• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

防火墙端口映射失败

2024-08-19提问
  • 0关注
  • 0收藏,134浏览
zhiliao_vNuKkj
zhiliao_vNuKkj 零段
粉丝:0人 关注:0人

问题描述:

外网终端不能通过公网IP地址访问内网服务器,nat是在防火墙上做的,有哪位大佬方便看看呢

 

5 个回答
按时间 按赞数
资深小白
资深小白 二段
粉丝:0人 关注:3人

查看下有没有会话,安全策略有没有放通,内网测试下能不能访问服务器,外网的端口是否是80,443,这类端口需要备案,如果不是的话外网换个端口号试试

内网是可以访问的,telnet端口也可以通

zhiliao_vNuKkj 发表时间:2024-08-19
zhiliao_sEUyB
zhiliao_sEUyB 九段
粉丝:119人 关注:8人

公网端口用的那个端口号

映射了两个端口,一个8084,一个5000,内外网端口一致

zhiliao_vNuKkj 发表时间:2024-08-19
我叫高启强
我叫高启强 四段
粉丝:2人 关注:10人

配置 贴出来看下。怎么映射的

dis cu # version 5.20, Release 5142P02 # sysname F100-S-G # undo voice vlan mac-address 00e0-bb00-0000 # interzone policy default by-priority # domain default enable system # telnet server enable # port-security enable # undo alg dns undo alg rtsp undo alg h323 undo alg sip undo alg sqlnet undo alg pptp undo alg ils undo alg nbt undo alg msn undo alg qq undo alg tftp undo alg sccp undo alg gtp # session synchronization enable session mode hybrid # password-recovery enable # acl number 2005 rule 10 permit source 10.24.10.0 0.0.0.255 rule 15 permit source 100.100.100.4 0.0.0.3 rule 20 permit source 10.24.60.0 0.0.0.255 rule 25 permit source 10.24.11.0 0.0.0.255 acl number 2006 rule 0 permit source 10.24.10.0 0.0.0.255 rule 10 permit source 10.24.11.0 0.0.0.255 # vlan 1 # vlan 100 description 办公网络 # vlan 110 description 监控网络 # vlan 130 description 生产网络 # domain system access-limit disable state active idle-cut disable self-service-url disable # pki domain default crl check disable # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$Ak3DJff1GS1ttXh24LfFwRZmiCWE/htWxdVv authorization-attribute level 3 service-type telnet service-type web # cwmp undo cwmp enable # interface NULL0 # interface GigabitEthernet0/0 port link-mode route qos max-bandwidth 1000000 ip address 192.168.0.1 255.255.255.0 qos lr outbound cir 1000000 cbs 19375000 # interface GigabitEthernet0/1 port link-mode route description to-waiwang nat outbound nat outbound 2005 nat server protocol tcp global 118.122.194.67 4899 inside 10.24.11.130 4899 nat server protocol udp global 118.122.194.67 4899 inside 10.24.11.130 4899 nat server protocol tcp global 118.122.194.67 554 inside 10.24.11.1 554 nat server protocol tcp global 118.122.194.67 8081 inside 10.24.11.1 www nat server protocol tcp global 118.122.194.67 61616 inside 10.24.11.1 61616 nat server protocol tcp global 118.122.194.67 6000 inside 10.24.11.1 6000 nat server protocol tcp global 118.122.194.67 6010 inside 10.24.11.1 6010 nat server protocol tcp global 118.122.194.67 6001 inside 10.24.11.1 6001 nat server protocol udp global 118.122.194.67 10000 inside 10.24.11.1 10000 nat server protocol udp global 118.122.194.67 10001 inside 10.24.11.1 10001 nat server protocol tcp global 118.122.194.67 6300 inside 10.24.11.1 6300 nat server protocol tcp global 118.122.194.67 6302 inside 10.24.11.1 6302 nat server protocol tcp global 118.122.194.67 6357 inside 10.24.11.1 6357 nat server protocol tcp global 118.122.194.67 6366 inside 10.24.11.1 6366 nat server protocol tcp global 118.122.194.67 6354 inside 10.24.11.1 6354 nat server protocol tcp global 118.122.194.67 6310 inside 10.24.11.1 6310 nat server protocol tcp global 118.122.194.67 6301 inside 10.24.11.1 6301 nat server protocol udp global 118.122.194.67 15000 inside 10.24.11.1 15000 nat server protocol udp global 118.122.194.67 15001 inside 10.24.11.1 15001 nat server protocol udp global 118.122.194.67 10002 inside 10.24.11.1 10002 nat server protocol udp global 118.122.194.67 10003 inside 10.24.11.1 10003 nat server protocol udp global 118.122.194.67 10004 inside 10.24.11.1 10004 nat server protocol udp global 118.122.194.67 10005 inside 10.24.11.1 10005 nat server protocol udp global 118.122.194.67 10006 inside 10.24.11.1 10006 nat server protocol udp global 118.122.194.67 10007 inside 10.24.11.1 10007 nat server protocol udp global 118.122.194.67 10008 inside 10.24.11.1 10008 nat