
according to the MCU8650C Guidance, config step by step in firewall mode instruction as follewings:
1. to config MCU GE1 port firewall mode.
2.config MCU GE1 port ip. make sure GE1 port and GE0 port are in the different network segment.
3.config routing. after you config GE1 port ip, MCU will automatically add a ip routing for GE1 port. But in the actual networking, the terminal GE1 port connetcted may be in the different network segment. so we need to config another ip routing for GE1 port in order to make the terminal and the GE1 port are in the same network segment.
after configuration, remember save.
then we test the network connectivity. I find the terminal public ip can ping GE1 port, but GE1 port can not ping that public ip.
analysis: if public ip can ping GE1 port, so network is ok, but why GE1 port can not ping public ip. we can use command tracert to see the ip transfer path. we can see the MCU use GE0 port by default.
usually the guidance tells us to use GE0 port for internal conection, GE1 port for another network connection in firewall mode. in order to avoid the illusion, we use GE1 port for internal use.