vaj

А что тогда писать на интерфейсе Dialer1(2)?У меня внутрь порты пробрасываются и НАТ-ятся g0/0. Когда из локалки лезем в инет, то они ip nat outside. А когда из инета в локалку ip nat inside. Поэтому просто стоит ip nat enable и в дело вступает NAT NVI. С NAT-ом как раз все в порядке. В логе выше все видно. NAT-ит как надо. Nov 2 04:19:44.855: NAT: [0] Allocated Port for 80.237.31.253 -> 80.237.30.5: wanted 42932 got 42932 Nov 2 04:19:44.855: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32125] Nov 2 04:19:44.855: NAT: TCP s=42932, d=5002->5001 Nov 2 04:19:44.855: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32125] Nov 2 04:19:44.855: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32125] В результате получается приходим с 80.237.31.253 на 80.237.30.5:5002. Далее Destination port меняется на 5001, Source IP заменяется на 80.237.30.5 а Destination IP меняется на 89.249.130.88 Вот только неизвестно куда потом пакет деется.

Попробовал по отлаживать все это. Ничего плохого не вижу. Может я что-то не так делаю? Подскажите, ткните мордой. Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Dialer i/f override(12), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: tableid=0, s=80.237.31.253 (Dialer1), d=80.237.30.5 (Dialer1), routed via RIB Nov 2 04:19:44.855: NAT: [0] Allocated Port for 80.237.31.253 -> 80.237.30.5: wanted 42932 got 42932 Nov 2 04:19:44.855: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32125] Nov 2 04:19:44.855: NAT: TCP s=42932, d=5002->5001 Nov 2 04:19:44.855: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32125] Nov 2 04:19:44.855: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32125] Nov 2 04:19:44.855: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Post-routing NAT NVI Output(19), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Stateful Inspection(22), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:44.855: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, rcvd local pkt Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Dialer i/f override(12), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: tableid=0, s=80.237.31.253 (Dialer1), d=80.237.30.5 (Dialer1), routed via RIB Nov 2 04:19:47.851: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32126] Nov 2 04:19:47.851: NAT: TCP s=42932, d=5002->5001 Nov 2 04:19:47.851: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32126] Nov 2 04:19:47.851: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32126] Nov 2 04:19:47.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Post-routing NAT NVI Output(19), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Stateful Inspection(22), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:47.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, rcvd local pkt Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Dialer i/f override(12), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: tableid=0, s=80.237.31.253 (Dialer1), d=80.237.30.5 (Dialer1), routed via RIB Nov 2 04:19:53.851: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32127] Nov 2 04:19:53.851: NAT: TCP s=42932, d=5002->5001 Nov 2 04:19:53.851: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32127] Nov 2 04:19:53.851: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32127] Nov 2 04:19:53.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, Post-routing NAT NVI Output(19), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: Output changed by feature=19: Dialer1 -> Dialer2 Nov 2 04:19:53.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, IPsec or interface ACL checked on pre-encrypted cleartext packets(37), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, Dialer idle reset(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:19:53.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), g=89.249.130.88, len 60, forward Nov 2 04:19:53.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Virtual-Access3), len 60, sending full packet Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Dialer i/f override(12), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: tableid=0, s=80.237.31.253 (Dialer1), d=80.237.30.5 (Dialer1), routed via RIB Nov 2 04:20:05.851: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32128] Nov 2 04:20:05.851: NAT: TCP s=42932, d=5002->5001 Nov 2 04:20:05.851: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32128] Nov 2 04:20:05.851: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32128] Nov 2 04:20:05.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, Post-routing NAT NVI Output(19), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: Output changed by feature=19: Dialer1 -> Dialer2 Nov 2 04:20:05.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, IPsec or interface ACL checked on pre-encrypted cleartext packets(37), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), len 60, output feature, Dialer idle reset(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:05.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer2), g=89.249.130.88, len 60, forward Nov 2 04:20:05.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Virtual-Access3), len 60, sending full packet Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Dialer i/f override(12), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.31.253 (Dialer1), d=80.237.30.5, len 60, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: tableid=0, s=80.237.31.253 (Dialer1), d=80.237.30.5 (Dialer1), routed via RIB Nov 2 04:20:29.851: NAT: i: tcp (80.237.31.253, 42932) -> (80.237.30.5, 5002) [32129] Nov 2 04:20:29.851: NAT: TCP s=42932, d=5002->5001 Nov 2 04:20:29.851: NAT: s=80.237.31.253->80.237.30.5, d=80.237.30.5 [32129] Nov 2 04:20:29.851: NAT: s=80.237.30.5, d=80.237.30.5->89.249.130.88 [32129] Nov 2 04:20:29.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Post-routing NAT NVI Output(19), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, output feature, Stateful Inspection(22), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE Nov 2 04:20:29.851: IP: s=80.237.30.5 (Dialer1), d=89.249.130.88 (Dialer1), len 60, rcvd local pkt Nov 2 04:20:40.091: IP: s=80.237.31.253, d=90.189.120.244, pak 130A4030 consumed in input feature , packet consumed, Access List(28), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Скорее всего нет. Это и не нужно - нужно чтобы на какой интерфейс пакет пришел, с него же и за-NAT-илось и туда-же ушло.