server protocol udp global 118.122.194.67 10009 inside 10.24.11.1 10009 nat server protocol udp global 118.122.194.67 10010 inside 10.24.11.1 10010 nat server protocol udp global 118.122.194.67 10011 inside 10.24.11.1 10011 nat server protocol udp global 118.122.194.67 10012 inside 10.24.11.1 10012 nat server protocol udp global 118.122.194.67 10013 inside 10.24.11.1 10013 nat server protocol udp global 118.122.194.67 10014 inside 10.24.11.1 10014 nat server protocol udp global 118.122.194.67 10015 inside 10.24.11.1 10015 nat server protocol udp global 118.122.194.67 10016 inside 10.24.11.1 10016 nat server protocol udp global 118.122.194.67 10017 inside 10.24.11.1 10017 nat server protocol udp global 118.122.194.67 10018 inside 10.24.11.1 10018 nat server protocol udp global 118.122.194.67 10019 inside 10.24.11.1 10019 nat server protocol udp global 118.122.194.67 10020 inside 10.24.11.1 10020 nat server protocol udp global 118.122.194.67 10021 inside 10.24.11.1 10021 nat server protocol udp global 118.122.194.67 10022 inside 10.24.11.1 10022 nat server protocol udp global 118.122.194.67 10023 inside 10.24.11.1 10023 nat server protocol udp global 118.122.194.67 10024 inside 10.24.11.1 10024 nat server protocol udp global 118.122.194.67 10025 inside 10.24.11.1 10025 nat server protocol udp global 118.122.194.67 10026 inside 10.24.11.1 10026 nat server protocol udp global 118.122.194.67 10027 inside 10.24.11.1 10027 nat server protocol udp global 118.122.194.67 10028 inside 10.24.11.1 10028 nat server protocol tcp global 118.122.194.67 6400 inside 10.24.11.1 6400 nat server protocol tcp global 118.122.194.67 6402 inside 10.24.11.1 6402 nat server protocol tcp global 118.122.194.67 6454 inside 10.24.11.1 6454 nat server protocol tcp global 118.122.194.67 6410 inside 10.24.11.1 6410 nat server protocol tcp global 118.122.194.67 6401 inside 10.24.11.1 6401 nat server protocol tcp global 118.122.194.67 6100 inside 10.24.11.1 6100 nat server protocol udp global 118.122.194.67 10029 inside 10.24.11.1 10029 nat server protocol udp global 118.122.194.67 10030 inside 10.24.11.1 10030 nat server protocol udp global 118.122.194.67 10031 inside 10.24.11.1 10031 nat server protocol udp global 118.122.194.67 10032 inside 10.24.11.1 10032 nat server protocol udp global 118.122.194.67 10033 inside 10.24.11.1 10033 nat server protocol udp global 118.122.194.67 10034 inside 10.24.11.1 10034 nat server protocol udp global 118.122.194.67 10035 inside 10.24.11.1 10035 nat server protocol udp global 118.122.194.67 10036 inside 10.24.11.1 10036 nat server protocol udp global 118.122.194.67 10037 inside 10.24.11.1 10037 nat server protocol udp global 118.122.194.67 10038 inside 10.24.11.1 10038 nat server protocol udp global 118.122.194.67 10039 inside 10.24.11.1 10039 nat server protocol udp global 118.122.194.67 10040 inside 10.24.11.1 10040 nat server protocol udp global 118.122.194.67 10041 inside 10.24.11.1 10041 nat server protocol udp global 118.122.194.67 10042 inside 10.24.11.1 10042 nat server protocol udp global 118.122.194.67 10043 inside 10.24.11.1 10043 nat server protocol udp global 118.122.194.67 10044 inside 10.24.11.1 10044 nat server protocol udp global 118.122.194.67 10045 inside 10.24.11.1 10045 nat server protocol udp global 118.122.194.67 10046 inside 10.24.11.1 10046 nat server protocol udp global 118.122.194.67 10047 inside 10.24.11.1 10047 nat server protocol udp global 118.122.194.67 10048 inside 10.24.11.1 10048 nat server protocol udp global 118.122.194.67 10049 inside 10.24.11.1 10049 nat server protocol udp global 118.122.194.67 10050 inside 10.24.11.1 10050 qos max-bandwidth 1000000 ip address 118.122.194.67 255.255.255.0 qos lr outbound cir 1000000 cbs 19375000 # interface GigabitEthernet0/2 port link-mode route qos max-bandwidth 1000000 ip address 100.100.100.5 255.255.255.252 qos lr outbound cir 1000000 cbs 19375000 # interface GigabitEthernet0/3 port link-mode route