1
Network 討論版 / 請問cisco router 2500 nat 問題
« 於: 2006-12-26 11:16 »
我使用 2500 系列 當作nat 網路用pppoe 作業系統 ios 12.2(15t)
我在裡面用轉址 把 21 22 80 port 轉到我內部 ip 192.168.1.3
奇怪的 是 只有 22 port 有時候能正常轉進去 其他不行
而且內部msn 或是某些特定網站如 microsoft 也不能使用
以下是我的設定 不知道哪裡有錯 請各位幫我看一下 感謝
logging queue-limit 100
enable secret 5 xxxxxxxxxxxx
enable password xxxxxxx
!
ip subnet-zero
ip host xxxxxxx 192.168.1.3
ip name-server 168.95.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
!
ip dhcp pool ABC
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.2
dns-server 168.95.1.1
!
vpdn enable
!
vpdn-group homelee
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Ethernet1
no ip address
no ip route-cache
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
clockrate 64000
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Dialer1
ip address negotiated
ip access-group 101 out
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username xxxxxxx@ip.hinet.net password 0 xxxxxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 21 59.xxx.xxx.xx 21 extendable
ip nat inside source static tcp 192.168.1.3 22 59.xxx.xxx.xx 22 extendable
ip nat inside source static tcp 192.168.1.3 80 59.xxx.xxx.xx 80 extendable
ip nat inside source static tcp 192.168.1.3 20 59.xxx.xxx.xx 20 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
line aux 0
transport input all
line vty 0 4
password xxxxxxx
login
!
end
我在裡面用轉址 把 21 22 80 port 轉到我內部 ip 192.168.1.3
奇怪的 是 只有 22 port 有時候能正常轉進去 其他不行
而且內部msn 或是某些特定網站如 microsoft 也不能使用
以下是我的設定 不知道哪裡有錯 請各位幫我看一下 感謝
logging queue-limit 100
enable secret 5 xxxxxxxxxxxx
enable password xxxxxxx
!
ip subnet-zero
ip host xxxxxxx 192.168.1.3
ip name-server 168.95.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
!
ip dhcp pool ABC
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.2
dns-server 168.95.1.1
!
vpdn enable
!
vpdn-group homelee
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Ethernet1
no ip address
no ip route-cache
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
clockrate 64000
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Dialer1
ip address negotiated
ip access-group 101 out
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username xxxxxxx@ip.hinet.net password 0 xxxxxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 21 59.xxx.xxx.xx 21 extendable
ip nat inside source static tcp 192.168.1.3 22 59.xxx.xxx.xx 22 extendable
ip nat inside source static tcp 192.168.1.3 80 59.xxx.xxx.xx 80 extendable
ip nat inside source static tcp 192.168.1.3 20 59.xxx.xxx.xx 20 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
line aux 0
transport input all
line vty 0 4
password xxxxxxx
login
!
end