映射服务器失败内网服务器地址加端口号可以访问外网不行运营商已经开通端口
- 0关注
- 1收藏,1042浏览
问题描述:
内网服务器固定IP加端口号可以正常访问,外网不行运营商打开端口了已经,可以通过外网地址加80端口访问路由器 ,服务器不行
组网及组网描述:
运营商,路由器,核心。服务器
- 2021-01-12提问
- 举报
-
(0)
配置发一下
- 2021-01-12回答
- 评论(4)
- 举报
-
(1)
# version 7.1.064, Release 0707P12 # sysname H3C # telnet server enable # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # dhcp server ip-pool lan1 gateway-list 192.168.0.1 network 192.168.0.0 mask 255.255.255.0 address range 192.168.0.2 192.168.0.254 dns-list 192.168.0.1 114.114.114.114 # controller Cellular0/0 # interface Virtual-Template0 # interface NULL0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line combo enable copper ip address 10.161.245.113 255.255.255.0 dns server 202.102.134.68 tcp mss 1280 nat outbound nat server protocol tcp global current-interface 2000 inside 192.168.1.11 2000 nat server protocol tcp global current-interface 2001 inside 192.168.1.28 2001 nat server protocol tcp global current-interface 2002 inside 192.168.1.30 2002 nat hairpin enable # interface GigabitEthernet0/1 port link-mode route description Multiple_Line bandwidth 50000 combo enable copper ip address 58.58.114.18 255.255.255.252 dns server 219.146.1.66 dns server 219.147.1.66 packet-filter name WebTelnet3 inbound nat outbound nat server protocol tcp global current-interface 22 inside 192.168.1.2 22 nat server protocol tcp global current-interface 82 inside 192.168.1.2 82 nat server protocol tcp global current-interface 443 inside 192.168.1.2 443 nat server protocol tcp global current-interface 810 inside 192.168.1.2 810 nat server protocol tcp global current-interface 5080 inside 192.168.1.2 5080 nat server protocol tcp global current-interface 7086 inside 192.168.1.2 7086 nat server protocol tcp global current-interface 8081 inside 192.168.1.2 8081 nat server protocol tcp global current-interface 8089 inside 192.168.1.2 8089 nat server protocol tcp global current-interface 8090 inside 192.168.1.2 8090 nat server protocol tcp global current-interface 8100 inside 192.168.1.2 8100 nat server protocol tcp global current-interface 8101 inside 192.168.1.2 8101 nat server protocol tcp global current-interface 8102 inside 192.168.1.2 8102 nat server protocol tcp global current-interface 8200 inside 192.168.1.2 8200 nat server protocol tcp global current-interface 8201 inside 192.168.1.2 8201 nat server protocol tcp global current-interface 8443 inside 192.168.1.2 8443 nat server protocol tcp global current-interface 9000 inside 192.168.1.2 9000 nat server protocol tcp global current-interface 9001 inside 192.168.1.2 9001 nat server protocol tcp global current-interface 9006 inside 192.168.1.2 9006 nat server protocol tcp global current-interface 9090 inside 192.168.1.2 9090 nat server protocol tcp global current-interface 9100 inside 192.168.1.2 9100 nat server protocol tcp global current-interface 9200 inside 192.168.1.2 9200 nat server protocol tcp global current-interface 9320 inside 192.168.1.2 9320 nat server protocol tcp global current-interface 9500 inside 192.168.1.2 9500 nat server protocol tcp global current-interface 9600 inside 192.168.1.2 9600 nat server protocol tcp global current-interface 9800 inside 192.168.1.2 9800 nat server protocol tcp global current-interface 50000 inside 192.168.1.2 50000 nat server protocol udp global current-interface 20000 30000 inside 192.168.1.2 20000 30000 nat server protocol udp global current-interface 40000 inside 192.168.1.2 40000 # interface GigabitEthernet0/2 port link-mode route combo enable copper nat hairpin enable undo dhcp select server # interface GigabitEthernet0/3 port link-mode route combo enable copper ip address 192.168.66.1 255.255.255.0 undo dhcp select server # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # security-zone name Local # security-zone name Trust # security-zone name DMZ # security-zone name Untrust # security-zone name Management # scheduler logfile size 16 # line class console user-role network-admin # line class tty user-role network-operator # line class usb user-role network-admin # line class vty user-role network-operator # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 GigabitEthernet0/1 58.58.114.17 ip route-static 0.0.0.0 0 GigabitEthernet0/0 10.161.245.1 ip route-static 192.168.1.0 24 GigabitEthernet0/3 192.168.66.2 ip route-static 192.168.2.0 24 GigabitEthernet0/3 192.168.66.2 ip route-static 192.168.3.0 24 GigabitEthernet0/3 192.168.66.2 ip route-static 192.168.4.0 24 GigabitEthernet0/3 192.168.66.2 # ssh server enable ssh server port 4428 # acl advanced name WebTelnet3 rule 65533 deny tcp destination-port eq telnet # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 password-control complexity user-name check # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type telnet http authorization-attribute user-role network-admin # local-user test class manage service-type ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ip https port 4429 ip http enable # wlan global-configuration # wlan ap-group default-group vlan 1 # return
你防火墙的策略没有放通把
好的谢谢,不过路由器的防火墙没用都
您好,请知:
如果是外网侧无法访问,且使用的是常规端口,这种在运营商侧被拦截了,建议使用非常规端口重新映射及访问。
如果是内网终端无法使用外网地址访问内网服务器,以下是部署要点,请参考:
1、在内网口开启NAT回流功能,参考命令如下:
int gi 1/0/1
nat hairpin enable
quit
2、如果不支持NAT回流功能,可使用双向NAT来实现。
注意服务器的系统防火墙需放通相应的出入站规则,且确保路由可达。
- 2021-01-12回答
- 评论(0)
- 举报
-
(1)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
运营商已经备案 可以通过80端口访问路由器到不了服务器,路由跟服务器互通
这边是外网无法访问服务器还是内网主机通过外网地址无法访问服务器呢?
外网不行 只有内部私网地址可以访问
先用telnet 外网地址+端口号试试能不能telnet
根据你给出的配置,我大概看了一些,应该是进出流量来回路径不一致导致的,
这种该怎么做呢,没思路,都没有做流量的配置
外网口加上ip last-hop hold试试
试了不可以,400那边调试也是不行