Giter Site home page Giter Site logo

请教连接问题 about natmap HOT 10 CLOSED

heiher avatar heiher commented on August 24, 2024
请教连接问题

from natmap.

Comments (10)

heiher avatar heiher commented on August 24, 2024

看上去应该是没有放行入站,参考OpenWrt的配置是: https://github.com/heiher/natmap/wiki/web#4-%E9%98%B2%E7%81%AB%E5%A2%99%E6%94%BE%E8%A1%8Ctcp%E5%8D%8F%E8%AE%AE%E7%9B%AE%E7%9A%84%E7%AB%AF%E5%8F%A36336%E7%9A%84%E5%85%A5%E7%AB%99

另外,有公网IP为何要用natmap?

from natmap.

egg1234 avatar egg1234 commented on August 24, 2024

@heiher 谢谢指点!实际上这个路由器防火墙都是关闭的,然后这台ubuntu 20根本没有安装防火墙ufw,所以上面也特别说明内网其他机器可以直接用浏览器访问http://10.0.0.59:80,所以不存在没有放行入站的问题,更进一步是即使把这台ubuntu 20放到路由器的DMZ区也是不能外网访问natmap输出的公网地址及端口,所以才不明白究竟出了什么问题

这个路由器有公网ip还要做这个测试是因为有另外一个广电的网络没有公网ip,所以想先在一个简单的环境测试通过,才到那个广电网络去试验

from natmap.

heiher avatar heiher commented on August 24, 2024

先检查路由器wan口的入站,比如先用nc测一下,然后再抓包排查一下。不清楚什么场景,上游设备有没有可能有防火墙?

from natmap.

egg1234 avatar egg1234 commented on August 24, 2024

有一个奇怪的现象,我换了另外一个运营商测试,也是wan出口有公网ip地址的,也是类似下面的命令
./natmap -s stun.voip.blackberry.com -h qq.com -b 19999 -t 10.0.0.59 -p 80

natmap的输出
1.2.3.4 19999 2001::4e1f:d848:d8ba 19999 tcp 10.0.0.59

奇怪的地方是为什么natmap的输出永远都把我自己bind的19999端口写到输出里面,按我理解natmap的输出端口应该是对方stun服务器检测到我这边的源端口才是,为什么换了不同运营商都一样是输出自己bind的19999端口,根本没有输出对方反馈的我自己这边广域网的源端口

所以我从另外的地方用浏览器访问 http://1.2.3.4:19999 当然会出错,因为根本没有访问到广域网的打洞端口

from natmap.

heiher avatar heiher commented on August 24, 2024

因为wan口是公网ip呀,如果natmap是跑在路由器上,这就是必然的结果,而如果是跑在子网主机上,也有很大概率分配相同的端口(与NAT实现相关)。

from natmap.

egg1234 avatar egg1234 commented on August 24, 2024

尝试在10.0.0.59机器加了ip转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

然后在远端的ubuntu机器测试访问变成下面的反馈,实际上内网访问 http://10.0.0.59:80 没有任何问题,而外网访问过来就有问题
nc -vz 1.2.3.4 19999
Connection to 1.2.3.4 19999 port [tcp/*] succeeded!

curl http://1.2.3.4:19999
curl: (56) Recv failure: Connection reset by peer

from natmap.

heiher avatar heiher commented on August 24, 2024

好吧,这看上去端口是通的,很可能是运营商阻断了HTTP协议,相同外部端口试试转发SSH或其它协议。

from natmap.

egg1234 avatar egg1234 commented on August 24, 2024

换成下面的命令
./natmap -s stun.voip.blackberry.com -h qq.com -b 19999 -t 10.0.0.59 -p 22

然后ssh尝试连接,出现下面反馈,这个username肯定是用密码登录的,不需要用证书
ssh [email protected] -p 19999

kex_exchange_identification: read: Connection reset by peer
Connection reset by 1.2.3.4 port 19999

from natmap.

heiher avatar heiher commented on August 24, 2024

这看上去还是端口不通呀,路由器上对wan口抓包看看双向流量情况。

from natmap.

egg1234 avatar egg1234 commented on August 24, 2024

由于出口路由器都是标准的家用路由器,所以抓不了包,

现在估计也没有什么头绪,先把issue关了,以后有机会或有其他头绪再reopen吧

from natmap.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.