description to-yidong nat outbound nat outbound 2005 nat server protocol tcp global 117.172.146.74 4899 inside 10.24.11.130 4899 nat server protocol udp global 117.172.146.74 4899 inside 10.24.11.130 4899 nat server protocol tcp global 117.172.146.74 554 inside 10.24.11.1 554 nat server protocol tcp global 117.172.146.74 8081 inside 10.24.11.1 www nat server protocol tcp global 117.172.146.74 61616 inside 10.24.11.1 61616 nat server protocol tcp global 117.172.146.74 6000 inside 10.24.11.1 6000 nat server protocol tcp global 117.172.146.74 6010 inside 10.24.11.1 6010 nat server protocol tcp global 117.172.146.74 6001 inside 10.24.11.1 6001 nat server protocol udp global 117.172.146.74 10000 inside 10.24.11.1 10000 nat server protocol udp global 117.172.146.74 10001 inside 10.24.11.1 10001 nat server protocol tcp global 117.172.146.74 6300 inside 10.24.11.1 6300 nat server protocol tcp global 117.172.146.74 6302 inside 10.24.11.1 6302 nat server protocol tcp global 117.172.146.74 6357 inside 10.24.11.1 6357 nat server protocol tcp global 117.172.146.74 6366 inside 10.24.11.1 6366 nat server protocol tcp global 117.172.146.74 6354 inside 10.24.11.1 6354 nat server protocol tcp global 117.172.146.74 6310 inside 10.24.11.1 6310 nat server protocol tcp global 117.172.146.74 6301 inside 10.24.11.1 6301 nat server protocol udp global 117.172.146.74 15000 inside 10.24.11.1 15000 nat server protocol udp global 117.172.146.74 15001 inside 10.24.11.1 15001 nat server protocol udp global 117.172.146.74 10002 inside 10.24.11.1 10002 nat server protocol udp global 117.172.146.74 10003 inside 10.24.11.1 10003 nat server protocol udp global 117.172.146.74 10004 inside 10.24.11.1 10004 nat server protocol udp global 117.172.146.74 10005 inside 10.24.11.1 10005 nat server protocol udp global 117.172.146.74 10006 inside 10.24.11.1 10006 nat server protocol udp global 117.172.146.74 10007 inside 10.24.11.1 10007 nat server protocol udp global 117.172.146.74 10008 inside 10.24.11.1 10008 nat server protocol udp global 117.172.146.74 10009 inside 10.24.11.1 10009 nat server protocol udp global 117.172.146.74 10010 inside 10.24.11.1 10010 nat server protocol udp global 117.172.146.74 10011 inside 10.24.11.1 10011 nat server protocol udp global 117.172.146.74 10012 inside 10.24.11.1 10012 nat server protocol udp global 117.172.146.74 10013 inside 10.24.11.1 10013 nat server protocol udp global 117.172.146.74 10014 inside 10.24.11.1 10014 nat server protocol udp global 117.172.146.74 10015 inside 10.24.11.1 10015 nat server protocol udp global 117.172.146.74 10016 inside 10.24.11.1 10016 nat server protocol udp global 117.172.146.74 10017 inside 10.24.11.1 10017 nat server protocol udp global 117.172.146.74 10018 inside 10.24.11.1 10018 nat server protocol udp global 117.172.146.74 10019 inside 10.24.11.1 10019 nat server protocol udp global 117.172.146.74 10020 inside 10.24.11.1 10020 nat server protocol udp global 117.172.146.74 10021 inside 10.24.11.1 10021 nat server protocol udp global 117.172.146.74 10022 inside 10.24.11.1 10022 nat server protocol udp global 117.172.146.74 10023 inside 10.24.11.1 10023 nat server protocol udp global 117.172.146.74 10024 inside 10.24.11.1 10024 nat server protocol udp global 117.172.146.74 10025 inside 10.24.11.1 10025 nat server protocol udp global 117.172.146.74 10026 inside 10.24.11.1 10026 nat server protocol udp global 117.172.146.74 10027 inside 10.24.11.1 10027 nat server protocol udp global 117.172.146.74 10028 inside 10.24.11.1 10028 nat server protocol tcp global 117.172.146.74 6400 inside 10.24.11.1 6400 nat server protocol tcp global 117.172.146.74 6402 inside 10.24.11.1 6402 nat server protocol tcp global 117.172.146.74 6454 inside 10.24.11.1 6454 nat server protocol tcp global 117.172.146.74 6410 inside 10.24.11.1 6410 nat server protocol tcp global 117.172.146.74 6401 inside 10.24.11.1 6401 nat server protocol tcp global 117.172.146.74 6100 inside 