看一下wan口上的规则啊,建nat的时候有个选项勾上会自动添加规则,没勾的话要自己写了。
加了啊!一、二、四楼贴的是我的设置,你们看看有问题吗? 你在哪里访问你的ftp?要注意一点: 你不能在内部通过访问wan接口地址来访问ftp。这是ipf防火墙本身的限制。所以你最好找在外面的人帮你测试。 这个问题,论坛里面的人都叫它 回流 。m0n0wall不支持回流。 QUOTE (samenlia @ Apr 29 2005, 09:19 AM)
这个问题,论坛里面的人都叫它 回流 。m0n0wall不支持回流。
ok,搞定了。就是这个问题。谢谢!谢谢!万分感谢!!!!!!!!!!!!!!!!!!!!!!! 你的规则是要做在WAN口上面,而不是LAN口上!!!! 请问,回流是什么意思,那位高手能解释一下吗??? QUOTE (snake@zhun @ May 1 2005, 09:02 AM)
请问,回流是什么意思,那位高手能解释一下吗???
不是高手, 引一段 m0n0 FAQ:13.3. Why isn't it possible to access NATed services by the public IP address from LAN?Problem. It is not possible to access NATed services using the public (WAN) IP address from within LAN (or an optional network). Example: you've got a server in your LAN behind m0n0wall and added a NAT/filter rule to allow external access to its HTTP port. While you can access it just fine from the Internet, you cannot access http://your-external-ip/ from within your LAN.Reason. This is due to a limitation in ipfilter/ipnat (which are used in m0n0wall). Read the ipfilter FAQ for details. m0n0wall does not (and probably will not) include a "bounce" utility.Solution. If you use m0n0wall's built-in DNS forwarder for your LAN clients, you can add one or more overrides so that they will get the internal (LAN) IP address of your server instead of the external one, while external clients still get the real/public IP address.NoteThis will only work if you use m0n0wall as the primary DNS server on your LAN hosts. If you use another DNS server, you need to use its functionality to resolve that host to the appropriate private IP. See your DNS server documentation for more information.
页:
[1]
2