This website requires Javascript to function properly. Please go to the setting of your web browser and enable Javascript for this website.

×

Loading...

This topic has been archived. It cannot be replied.

工作学习 / 专业技术讨论 / 跨WINDOWS域访问的问题我有两个DOMAIN,一个是192.168.2.X, 一个是192.168.1.X.现在的问题是,在2.X上的电脑可以访问在1.X上的电脑SHARE;反之则不行.在1.X上可以看到2.X的DOMAIN与电脑,就是不能PING,也不能访问那上面的SHARE.哪位兄弟有高招? -p200002(p2); 2006-4-3 {201} (#2882265@0)

请先排除router ACL的问题 -dennis2000(dennis2000); 2006-4-4 (#2883465@0)

哪儿可以看出路由的ACL?我的是CISCO 1605. -p200002(p2); 2006-4-4 (#2884913@0)

去掉敏感信息，把1605的配置放上来看一下，不过一般2如果能访问1，路由器不会拒绝1去访问2 -shapei(沙皮狗); 2006-4-4 (#2884925@0)

Why? vlan interface上的acl就可用来实现vlan间的单向通信。有可能：vlan 1的outbound ACL permit 了TCP 445 和 ping, while vlan 2 outbound ACL 没有. 那么vlan 2 的电脑可以访问vlan 1 的共享资源，而vlan 1 不能访问 vlan 2. -dennis2000(dennis2000); 2006-4-4 {148} (#2885052@0)

哪儿可以改这个ACL? -p200002(p2); 2006-4-4 (#2885089@0)

10.35.6.2是我的DNS.2上的可以访问DNS这台SERVER.10.35.6.3是我的网关+FW.从路由上可以PING在1上的电脑.ip subnet-zero
ip name-server 10.35.6.2
!
!
!
interface Ethernet0
description connected to EthernetLAN_1
ip address 10.35.6.22 255.255.255.0
no ip directed-broadcast
ip rip send version 1
ip rip receive version 1
!
interface Ethernet1
description connected to EthernetLAN
ip address 10.35.7.22 255.255.255.0
no ip directed-broadcast
ip rip send version 1
ip rip receive version 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.35.6.3 -p200002(p2); 2006-4-4 {459} (#2885085@0)

把ip directed-broadcast 打开 -cslili(lili); 2006-4-5 (#2886938@0)

could you ping the machine by IP? if you can check name resolution. -guozhong(找工ing); 2006-4-4 (#2884869@0)

Tried ping. REQUEST TIMED OUT. How to check name resolution? -p200002(p2); 2006-4-4 (#2884914@0)

pls post the output of 'netstat -r' on machine 1.X -xordos(donothing); 2006-4-4 (#2884946@0)

offsite is on domain 2. computers on domain can access computers on domain. but computers on domain 2 cannot access servers on domain 1. -p200002(p2); 2006-4-4 {2454} (#2885066@0)

It seems something is wrong on domain 1. I saw 2 default gateways 10.35.6.22, 10.35.6.25 and another gateway 10.35.6.3, what is that? -haoxia74(haoxia); 2006-4-4 (#2885167@0)

10.35.6.x -> 10.35.6.3 -> 10.35.6.22 -> 10.35.7.x -p200002(p2); 2006-4-4 (#2885238@0)

10.35.6.3? address on the nic? Where is it configured? 10.35.6.3 and 10.35.6.22 are on the same segment. Why do we here need two hops? -haoxia74(haoxia); 2006-4-4 (#2885473@0)

offsite router有两个INTERFACE,10.35.6.22与10.35.7.22.在GATEWAY上,10.35.7.0/24的NEXT HOP是10.35.6.22.目的是允许OFFSITE的随时进入OFFICE,但是OFFICE出去的就要检查. -p200002(p2); 2006-4-5 (#2885577@0)

Take this line for example 212.58.240.20 255.255.255.255 10.35.6.3 10.35.6.1 My question is where does this 10.35.6.3 come from? -haoxia74(haoxia); 2006-4-5 (#2885629@0)

Have you tried tracert 192.168.2.x? So you will know how the packet is routed and where it is stuck. -haoxia74(haoxia); 2006-4-5 (#2885634@0)

电脑上有没有防火墙软件？traceroute一下包 -ccie_sec(ciscoguy); 2006-4-5 (#2885687@0)
希望对你有用 -john_xt(小鬼迪克); 2006-4-5 {1738} (#2885900@0)

多谢各位兄弟姐妹.问题解决了.TRUST有,路由通.唯一的问题是OFFSITE是AD-INTEGRATED,OFFICE是NT DOMAIN.除了互相TRUST之外,还需要把OFFSITE加到OFFICE的DNS的FORWARD ZONE里. -p200002(p2); 2006-4-5 {133} (#2886173@0)

问题解决就好，呵呵，AD，我忘记了AD，事实上，我对AD了解不多，经验也不多。：） -john_xt(小鬼迪克); 2006-4-5 (#2887028@0)

你确信该打开得端口都打开拉？check this page -kevin_tor(KFC); 2006-4-5 (#2885944@0)

More Topics

看大家讨论日语，俺也正在认真学习。其实语言问题应该是很快也很容易就解决的，可能比自动驾驶来的还快。TREK里面，全宇宙的人都在大脑里安装了UNIVERSAL TRANSLATOR，外星人之间相互交流无障碍。废话少说，看视频。。。加上个MIC和耳机，不同国家的人就可以无障碍交流。

肉脸真有搞 IT 的？Linux 把俄国中国伊朗踢出去了好像肉脸 IT 没啥感觉似的

请问web developer和software developer技术上有什么区别？

Elon Musk 带着川普总统奔向火星了。

扔硬币的实验研究

枫下论坛主坛 / 工作学习 / 专业技术讨论