10.24.11.1 6100 nat server protocol udp global 117.172.146.74 10029 inside 10.24.11.1 10029 nat server protocol udp global 117.172.146.74 10030 inside 10.24.11.1 10030 nat server protocol udp global 117.172.146.74 10031 inside 10.24.11.1 10031 nat server protocol udp global 117.172.146.74 10032 inside 10.24.11.1 10032 nat server protocol udp global 117.172.146.74 10033 inside 10.24.11.1 10033 nat server protocol udp global 117.172.146.74 10034 inside 10.24.11.1 10034 nat server protocol udp global 117.172.146.74 10035 inside 10.24.11.1 10035 nat server protocol udp global 117.172.146.74 10036 inside 10.24.11.1 10036 nat server protocol udp global 117.172.146.74 10037 inside 10.24.11.1 10037 nat server protocol udp global 117.172.146.74 10038 inside 10.24.11.1 10038 nat server protocol udp global 117.172.146.74 10039 inside 10.24.11.1 10039 nat server protocol udp global 117.172.146.74 10040 inside 10.24.11.1 10040 nat server protocol udp global 117.172.146.74 10041 inside 10.24.11.1 10041 nat server protocol udp global 117.172.146.74 10042 inside 10.24.11.1 10042 nat server protocol udp global 117.172.146.74 10043 inside 10.24.11.1 10043 nat server protocol udp global 117.172.146.74 10044 inside 10.24.11.1 10044 nat server protocol udp global 117.172.146.74 10045 inside 10.24.11.1 10045 nat server protocol udp global 117.172.146.74 10046 inside 10.24.11.1 10046 nat server protocol udp global 117.172.146.74 10047 inside 10.24.11.1 10047 nat server protocol udp global 117.172.146.74 10048 inside 10.24.11.1 10048 nat server protocol udp global 117.172.146.74 10049 inside 10.24.11.1 10049 nat server protocol udp global 117.172.146.74 10050 inside 10.24.11.1 10050 nat server protocol tcp global 117.172.146.74 8084 inside 10.24.11.243 8084 nat server protocol tcp global 117.172.146.74 5000 inside 10.24.11.243 5000 qos max-bandwidth 1000000 ip address 117.172.146.74 255.255.255.0 qos lr outbound cir 1000000 cbs 19375000 dns server 183.221.253.100 # interface GigabitEthernet0/4 port link-mode route description to-S7503E-S qos max-bandwidth 1000000 ip address 100.100.100.1 255.255.255.0 qos lr outbound cir 1000000 cbs 19375000 # rip 1 undo summary network 0.0.0.0 import-route static # vd Root id 1 # zone name Management id 0 priority 100 import interface GigabitEthernet0/0 zone name Local id 1 priority 100 zone name Trust id 2 priority 85 import interface GigabitEthernet0/2 import interface GigabitEthernet0/4 zone name DMZ id 3 priority 50 zone name Untrust id 4 priority 5 import interface GigabitEthernet0/1 import interface GigabitEthernet0/3 zone name caiwu id 10 priority 1 switchto vd Root object network subnet 10.24.11.130/0.0.0.255 subnet 10.24.11.130 0.0.0.255 zone name Management id 0 ip virtual-reassembly zone name Local id 1 ip virtual-reassembly zone name Trust id 2 ip virtual-reassembly zone name DMZ id 3 ip virtual-reassembly zone name Untrust id 4 ip virtual-reassembly zone name caiwu id 10 ip virtual-reassembly interzone source Untrust destination Trust rule 0 permit source-ip any_address destination-ip 10.24.11.130/0.0.0.255 service any_service # ip route-static 0.0.0.0 0.0.0.0 117.172.146.1 ip route-static 10.24.10.0 255.255.255.0 100.100.100.2 ip route-static 10.24.11.0 255.255.255.0 100.100.100.2 ip route-static 10.24.11.18 255.255.255.255 100.100.100.2 ip route-static 10.24.11.100 255.255.255.255 100.100.100.2 ip route-static 10.24.11.130 255.255.255.255 100.100.100.2 ip route-static 10.24.11.131 255.255.255.255 100.100.100.2 ip route-static 10.24.11.132 255.255.255.255 100.100.100.2 ip route-static 10.24.11.161 255.255.255.255 100.100.100.2 ip route-static 10.24.12.0 255.255.255.0 100.100.100.6 ip route-static 10.24.60.0 255.255.255.0 100.100.100.2 # ntp-service refclock-master # ssh server enable # ip https enable # load xml-configuration # load tr069-configuration # user-interface con 0 user-interface vty 0 4 acl 2006 inbound authentication-mode scheme # return

