我有一台 Cisco Professional Express 路由器。这是它的当前配置:
#show run
Building configuration...
Current configuration : 6550 bytes
!
! Last configuration change at 10:56:18 PCTime Wed Jan 15 2020 by admin
!
version 15.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname <private>
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime 2 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name yourdomain.com
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-<private>
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-<private>
revocation-check none
rsakeypair TP-self-signed-<private>
!
!
crypto pki certificate chain TP-self-signed-<private>
certificate self-signed 01
<private>
quit
license udi pid <private> sn <private>
!
!
username <private>
username <private>
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description <private>
ip address 1.1.1.221 255.255.255.254
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 2.2.2.1 255.255.255.0 secondary
ip address 3.3.3.1 255.255.224.0
ip nat inside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
!
router bgp 65008
bgp log-neighbor-changes
network 2.2.2.96 mask 255.255.255.224
timers bgp 30 90
neighbor 1.1.1.220 remote-as 5408
neighbor 1.1.1.220 send-community
neighbor 1.1.1.220 remove-private-as
neighbor 1.1.1.220 soft-reconfiguration inbound
neighbor 1.1.1.220 route-map bgp-grnet-in in
neighbor 1.1.1.220 route-map bgp-grnet-out out
!
ip forward-protocol nd
!
ip bgp-community new-format
ip as-path access-list 3 permit ^$
ip as-path access-list 4 permit ^5408.* 3333$
ip as-path access-list 4 permit ^5408$
ip as-path access-list 4 permit ^5408 2546$
ip as-path access-list 4 permit ^5408 3268$
ip as-path access-list 4 permit ^5408 3323.*
ip as-path access-list 4 permit ^5408 5470$
ip as-path access-list 4 permit ^5408 5489$
ip as-path access-list 4 permit ^5408 6744$
ip as-path access-list 4 permit ^5408 6867$
ip as-path access-list 4 permit ^5408 8248$
ip as-path access-list 4 permit ^5408 8253$
ip as-path access-list 4 permit ^5408 8278$
ip as-path access-list 4 permit ^5408 8522$
ip as-path access-list 4 permit ^5408 8530$
ip as-path access-list 4 permit ^5408 8581$
ip as-path access-list 4 permit ^5408 8611.*
ip as-path access-list 4 permit ^5408 8617$
ip as-path access-list 4 permit ^5408 8618$
ip as-path access-list 4 permit ^5408 8643.*
ip as-path access-list 4 permit ^5408 8700$
ip as-path access-list 4 permit ^5408 8762$
ip as-path access-list 4 permit ^5408 8991$
ip as-path access-list 4 permit ^5408 9069$
ip as-path access-list 4 permit ^5408 12364$
ip as-path access-list 4 permit ^5408 12402$
ip as-path access-list 4 permit ^5408 1241$
ip as-path access-list 4 permit ^5408 2686$
ip as-path access-list 4 permit ^5408 3329$
ip as-path access-list 4 permit ^5408 6844$
ip as-path access-list 4 permit ^5408 6799$
ip as-path access-list 4 permit ^5408 8212$
ip as-path access-list 4 permit ^5408 8313$
ip as-path access-list 4 permit ^5408 8335$
ip as-path access-list 4 permit ^5408 8951$
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat pool NAT-POOL 2.2.2.97 2.2.2.125 netmask 255.255.255.224
ip nat inside source static tcp 3.3.3.1 80 interface GigabitEthernet0/0 1970
ip nat inside source route-map nat pool NAT-POOL overload
ip nat inside source static 3.3.3.15 2.2.2.110
ip default-network 2.2.2.0
ip route 2.2.2.96 255.255.255.224 Null0 254
!
!
route-map bgp-grnet-in permit 10
match as-path 4
set local-preference 120
!
route-map bgp-grnet-out permit 10
match as-path 3
set community 5408:120
!
route-map nat permit 10
match ip address 101
!
!
access-list 1 permit 4.4.4.112
access-list 1 permit 5.5.5.4
access-list 1 permit 2.2.2.14
access-list 1 permit 6.6.6.0 0.0.0.255
access-list 101 remark === PAT ===
access-list 101 permit ip 3.3.3.0 0.0.255.255 any
access-list 101 permit ip 6.6.6.0 0.0.0.255 any
!
control-plane
!
!
banner motd ^CCC
<private>
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
我将所有 IP 都改为了虚拟 IP。我在本地网络中运行了一个 NGINX 服务器,地址为 3.3.3.1,监听端口 80。我设置了一个端口转发规则,如配置文件中所示:
ip nat inside source static tcp 3.3.3.1 80 interface GigabitEthernet0/0 1970
当我通过 4G 连接从智能手机输入 1.1.1.221:1970 时,它可以正常工作,我可以看到 NGINX 的“它正常工作了!”页面。如果我从本地网络输入它,它不起作用。在 Chrome 中它显示ERR_CONNECTION_REFUSED
。配置中有什么问题吗?
答案1
您正在尝试创建环回连接,如下所示:
local -> router -> internet > router > local
路由器实现了请求-应答算法,但并未设计处理这种应答实际上是另一个请求的情况。这意味着它实现了“请求-应答”而不是“请求-请求-应答-应答”。