QUOTE (snake@zhun @ May 1 2005, 09:02 AM)
请问,回流是什么意思,那位高手能解释一下吗???
不是高手, 引一段 m0n0 FAQ:13.3. Why isn't it possible to access NATed services by the public IP address from LAN?Problem. It is not possible to access NATed services using the public (WAN) IP address from within LAN (or an optional network). Example: you've got a server in your LAN behind m0n0wall and added a NAT/filter rule to allow external access to its HTTP port. While you can access it just fine from the Internet, you cannot access http://your-external-ip/ from within your LAN.Reason. This is due to a limitation in ipfilter/ipnat (which are used in m0n0wall). Read the ipfilter FAQ for details. m0n0wall does not (and probably will not) include a "bounce" utility.Solution. If you use m0n0wall's built-in DNS forwarder for your LAN clients, you can add one or more overrides so that they will get the internal (LAN) IP address of your server instead of the external one, while external clients still get the real/public IP address.NoteThis will only work if you use m0n0wall as the primary DNS server on your LAN hosts. If you use another DNS server, you need to use its functionality to resolve that host to the appropriate private IP. See your DNS server documentation for more information.
QUOTE
actually, it can be done, in a different way.first, you should setup an OPT interface, say OPT1, and connect your servers, on which the services you want to publish to the outside are running, to the OPT1, then redirect your services you wish to publish to the servers on your OPT1 lan side and add proper rules to allow the traffic.now you can test the setup. connect to your servers from both wan and lan side, using the WAN IP, and you will find it works.
sorry, i'm wrong. it can't be done on m0n0wall. but on my freebsd 4.x w/ipf v3.4.35, it did work and runs pretty damn good. how curious!i don't know why, since m0n0 is also using freebsd 4.x/5.x and runs the same version of ipfilter as mine. i'm running m0n0 on vm and my freebsd gateway is a real pc. i'll setup a m0n0 on a real pc some other days to see what's happenning 你的问题怎么解决的呀,真的解决了吗???????
我和你的问题是一样的,配置也一样,呵呵。但是我在访问的时候遇到一个问题,就是提示不能列表,去掉被动后可以访问,但是我以前在其他防火墙里面就遇到过这种问题,只有本地的电信网络才能去掉被动连接,其他地方的网友还是不能访问。在其他防火墙配置中,我就改为PASV方式连接,在防火墙中添加PASV的端口段就行了,但是MONO就是不行,不知道怎么回事 希望哪位高手能给予解答
页:
1
[2]