如何在运行版本 15.2(4)M6 的 Cisco 路由器上设置端口转发

网络工程 思科 转发端口
2021-07-19 05:50:45

我正在尝试将流量从我网络的公共 IP 转发到网络内的私有 IP,以允许从 LAN 外部访问服务器。不幸的是,我无法弄清楚如何做到这一点。我要连接的私有 IP 是 172.29.1.130,而面向 Internet 的公共 IP 是 5.6.7.8。我要转发的端口是25565,我的配置在这里:

!
!
controller VDSL 0
 shutdown
!
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0
 no ip address
 shutdown
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 switchport access vlan 101
 no ip address
!
interface GigabitEthernet1
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH_LAN$
 ip address 10.10.10.1 255.255.255.248
 ip tcp adjust-mss 1452
!
interface Vlan101
 ip address 172.29.0.253 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface GigabitEthernet1 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 1 permit 172.29.0.0 0.0.255.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 172.29.0.0 0.0.255.255
mac-address-table aging-time 15
no cdp run
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

我需要做什么才能让它工作?

1个回答

您需要一个额外的 NAT(端口转发)规则:

  1. 如果您想在外部接口 GigabitEthernet1 上执行此操作

    ip nat inside source static tcp 172.29.1.130 25565 interface GigabitEthernet1 25565

  2. 如果您想在面向 Internet 的公共 IP(属于您分配的公共 IP 块)上执行此操作 - 5.6.7.8:

    ip nat inside source static tcp 172.29.1.130 25565 5.6.7.8 25565

确保网络中的 ACL 允许来自公共/互联网的此流量。

我希望它有帮助。

其它你可能感兴趣的问题
上一篇为 RJ45 Cisco 3560-CG 系列手动设置组合接口 下一篇Cisco C800 - 即使在没有活动连接的情况下也能保持桥接接口正常工作