Opened 15 years ago
Last modified 11 years ago
#4 assigned defect
ルータPCのLAN側配下のクライアントPCから、ルータPCのWAN側IPを使ってルータPCと通信できない — at Version 5
Reported by: | mitty | Owned by: | mitty |
---|---|---|---|
Priority: | major | Component: | network |
Keywords: | Cc: |
Description (last modified by mitty)
- Ubuntuでルータを構成している場合、LAN側のクライアントPCからルータPCのLAN側IPへの通信は当然出来るが、WAN側IPを用いてルータPCと通信することが出来ない。
Change History (5)
comment:1 Changed 15 years ago by mitty
- Description modified (diff)
- Summary changed from ルータPCのWAN側IPを使って、LAN内からルータPC上のサービスに接続できない to ルータPCのLAN側配下のクライアントPCから、ルータPCのWAN側IPを使ってルータPCと通信できない
comment:2 Changed 15 years ago by mitty
- Description modified (diff)
comment:3 Changed 15 years ago by mitty
- LAN側クライアントPCから https://192.168.100.254:443/ を開くことは可能
comment:4 Changed 15 years ago by mitty
解法
- sudo iptables -t nat -A PREROUTING -p tcp -i eth0 -s ! 192.168.100.254 --dport 443 -j DNAT --to-destination 192.168.100.254:443
- Vista => https://133.xy.zz.39:443/ にアクセスした場合
- 接続可能
- ubuntu-napt:eth0 port 443
16:21:31.709397 IP 192.168.100.250.49497 > 133.xy.zz.39.443: S 1565904180:1565904180(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> 16:21:31.709646 IP 133.xy.zz.39.443 > 192.168.100.250.49497: S 2896602104:2896602104(0) ack 1565904181 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 5> 16:21:31.710563 IP 192.168.100.250.49497 > 133.xy.zz.39.443: . ack 1 win 16425 16:21:31.714430 IP 192.168.100.250.49497 > 133.xy.zz.39.443: P 1:102(101) ack 1 win 16425 16:21:31.714477 IP 133.xy.zz.39.443 > 192.168.100.250.49497: . ack 102 win 183 16:21:31.715399 IP 133.xy.zz.39.443 > 192.168.100.250.49497: P 1:826(825) ack 102 win 183 16:21:31.717080 IP 192.168.100.250.49497 > 133.xy.zz.39.443: P 102:300(198) ack 826 win 16218 16:21:31.720111 IP 133.xy.zz.39.443 > 192.168.100.250.49497: P 826:885(59) ack 300 win 216 16:21:31.876916 IP 192.168.100.250.49497 > 133.xy.zz.39.443: F 300:300(0) ack 885 win 16204 16:21:31.877358 IP 133.xy.zz.39.443 > 192.168.100.250.49497: P 885:922(37) ack 301 win 216 16:21:31.877613 IP 133.xy.zz.39.443 > 192.168.100.250.49497: F 922:922(0) ack 301 win 216 16:21:31.878519 IP 192.168.100.250.49497 > 133.xy.zz.39.443: R 301:301(0) ack 922 win 0 16:21:31.879718 IP 192.168.100.250.49498 > 133.xy.zz.39.443: S 4205676965:4205676965(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> 16:21:31.879852 IP 133.xy.zz.39.443 > 192.168.100.250.49498: S 2898732341:2898732341(0) ack 4205676966 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 5> 16:21:31.880464 IP 192.168.100.250.49498 > 133.xy.zz.39.443: . ack 1 win 16425 16:21:31.881477 IP 192.168.100.250.49498 > 133.xy.zz.39.443: P 1:134(133) ack 1 win 16425 16:21:31.881529 IP 133.xy.zz.39.443 > 192.168.100.250.49498: . ack 134 win 216 16:21:31.882356 IP 133.xy.zz.39.443 > 192.168.100.250.49498: P 1:139(138) ack 134 win 216 16:21:31.883403 IP 192.168.100.250.49498 > 133.xy.zz.39.443: P 134:193(59) ack 139 win 16390 16:21:31.890260 IP 192.168.100.250.49498 > 133.xy.zz.39.443: F 193:193(0) ack 139 win 16390 16:21:31.890476 IP 133.xy.zz.39.443 > 192.168.100.250.49498: P 139:176(37) ack 194 win 216 16:21:31.890566 IP 133.xy.zz.39.443 > 192.168.100.250.49498: F 176:176(0) ack 194 win 216 16:21:31.891206 IP 192.168.100.250.49498 > 133.xy.zz.39.443: R 194:194(0) ack 176 win 0
- 問題点
- ubuntu-napt:eth0から入ってくる、443/tcp向けのパケットが全て192.168.100.254:443に向いてしまう。
- PREROUTINGはMASQUERADEを行っているPOSTROUTINGチェインより先に評価されるため、外部のhttpsサイトを見ようとしてもhttps://192.168.100.254:443/に接続してしまう
- ubuntu-napt:eth0から入ってくる、443/tcp向けのパケットが全て192.168.100.254:443に向いてしまう。
comment:5 Changed 15 years ago by mitty
- Description modified (diff)
- Status changed from new to assigned
Note: See
TracTickets for help on using
tickets.
133.xy.zz.39