端口映射

msr20路由器端口映射完，局域网可以访问网站，广域网无法访问

 # version 5.20, Release 2513P02, Standard # sysname msr20-20 # super password level 3 cipher $c$3$ecbDExt4twOIFnKvblt/ZPBYeVN3cB6CKA== # l2tp enable # domain default enable system # telnet server enable # dar p2p signature-file cfa0:/p2p_default.mtd # port-security enable # ip http port 8080 # web idle-timeout 60 # password-recovery enable # acl number 3000 rule 10 permit ip source 20.13.2.0 0.0.0.255 destination 10.10.10.0 0.0.0.255 acl number 3001 rule 10 deny ip source 20.13.2.0 0.0.0.255 destination 10.10.10.0 0.0.0.255 rule 11 permit ip source 20.13.2.30 0 rule 12 permit ip source 20.13.2.31 0 rule 13 permit ip source 20.13.2.32 0 rule 14 permit ip source 20.13.2.33 0 rule 15 permit ip source 20.13.2.34 0 rule 16 permit ip source 20.13.2.35 0 rule 17 permit ip source 20.13.2.36 0 rule 18 permit ip source 20.13.2.37 0 rule 19 permit ip source 20.13.2.38 0 rule 20 permit ip source 20.13.2.39 0 rule 21 permit ip source 20.13.2.40 0 rule 22 permit ip source 20.13.2.253 0 rule 23 permit ip source 20.13.2.254 0 rule 25 permit ip source 20.13.2.21 0 # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable ip pool 1 192.168.8.2 192.168.8.100 # ike proposal 10 authentication-algorithm md5 # ike peer tobj pre-shared-key cipher $c$3$GMJIF9YRTcFmW+SZLpj5p1cqs6nDlyA33hS71A== remote-address 219.141.207.185 local-address 222.223.168.74 # ipsec transform-set tobj encapsulation-mode tunnel transform esp esp authentication-algorithm md5 esp encryption-algorithm des # ipsec policy tobj 10 isakmp security acl 3000 pfs dh-group1 ike-peer tobj transform-set tobj # user-group system group-attribute allow-guest # local-user admin local-user anhe password cipher $c$3$TJho90UHViGh9PMESDjkHH5DsBAGIUri9Q== authorization-attribute level 3 service-type telnet service-type web local-user ciming password cipher $c$3$N6dgDBhURxLH9IctcKJXMhRco5XnW6HrVc4qdw== authorization-attribute level 3 service-type ssh telnet local-user cmjm password cipher $c$3$7kCY7x89riJiOpOPsHtmMYv36OUG+dZ8cGYoqlWt+Q== authorization-attribute level 3 service-type ssh local-user cmjmzjk password cipher $c$3$na1jpBMTPies1gLNxi4Mim5nqsvNn6hWsVEx service-type ppp # cwmp undo cwmp enable # l2tp-group 1 undo tunnel authentication allow l2tp virtual-template 10 remote cmjm # interface Aux0 async mode flow link-protocol ppp # interface Cellular0/0 async mode protocol link-protocol ppp # interface Ethernet0/0 port link-mode route description connect_to_neiwang ip address 20.13.2.1 255.255.255.0 # interface Ethernet0/1 port link-mode route description connect_to_waiwang nat outbound 3001 nat server 1 protocol tcp global current-interface www inside 20.13.2.231 www ip address 222.223.168.74 255.255.255.224 ipsec policy tobj # interface Virtual-Template10 ppp authentication-mode chap remote address pool 1 ip address 192.168.8.1 255.255.255.0 # interface NULL0 # interface Vlan-interface1 # ip route-static 0.0.0.0 0.0.0.0 222.223.168.65 # snmp-agent snmp-agent local-engineid 800063A2035CDD70C333CC snmp-agent community read cmzy snmp-agent sys-info version all undo snmp-agent trap enable voice dial # ssh server enable ssh user admin service-type stelnet authentication-type password # load xml-configuration # load tr069-configuration # user-interface con 0 user-interface tty 13 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return