论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2009-04-08 12:53 |只看该作者 |倒序浏览

环境: Sun Fire V120 安装Solaris10 启用两个网卡\r\neri0 接 192.168.0.254 做内网NAT主机用\r\neri1 接 192.168.10.2 (公司外网,光纤接入后通过路由器,接到交换机上,网段192.168.10.x ,给内网用NAT主机是外网局域网中的一台机器)\r\n\r\n\r\n# cat /etc/hosts\r\n#\r\n# Internet host table\r\n#\r\n::1 localhost \r\n127.0.0.1 localhost \r\n192.168.0.254 firewall loghost\r\n192.168.10.2 firewallout\r\n192.168.10.1 router\r\n\r\n# cat hostname.eri0\r\nfirewall\r\n\r\n# cat hostname.eri1\r\nfirewallout\r\n\r\n# cat defaultrouter\r\nrouter 192.168.10.1\r\n\r\n# cat resolv.conf\r\nnameserver 192.168.10.1\r\n\r\n\r\n# ifconfig -a\r\nlo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1\r\n inet 127.0.0.1 netmask ff000000 \r\neri0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2\r\n inet 192.168.0.254 netmask ffffff00 broadcast 192.168.0.255\r\n ether 0:3:ba:35:d1:6c \r\neri1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3\r\n inet 192.168.10.2 netmask ffffff00 broadcast 192.168.10.255\r\n ether 0:3:ba:35:d1:6d \r\n\r\n# netstat -rn\r\n \r\nRouting Table: IPv4\r\n Destination Gateway Flags Ref Use Interface \r\n-------------------- -------------------- ----- ----- ---------- --------- \r\ndefault 192.168.0.252 UG 1 1983 \r\ndefault 192.168.0.254 UG 1 0 \r\n192.168.0.0 192.168.0.254 U 1 1986 eri0 \r\n192.168.10.0 192.168.10.2 U 1 9 eri1 \r\n192.168.10.0 192.168.10.2 UG 1 0 \r\n224.0.0.0 192.168.0.254 U 1 0 eri0 \r\n127.0.0.1 127.0.0.1 UH 2 188 lo0 \r\n\r\n# routeadm\r\n 配置当前当前\r\n 选项配置系统状态\r\n---------------------------------------------------------------\r\n IPv4 路由 enabled enabled\r\n Ipv6 路由 disabled disabled\r\n IPv4 转发 enabled enabled\r\n Ipv6 转发 disabled disabled\r\n \r\n 路由服务 \"route:default ripng:default\"\r\n \r\n路由守护进程：\r\n \r\n STATE FMRI\r\n disabled svc:/network/routing/legacy-routing:ipv4\r\n disabled svc:/network/routing/legacy-routing:ipv6\r\n disabled svc:/network/routing/ndp:default\r\n disabled svc:/network/routing/rdisc:default\r\n disabled svc:/network/routing/ripng:default\r\n online svc:/network/routing/route:default\r\n\r\n\r\n现在的问题是:\r\n(1) 不能通过路由器 192.168.10.1 网段上网, 使用 nslookup 可解析域名\r\n# nslookup www.baidu.com\r\nServer: 192.168.10.1\r\nAddress: 192.168.10.1#53\r\n \r\nNon-authoritative answer:\r\nwww.baidu.com canonical name = www.a.shifen.com.\r\nName: www.a.shifen.com\r\nAddress: 202.108.22.5\r\nName: www.a.shifen.com\r\nAddress: 202.108.22.43\r\n\r\n# ping www.baidu.com\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nICMP Host Unreachable from gateway firewallout (192.168.10.2)\r\n for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)\r\nno answer from www.baidu.com\r\n\r\n\r\n\r\n\r\n(2) 如何设置 NAT 使内网(192.168.0.X) 的客户端能上网?\r\n\r\n\r\n请高手协助解决,不胜感激.