论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-12-25 20:44 |只看该作者 |倒序浏览

我想通过一台PIX525防火墙,使外部ADSL用户通过互联网访问我内部的一台WWW服务器.我调试了很久也

不行,请高手帮我看看哪里出问题了.
PIX525 outside 接口是一个公网IP 218.202.4.4
   inside 接口是私有地址IP 10.168.165.72
还有一个公网地址:218.202.4.5用于NAT

我的内部HTTP 服务器IP 10.168.165.71 端口是7001

我在PIX上可以ping通外网网关218.202.4.1,可以ping通10.168.165.72,当我用其他机器adsl拨号上网

后可以PING通防火墙的外网接口:218.202.4.4,可就是访问不了内部的HTTP服务器.

下面是我的配置:
pix525(config)# show config
: Saved
: Written by enable_15 at 00:08:03.587 UTC Fri Jan 1 1993
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
nameif ethernet3 intf3 security6
nameif ethernet4 intf4 security8
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix525
fixup protocol dns maximum-length 512
no fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol http 7001
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
no fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
no fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
ip address outside 218.202.4.4 255.255.255.240
ip address inside 10.168.165.72 255.255.255.240
no ip address intf2
no ip address intf3
no ip address intf4
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address intf2
no failover ip address intf3
no failover ip address intf4
pdm history enable
arp timeout 14400
global (outside) 1 218.202.4.5 netmask 255.255.255.240
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 218.202.4.5 www 10.168.165.71 www netmask 255.255.25
5.255 0 0
static (inside,outside) tcp 218.202.4.5 7001 10.168.165.71 7001 netmask 255.255.
255.255 0 0
static (inside,outside) udp 218.202.4.5 www 10.168.165.71 www netmask 255.255.25
5.255 0 0
static (inside,outside) udp 218.202.4.5 7001 10.168.165.71 7001 netmask 255.255.
255.255 0 0
static (inside,outside) 218.202.4.5 10.168.165.71 netmask 255.255.255.255 0 0
conduit permit tcp host 218.202.4.5
conduit permit tcp host 218.202.4.5
conduit permit udp host 218.202.4.5 eq 7001 any
conduit permit udp host 218.202.4.5 eq www any
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 218.202.4.1 1
route inside 10.168.165.0 255.255.255.240 10.168.165.72 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 10.168.165.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:7b14ce6a0f3980fc0de3257a68e9d3f9
pix525(config)#

网络管理, 网络管理