Áý ³×Æ®¿öÅ© ±¸¼ºÁß¿¡ Áú¹®»çÇ× ÀÖ½À´Ï´Ù~

   Á¶È¸ 5270   Ãßõ 0    

 


현재 synology.me로 접근시 흐름도현재 iptime.org로 접근시 흐름도



제가 원하는 흐름도



위와 같이 네트워크가 구성되어있고

FW과 공유기는 별도의 외부 공인IP를 받은 상태이고 Synology NAS의 기본G/W는 FW를 타게 되어있습니다.

현재 외부에서 *.synology.me:5000로 접근시에는 FW을 타고 NAS로 접근하게 되어있는 상태이고, 

공유기 *.iptime.org:5000를 통해서도 NAS로 접근하게끔 하고싶은데 

*.iptime.org:5000로 접근하면 자꾸 디폴트GW로 빠져서 결국 통신이 되지 않습니다...

혹시 이런 네트워크 구조에서 공유기를 타고 NAS로 들어올경우 NAS에서 다시 공유기를 타고 외부로 나가게끔 할 수 있는 방법이 있을까요?

±èÁöö 2020-10
ÀÌ°Ô ÀßÀº ¸ð¸£°ÚÁö¸¸¿ä,
NAS ÀÔÀå¿¡¼­ ¸ð¸£´Â IP¸¦ ¾îµð·Î º¸³¾Áö¸¦ °áÁ¤ÇÏ´Â °ÍÀÌ default g/w ¼³Á¤ÀÔ´Ï´Ù.
ÀÏ´Ü µÎ°³ÀÇ ·£Ä«µå Áß Çϳª°¡ µðÆúÆ®·Î ¼³Á¤µÇ´Âµ¥¿ä,
³ª¸ÓÁö´Â ´ë¿ªº°·Î ³ª´©¾î¼­ ¶ó¿ìÆÿ¡ Ãß°¡ÇØÁÝ´Ï´Ù. ½Ã³î·ÎÁöµµ ³×Æ®¿öÅ©¿¡¼­ Static Route¸¦ Àâ¾ÆÁÙ ¼ö ÀÖ½À´Ï´Ù.
±×·¡¼­ ½ÇÁ¦·Î´Â Ãâ¹ßÁ¡ÀÌ ¾îµð³Ä¿¡ µû¶ó ¾î´À ÂÊÀ¸·Î Èê·Áº¸³¾°ÇÁö °áÁ¤ÇÒ ¼ö Àִµ¥¿ä. °°Àº °÷¿¡¼­ fw, iptime ¿Ô´Ù°¬´Ù Á¢¼ÓÇϸ鼭 Á¦´ë·Î µÇ±â´Â ¾î·Á¿ï °Í °°½À´Ï´Ù.
ÇÑ°¡Áö ¹æ¹ýÀÌ ÀÖ´Ù¸é, vpnÀ» ÀÌ¿ëÇÏ¸é µÉ°Í °°Àºµ¥¿ä.
°øÀ¯±âÀÇ vpnÀ» ÀÌ¿ëÇϸé, ´Ü¸»ÀÌ 192 ip¸¦ ¹ÞÀ» °ÍÀ̱⠶§¹®¿¡ °øÀ¯±â¸¦ ÅëÇؼ­ ´Ù½Ã ³ª°¡°Ô µÇ´Â °ÅÁÒ.
ÀÌ»óÇѵ¥¿ä;;;
¿ÜºÎ¿¡¼­ IPtime °Åó¼­ ½Ã³î·ÎÁö·Î µé¾î¿Ã¶§ ¼¼¼Ç Á¤º¸¸¦ ÅëÇØ
´Ù½Ã IPtimeÀ» ÅëÇؼ­ Á¢¼Ó µÇ´Â°Ô Á¤»óÀÔ´Ï´Ù...

Áï, iptime.org·Î Á¢±Ù½Ã È帧µµ ÀÚü°¡ ÀÌ»óÇÕ´Ï´Ù.
ÀÌ°Ô µÇ·Á¸é ÃÖ¼ÒÇÑ ISP¿Í ¿¬°áµÈ FW, IPtime »çÀÌ¿¡
VIP·Î °øÀÎIP¸¦ ÅëÀϽÃÄѼ­ ¿¬°áµÇ¾î¾ßµÇ¼­ L4°¡ ÇÊ¿äÇÕ´Ï´Ù..

µðÆúÆ® GW´Â ½Ã³î·ÎÁö ÀÚü¿¡¼­ ¿ÜºÎ Åë½Å ¿äû¿¡ ´ëÇؼ­
ÇØ´ç µðÆúÆ® GW¸¦ ÅëÇØ Åë½ÅÀÌ ÀÌ·ïÁö°Ô ÇÏ´Â ´ÙÁß GW¿¡ ´ëÇÑ ¿ì¼±¼øÀ§ÀÏ »ÓÀÔ´Ï´Ù.

