發表文章

目前顯示的是 五月 1, 2013的文章

Hairpin NAT

圖片
In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its public IP address to the web server behind it. The NAT configuration would look like below: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 \ action=dst-nat to-address=192.168.1.2 add chain=srcnat out-interface=WAN action=masqueradeWhen a client out on the Internet with IP address 2.2.2.2 establishes a connection to the web server, the router performs NAT as configured. the client sends a packet with a source IP address of 2.2.2.2 to a destination IP address of 1.1.1.1 on port tcp/80 to request some web resource.the router destination NATs the packet to 192.168.1.2 and replaces the destination IP address in the packet accordingly. The source IP address stays the same: 2.2.2.2.the server replies to the client's request and the reply packet has a source IP address of 192.168.1.2 and a destination IP address of …