端口映射不成功

发布时间:  2012-07-18 浏览次数:  146 下载次数:  0
问题描述

设备是usg2130,在使用超星阅读器的时候,在外网的环境下面通过PC测试不能通过超星阅读器访问内网的资源。

组网图:服务器-----usg2130----Internet-----pc

告警信息
处理过程

通过2此查看该用户公网地址在打开超星阅读器和没有打开超星阅读器在防火墙上面的会话对比,打开该软件发现多了一个8057 TCP的端口。

[fg_usg_2130]dis fire session table low-priority global 116.23.104.51
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46488
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46495
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46497
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46486
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46509
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46494
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46490
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46507
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46504
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46493
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46492
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46487
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46491
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46489
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46505
[fg_usg_2130]dis fire session table low-priority global 116.23.104.51
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46538
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46528
tcp:61.145.63.62:8057<--116.23.104.51:46545
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46531
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46527
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46524
tcp:61.145.63.62:8057<--116.23.104.51:46548
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46544
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46525
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46535
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46542
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46536
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46543
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46540
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46541
tcp:61.145.63.62:8057<--116.23.104.51:46549
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46529
tcp:192.168.1.48:8055[61.145.63.62:8055]-->116.23.104.51:46539
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46532
tcp:61.145.63.62:8057<--116.23.104.51:46547
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46530
tcp:61.145.63.62:8057<--116.23.104.51:46546
tcp:192.168.1.48:8055[61.145.63.62:8055]<--116.23.104.51:46533

根因

用户说该软件软件是使用TCP:8055端口来和内网的服务器来通讯的,在防火墙上面也做了该端口的映射,nat server protocol tcp global 61.145.63.62 8055 inside 192.168.1.48 8055 就是业务不通过。用户觉得是我们公司防火墙的问题导致不能访问该业务。在没有更换该防火墙前的其它厂商的设备就没有这样的现象。

 

建议与总结

通过在映射的时候添加该tcp:8057端口,该业务就正常了,

总结:在处理用户的问题的时候,对于用户反馈的信息要通过测试来证明,这也是一个检验用户反馈消息的真实性。

END