ip回流有路由器配置信息,无法找到原因
- 0关注
- 1收藏,1882浏览
问题描述:
Ginterface GigabitEthernet0/1 公网地址
ip address 100.100.100.100 255.255.255.0
interface GigabitEthernet0/5 内网口
ip address 10.10.20.1 255.255.255.0
如:内网地址172.10.11.7在浏览器上放问100.100.100.100:8089无法访问,在异地网络环境正常,
路由器配置在附件
在内网口和外网口都配置了nat hairpin enable还是不行,找不到原因
路由器型号产品型号: MSR3620
Boot ROM版本: 1.10 硬件版本: 2.0 软件版本: 7.1.064 Release 0605P13
组网及组网描述:
[AKEMI_5600(外网边界路由器)]dis cur
#
version 7.1.064, Release 0605P13
#
sysname AKEMI_5600(外网边界路由器)
#
telnet server enable
#
security-zone intra-zone default permit
#
ip pool aaa 100.19.0.2 100.19.0.20
ip pool aaa gateway 100.19.0.1
#
ip unreachables enable
ip ttl-expires enable
#
ip load-sharing mode per-flow src-ip global
#
dhcp enable
dhcp server always-broadcast
#
dns proxy enable
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
dhcp server ip-pool GigabitEthernet0/3
#
policy-based-route guding permit node 1
if-match acl 3001
apply next-hop 100.100.100.100 direct
#
policy-based-route guding permit node 3
if-match acl 3003
apply next-hop 172.10.2.1 direct
#
policy-based-route guding permit node 4
if-match acl 3004
#
policy-based-route guding permit node 5
apply next-hop 100.100.100.100 direct
#
policy-based-route quanwang permit node 2
if-match acl 3001
#
policy-based-route quanwang permit node 4
if-match acl 3004
apply next-hop 10.10.100.1 direct
#
controller Cellular0/0
#
interface Virtual-Template0
#
interface Virtual-Template1
ppp authentication-mode chap domain system
remote address pool aaa
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.10.101.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 100.100.100.100 255.255.255.0
ip last-hop hold
nat hairpin enable
nat outbound
nat server protocol tcp global 100.100.100.100 180 inside 172.10.11.7 80
nat server protocol tcp global 100.100.100.100 500 inside 172.10.11.250 500
nat server protocol tcp global 100.100.100.100 888 inside 172.10.11.114 888
nat server protocol tcp global 100.100.100.100 1018 inside 172.10.11.7 1018
nat server protocol tcp global 100.100.100.100 1188 inside 172.10.11.48 1188
nat server protocol tcp global 100.100.100.100 1194 inside 172.10.12.9 8081
nat server protocol tcp global 100.100.100.100 1195 inside 172.10.12.9 8081
nat server protocol tcp global 100.100.100.100 1196 inside 172.10.12.9 8081
nat server protocol tcp global 100.100.100.100 1701 inside 172.10.11.250 1701
nat server protocol tcp global 100.100.100.100 1723 inside 172.10.11.250 1723
nat server protocol tcp global 100.100.100.100 5000 inside 172.10.10.100 5000
nat server protocol tcp global 100.100.100.100 5366 inside 172.10.11.114 5366
nat server protocol tcp global 100.100.100.100 6650 inside 10.10.80.250 22
nat server protocol tcp global 100.100.100.100 6651 inside 10.10.80.251 22
nat server protocol tcp global 100.100.100.100 6652 inside 10.10.80.252 22
nat server protocol tcp global 100.100.100.100 6653 inside 10.10.80.253 22
nat server protocol tcp global 100.100.100.100 6690 inside 172.10.10.100 6690
nat server protocol tcp global 100.100.100.100 8060 inside 10.10.80.253 80
nat server protocol tcp global 100.100.100.100 8081 inside 172.10.12.9 8081
nat server protocol tcp global 100.100.100.100 8089 inside 172.10.11.48 8089
