以下是我的路由器配置。我有一个静态公共 IP,仅供参考。
hostname R1
boot-start-marker
boot-end-marker
enable secret 4 GKuIQycLGFn/1VtTta/OeXqUIqQROubxT/D40OGFs0c
no aaa new-model
ip cef
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.3.1
ip dhcp pool HOME
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 1.1.1.1 1.0.0.1
ip dhcp pool WIN
host 192.168.0.22 255.255.255.0
client-identifier 01d4.3d7e.18d9.ce
ip dhcp pool PC
host 192.168.0.247 255.255.255.0
client-identifier 0108.0027.3bd7.70
ip dhcp pool Solar
host 192.168.0.253 255.255.255.0
client-identifier 01c8.9346.3250.e8
ip dhcp pool Tank-Level
host 192.168.0.243 255.255.255.0
client-identifier 018c.aab5.8b8e.40
ip dhcp pool PIP
host 192.168.0.229 255.255.255.0
client-identifier 01dc.a632.2ce3.8c
ip domain name domain.com
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO2921/K9 sn FGL1813118M
username admin privilege 15 secret 4 GRTVBsdfv/1VtTta/OeXqUIqQROubxT/D40OGFs0c
redundancy
ip ssh version 2
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description -Ethernet WAN-
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1.1
encapsulation dot1Q 101
ip address 192.168.1.1 255.255.255.0
ip pim dense-mode
ip nat inside
ip virtual-reassembly in
ip cgmp
interface GigabitEthernet0/2
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list IoT interface GigabitEthernet0/2 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip nat inside source static udp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip route 192.168.2.0 255.255.255.0 192.168.3.2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip access-list standard IoT
permit 192.168.2.0 0.0.0.255
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
control-plane
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 5 0
login local
transport input ssh
scheduler allocate 20000 1000
end
如你所见,我已将公网 IP 上的端口 13389 转发到 .222 上的端口 3389。
https://www.yougetsignal.com/tools/open-ports/
显示公共 IP 上的端口 13389 已打开。但我无法使用公共 IP 远程桌面进入我的电脑。它通过本地 IP 工作。
知道发生什么事了吗?