可以从外部网络访问我的 DNS 主机,但不能在 LAN 内访问

tag-icon tag-icon router dns iptables nat tomato
可以从外部网络访问我的 DNS 主机,但不能在 LAN 内访问

基本上,如标题所示。这是 Advanced Tomato 固件。 NAT 环回已配置。目前设置为“仅转发”(还有一个端口转发规则)。但是,尝试设置“全部”,仍然没有结果。

iptables当前“仅转发”方法的 NAT:

iptables -n -L -v -t nat
Chain PREROUTING (policy ACCEPT 873 packets, 164K bytes)
 pkts bytes target     prot opt in     out     source               destination
   33  1572 WANPREROUTING  all  --  *      *       0.0.0.0/0            99.99.99.99

Chain INPUT (policy ACCEPT 77 packets, 15650 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 158 packets, 19846 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       tcp  --  *      *       192.168.1.0/24       192.168.1.2        
 multiport dports 80,81,443 to:99.99.99.99
  402 84091 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0

Chain WANPREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.1.1
    2   120 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,81,443 to:192.168.1.2

iptables针对“全部”方法的 NAT:

iptables -n -L -v -t nat
Chain PREROUTING (policy ACCEPT 7 packets, 668 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 WANPREROUTING  all  --  *      *       0.0.0.0/0            99.99.99.99

Chain INPUT (policy ACCEPT 1 packets, 60 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 2 packets, 120 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   181 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
    0     0 SNAT       all  --  *      br0     192.168.1.0/24       192.168.1.0/24       to:192.168.1.1
    0     0 SNAT       all  --  *      br1     192.168.2.0/24       192.168.2.0/24       to:192.168.2.1
    0     0 SNAT       all  --  *      br2     192.168.3.0/24       192.168.3.0/24       to:192.168.3.1

Chain WANPREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.1.1
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,81,443 to:192.168.1.2

NAT target设置为“MASQUERADE”。但是,我也尝试了“SNAT”,但没有成功。

99.99.99.99 - 是我的屏蔽外部白色(静态)IP 地址

可能是什么问题呢?

相关内容