路由器MSR3600

主要是配置了nat3000不能上外网没有生效，在49口,之前都是生效的

之前配置的nat3000都有效，现在配置如下:display current-configuration # version 7.1.064, Release 0809P22 # sysname route.gsola # clock timezone Beijing add 08:00:00 clock protocol ntp # telnet server enable # dialer-group 1 rule ip permit # bandwidth-based-sharing # nat address-group 1 address 124.114.97.174 124.114.97.174 # dhcp enable dhcp server always-broadcast # dns proxy enable dns server 114.114.114.114 dns server 119.29.29.29 # password-recovery enable # vlan 1 # vlan 12 # dhcp server ip-pool Vlan-interface12 gateway-list 192.168.12.1 network 192.168.12.0 mask 255.255.255.0 address range 192.168.12.41 192.168.12.211 dns-list 192.168.12.1 expired day 0 hour 12 # dhcp server ip-pool vlan-interface1 gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.254.0 address range 192.168.10.20 192.168.11.249 dns-list 218.30.19.40 61.134.1.4 expired day 0 hour 12 # controller Cellular0/0 # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all link-aggregation mode dynamic # interface Aux0 # interface Virtual-Template0 # interface NULL0 # interface Vlan-interface1 ip address 192.168.10.1 255.255.254.0 local-proxy-arp enable tcp mss 1280 nat hairpin enable # interface Vlan-interface12 ip address 192.168.12.1 255.255.255.0 # interface GigabitEthernet0/2 port link-mode route description Multiple_Line bandwidth 80000 ip address 124.114.97.174 255.255.255.252 dns server 218.30.19.40 dns server 61.134.1.4 ip last-hop hold packet-filter name WebTelnet4 inbound packet-filter name WebHttpHttps4 inbound nat outbound nat outbound 3000 nat static enable # interface GigabitEthernet0/3 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1 # interface GigabitEthernet0/50 port link-mode bridge port access vlan 12 line class aux user-role network-admin ip route-static 0.0.0.0 0 GigabitEthernet0/2 124.114.97.173 # snmp-agent snmp-agent local-engineid 800063A2803897D62FFAEE00000001 snmp-agent sys-info contact first.gsola snmp-agent sys-info location first.gsola snmp-agent sys-info version v3 # arp valid-check enable arp active-ack strict enable arp source-suppression enable arp static 192.168.10.88 78e3-b59e-ff3f 1 Bridge-Aggregation1 # ntp-service enable ntp-service unicast-server 120.25.108.11 # acl advanced 3000 rule 0 permit ip source 192.168.12.251 0 rule 5 deny ip source 192.168.12.0 0.0.0.255 rule 10 permit ip # acl advanced name WebHttpHttps2 rule 65533 deny tcp destination-port eq www rule 65534 deny tcp destination-port eq 443 # acl advanced name WebHttpHttps3 rule 65533 deny tcp destination-port eq www rule 65534 deny tcp destination-port eq 443 # acl advanced name WebHttpHttps4 rule 65533 deny tcp destination-port eq www rule 65534 deny tcp destination-port eq 443 # acl advanced name WebTelnet2 rule 65533 deny tcp destination-port eq telnet # acl advanced name WebTelnet3 rule 65533 deny tcp destination-port eq telnet # acl advanced name WebTelnet4 rule 65533 deny tcp destination-port eq telnet # acl mac 4998 rule 5 deny # acl mac 4999 rule 5 permit # # user-group system # local-user admin class manage service-type ftp service-type ssh telnet terminal http https authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user proxy class manage authorization-attribute user-role network-operator # ip http enable ip https enable # url-filter policy 8048_url_profile_global default-action permit # wlan global-configuration # wlan ap-group default-group vlan 1 #