F1070端口映射问题
问题描述:
version 7.1.064, Release 9313P07 # sysname HUAYINGQD_H3C_F1070 # context Admin id 1 # ip vpn-instance management route-distinguisher 1000000000:1 vpn-target 1000000000:1 import-extcommunity vpn-target 1000000000:1 export-extcommunity # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dns server 60.255.80.18 dns server 60.255.80.19 # password-recovery enable # vlan 1 # vlan 3801 description GuanAnZhuanWan # vlan 3817 description server # object-group ip address yw 0 network host address 172.28.112.6 # object-group ip address yw-server 0 network host address 172.28.112.76 # object-group service 1yw 0 service tcp destination lt 55556 # interface NULL0 # interface Vlan-interface3801 # interface Vlan-interface3817 description server # interface GigabitEthernet1/0/0 port link-mode route ip binding vpn-instance management ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-mode route ip address 60.255.174.143 255.255.255.224 nat outbound nat server protocol tcp global 60.255.174.143 55555 inside 172.28.112.76 55555 nat server protocol tcp global current-interface 55554 inside 172.28.112.6 55555 # interface GigabitEthernet1/0/3 port link-mode route ip address 172.28.112.2
组网及组网描述:
配置如上:G1/0/2接外网,G1/0/3接内网,想用此防火墙做端口映射。从防火墙上能telnet上述配置的内网服务器的55555端口。
但无法从外网访问60.255.174.143的55554端口
哪位大佬帮我看下,看是哪里有问题
8小时前提问从外网访问该端口的策略没有完全放行
object-policy ip Untrust-Trust rule 0 pass destination-ip yw service 1yw 8小时前回答我配置文件里有这条:rule 0 pass destination-ip yw service 1yw
您好,缺少了以下配置
object-group ip yw
rule 0 pass destination-ip yw service yw
zone-pair security source Untrust destination Trust
object-policy apply ip yw
8小时前回答object-group ip yw rule 0 pass destination-ip yw service yw 这两条敲不进
[HUAYINGQD_H3C_F1070]object-group ip yw ^ % Unrecognized command found at '^' position. [HUAYINGQD_H3C_F1070]object-group ip ad [HUAYINGQD_H3C_F1070]object-group ip address yw [HUAYINGQD_H3C_F1070-obj-grp-ip-yw]rule ^ % Wrong parameter found at '^' position. [HUAYINGQD_H3C_F1070-obj-grp-ip-yw] 实际操作中,按你说的配置,IP后不能直接yw,ip后只能接addr,后面再接一名字
你的untrust安全域到trust安全域放通了吗
8小时前回答object-policy ip Untrust-Trust rule 0 pass destination-ip yw service 1yw
你在防火墙里用安全策略吧,现在v7可以用安全策略
我的版本是这个,f1000fw-cmw710-boot-R9313P07,或给个下载链接,我先升下级
object-policy ip Untrust-Trust rule 0 pass destination-ip yw service 1yw 这个就是呀 8小时前回答你正在内容来源:知了社区,F1070端口映射问题