Ȥ½Ã ½Ã³î·ÎÁö GW ¼³Á¤ÀÌ Á¤»óÀÎÁö È®ÀÎÇØ º¸¼Ì³ª¿ä??
Ãß°¡ÀûÀ¸·Î...
 *.iptime.org ¿Í  *.synology.me¿¡ ´ëÇÑ IP°¡ µ¿ÀÏÇÑÁö È®ÀÎÇغ¸½Ã±â ¹Ù¶ø´Ï´Ù.
     
iptime °ÅÃļ­ µé¾î¿Íµµ NAS±âº» GW°¡ FWÂÊÀ¸·Î ºüÁö±â ¶§¹®¿¡ TCP ¼¼¼Ç ÀÚü°¡ ¾È¸Î¾îÁý´Ï´Ù...
iptime.org
synology.me´Â °¢°¢ IP°¡ ´Ù¸£±¸¿ä
ÂùÀÌ 2020-10
Default Gateway¹®Á¦°¡ ¸Â½À´Ï´Ù..
Àú´Â OpenWRT¿¡¼­ ¾Æ·¡¿Í¿Í °°ÀÌ »ç¿ëÁßÀÔ´Ï´Ù.
2-WAN¿¡ 2-LANÀ¸·Î °¢°¢¿¡¼­ ¿À´Â ÆÐŶÀ» fwmarkÇÏ¿© ¶ó¿ìÆÃÇÕ´Ï´Ù.
Á¦°¡ ¾²°í ÀÖ´Â ½ºÅ©¸³Æ®¸¦ Á¤¸®Çغôµ¥.. Â¥Áý±â Çϸ鼭 Ʋ¸°°Ô ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù.
     
ÂùÀÌ 2020-10
WAN_SERVER_IF=veth1_b
LAN_SERVER_IF=bond0.10
LAN_SERVER_NET=10.0.0.0/8
LAN_SERVER_RTNAME=rt_lan_server
LAN_SERVER_FWMARK=101

WAN_USER_IF=veth0_b
LAN_USER_IF=bond0.30
LAN_USER_NET=192.168.0.0/16
LAN_USER_RTNAME=rt_lan_user
LAN_USER_FWMARK=102

WAN_SERVER_IP=$(ip addr show dev $WAN_SERVER_IF | grep "inet " | grep brd | awk '{print $2}' | awk -F/ '{print $1}')
WAN_SERVER_GW=$(cat /var/run/net_${WAN_SERVER_IF}_router)
WAN_SERVER_NET=$(/sbin/ip route | grep $WAN_SERVER_IF | grep kernel | awk '{print $1}')

WAN_USER_IP=$(ip addr show dev $WAN_USER_IF | grep "inet " | grep brd | awk '{print $2}' | awk -F/ '{print $1}')
WAN_USER_GW=$(cat /var/run/net_${WAN_USER_IF}_router)
WAN_SERVER_NET=$(/sbin/ip route | grep $WAN_USER_IF | grep kernel | awk '{print $1}')

iptables -t mangle -N mangle_prerouting_lan_server
iptables -t mangle -A mangle_prerouting_lan_server -d $LAN_USER_NET -j RETURN
iptables -t mangle -A mangle_prerouting_lan_server -d $LAN_SERVER_NET -j RETURN
iptables -t mangle -A mangle_prerouting_lan_server -j MARK --set-mark $LAN_SERVER_FWMARK
iptables -t mangle -A PREROUTING -i $LAN_SERVER_IF -j mangle_prerouting_lan_server

iptables -t mangle -N mangle_prerouting_lan_user
iptables -t mangle -A mangle_prerouting_lan_user -d $LAN_USER_NET -j RETURN
iptables -t mangle -A mangle_prerouting_lan_user -d $LAN_SERVER_NET -j RETURN
iptables -t mangle -A mangle_prerouting_lan_user -j MARK --set-mark $LAN_USER_FWMARK
iptables -t mangle -A PREROUTING -i $LAN_USER_IF -j mangle_prerouting_lan_user

iptables -t mangle -I OUTPUT -m connmark ! --mark 0 -j  CONNMARK --restore-mark

iptables -t nat -A postrouting_rule -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t nat -A postrouting_rule ! -s $WAN_SERVER_IP -o $WAN_SERVER_IF -j SNAT --to-source $WAN_SERVER_IP
iptables -t nat -A postrouting_rule ! -s $WAN_USER_IP -o $WAN_USER_IF -j SNAT --to-source $WAN_USER_IP

/sbin/ip route flush table $LAN_SERVER_RTNAME
/sbin/ip rule del from $LAN_SERVER_NET lookup $LAN_SERVER_RTNAME 2>/dev/null
/sbin/ip rule del fwmark $LAN_SEVER_FWMARK lookup $LAN_SERVER_RTNAME

