我不确定这是否是发布此内容的地方(而不是发布到Network Exchange),但由于它涉及 Linux 并且网络是通用的,所以我将发布它。
我有两台Linux电脑正在运行Fedora-36,如下:
- 192.168.0.16--主机01(开放端口:22,第443章)
- 192.168.0.31--主机02
在我的 上ISP ROUTER,我PORT-FORWARD请求移植22&第443章到主机01。
这是我的问题:
从内部来看host02,不存在访问问题:
user@host02$ nc -vz MY-ISP-WAN-IP 443
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected / succeeded to MY-ISP-WAN-IP:443.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
user@host02$ nc -vz MY-ISP-WAN-IP 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected / succeeded to MY-ISP-WAN-IP:22.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
但从内部host01(本身就是 的目的地PORT-FORWARDS)开始,它就卡住了:
user@host01$ nc -vz MY-ISP-WAN-IP 443
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: TIMEOUT.
user@host01$ nc -vz MY-ISP-WAN-IP 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: TIMEOUT.
当指定它自己的名称时,同样会成功host01:
root@host01# nc -vz host01 443
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected / succeeded to 192.168.0.16:443.
Ncat: 0 bytes sent, 0 bytes received in 0.03 seconds.
root@host01# nc -vz host01 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected / succeeded to 192.168.0.16:22.
Ncat: 0 bytes sent, 0 bytes received in 0.03 seconds.
因此,PORT-FORWARD请求会成功到达目标主机和端口,除非请求源自该目标主机本身。
有任何想法吗?谢谢你!