路由问题

现在在外网访问http://119.135.191.90:6800可以,,,,

在192.168.12.0的网络上可以访问http://192.168.12.193:6800

为什么在192.168.13.0的网络不能访问.要怎么做才可以呢?

 

路由配置如何下

#

version 7.1.064, Release 0809P02

#

sysname H3C

#

clock timezone Beijing add 08:00:00

clock protocol none

#

qos carl 3 source-ip-address object-group 250 per-address shared-bandwidth

qos carl 4 destination-ip-address object-group 250 per-address shared-bandwidth

#

security-zone intra-zone default permit

#

ip pool GE0/3pool 10.10.10.2 10.10.10.50 

ip pool GE0/4pool 10.10.1.2 10.10.1.50 

#

ip load-sharing mode per-flow src-ip global

#

bandwidth-based-sharing

#

dhcp enable

dhcp server always-broadcast

#

dns proxy enable

#

password-recovery enable

#

vlan 1

#

object-group ip address 12.193

0 network range 192.168.12.192 192.168.12.194

#

object-group ip address 250

0 network host address 192.168.12.250

#

object-group ip address dstgroup61

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup62

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup63

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup71

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup72

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup73

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup74

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup75

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup76

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address dstgroup77

1004 network subnet 0.0.0.0 0.0.0.0

#

object-group ip address srcgroup61

1004 network range 10.10.10.1 10.10.10.255

#

object-group ip address srcgroup62

1004 network host address 192.168.12.193

#

object-group ip address srcgroup63

1004 network host address 192.168.12.196

#

object-group ip address srcgroup71

1004 network range 192.168.13.160 192.168.13.165

#

object-group ip address srcgroup72

1004 network range 10.10.1.1 10.10.1.255

#

object-group ip address srcgroup73

1004 network host address 192.168.13.10

#

object-group ip address srcgroup74

1004 network host address 192.168.13.11

#

object-group ip address srcgroup75

1004 network host address 192.168.13.251

#

object-group ip address srcgroup76

1004 network host address 192.168.13.179

#

object-group ip address srcgroup77

1004 network host address 192.168.13.190

#

object-group ip address wifi

#

dhcp server ip-pool GE2

gateway-list 192.168.16.1

network 192.168.16.0 mask 255.255.255.0

address range 192.168.16.0 192.168.16.255

dns-list 202.96.128.86 202.96.128.166

forbidden-ip-range 192.168.16.1 192.168.16.1

#

dhcp server ip-pool GE3

gateway-list 192.168.12.1

network 192.168.12.0 mask 255.255.255.0

address range 192.168.12.130 192.168.12.190

dns-list 202.96.128.86 202.96.128.166

forbidden-ip-range 192.168.12.1 192.168.12.1

static-bind ip-address 192.168.12.104 mask 255.255.255.0 hardware-address 94de-8046-9bcc

static-bind ip-address 192.168.12.120 mask 255.255.255.0 hardware-address 00e0-66fe-73c9

#

dhcp server ip-pool GE4

gateway-list 192.168.13.1

network 192.168.13.0 mask 255.255.255.0

address range 192.168.13.100 192.168.13.150

dns-list 202.96.128.86 202.96.128.166

forbidden-ip-range 192.168.13.1 192.168.13.1

static-bind ip-address 192.168.13.57 mask 255.255.255.0 hardware-address 74d4-3568-4180

static-bind ip-address 192.168.13.171 mask 255.255.255.0 hardware-address 0017-6112-af08