nat server protocol tcp global 100.100.100.100 8099 inside 172.10.11.16 8099
nat server protocol tcp global 100.100.100.100 8189 inside 172.10.11.7 8189
nat server protocol tcp global 100.100.100.100 8899 inside 110.110.0.176 8899
nat server protocol tcp global 100.100.100.100 9995 inside 172.10.11.49 9995
nat server protocol tcp global 100.100.100.100 9996 inside 172.10.11.49 9996
nat server protocol tcp global 100.100.100.100 9997 inside 172.10.11.49 9997
nat server protocol tcp global 100.100.100.100 11443 inside 10.10.20.2 11443
nat server protocol tcp global 100.100.100.100 12000 inside 172.10.11.7 12000
nat server protocol tcp global 100.100.100.100 14333 inside 172.10.11.7 1433
nat server protocol tcp global 100.100.100.100 43345 inside 172.10.11.7 3306
nat server protocol tcp global 100.100.100.100 43346 inside 172.10.11.7 6379
nat server protocol tcp global 100.100.100.100 54433 inside 172.10.11.34 54433
nat server protocol tcp global 100.100.100.100 61499 inside 172.10.11.49 1433
nat server protocol tcp global 100.100.100.100 8081 inside 172.10.12.9 8081
nat server protocol udp global 100.100.100.100 4500 inside 172.10.11.250 4500
nat server protocol udp global 100.100.100.100 54433 inside 172.10.11.34 54433
nat static enable
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 172.10.2.3 255.255.255.0
nat outbound
#
interface GigabitEthernet0/3
port link-mode route
combo enable copper
ip address 10.10.100.2 255.255.255.0
nat outbound
#
interface GigabitEthernet0/4
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
ip address 10.10.20.1 255.255.255.0
packet-filter name GigabitEthernet0/5 inbound
nat hairpin enable
ip policy-based-route guding
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-admin
user-role network-operator
#
line vty 5 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 100.100.100.1
ip route-static 0.0.0.0 0 172.10.2.1 preference 100
ip route-static 0.0.0.0 0 10.10.100.1
ip route-static 0.0.0.0 0 10.10.101.1 preference 100
ip route-static 10.10.80.240 28 10.10.20.2
ip route-static 110.110.0.0 24 10.10.20.2
ip route-static 172.10.10.0 24 10.10.20.2
ip route-static 172.10.11.0 24 10.10.20.2
ip route-static 172.10.12.0 24 10.10.20.2
ip route-static 172.10.13.0 24 10.10.20.2
ip route-static 172.10.15.0 24 10.10.20.2
ip route-static 172.10.20.0 22 10.10.20.2
ip route-static 172.10.100.0 24 10.10.20.2
#
undo info-center enable
#
acl advanced 3001
rule 0 permit ip source 172.10.11.0 0.0.0.255
rule 5 permit ip source 172.10.12.0 0.0.0.255
rule 10 permit ip source 172.10.10.100 0
rule 15 permit ip source 172.10.13.0 0.0.0.255
rule 20 permit ip source 110.110.0.0 0.0.0.255
rule 25 permit ip source 10.10.80.240 0.0.0.14
#
acl advanced 3003
rule 5 permit ip source 172.10.10.0 0.0.0.255
#
acl advanced 3004
rule 0 permit ip source 172.10.20.0 0.0.0.255
rule 5 permit ip source 172.10.21.0 0.0.0.255
rule 10 permit ip source 172.10.22.0 0.0.0.255
rule 15 permit ip source 172.10.23.0 0.0.0.255
#
acl advanced 3005
rule 0 permit ip source 110.110.0.0 0.0.0.255
#
acl advanced name GigabitEthernet0/5
rule 5 deny ip source 172.10.11.57 0
rule 5 comment 1
rule 10 deny ip source 172.10.11.56 0
rule 10 comment 2
rule 15 deny ip source 172.10.11.42 0
rule 15 comment 2
