欢迎来到天天文库
浏览记录
ID:24308537
大小:70.50 KB
页数:4页
时间:2018-11-13
《nat后网络回流造成内网无法通过公网ip访问应用服务器》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、_、思科设备示例1.1Router示例Router(config)#interfaceeO/ORouter(config-if)#ipadd192.168.1.1255.255.255.0Router(config-if)#ipnatinsideRouter(config)#interfaceeO/1Router(config-if)#ipadd202.101.1.46255.255.255.248Router(config-if)#ipnatoutsideRouter(config)#ipnatinsidesourcestatictcp192.168.1.10080202.
2、101.1.4580Router(config)#access-listlpermit192.168.1.00.0.0.255Router(config)#ipnatinsidesourcelist1interfacee0/loverloadRouter(config)#iproute0.0.0.00.0.0.0202.101.1.41Router(config)#ipdnsserverRouter(config)#ipdomain-lookupRouter(config)#ipname-server202.101.172.46Router(config)#iphostIon
3、g2012.cn192.168.1.100内部网络主机的DNS配置成192.168.1.11.2Firewall示例A方法:static(inside,outside)202.101.1.45192.168丄100netmask255.255.255.255access-listlOOextendedpermittcpanyhost202.101.1.45eq80access-group100ininterfaceousidealias(inside)192.168.1.100202.101.1.45255.255.255.255注意事项:某些FirewalllOS版本下,命
4、令或不可成功,在policy-map添加一条命令即可:policy-mapglobal_policyclassinspection_defaultinspectdnsmaximum-length512B方法:static(inside,outside)202.101.1.45192.168.1.100netmask255.255.255.255dnsaccess-listlOOextendedpermittcpanyhost202.101.1.45eq80access-group100ininterfaceouside二、华为与华三设备示例[h3c]interfaceethe
5、rnetO/O/O[h3c-ethernet0/0/0]ipaddress202.101.1.45255.255.255.248[h3c-ethernet0/0/0]natoutbound2000[h3c-ethernet0/0/0]natserverprotocoltcpglobal202.101.1.45wwwinside192.168.1.100www[h3c-ethernet0/0/0]natserverprotocoltcpglobal202.101.1.45ftpinside192.168.1.100ftp[h3c-ethernet0/0/0]quit[h3c]a
6、clnumber2000[h3c-acl-basic-2000]rule0permitsource192.168.1.00.0.0.255[h3c-acl-basic-2000]rule1deny[h3c]interfaceethernetl/0/0[h3c-ethernetl/0/0]ipaddress192.168.1.1255.255.255.0[h3c]natdns-mapwww.Iong2012.cn202.101.1.4580tcp[h3c]natdns-mapftp.Iong2012.cn202.101.1.4521tcp注意事项:较早的系统版本可能没有natd
7、ns-map命令,可参照如下配置:[h3c]aclnumber3000[h3c-acl-basic-3000]rulepermitipsource192.168.1.00.0.0.255destination192.168.1.1000.0.0.0[h3c]interfaceethernetl/0/0[h3c-ethernetl/0/0]natoutbound3000[h3c-ethernetl/0/0]natserverprotocoltcpglobal202.101.1.45wwwinside192
此文档下载收益归作者所有