/sbin/ip route flush table $LAN_USER_RTNAME
/sbin/ip rule del from $LAN_USER_NET lookup $LAN_USER_RTNAME 2>/dev/null
/sbin/ip rule del fwmark $LAN_USER_FWMARK lookup $LAN_USER_RTNAME


/sbin/ip route add $WAN_SERVER_GW dev $WAN_SERVER_IF src $WAN_SERVER_IP table $LAN_SERVER_RTNAME
/sbin/ip route add $WAN_SERVER_NET dev $WAN_SERVER_IF src $WAN_SERVER_IP table $LAN_SERVER_RTNAME
/sbin/ip route add default via $WAN_SERVER_GW dev $WAN_SERVER_IF src $WAN_SERVER_IP table $LAN_SERVER_RTNAME
/sbin/ip rule add fwmark $LAN_SERVER_FWMARK lookup $LAN_SERVER_RTNAME
/sbin/ip rule add from $WAN_SERVER_IP lookup $LAN_SERVER_RTNAME


/sbin/ip route add $WAN_USER_GW dev $WAN_USER_IF src $WAN_USER_IP table $LAN_USER_RTNAME
/sbin/ip route add $WAN_USER_NET dev $WAN_USER_IF src $WAN_USER_IP table $LAN_USER_RTNAME
/sbin/ip route add default via $WAN_USER_GW dev $WAN_USER_IF src $WAN_USER_IP table $LAN_USER_RTNAME
/sbin/ip rule add fwmark $LAN_USER_FWMARK lookup $LAN_USER_RTNAME
/sbin/ip rule add from $WAN_USER_IP lookup $LAN_USER_RTNAME
          
³»¿ë È®ÀÎÇϴϱî...
¿¹Àü¿¡ ¹®Á¦µÇ¾ú´ø ¸®´ª½º¿¡¼­ ¸ÖƼ GW ¼³Á¤½Ã ¶ó¿ìÆà ¹®Á¦¿¡ ´ëÇÑ ºÎºÐÀ̳׿ä...;
±×³ªÀú³ª ÀÌ ºÎºÐÀ» Á¦Ç°È­½ÃŲ ½Ã³î·ÎÁö¿¡¼­ ¼³Á¤»ó ¾ÆÁ÷µµ ¸øÀâ¾Ò°í ÀÖ´Ù´Â°Ô ÀÌ»óÇϳ׿ä.
          
Ãß°¡ÀûÀ¸·Î È®ÀÎÇß´õ´Ï¸¸..
¹æÈ­º®ÂÊ¿¡¼­´Â 2¼¼´ë Àåºñ°¡ µé¾î¼­¸é¼­ ÀϹÝÈ­µÈ
Stateful inspection ±â´ÉÀ¸·Î ÀÎÇÑ ¼¼¼Ç±â¹Ý Åë½Å 󸮰¡
¸®´ª½º¿¡¼­´Â ±×´ë·Î À̳׿ä;;;
     
ÂùÀÌ 2020-10
     
¹º°¡ º¹ÀâÇϳ׿ä....¤Ð¤Ð¤Ð¤Ð°¨»çÇÕ´Ï´Ù.
FW°¡ ¹ºÁö ¸ð¸£°Ú´Âµ¥ ¿Ö Àú·¸°Ô ¿¬°áÇÑ°Ç°¡¿ä?

¸ðµç ¿¬°áÀº °øÀ¯±â µÞÆí¿¡ ÀÖ¾î¾ß Á¤»ó ¾Æ´Ñ°¡¿ä?
     
³×Æ®¿öÅ©¸£ ºÐÇÒ ½ÃÄѼ­ »ç¿ëÇÏ°í ½Í¾î¼­ ±×·¸½À´Ï´Ù.
FW´Â pfsense ¹æÈ­º®À̱¸¿ä
´ç±Ù 2020-11
iptime.org ·Î Á¢±Ù½Ã Æ÷Æ® º¯°æÇÏ¸é °¡´ÉÇÏÁö ¾ÊÀ»±î¿ä?


Á¦¸ñPage 43/105
2018-10   6253   ȸ¿øK
2018-03   6257   »õÃÑ
2023-01   6260   ¹«½´½´
2021-12   6260   ¿øÅÊÀ̹汼ÀÌ
2015-07   6266   ½É±º
2022-07   6274   BlueApple
06-25   6282   ¼ö¼öÆÛ¸Ç
2015-08   6285   ÂÞÂÞºÀ
2018-12   6286   ¹è»ó0¿ø
2020-12   6287   ZGERO
2022-07   6289   ParkB7
2016-08   6290   PCMaster
2015-12   6312   ÆÐŶ½ºÆ®¸²
2019-03   6313   µÎ¸®º¡
06-06   6319   ¼ÛÁÖȯ
2018-08   6329   ½º¸°
07-30   6335   Ä«ÀÌÁ¦¸°
2017-03   6337   sunmask
2014-03   6340   inquisitive
2019-12   6342   ·¹¸óÆ®¸®7