#

policy-based-route pbr6 permit node 1

if-match acl name acl61

apply next-hop 192.168.5.1

apply output-interface GigabitEthernet0/1

#

policy-based-route pbr6 permit node 2

if-match acl name acl62

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr6 permit node 3

if-match acl name acl63

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 1

if-match acl name acl71

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 2

if-match acl name acl72

apply next-hop 192.168.5.1

apply output-interface GigabitEthernet0/1

#

policy-based-route pbr7 permit node 3

if-match acl name acl73

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 4

if-match acl name acl74

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 5

if-match acl name acl75

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 6

if-match acl name acl76

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

policy-based-route pbr7 permit node 7

if-match acl name acl77

apply next-hop 119.135.191.89

apply output-interface GigabitEthernet0/0

#

controller Cellular0/0

#

interface Virtual-Template0

description GE0/3

ppp authentication-mode pap chap 

ppp ipcp dns 202.96.128.86 202.96.128.166 

remote address pool GE0/3pool 

ip address 10.10.10.1 255.255.255.0

#

interface Virtual-Template1

description GE0/4

ppp authentication-mode pap chap 

ppp ipcp dns 202.96.128.86 202.96.128.166 

remote address pool GE0/4pool 

ip address 10.10.1.1 255.255.255.0

#

interface NULL0

#

interface Vlan-interface1

description LAN-interface

ip address 192.168.100.254 255.255.254.0

tcp mss 1280

undo dhcp select server

#

interface GigabitEthernet0/0

port link-mode route

description Double_Line1

bandwidth 10000

combo enable copper

ip address 119.135.191.90 255.255.255.248

dns server 202.96.128.86

dns server 202.96.128.166

tcp mss 1280

nat outbound

nat server protocol tcp global current-interface 6001 6011 inside 192.168.12.193 6001 6011

nat server protocol tcp global current-interface 8001 inside 192.168.13.160 8000 description 环保监控8000

nat server protocol tcp global current-interface 8002 inside 192.168.13.160 8002 description 环保监控554

nat server protocol tcp global current-interface 9001 9003 inside 192.168.13.179 9001 9003

nat server protocol tcp global current-interface 9004 9006 inside 192.168.13.251 9004 9006

nat server protocol tcp global current-interface 9007 inside 192.168.12.196 9007

nat server protocol tcp global current-interface 9008 inside 192.168.13.10 8000

nat server protocol tcp global current-interface 9009 inside 192.168.13.11 8000

nat server protocol tcp global current-interface 9010 inside 192.168.13.190 8000

nat server protocol udp global current-interface 8001 inside 192.168.13.160 8000 description 环保监控

nat server protocol udp global current-interface 8002 inside 192.168.13.160 8002 description 环保监控5

