精品技术论坛

精品技术论坛 (https://bbs.et8.net/bbs/index.php)
-   『软件使用』 (https://bbs.et8.net/bbs/forumdisplay.php?f=17)
-   -   【求助】ROS访问内网问题 (https://bbs.et8.net/bbs/showthread.php?t=1359975)

benzcomp 2018-05-31 18:51:39

【求助】ROS访问内网问题
 
1 个附件
ROS配置了3块网卡
内网(VLAN20):集团公司网段10.0.0.0/8,我公司网段10.75.20.0/24,网关 10.75.20.1
WiFi(VLAN40):192.168.100.0/23 网关:192.1689.100.2
公网(WAN): 221.176.xxx.xxx
现在的问题是:
ROS可以访问所有地址。WiFi连接的设备,能访问公网和10.75.20.0网段,但是访问不了10.0.0.0的其他网段。10.75.20.0的上联路由不会给我做配置,如何配置NAT才能让WiFi客户端访问10.0.0.0全网段

Fire 2018-05-31 22:15:12

内网访问你为嘛要NAT?直接路由过去

10.75.20.1有去10.0.0.0/8的路由吗?

benzcomp 2018-06-01 09:17:22

引用:

作者: Fire (文章 17175156)
内网访问你为嘛要NAT?直接路由过去

10.75.20.1有去10.0.0.0/8的路由吗?

路由在上联设备,没法配置,所以想用NAT解决

Fire 2018-06-01 23:46:01

Source NAT
Masquerade

If you want to "hide" the private LAN 192.168.0.0/24 "behind" one address 10.5.8.109 given to you by the ISP, you should use the source network address translation (masquerading) feature of the MikroTik router. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.5.8.109 of the router when the packet is routed through it.

To use masquerading, a source NAT rule with action 'masquerade' should be added to the firewall configuration:

/ip firewall nat add chain=srcnat action=masquerade out-interface=Public

All outgoing connections from the network 192.168.0.0/24 will have source address 10.5.8.109 of the router and source port above 1024. No access from the Internet will be possible to the Local addresses. If you want to allow connections to the server on the local network, you should use destination Network Address Translation (NAT).

Source nat to specific address

If you have multiple public IP addresses, source nat can be changed to specific IP, for example, one local subnet can be hidden behind first IP and second local subnet is masqueraded behind second IP.

/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 action=src-nat to-addresses=1.1.1.1 out-interface=Public
add chain=srcnat src-address=192.168.2.0/24 action=src-nat to-addresses=1.1.1.2 out-interface=Public



你去10.0.0.0/8应该用Masquerade,不是Source NAT.

benzcomp 2018-06-02 17:01:43

引用:

作者: Fire (文章 17175525)
Source NAT
Masquerade

If you want to "hide" the private LAN 192.168.0.0/24 "behind" one address 10.5.8.109 given to you by the ISP, you sho......

可是用Masquerade,不通啊

Fire 2018-06-13 10:20:16

引用:

作者: benzcomp (文章 17175648)
可是用Masquerade,不通啊

做了NAT还要做FW放行啊


所有时间均为北京时间, 现在的时间是 21:03:21.

本论坛带宽由迅通网络提供
SSL证书由TrustAsia提供

Copyright © 2000 - 2019 ClassiClub Forum All Rights Reserved.
粤ICP备09123456号