关于ros2.9.27的SRC-NAT问题
各位高人:小弟初次使用ROS,版本为2.9.27(L6),想将内网的web服务器映射到公网地址上,根据ROS说明书按照如下操作可以实现外网访问内网服务器,但是内网工作站无法访问本地的服务器,
以下为RouterOS_Reference_Manual_v2.9.pdf(官方)手册的原始描述:
----------------------------------------------------
Example of Destination NAT
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use
destination address translation feature of the MikroTik router. Also if you want allow Local server
to talk with outside with given Public IP you should use source address translation, too
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public &&第一次动作
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \
to-addresses=192.168.0.109 &&第二次动作
Add rule allowing the internal server to talk to the outer networks having its source address
translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.200 &&第三次动作
---------------------------------------------------------
反复试验后发现将第三次动作中的“src-address=192.168.0.109”改写为“src-address=192.168.0.0/24”,方可以实现。原文档难道有误,但是从原理角度应如此,为何要如此改动?请各位老大指正!谢谢! src-address=192.168.0.109/32 试试呢你改的目的无非转换的网段而不是单IP,应该不是这个问题吧!
回复 #3 legou 的帖子
楼上两位老大,我用src-address=192.168.0.109/32,也不行。另外,如果不用这个怎么映射?谢谢! ip firewall nat add chain=srcnat dst-address=192.168.0.109action=dst-nat \to-addresses=10.5.8.200
你只需要映射80端口,那你端口就不影射啦?
页:
[1]