论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2005-02-28 06:36 |只看该作者 |倒序浏览

我用cisco2600做了一个NAT带动内网用户上网，为何不能从外网TELNET到我的路由器和我的内网的服务器上（已做静态映射），但从内网却可以TELNET上去，其它的如WEB，FTP都可以从外网访问我的内网服务器，求助如何才能从外网向内网telnet。我记得以前是可以的，不知什么原因就不行了，在这中间我升级了一下IOS，现在的IOS是：
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(3)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 19-Jul-00 16:02 by ccai
Image text-base: 0x80008088, data-base: 0x808A9264

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

internet-gate uptime is 11 hours, 29 minutes
System returned to ROM by error - a SegV exception, PC 0x808A6D30
System image file is "flash:c2600-i-mz.121-3.t.bin"

路由器, 网络技术, 路由器, 网络技术

文库|博客

fjingxu

稍有积蓄

论坛徽章:: 0

2楼 [报告]

发表于 2005-02-28 08:17 |只看该作者

2600路由器上已做映射，不能从外网向内网TELNET的问题

中间有没有防火墙，再有，你的配置列出来让大家看看。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

super_lxj

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2005-02-28 08:36 |只看该作者

2600路由器上已做映射，不能从外网向内网TELNET的问题

[quote]原帖由 "fjingxu"]中间有没有防火墙，再有，你的配置列出来让大家看看。[/quote 发表：

没有防火墙，我的配置如下，我看了配置好像没有问题；
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname internet-gate
!
logging monitor informational
aaa new-model
enable secret 5 *********
enable password 7 ******
!
username ***** password 7 ***********
!
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.2
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.0.3
!
ip dhcp pool computer-center-normal-pool
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server dnsip1 dnsip2
lease infinite
!
ip dhcp pool POST1-POOL
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server dnsip1 dnsip2
lease infinite
!

interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip accounting output-packets
ip nat inside
half-duplex
!
interface Ethernet0/1
ip address 公网IP1 255.255.255.224
no ip redirects
ip nat outside
half-duplex
!
interface Ethernet1/0
ip address 192.168.2.1 255.255.255.0
no ip redirects
ip nat inside
half-duplex
!
!
ip nat translation timeout 30
ip nat translation tcp-timeout 10
ip nat translation udp-timeout 3
ip nat translation syn-timeout 2
ip nat translation dns-timeout 10
ip nat translation max-entries 500
ip nat pool ct-pool 公网IP1 公网IP1 netmask 255.255.255.224
ip nat pool yzj-pool 公网IP2 公网IP2 netmask 255.255.255.224
ip nat inside source list 1 pool ct-pool overload
ip nat inside source list 120 pool yzj-pool overload
ip nat inside source static tcp 192.168.0.7 21 公网IP1 21
extendable
ip nat inside source static tcp 192.168.0.3 1123 公网IP1 1123 extendable(内网服务器的TELNET端口映射)
ip classless
ip route 0.0.0.0 0.0.0.0 电信网关
ip route 192.168.0.0 255.255.255.0 Ethernet0/0
ip route 192.168.2.0 255.255.255.0 Ethernet1/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 120 permit udp 192.168.2.0 0.0.0.255 any
access-list 120 permit icmp any any echo
access-list 120 permit tcp 192.168.2.0 0.0.0.255 any eq www
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.44.0 0.0.0.255 eq 8000
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.45.0 0.0.0.255 eq 8000
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.44.0 0.0.0.255 eq 8021
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.45.0 0.0.0.255 eq 8021
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.44.0 0.0.0.255 gt 8000
access-list 120 permit tcp 192.168.2.0 0.0.0.255 219.133.45.0 0.0.0.255 gt 8000
access-list 120 permit tcp 192.168.2.0 0.0.0.255 host 219.239.38.196 eq 82
access-list 120 permit tcp 192.168.2.0 0.0.0.255 host 211.94.190.128 eq 82
access-list 120 deny tcp 192.168.2.0 0.0.0.255 any log
arp 192.168.0.3 0002.e34e.cea7 ARPA
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 ********
!
!
end