问题描述:
内部服务器放在192.168.1.164,局域网内其他地址可以访问。在防火墙中添加了内部服务器转发后,外网仍旧不能访问。
GigabitEthernet0/0 ,接内网
GigabitEthernet0/1 ,接外网
组网及组网描述:
#
version 5.20, Release 5142P02
#
sysname H3C
#
undo voice vlan mac-address 0000-bb00-0xx0
#
interzone policy default by-priority
#
domain default enable system
#
telnet server enable
#
undo alg dns
undo alg rtsp
undo alg h323
undo alg sip
undo alg sqlnet
undo alg pptp
undo alg ils
undo alg nbt
undo alg msn
undo alg qq
undo alg tftp
undo alg sccp
undo alg gtp
#
session synchronization enable
#
password-recovery enable
#
acl number 2000
rule 0 permit
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain default
crl check disable
……………………
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
nat outbound
nat server protocol tcp global current-interface 8080 inside 192.168.1.169
www
ip address 218.15.198.186 255.255.255.248
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/4
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
ip address 192.168.2.1 255.255.255.0
#
vd Root id 1
#
zone name Management id 0
priority 100
import interface GigabitEthernet0/0
import interface GigabitEthernet0/1
zone name Local id 1
priority 100
zone name Trust id 2
priority 85
zone name DMZ id 3
priority 50
zone name Untrust id 4
priority 5
switchto vd Root
zone name Management id 0
ip virtual-reassembly
zone name Local id 1
ip virtual-reassembly
zone name Trust id 2
ip virtual-reassembly
zone name DMZ id 3
ip virtual-reassembly
zone name Untrust id 4
ip virtual-reassembly
#
ip
route-static
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
- 2018-08-07提问
- 举报
-
(0)
最佳答案
zone name Management id 0
priority 100
import interface GigabitEthernet0/0
import interface GigabitEthernet0/1
这个地方错了, GigabitEthernet0/0加入trust域, GigabitEthernet0/1 加入untrust 域,然后做两条域间策略,trust 到 untrust 允许所有,untrust 到 trust 允许any 到 8080 的tcp访问
- 2018-08-07回答
- 评论(2)
- 举报
-
(0)
方便加我QQ吗804452201
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
对不起,不太方便远程,上班时间,不太方便