Article Directory
The reason - routing reflux
When the process is a phenomenon with a router firewall network server and other equipment will be released to the public online for users to access the external network that appears, you find that the web server has been successfully launched, external users can successfully access, but network users does not have access to the web server , this is the route reflux . The main reason is the export route reflux device router or firewall to do NAT / PAT (also known as source address translation) and port mapping (also called the target address translation) caused.
Network diagram
- Intranet users and servers on different network segments
- Network users with the server network segment
solution
NAT internal program
Intranet users and servers on different network segments
E0 / 0 and E0 / 2 nat server needs to be done
int e0/0
nat server protocol tcp global 202.103.1.1 www inside 192.168.2.2 www
int e0/2
nat server protocol tcp global 202.103.1.1 www inside 192.168.2.2 www
nat dns-map www.abc.com 202.103.1.1 tcp #若通过域名访问添加此配置
Network users with the server network segment
acl number 3001
rule 0 permit ip source 192.168.1.0 0.0.0.255
int e0/2
ip add 202.103.1.1 255.255.255.0
nat server protocol tcp global 202.103.1.1 www inside 192.168.1.254 www
nat outbound 3001
int e0/0
ip add 192.168.1.1 255.255.255.0
nat server protocol tcp global 202.103.1.1 www inside 192.168.1.254 www
nat outbound 3001 #必须添加这条
nat dns-map www.abc.com 202.103.1.1 tcp #若通过域名访问添加此配置
DNS network program
Internal network to configure a DNS server, all clients within the network end of the IP DNS DNS server will fill this internal network IP address , also you need the inner network DNS server configuration transponder , transponder fill the public online IP address of the DNS server operators can solve the problem of access to other sites.
Firewall DNS Mapping Program
Note that not all firewalls support routing reflux and the name + + external network IP network IP can be.
Router DNS Mapping Program
[R1] nat dns-map www.abc.com 192.168.1.100 80 tcp
Other programs
If the network requires the use of domain names of few users, you can machine on the internal network C:\Windows\System32\drivers\etc\hoststo add to his record, 192.168.1.100 www.abc.comso it.
summary
Above several solutions, the internal network DNS solutions that best meet most people's habits, and easiest installation configuration, but need a DNS server.
Internal NAT solutions in the enterprise router or firewall is content to achieve, but the difficulty is slightly larger than the internal network DNS solution.
DNS Mapping firewall and router need a firewall and router DNS Mapping support, most firewalls and routers support, but before buying, please contact the factory.
Resources
Network users through settlement or public IP domain access to internal servers
Within the network through the domain name or public IP access ERP solutions
Network users can not access the web through the domain name server