¹Ø¿¡ hairpin nat º¸°í Áú¹®µå¸³´Ï´Ù.

bigmaster   
   Á¶È¸ 12036   Ãßõ 1    

 

  1.  the client sends a packet with a source IP address of 192.168.1.10 to a destination IP address of 1.1.1.1 on port tcp/80 to request some web resource.
  2.  the router destination NATs the packet to 192.168.1.2 and replaces the destination IP address in the packet accordingly. The source IP address stays the same: 192.168.1.10.
  3.  the server replies to the client's request. However, the source IP address of the request is on the same subnet as the web server. The web server does not send the reply back to the router, but sends it back directly to 192.168.1.10 with a source IP address in the reply of 192.168.1.2.

The client receives the reply packet, but it discards it because it expects a packet back from 1.1.1.1, and not from 192.168.1.2. As far as the client is concerned the packet is invalid and not related to any connection the client previously attempted to establish. 

To fix the issue, an additional NAT rule needs to be introduced on the router to enforce that all reply traffic flows through the router, despite the client and server being on the same subnet. The rule below is very specific to only apply to the traffic that the issue could occur with - if there are many servers the issue occurs with, the rule could be made broader to save having one such exception per forwarded service. 


이 부분보면 알겠지만 192.168.1.10 가 1.1.1.1로 접속했지만 수신하는건 192.168.1.2이라서 접속이 안된다는 의미인데 그럼 192.168.10을 1.1.1.2 로 srcnat 시켜서

외부 포트 간의 연결이 되면 해결되지 않나요? 굳이 hairpin 같은 복잡한 설정이 필요한지 의문이 듭니다.

Chrome 2017-07
Àú°Ô Á¦ÀÏ °£´ÜÇÑ ¹æ¹ýÀÌ¶ó¼­ ±×·¸½À´Ï´Ù.
bigmaster´ÔÀÌ Á¦½ÃÇϽŠ¹æ¹ýµµ hairpin°ú °°´Ù°í º¸½Ã¸é µË´Ï´Ù. ±×·¯³ª ½±°Ô ¾òÀ» ¼ö ¾ø´Â °øÀÎ IP ÁÖ¼Ò(1.1.1.2)¸¦ Ãß°¡·Î »ç¿ëÇϱ⠶§¹®¿¡ ¾È ÁÁÀº °Å°í¿ä.
dhcp µîÀ¸·Î ¹Þ¾Æ¿À´Â°æ¿ì¿¡´Â ¼³Á¤ÀÌ ¾î·Æ±â¶§¹®¿¡ hairpin ±â´ÉÀ» ¾²´Â°Ô ÁÁ½À´Ï´Ù.
     
bigmaster 2017-07
±×·¸±º¿ä. ÀÌÇØÇß½À´Ï´Ù.


Á¦¸ñPage 78/105
2021-12   3553   ÈòÅгʺθ®
2021-12   4416   ¹é¼ö°¡²Þ
2021-12   3529   ¾ðÁ¨°¡´Â
2021-12   4090   ¾ÈöÇö
2021-12   5554   ParkB7
2021-12   3061   ParkB7
2022-01   4315   ketchup
2022-01   4164   Çظð¶ó
2022-01   4232   ¿øÅÊÀ̹汼ÀÌ
2022-01   3447   HyoSung
2022-01   2824   ¸ð¾îÄð
2022-01   4880   yooni
2022-01   3466   ¹Ú°Ç
2022-01   3795   asdf123123
2022-01   3414   sayanova
2022-01   4186   SDG6038
2022-01   3779   junstem
2022-01   7129   ½ÅÈ£µî
2022-01   3151   È÷¼ÒÄ«
2022-01   3785   SDG6038