Ya <ya_iobbc@gcn.net.tw> wrote in
message
news:39D7FA4C.1949D94C@gcn.net.tw...
> DMZ裡的主機(xxx.yy.zz.38) ping不到 ADSL router(xxx.yy.zz.33)
>
> in Linux router:
> ping eth0, eth1, eth2, xxx.yy.zz.33, xxx.yy.zz.38,
192.168.2.3 --->
> ok
>
> in private area client:
> ping eth0, eth1, eth2, xxx.yy.zz.33, xxx.yy.zz.38,
192.168.2.3 --->
> ok
>
> in DMZ 裡的 www server(xxx.yy.zz.38):
> ping eth0, eth1, eth2, xxx.yy.zz.38, 192.168.2.3 --->
ok
> ping xxx.yy.zz.33 ---> 哇! ping 不到呀!
>
> in Inernet:
> ping eth0, eth1, xxx.yy.zz.33 ---> ok
> ping xxx.yy.zz.38 ---> 哇! ping 不到呀!
>
> 請各位幫忙! 在下的環境如下 :
>
>
>
|
>
+----+------------+
> |
ADSL Router |
>
+----+------------+
>
|eth0
> +-------+-------+eth1
+-----+
> | Linux Router
+---------+ Hub |
> +-------+-------+
+--+--+
>
|eth2
|
>
+--+--+
+--+--+
>
| Hub |
| DMZ |
>
+--+--+
>
|
> +-------+-------+
> | Private Area
|
>
>
> ADSL Router IP = xxx.yy.zz.33 mask:255.255.255.252(請 hinet 由
> 255.255.255.248 改為 255.255.255.252)
這樣一切﹐要注意 net_ID 和 Broadcast_Address 不能用在 host
上了哦~~
而且﹐這時候﹐除非您的 DMZ 還有其它可用網路﹐要不那個
HUB 也不用了﹐因為您只
剩一下一個可用 IP 給 server 用了﹐干脆用跳線接就行。(想到這﹐忽然想問﹐為什
麼不用 Song 兄那招 proxy arp 呢﹖)
>
> eth0= inet addr:xxx.yy.zz.34 Bcast:xxx.yy.zz.35
Mask:255.255.255.252
>
> eth1= inet addr:xxx.yy.zz.37 Bcast:xxx.yy.zz.39
Mask:255.255.255.252
>
> DMZ 裡的 www
server : IP : xxx.yy.zz.38 mask:255.255.255.252
> Default gw : xxx.yy.zz.37
嗯﹐看來還好﹐要避開的都避開了。
>
> eth2= inet addr:192.168.2.1 Bcast:192.168.2.255
Mask:255.255.255.0
>
> Private area
裡的 Client : IP : 192.168.2.3 mask:255.255.255.0
> Default gw : 192.168.2.1
>
>
> --- route ---
>
> Kernel IP routing table
> Destination Gateway
Genmask Flags Metric Ref
Use
> Iface
> 192.168.2.1 *
255.255.255.255 UH 0 0
0
> eth2
> xxx.yy.zz.37 *
255.255.255.255 UH 0 0
0
> eth1
> xxx.yy.zz.34 *
255.255.255.255 UH 0 0
0
> eth0
> xxx.yy.zz.36 *
255.255.255.252 U 0 0
0
> eth1
> xxx.yy.zz.32 *
255.255.255.252 U 0 0
0
> eth0
> 192.168.2.0 *
255.255.255.0 U 0
0 0
> eth2
> 127.0.0.0 *
255.0.0.0 U 0
0 0
> lo
> default xxx.yy.zz.33
0.0.0.0 UG 0
0 0
> eth0
>
>
> --- ipchains ---
>
> Chain input (policy ACCEPT: 556 packets, 30364 bytes):
> Chain forward (policy ACCEPT: 36 packets, 2160 bytes):
> pkts bytes target prot opt
tosa tosx ifname mark
> outsize source
destination ports
> 3 180 MASQ
all ------ 0xFF 0x00 any
> 192.168.2.0/24
anywhere
n/a
> Chain output (policy ACCEPT: 413 packets, 31834 bytes):
漏了最重要一點﹕ADSL 的 route table 是怎樣的﹖它知道傳給
xxx.yy.zz.36 /
255.255.255.252 這網路要往哪裡路由嗎﹖