问题描述:
----------
这样的情况,我从内网用公网的IP访问不了内网的机器(Nat做的没问题),,但是从外面可以访问。。比如。。有台192.168.0.100的机器。。上面有web服务。。我在路由器上作了端口映射,我从外面通过ip 211.101.20.70可以访问。。但是我从内网用IP 211.101.0.70却访问不了。。只能用192.168.0.100访问
下面是路由的配置:
-----------------
Building configuration...
Current configuration : 4081 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GIds$QOnV7kTei5VQYb1PRk/ZI/
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface Ethernet0
ip address 200.200.200.22 255.255.255.0 secondary
ip address 172.30.26.2 255.255.255.252
ip nat outside
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0 secondary
ip address 211.101.20.65 255.255.255.240
ip nat inside
speed auto
!
interface Serial0
no ip address
shutdown
no fair-queue
!
ip nat pool jajx 211.101.20.78 211.101.20.78 netmask 255.255.255.240
ip nat inside source list 1 pool jajx overload
ip nat inside source static 192.168.0.100 211.101.20.70
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.26.1
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 1311120006050A2B27372D21232B10023F2A32
login
!
!
end
因为192.168.0.100上放了个网站。。好多图片的链接是用的域名。。域名绑定的是公网IP 211.101.20.70 ,而且网站我又改不了。。。所以想让内网也能用公网IP访问
问题解答:
内网的那台机子有访问外网的权限吧?不过既然内网也能通过192.168.0.100访问,为什么一定要用外网的IP呢。我还在想着怎样达到这种效果呢
加个SAT吧
----------
这样的情况,我从内网用公网的IP访问不了内网的机器(Nat做的没问题),,但是从外面可以访问。。比如。。有台192.168.0.100的机器。。上面有web服务。。我在路由器上作了端口映射,我从外面通过ip 211.101.20.70可以访问。。但是我从内网用IP 211.101.0.70却访问不了。。只能用192.168.0.100访问
下面是路由的配置:
-----------------
Building configuration...
Current configuration : 4081 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GIds$QOnV7kTei5VQYb1PRk/ZI/
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface Ethernet0
ip address 200.200.200.22 255.255.255.0 secondary
ip address 172.30.26.2 255.255.255.252
ip nat outside
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0 secondary
ip address 211.101.20.65 255.255.255.240
ip nat inside
speed auto
!
interface Serial0
no ip address
shutdown
no fair-queue
!
ip nat pool jajx 211.101.20.78 211.101.20.78 netmask 255.255.255.240
ip nat inside source list 1 pool jajx overload
ip nat inside source static 192.168.0.100 211.101.20.70
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.26.1
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 1311120006050A2B27372D21232B10023F2A32
login
!
!
end