F1060 能配置DNS代理吗？如何配置？

加上了，不起作用。 GigabitEthernet1/0/2，GigabitEthernet1/0/4 两条外线做链路均衡 GigabitEthernet1/0/6 接深信服上网行为管理（网桥模式接内网） GigabitEthernet1/0/8 有个内网服务 已停用，不用考虑 GigabitEthernet1/0/10 外线，已停用，不用考虑 现在在防火墙上ping 外部dns服务器202.99.166.4不通，也不能解析 主要配置如下： <QHD-F1060>display saved-configuration # version 7.1.064, Ess 9310P11 # sysname QHD-F1060 # clock timezone Lisbon add 00:00:00 clock protocol none # context Admin id 1 # ip vpn-instance management route-distinguisher 1000000000:1 vpn-target 1000000000:1 import-extcommunity vpn-target 1000000000:1 export-extcommunity # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dns proxy enable dns server 202.99.166.4 # password-recovery enable # vlan 1 # object-group ip address APP- description APP- 0 network host address 192.168.1.6 # object-group service 80 0 service tcp destination eq 80 # object-group service 8082 0 service tcp destination eq 8082 # nqa template icmp t1 reaction trigger per-probe ttl 2 # interface NULL0 # interface GigabitEthernet1/0/0 port link-mode route ip binding vpn-instance management ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode route # interface GigabitEthernet1/0/2 port link-mode route description UPlink_wan1 ip address 121.22.xx.xx 255.255.255.248 ip last-hop hold nat outbound 3010 # interface GigabitEthernet1/0/3 port link-mode route # interface GigabitEthernet1/0/4 port link-mode route description UPlink_wan2 ip address 121.22.xx.zz 255.255.255.252 ip last-hop hold nat outbound 3010 nat server protocol tcp global 121.22.xx.zz 8082 inside 192.168.1.6 8082 # interface GigabitEthernet1/0/5 port link-mode route # interface GigabitEthernet1/0/6 port link-mode route description downlink_SANGFOR ip address 10.10.10.1 255.255.255.0 nat server protocol tcp global 121.22.xx.zz 8082 inside 192.168.1.6 8082 # interface GigabitEthernet1/0/7 port link-mode route # interface GigabitEthernet1/0/8 port link-mode route description downlink_APP-server ip address 192.168.1.5 255.255.255.252 ip last-hop hold # interface GigabitEthernet1/0/9 port link-mode route # interface GigabitEthernet1/0/10 port link-mode route description Uplink-yidong /dianxin ip address 106.8.xx.xx 255.255.255.0 nat outbound 3010 disable # # object-policy ip APP_server-Local rule 0 pass # object-policy ip APP_server-Untrust rule 0 pass source-ip APP-ervice http rule 1 pass service dns-tcp rule 2 pass service dns-udp # object-policy ip Local-Any rule 0 pass # object-policy ip Trust-APP_server rule 0 pass service 8082 # object-policy ip Trust-Local rule 0 pass # object-policy ip Trust-Untrust rule 0 pass # object-policy ip Untrust-APP_server rule 0 pass service 8082 # object-policy ip Untrust-Local rule 0 pass disable # object-policy ip Untrust-Trust rule 0 pass disable # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/6 import interface GigabitEthernet1/0/12 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/2 import interface GigabitEthernet1/0/4 import interface GigabitEthernet1/0/10 # security-zone name Management import interface GigabitEthernet1/0/0 # security-zone name APP_server import interface GigabitEthernet1/0/8 # zone-pair security source APP_server destination Local object-policy apply ip APP_server-Local # zone-pair security source APP_server destination Untrust object-policy apply ip APP_server-Untrust # zone-pair security source Local destination Any object-policy apply ip Local-Any # zone-pair security source Trust destination APP_server object-policy apply ip Trust-APP_server # zone-pair security source Trust destination Local object-policy apply ip Trust-Local # zone-pair security source Trust destination Untrust object-policy apply ip Trust-Untrust # zone-pair security source Untrust destination APP_server object-policy apply ip Untrust-APP_server # zone-pair security source Untrust destination Local object-policy apply ip Untrust-Local # zone-pair security source Untrust destination Trust object-policy apply ip Untrust-Trust # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 authentication-mode scheme user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ssh server enable # acl advanced 3010 rule 6 permit ip source 192.168.1.6 0 rule 10 permit ip source 10.10.10.0 0.0.0.255 # acl advanced 3500 rule 11 permit ip destination 192.168.1.4 0.0.0.3 # domain system # aaa session-limit ftp 16 aaa session-limit telnet 16 aaa session-limit ssh 16 domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system identity-member user linlei # local-user admin class manage password hash $h$6$YXz33589OI4vJkQUdcbAuR$x/XYjApnASXRn9rtkvgffYsaY79zVy0ptQ/6Z3XREejQ2Nylg3fMz9/bo/fI1NfqwY0DfZxZ/PJqqpMid3EKOuTXbw== service-type ssh telnet terminal https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # # ip https enable # loadbalance link-group lg1 fail-action reschedule transparent enable probe t1 # loadbalance class lb type link-generic match-any match 1 source ip address 192.168.1.4 30 match 2 source ip address 10.10.10.0 24 # loadbalance class to_neiwang type link-generic match-any match 1 acl 3500 # loadbalance action ##defaultactionforllbipv4##%%autocreatedbyweb%% type link-generic forward all # loadbalance action lb_act type link-generic link-group lg1 fallback-action continue # loadbalance action ob$action$#for#lb type link-generic link-group lg1 # loadbalance action ob$action$#for#to_neiwang type link-generic forward all # loadbalance action to_neiwang type link-generic link-group app_server # loadbalance policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%% type link-generic class to_neiwang action ob$action$#for#to_neiwang class lb action ob$action$#for#lb default-class action ##defaultactionforllbipv4##%%autocreatedbyweb%% # virtual-server ##defaultvsforllbipv4##%%autocreatedbyweb%% type link-ip virtual ip address 0.0.0.0 0 lb-policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%% default link-group lg1 service enable # loadbalance alg h323 # loadbalance link link_yidong router ip 106.8.xx.1 weight 180 shutdown probe t1 # loadbalance link wan1 router ip 121.22.xx.xx-1 link-group lg1 weight 10 probe t1 # loadbalance link wan2 router ip 121.22.xx.zz-1 link-group lg1 weight 200 probe t1 # traffic-policy # ips policy default # anti-virus policy default # return

格式有点乱

解决了，加上一条访问DNS SERVER的静态路由