rule 20 deny ip source 172.10.11.97 0
rule 20 comment 4
rule 30 deny ip source 172.10.11.107 0
rule 30 comment 5
rule 35 deny ip source 172.10.11.98 0
rule 35 comment
rule 40 deny ip source 172.10.11.102 0
rule 40 comment 六
rule 45 deny ip source 172.10.11.46 0
rule 45 comment
rule 50 deny ip source 172.10.11.53 0
rule 50 comment
rule 55 deny ip source 172.10.11.63 0
rule 55 comment
rule 60 deny ip source 172.10.11.150 0
rule 60 comment
rule 65 deny ip source 172.10.11.151 0
rule 65 comment
rule 70 deny ip source 172.10.11.86 0
rule 70 comment
rule 75 deny ip source 172.10.11.249 0
rule 75 comment
rule 80 deny ip source 172.10.11.60 0
rule 80 comment
rule 85 deny ip source 172.10.11.66 0
rule 85 comment
rule 90 deny ip source 172.10.11.103 0
rule 90 comment
rule 95 deny ip source 172.10.11.105 0
rule 95 comment
rule 100 deny ip source 172.10.11.106 0
rule 100 comment
rule 115 deny ip source 172.10.11.3 0
rule 115 comment
rule 120 deny ip source 172.10.11.84 0
rule 120 comment
rule 125 deny ip source 172.10.11.41 0
rule 125 comment
rule 130 deny ip source 172.10.11.108 0
rule 130 comment
rule 135 deny ip source 172.10.11.71 0
rule 135 comment
rule 140 deny ip source 172.10.11.74 0
rule 140 comment
rule 145 deny ip source 172.10.11.90 0
rule 145 comment
rule 155 deny ip source 172.10.12.6 0
rule 155 comment
rule 170 deny ip source 172.10.11.65 0
rule 170 comment
rule 205 deny ip source 172.10.11.36 0
rule 205 comment
#
acl advanced name g0/05
#
acl advanced name g0/5
#
domain system
authentication ppp local
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$3SchHC3Z+Mv7B3KD$qxGKSGA43NlfcQnmUVnK3XlxNT0dAAkzU42F3o3ULygQ1Rg+CRNPNzPaL2wc9k+Rb8m3TLtb/5K8Gjr5rDPqhQ==
service-type telnet http https
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
#
local-user h3c class manage
password hash $h$6$wgFVi1CyKLfEsWzA$1T+d2ClFy0wfB4VomkTm+vk0OnXHlmDPqvpTqokB8C81NJeZpF92t5PEm1ZBUP3w58AT79yxDV9LTEtcakzBnQ==
service-type telnet
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user system class network
password cipher $c$3$B6NS3CGkRdav6z3W9v9jclwBauzVS/tIoA==
service-type ppp
authorization-attribute user-role network-operator
#
l2tp-group 1 mode lns
allow l2tp virtual-template 1
undo tunnel authentication
tunnel name LNS
#
l2tp enable
#
ip http enable
ip https enable
#
wlan global-configuration
control-address disable
#
wlan ap-group default-group
#
cloud-management server domain oasis.h3c.com
- 2021-07-17提问
- 举报
-
(0)
最佳答案
您好,请知:
外网口需要配置为nat outbound,以下是参考命令:
int gi 1/0/1
nat outbound
quit
其次需配置默认路由指向到公网。
- 2021-07-17回答
- 评论(1)
- 举报
-
(0)
interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 100.100.100.100 255.255.255.0 ip last-hop hold nat hairpin enable nat outbound,,配置了
您好:
截出来的外网接口配置,没有nat outbound的配置,建议添加;并且增加指向公网网关的缺省路由
- 2021-07-17回答
- 评论(1)
- 举报
-
(0)
interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 100.100.100.100 255.255.255.0 ip last-hop hold nat hairpin enable nat outbound
interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 100.100.100.100 255.255.255.0 ip last-hop hold nat hairpin enable nat outbound
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 100.100.100.100 255.255.255.0 ip last-hop hold nat hairpin enable nat outbound,,配置了