我无法理解,在重启之前,我能够从外面 ssh 进入我的监狱,但现在却不行!我甚至重建了整个系统,但还是没用 :( 有人有什么想法吗?
su-3.2# cat /etc/ipnat.rules
map fxp0 lama -> 0/32
rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp
su-3.2# grep lama /etc/hosts
172.16.172.16 lama
su-3.2# ipnat -l
List of active MAP/Redirect filters:
map fxp0 172.16.172.16/32 -> 0.0.0.0/32
rdr fxp0 64.52.58.58/32 port 22 -> 172.16.172.16 port 22 tcp
List of active sessions:
su-3.2# ifconfig
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:19:5b:68:9b:01
inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
media: Ethernet autoselect (none)
status: no carrier
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
ether 00:0f:fe:aa:f4:61
inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
su-3.2# jls
JID IP Address Hostname Path
1 172.16.172.16 lama /usr/jail/lama
su-3.2# grep ^ipnat_enable /etc/rc.conf
ipnat_enable="YES"
su-3.2# grep ^gateway_enable /etc/rc.conf
gateway_enable="YES"
su-3.2# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
su-3.2#
这是我在外面尝试 ssh 到我的盒子但超时了...
mp:~ alexus$ ssh -v jothost.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to jothost.com [64.52.58.58] port 22.
debug1: connect to address 64.52.58.58 port 22: Operation timed out
ssh: connect to host jothost.com port 22: Operation timed out
mp:~ alexus$
答案1
你能从 lama 访问互联网吗?
检查sysctl net.inet.ip.forwarding和sysctl net.inet.ip.redirect值是否正确设置为 1