外網IP地址可以通過域名訪問內外800端口網站,內網地址不可以,需要做回流
《《內網口、外網口都需要做nat映射》》
定義ACL3001acl number 3001rule 0 permit ip source 192.168.1.1 0.0.0.255
在E0/2端口配置nat servernat server protocol tcp global 122.1.1.1 800 192.168.1.11 800nat outbound 3001
以下是交換機的配置
acl number 3000
description nat-private
rule 0 permit tcp
acl number 3001
rule 0 permit ip source 192.168.1.0 0.0.0.255
acl number 3333
rule 0 permit ip
interface GigabitEthernet0/1
port link-mode route
nat outbound 3333
nat outbound 3000
nat server protocol tcp global 122.1.1.1 800 inside 192.168.1.11 800
ip address 122.1.1.1 255.255.255.240
interface GigabitEthernet0/2
port link-mode route
nat outbound 3001
nat server protocol tcp global 122.1.1.1 800 inside 192.168.1.11 800
ip address 192.168.1.1 255.255.255.0
注:122.1.1.1為公網IP; 192.168.1.11為服務器IP; 192.168.1.1為連接交換機接口的IP