#

interface GigabitEthernet0/1

port link-mode route

description Double_Line2

bandwidth 500000

ip address 192.168.5.2 255.255.255.0

dns server 202.96.128.86

dns server 202.96.128.166

tcp mss 1280

qos car inbound carl 4 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass

qos car outbound carl 3 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass

nat outbound

#

interface GigabitEthernet0/2

port link-mode route

description LAN-interface

ip address 192.168.16.1 255.255.255.0

tcp mss 1280

packet-filter name WebHttpHttps5 inbound

#

interface GigabitEthernet0/3

port link-mode route

description LAN-interface

ip address 192.168.12.1 255.255.255.0

tcp mss 1280

packet-filter name WebHttpHttps6 inbound

ip policy-based-route pbr6

pppoe-server bind virtual-template 0

#

interface GigabitEthernet0/4

port link-mode route

description LAN-interface

ip address 192.168.13.1 255.255.255.0

tcp mss 1280

ip policy-based-route pbr7

pppoe-server bind virtual-template 1

#

interface GigabitEthernet0/5

port link-mode route

packet-filter name WebHttpHttps8 inbound

#

object-policy ip Any-Any

rule 65533 inspect 8048_url_profile_global

rule 65534 pass

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet0/2

import interface GigabitEthernet0/3

import interface GigabitEthernet0/4

import interface Virtual-Template0

import interface Virtual-Template1

import interface Vlan-interface1

#

security-zone name DMZ

#

security-zone name Untrust

import interface GigabitEthernet0/0

import interface GigabitEthernet0/1

#

security-zone name Management

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

#

zone-pair security source Local destination Trust

packet-filter name SWXWSGL

#

zone-pair security source Local destination Untrust

packet-filter name SWXWSGL

#

zone-pair security source Trust destination Local

packet-filter name SWXWSGL

#

zone-pair security source Untrust destination Local

packet-filter name SWXWSGL

#

scheduler logfile size 16

#

line class console

user-role network-admin

#

line class tty

user-role network-operator

#

line class vty

user-role network-operator

#

line con 0

user-role network-admin

#

line vty 0 63

authentication-mode scheme

user-role network-operator

#

ip route-static 0.0.0.0 0 GigabitEthernet0/0 119.135.191.89

ip route-static 0.0.0.0 0 GigabitEthernet0/1 192.168.5.1

#

arp static 192.168.11.3 3085-a9ae-4e28

arp static 192.168.11.4 2c4d-549c-29d5

arp static 192.168.11.5 408d-5c64-1825

arp static 192.168.11.6 00e0-4c68-08a7

arp static 192.168.11.7 74d4-354c-68f7

arp static 192.168.11.8 fcaa-1491-8fdf

arp static 192.168.11.9 94de-8066-7c4a

arp static 192.168.11.10 6c4b-9092-bf00

arp static 192.168.11.230 f430-b974-40ea

#

time-range tr61 00:00 to 23:59 daily 

time-range tr62 00:00 to 23:59 daily 

time-range tr63 00:00 to 23:59 daily 

time-range tr71 00:00 to 23:59 daily 

time-range tr72 00:00 to 23:59 daily 

time-range tr73 00:00 to 23:59 daily 

time-range tr74 00:00 to 23:59 daily 

time-range tr75 00:00 to 23:59 daily 

time-range tr76 00:00 to 23:59 daily 

time-range tr77 00:00 to 23:59 daily 

time-range work 08:30 to 17:30 daily 

#

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

#

acl advanced name SWXWSGL

rule 1 permit ip

#

acl advanced name WebHttpHttps3

#

acl advanced name WebHttpHttps4

#

acl advanced name WebHttpHttps5

rule 65533 permit tcp destination-port eq www

rule 65534 permit tcp destination-port eq 443

#

acl advanced name WebHttpHttps6

rule 65533 permit tcp destination-port eq www

rule 65534 permit tcp destination-port eq 443

#

acl advanced name WebHttpHttps8

rule 65533 permit tcp destination-port eq www

rule 65534 permit tcp destination-port eq 443

#

acl advanced name WebHttpHttps17413

#

acl advanced name acl61

rule 1 permit ip source object-group srcgroup61 destination object-group dstgroup61 time-range tr61

rule 1 comment 500M

#

acl advanced name acl62

rule 1 permit ip source object-group srcgroup62 destination object-group dstgroup62 time-range tr62

rule 1 comment --

#

acl advanced name acl63

rule 1 permit ip source object-group srcgroup63 destination object-group dstgroup63 time-range tr63

rule 1 comment --

#

acl advanced name acl71

rule 1 permit ip source object-group srcgroup71 destination object-group dstgroup71 time-range tr71

rule 1 comment --

#

acl advanced name acl72

rule 1 permit ip source object-group srcgroup72 destination object-group dstgroup72 time-range tr72

rule 1 comment 500M

#

acl advanced name acl73

rule 1 permit ip source object-group srcgroup73 destination object-group dstgroup73 time-range tr73

rule 1 comment --

#

acl advanced name acl74

rule 1 permit ip source object-group srcgroup74 destination object-group dstgroup74 time-range tr74

rule 1 comment --

#

acl advanced name acl75

rule 1 permit ip source object-group srcgroup75 destination object-group dstgroup75 time-range tr75

rule 1 comment --

#

acl advanced name acl76

rule 1 permit ip source object-group srcgroup76 destination object-group dstgroup76 time-range tr76

rule 1 comment --

#

acl advanced name acl77

rule 1 permit ip source object-group srcgroup77 destination object-group dstgroup77 time-range tr77

rule 1 comment --

#

password-control enable 

undo password-control aging enable 

undo password-control history enable 

password-control length 6

password-control login-attempt 3 exceed lock-time 10

password-control update-interval 0

password-control login idle-time 0

password-control complexity user-name check

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

service-type telnet http https

authorization-attribute user-role network-admin

#

local-user chen841 class network

password cipher $c$3$pkc1S4Nl4EwtakZFd/ObKEVR2xCbv9U6VfQ=

service-type ppp

authorization-attribute user-role network-operator

description 陈总

#

local-user ws843 class network

password cipher $c$3$I05D4dFEZpxbY5NjLHZPpKNx/yY7BWvf

service-type ppp

authorization-attribute user-role network-operator

description ws843

#

session statistics enable

#

connection-limit apply global policy 32

#

connection-limit policy 32

#

ip http port 8088

ip http enable

ip https enable

#

url-filter policy 8048_url_profile_global

default-action permit

add blacklist 2 host text ***.***

add blacklist 3 host text ***.***

add blacklist 4 host text ***.***

add blacklist 5 host text ***.***

add blacklist 6 host text ***.***

add blacklist 7 host text ***.***

add blacklist 8 host text ***.***

add blacklist 9 host text ***.***

add blacklist 10 host text ***.***

add blacklist 11 host text ***.***

add blacklist 12 host text ***.***

add blacklist 13 host text ***.***

add blacklist 14 host text ***.***

add blacklist 15 host text ***.***

#

url-filter category custom severity 65535

#

app-profile 8048_url_profile_global

url-filter apply policy 8048_url_profile_global

#

dac storage service traffic limit hold-time 1

#

return