Cisco IOS - NAT 和端口转发问题

tag-icon tag-icon cisco nat port-forwarding
Cisco IOS - NAT 和端口转发问题

我在转发端口时遇到问题。我配置了一个 1 地址 (192.168.5.2) 的 NAT 池,并将该地址分配给 WAN 接口。我将网络分配给访问列表,并将两者绑定在一起:

ip nat pool public_access 192.168.5.2 192.168.5.2 netmask 255.255.255.0
ip nat inside source list 1 pool public_access overload
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.63

一切正常,所有设备都可以正常访问互联网。但是!当我尝试创建端口转发时:

ip nat inside source static tcp 172.16.0.8 80 interface FastEthernet0/1 80

它不会翻译。例如 curl 返回:curl: (7) Failed to connect to 192.168.5.2 port 80: Connection refused

这是我的完整配置:

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname HOSTNAME
!
enable secret 5 PASSWORDHASH
!
username user password 7 PASSWORDHASH
username luser password 7 PASSWORDHASH
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip domain-name DOMAIN.NAME
!
!
!
!
!
!
interface FastEthernet0/0
 description TRUNK
 no ip address
 no ip directed-broadcast
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 description infraPool
 encapsulation dot1Q 10
 ip address 172.16.0.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface FastEthernet0/0.2
 description wirelessPool
 encapsulation dot1Q 20
 ip address 172.16.1.1 255.255.255.192
 ip helper-address 172.16.0.3
 no ip directed-broadcast
 ip nat inside
!
interface Serial0/0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface FastEthernet0/1
 description ISP
 ip address 192.168.5.2 255.255.255.0
 no ip directed-broadcast
 ip nat outside
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
router rip
 network 172.16.0.0
 network 192.168.5.0
!
ip nat pool public_access 192.168.5.2 192.168.5.2 netmask 255.255.255.0
ip nat inside source list 1 pool public_access overload
ip nat inside source static tcp 172.16.0.7 6667 interface FastEthernet0/1 6667
ip nat inside source static udp 172.16.0.11 1194 interface FastEthernet0/1 1194
ip nat inside source static tcp 172.16.0.11 943 interface FastEthernet0/1 943
ip nat inside source static tcp 172.16.0.11 443 interface FastEthernet0/1 443
ip nat inside source static tcp 172.16.0.8 80 interface FastEthernet0/1 80
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip route 192.168.5.0 255.255.255.0 192.168.5.1
no ip http server
!
access-list 1 permit 172.16.1.0 0.0.0.63
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server engineID local SHOULDIREMOVETHISNUMBER
snmp-server community public RO
!
line con 0
 logging synchronous
 login local
 transport input none
line aux 0
line vty 0 4
 login local
!
no scheduler allocate
end

非常感谢。

答案1

通过重新启动我所连接的 ISP 提供的路由器来解决这个问题。

相关内容