zhiliao_vNuKkj 发表时间:2024-08-19
zhiliao_KAQOXz
zhiliao_KAQOXz 五段
粉丝:5人 关注:0人

外网口如果是在untrust,内网口在trust的话

需要放通untrust 到trust的安全策略

另外一个,看你的端口是否被运营商封禁,常用的80   443不备案是用不了的

这个域安全策略是放通的 映射的是8084跟5000两个端口

zhiliao_vNuKkj 发表时间:2024-08-19
回复zhiliao_vNuKkj:

内网测试一下服务器这两个端口是不是开放的

zhiliao_KAQOXz 发表时间:2024-08-19
zhiliao_vNuKkj
zhiliao_vNuKkj 知了小白
粉丝:0人 关注:0人



编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
网站相关
关于我们
服务条款
帮助中心
经验与权限
积分规则
联系我们
联系我们
建议反馈
常用链接
标杆的神器下载
关注我们
H3C官网
新华三服务公众号
安仔远程运维服务
新华三商城
内容许可
除特别说明外,用户内容均可采用知识共享署名-相同方式共享3.0中国大陆许可协议进行许可

Copyright©2024新华三集团保留一切权利 当前呈现版本 NO.1

本图标版权归新华三集团所有,仅限本社区使用,切勿用做商业目的,违者必究

浙ICP备09064986号-1   浙公网安备 33010802004416号

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明