MySQL降龙十八掌,第六掌内容:利涉大川之MySQL索引的使用与优化(附含MySQL8.0隐藏索引),了解详情>>
0

我的帖子

个人中心

设置

  发新话题
从内网口ping内网设备都通,从外网口ping外网地址也通,均可登录,但是路由不通,我也配置了static route 了

请帮忙看下哪里出了问题,万分感谢,下面是配置
set interfaces ge-0/0/0 description to_internet
set interfaces ge-0/0/0 unit 0 description to_internet_CT
set interfaces ge-0/0/0 unit 0 family inet filter input ntp
set interfaces ge-0/0/0 unit 0 family inet address 123.xxx.xxx.xxx/29

set interfaces ge-0/0/2 disable
set interfaces ge-0/0/3 disable
set interfaces ge-0/0/14 disable        

set interfaces ge-0/0/15 description to_CoreSW
set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces vlan unit 0 description "connect to LAN"
set interfaces vlan unit 0 family inet address 192.168.1.100/24

set routing-options static route 0.0.0.0/0 next-hop 123.xxx.xxx.xxx
set routing-options static route 192.168.0.0/16 next-hop 192.168.1.253


set security nat source pool internet-pool address 123.xxx.xxx.xxx/32

set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat pool internet-pool

set security policies from-zone trust to-zone untrust policy trust_to_untrust match source-address servers
set security policies from-zone trust to-zone untrust policy trust_to_untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust_to_untrust match application any
set security policies from-zone trust to-zone untrust policy trust_to_untrust then permit

set security policies from-zone trust to-zone trust policy trust-2-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-2-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-2-trust match application any
set security policies from-zone trust to-zone trust policy trust-2-trust then permit

set security zones security-zone trust address-book address svr01 192.168.1.10/32
set security zones security-zone trust address-book address-set servers address svr01

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic system-services snmp
set security zones security-zone trust host-inbound-traffic system-services http
set security zones security-zone trust host-inbound-traffic protocols all

set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces vlan.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/15.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/15.0 host-inbound-traffic system-services ping

set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services snmp


set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0




本帖最后由 ryanexus 于 2018-5-17 16:23 编辑
下面是show route 结果

0.0.0.0/0          *[Static/5] 00:37:48
                    > to 123.xxx.xxx.xxx via ge-0/0/0.0
192.168.0.0/16         *[Static/5] 04:16:31
                    > to 192.168.1.253 via vlan.0
192.168.1.0/24    *[Direct/0] 04:16:31
                    > via vlan.0
192.168.1.100/32    *[Local/0] 04:16:53
                      Local via vlan.0
123.xxx.xxx.xxx/29 *[Direct/0] 00:37:48
                    > via ge-0/0/0.0
123.xxx.xxx.xxx/32 *[Local/0] 00:55:49
                      Local via ge-0/0/0.0
224.0.0.22/32      *[IGMP/0] 04:17:11
                      MultiRecv




本帖最后由 ryanexus 于 2018-5-15 16:30 编辑
自己解决了,把nat source pool 改成interface就好了

然后最好把pool 删掉,不然nat映射会出问题



楼主发一个正确配置的show啊,小白参考参考



NAT有多种,源NAT,内网用户访问 外网的。
1、基于pool的NAT,又分为与接口地址同段的IP,和与接口地址不是同一段的。
同段的需要开启proxy-arp 否则不通
2、使用外网接口作为nat后地址的。



【大侠唐在飞出品网络教学视频课程 】
天下风云出我辈, 一入江湖岁月催。当年的“小侠唐在飞” 如今变成了“大侠唐在飞”。♫金杯银杯,不如网友的口碑;金奖银奖,不如网友的褒奖;熊掌鸭掌,不如网友的鼓掌~   
☺欢迎加入“唐志强技术教学交流群”,群号:67182271。   ♥【51CTO最受欢迎讲师投票开启了。找到--大侠唐在飞,投下一票吧。每天可投一次
‹‹ 上一贴:Juniper Netscreen 防火墙培训   |   下一贴:juniper 240求教? ››
  发新话题
快速回复主题
关于我们 | 诚聘英才 | 联系我们 | 网站大事 | 友情链接 |意见反馈 | 网站地图
Copyright©2005-2018 51CTO.COM
本论坛言论纯属发布者个人意见,不代表51CTO网站立场!如有疑义,请与管理员联系:bbs@51cto.com