我有 SonicWall NSA 2400。
端口 X2 是 WAN 端口,具有以下设置XXX250 / 255.255.255.248。
我将 VPN 集中器连接到端口 X5,该端口在透明 IP 模式下分配给 DMZ 区域,以实现透明范围XXX252 / 255.255.255.255.VPN
集中器本地ip为192.168.1.65
我设置了防火墙规则广域网 -> DMZ
ANY XXX252 HTTPS 允许。
问题是,在集中器重新启动后,我只能在几秒钟内访问 HTTPS。虽然不断进行 ping 以查看是否再次与 LAN IP 192.168.1.65 连接,但它会被 NAT 到 SonicWall 公共 IP XXX250
Pinging 192.168.1.65 with 32 bytes of data:
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.0.4: Destination host unreachable.
Reply from 192.168.1.65: bytes=32 time=677ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time=3ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
Reply from X.X.X.250: bytes=32 time<1ms TTL=64
答案1
我已经设法通过 SSH 连接到 VPN 集中器,并能够编辑路由表
X.X.X.248 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.0.0 192.168.1.1 255.255.254.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 X.X.X.249 0.0.0.0 UG 0 0 0 eth1
因此,当我删除 192.168.1.1 作为 192.168.0.0/23 的网关时
# route del -net 192.168.0.0 netmask 255.255.254.0 gw 192.168.1.1 eth0
我开始收到以下回复
PING 192.168.1.65 -t
Pinging 192.168.1.65 with 32 bytes of data:
Reply from 192.168.1.65: bytes=32 time<1ms TTL=64