Имеем следующую схему подключения: Одна циска, два PPPOE подключения к разным провайдерам. Хочется странного: когда приходит TCP пакет снаружи на наш WAN (IP:YY.YY.YY.5 PORT:5002) заменять в нем адрес отправителя на YY.YY.YY.5 и отправлять его наружу на адрес IP:FF.FF.FF.88, PORT:5001 Есть какие-нибудь варианты? #sh ver Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright © 1986-2010 by Cisco Systems, Inc. Compiled Sun 18-Jul-10 06:43 by prod_rel_team ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) router uptime is 1 week, 4 days, 17 hours, 6 minutes System returned to ROM by reload at 08:00:45 UTC Wed Sep 29 2010 System image file is "flash0:c3900-universalk9-mz.SPA.150-1.M3.bin" Last reload type: Normal Reload Last reload reason: Reload Command Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 983040K/65536K bytes of memory. Processor board ID FCZ141070V0 4 FastEthernet interfaces 3 Gigabit Ethernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 72 bits wide with parity enabled. 255K bytes of non-volatile configuration memory. 254464K bytes of ATA System CompactFlash 0 (Read/Write) Configuration register is 0x2102 Конфигурация на данный момент такая: ! ! Last configuration change at 04:18:08 UTC Tue Oct 26 2010 by valery ! version 15.0 service timestamps debug datetime msec service timestamps log datetime localtime no service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! ! ! ! ! crypto pki trustpoint TP-self-signed-4185159336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4185159336 revocation-check none rsakeypair TP-self-signed-4185159336 ! ! crypto pki certificate chain TP-self-signed-4185159336 certificate self-signed 01 XXXXXXXXXXXXXXXXXXXXX quit no ipv6 cef ip source-route ip cef ! ! ! ! no ip bootp server no ip domain lookup ! multilink bundle-name authenticated clns routing ! ! license udi pid C3900-SPE150/K9 sn FOC14053VPM license boot module c3900 technology-package datak9 disable ! ! archive log config logging enable logging size 200 notify syslog contenttype plaintext hidekeys username valery privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX redundancy ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 description LAN ip address 192.168.1.254 255.255.255.0 ip nat enable ip policy route-map REDIRECTOR duplex auto speed auto no cdp enable ! ! interface FastEthernet0/0/0 no ip address duplex auto speed auto no cdp enable ! ! interface FastEthernet0/0/0.1 encapsulation dot1Q 43 pppoe enable group 1 pppoe-client dial-pool-number 1 no keepalive no cdp enable ! interface FastEthernet0/0/1 no ip address duplex auto speed auto pppoe enable group 2 pppoe-client dial-pool-number 2 no keepalive no cdp enable ! ! interface Dialer1 description WAN1-APLUS ip address negotiated ip mtu 1492 ip nat enable ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp eap refuse ppp chap hostname XXXXXXXXX ppp chap password 0 XXXXXXXXXXXXXX ppp chap refuse ppp ms-chap refuse ppp ms-chap-v2 refuse ppp pap sent-username XXXXXXXX password 0 XXXXXXX no cdp enable ! ! interface Dialer2 description WAN2-STK ip address negotiated ip mtu 1492 ip nat enable ip virtual-reassembly encapsulation ppp dialer pool 2 dialer-group 2 ppp authentication pap callin ppp pap sent-username XXXXXXXX password 0 XXXXXXXXXX no cdp enable ! ! ip local policy route-map REDIRECTOR ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat pool SRV1_PAT 192.168.1.254 192.168.1.254 prefix-length 24 ip nat source list ISP1-FORWARD pool SRV1_PAT overload ip nat source list ISP1-IPERF interface Dialer1 overload ip nat source list ISP2-FORWARD pool SRV1_PAT overload ip nat source list ISP2-IPERF interface Dialer2 overload ip nat source route-map W1-NAT interface Dialer1 overload ip nat source route-map W2-NAT interface Dialer2 overload ip nat source static tcp 192.168.1.40 5001 YY.YY.YY.5 5001 extendable ip nat source static tcp XX.XX.XX.88 5001 YY.YY.YY.5 5002 extendable ip nat source static tcp 192.168.1.40 5001 ZZ.ZZ.ZZ.244 5001 extendable ip nat source static tcp XX.XX.XX.88 5001 ZZ.ZZ.ZZ.244 5002 extendable ip route 0.0.0.0 0.0.0.0 Dialer2 ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 192.168.50.0 255.255.255.0 192.168.1.240 ! ip access-list extended ISP1-FORWARD permit tcp any host YY.YY.YY.5 eq 5001 ip access-list extended ISP1-IPERF permit tcp any host YY.YY.YY.5 eq 5002 ip access-list extended ISP2-FORWARD permit tcp any host ZZ.ZZ.ZZ.244 eq 5001 ip access-list extended ISP2-IPERF permit tcp any host ZZ.ZZ.ZZ.244 eq 5002 ip access-list extended NAT-ALLOW permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VAJ permit tcp host 192.168.1.40 any eq www ip access-list extended WAN1IP permit ip host YY.YY.YY.5 any ip access-list extended WAN2IP permit ip host ZZ.ZZ.ZZ.244 any ! ! ! ! ! route-map REDIRECTOR permit 10 match ip address VAJ set interface Dialer1 ! route-map REDIRECTOR permit 20 match ip address WAN1IP set interface Dialer1 ! route-map REDIRECTOR permit 30 match ip address WAN2IP set interface Dialer2 ! route-map W1-NAT permit 20 match ip address NAT-ALLOW match interface Dialer1 ! route-map W2-NAT permit 10 match ip address NAT-ALLOW match interface Dialer2 ! route-map ALL-ISP permit 10 match ip address WAN1IP set ip next-hop 10.10.10.1 ! route-map ALL-ISP permit 20 match ip address WAN2IP set ip next-hop 213.228.116.163 ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 858 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 end #sh ip int br Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 192.168.1.254 YES NVRAM up up GigabitEthernet0/1 unassigned YES NVRAM administratively down down GigabitEthernet0/2 unassigned YES NVRAM administratively down down FastEthernet0/0/0 unassigned YES NVRAM up up FastEthernet0/0/0.1 unassigned YES unset up up FastEthernet0/0/1 unassigned YES NVRAM up up FastEthernet0/1/0 unassigned YES NVRAM administratively down down FastEthernet0/1/1 unassigned YES NVRAM administratively down down Dialer1 YY.YY.YY.5 YES IPCP up up Dialer2 ZZ.ZZ.ZZ.244 YES IPCP up up NVI0 192.168.1.254 YES unset up up Virtual-Access1 unassigned YES unset up up Virtual-Access2 unassigned YES unset up up Virtual-Access3 unassigned YES unset up up deb ip nat Показывает что с NAT-ом все вроде нормально: *Oct 28 03:09:36.099: NAT: TCP s=38692, d=5002->5001 *Oct 28 03:09:36.099: NAT: s=XX.XX.XX.88->YY.YY.YY.5, d=YY.YY.YY.5 [4591] *Oct 28 03:09:36.099: NAT: s=YY.YY.YY.5, d=YY.YY.YY.5->XX.XX.XX.88 [4591] #sh ip nat nvi tr Pro Source global Source local Destin local Destin global tcp YY.YY.YY.5:5002 XX.XX.XX.88:5001 --- --- tcp YY.YY.YY.5:51856 XX.XX.XX.88:51856 YY.YY.YY.5:5002 XX.XX.XX.88:5001 tcp YY.YY.YY.5:5001 192.168.1.40:5001 --- --- Соединения с внешним сервером соответственно нет совсем. Подскажите что поправить в конфиге?