Nat

當我 ping 本地 IP 地址時,我會收到來自外部 IP 的回复

  • December 10, 2015

我有 SonicWall NSA 2400。

埠 X2 是 WAN 埠,具有以下設置XXX250 / 255.255.255.248。

我將 VPN 集中器連接到埠 X5,該埠在 Transporarent IP 模式下分配給 DMZ 區域,用於透明範圍XXX252 / 255.255.255.255

VPN 集中器本地 ip 為 192.168.1.65

我放了一條防火牆規則WAN -> DMZ
ANY XXX252 HTTPS Allow。

問題是我只能在集中器重新啟動後幾秒鐘內訪問集中器上的 HTTPS。在持續 ping 以查看是否再次與 LAN IP 192.168.1.65 連接時,它會被 NAT 到 SonicWall 公共 IP XXX250

Pinging 192.168.1.65 with 32 bytes of data:
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.1.65: bytes=32 time=677ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time=3ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64

我已經設法通過 SSH 連接到 VPN 集中器並能夠編輯路由表

X.X.X.248   0.0.0.0         255.255.255.248 U     0      0        0 eth1
192.168.0.0     192.168.1.1     255.255.254.0   UG    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.254.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         X.X.X.249   0.0.0.0         UG    0      0        0 eth1

所以當我刪除 192.168.1.1 作為 192.168.0.0/23 的網關時

# route del -net 192.168.0.0 netmask 255.255.254.0 gw 192.168.1.1 eth0

我開始收到以下回复

PING 192.168.1.65 -t
Pinging 192.168.1.65 with 32 bytes of data:
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64

引用自:https://serverfault.com/questions/742028