在 CISCO 2801 上转发

网络工程 思科 路由器
2021-07-21 22:12:34

我正在尝试配置我的路由器型号 CISCO 2801 的转发,它具有 ip 发布 201.236.137.xxx。为此,我使用以下命令:ip nat inside source static ...我想要做的是在我的计算机上运行一个虚拟服务器,该服务器位于网络内部,ip 192.168.3.11 在端口 7001 上。

我是通过以下方式完成的:

ip nat inside source static tcp 192.168.3.11 7001 201.236.137.xxx 80

因此,当我从外部向 ip 发布 201.236.137.xxx 发出请求时,我打算查看我的服务器。我没有成功做到这一点。

为了检查操作,我使用了命令show ip nat translation,我找不到我所做的配置。我只看到其他我没有做的配置,如下

Router#show ip nat translation

Pro Inside global      Inside local       Outside local      Outside global
tcp 201.236.137.156:1052 192.168.3.11:1052 64.233.190.84:443 64.233.190.84:443
tcp 201.236.137.156:1053 192.168.3.11:1053 188.172.192.3:5938 188.172.192.3:5938
tcp 201.236.137.156:1057 192.168.3.11:1057 23.96.38.64:443   23.96.38.64:443
tcp 201.236.137.156:1065 192.168.3.11:1065 190.98.163.146:80 190.98.163.146:80
tcp 201.236.137.156:1066 192.168.3.11:1066 64.233.190.94:80  64.233.190.94:80
tcp 201.236.137.156:1071 192.168.3.11:1071 64.233.190.94:443 64.233.190.94:443
tcp 201.236.137.156:1074 192.168.3.11:1074 64.233.190.113:443 64.233.190.113:443
tcp 201.236.137.156:1075 192.168.3.11:1075 64.233.190.95:443 64.233.190.95:443
tcp 201.236.137.156:1078 192.168.3.11:1078 64.233.190.101:443 64.233.190.101:443
tcp 201.236.137.156:1079 192.168.3.11:1079 64.233.190.84:443 64.233.190.84:443
tcp 201.236.137.156:1080 192.168.3.11:1080 64.233.190.94:443 64.233.190.94:443
tcp 201.236.137.156:1082 192.168.3.11:1082 64.233.190.99:443 64.233.190.99:443
tcp 201.236.137.156:1083 192.168.3.11:1083 64.233.190.132:443 64.233.190.132:443
tcp 201.236.137.156:1084 192.168.3.11:1084 64.233.190.94:443 64.233.190.94:443
tcp 201.236.137.156:1085 192.168.3.11:1085 216.58.212.131:443 216.58.212.131:443
tcp 201.236.137.156:1086 192.168.3.11:1086 64.233.190.94:443 64.233.190.94:443
tcp 201.236.137.156:1087 192.168.3.11:1087 82.165.143.100:80 82.165.143.100:80
tcp 201.236.137.156:1088 192.168.3.11:1088 64.233.186.154:80 64.233.186.154:80
tcp 201.236.137.156:1089 192.168.3.11:1089 82.165.143.100:80 82.165.143.100:80
tcp 201.236.137.156:1090 192.168.3.11:1090 82.165.143.100:80 82.165.143.100:80

....

完整的路由器配置

router# configure terminal
router(config) #interface fastethernet 0/0
router(config-if) # ip address 192.168.3.1 255.255.255.0
router(config-if) # no shutdown
router(config) #interface fastethernet 0/1
router(config-if) # ip address 201.236.137.xxx 255.255.255.248
router(config-if) # no shutdown
router(config) #service dhcp
router(config) #ip dhcp pool RED1
router(dhcp-config) #network 192.168.3.1 255.255.255.0
router(dhcp-config) #default-router 201.236.137.153
router(dhcp-config) #dns-server 8.8.8.8
router(dhcp-config) #dns-server 8.8.4.4
router(config) #ip dhcp excluded-address 192.168.3.1 192.168.3.10
router(config) #access-list 10 permit 192.168.3.1 0.0.0.255
router(config) #ip nat inside source list 10 interface f0/1 overload
router(config) #interface f0/0
router(config-if) #ip nat inside
router(config-if) #exit
router(config) #interface f0/1
router(config-if) #ip nat outside
router(config-if) #exit
router(config) #ip route 0.0.0.0 0.0.0.0 f 0/1

显示运行配置

Router#show running-config
Building configuration...
Current configuration : 1198 bytes
!
! Last configuration change at 18:19:54 UTC Tue Feb 7 2017
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
!
!
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool RED1
network 192.168.3.0 255.255.255.0
default-router 201.236.137.153
dns-server 8.8.4.4
!
!
ip cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2801 sn FTX151501M2
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 201.236.137.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.3.11 7001 201.236.137.156 80      extendable
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
access-list 10 permit 192.168.3.0 0.0.0.255
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

为什么我会看到这个?知道为什么我的转发不起作用并出现其他配置吗?请帮忙

非常感谢你

2个回答

根据您的 DHCP 池设置,您的服务器可能会获得错误的默认网关。将您的更改default-router为 192.168.3.1ip dhcp pool RED1

NAT 是双向的,但可以尝试外部接口:

ip nat outside source static tcp 201.236.137.156 80 192.168.3.11 7001       extendable

然后确认是否正在使用:

# show ip nat translations
其它你可能感兴趣的问题
上一篇什么是 WLAN 中的空身份验证,为什么需要它? 下一篇了解 VLAN 标记