NAT Rule Entry添加映射端口竟最大限制12个表格? @_@

kenji1029 · 发表于 2004-3-11 23:35:52

超过12个表格就不能添加
出现"错误:表格己经满了"
是我的问题还是viking芯片问题?

goingchan · 发表于 2004-3-11 23:42:23

你是怎么设置的。。。能填满12个可不真不容易呀。。。我开了BT、ED，禁ICMP，映射了那几个管理端口也才7条。。。
要是封端口的话，也可以考虑使用IP过滤的

kenji1029 · 发表于 2004-3-11 23:46:16

[这个贴子最后由kenji1029在 2004/03/11 11:47pm 第 1 次编辑]

我做一个脚本的nat.sh文件
--------------------------------------------------------------
create nat rule entry ruleid 1 napt ifname ppp-0
create nat rule entry ruleid 21 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.254 lcladdrto 192.168.1.254 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 21 destportto num 21 lclport num 21
create nat rule entry ruleid 23 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.254 lcladdrto 192.168.1.254 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 23 destportto num 23 lclport num 23
create nat rule entry ruleid 69 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.254 lcladdrto 192.168.1.254 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 69 destportto num 69 lclport num 69
create nat rule entry ruleid 80 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.254 lcladdrto 192.168.1.254 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 80 destportto num 80 lclport num 80
create nat rule entry ruleid 2121 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 2121 destportto num 2121 lclport num 2121
create nat rule entry ruleid 4662 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 4662 destportto num 4662 lclport num 4662
create nat rule entry ruleid 8080 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8080 destportto num 8080 lclport num 8080
create nat rule entry ruleid 8881 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8881 destportto num 8881 lclport num 8881
create nat rule entry ruleid 8882 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8882 destportto num 8882 lclport num 8882
create nat rule entry ruleid 8883 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8883 destportto num 8883 lclport num 8883
create nat rule entry ruleid 8884 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.2 lcladdrto 192.168.1.2 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8884 destportto num 8884 lclport num 8884
create nat rule entry ruleid 8891 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.3 lcladdrto 192.168.1.3 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8891 destportto num 8891 lclport num 8891
create nat rule entry ruleid 8892 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.3 lcladdrto 192.168.1.3 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8892 destportto num 8892 lclport num 8892
create nat rule entry ruleid 8893 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.3 lcladdrto 192.168.1.3 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8893 destportto num 8893 lclport num 8893
create nat rule entry ruleid 8894 rdr prot tcp ifname ppp-0 lcladdrfrom 192.168.1.3 lcladdrto 192.168.1.3 glbaddrfrom 0.0.0.0 glbaddrto 0.0.0.0 destportfrom num 8894 destportto num 8894 lclport num 8894
--------------------------------------------------------------
然后$apply fname nat.sh

goingchan · 发表于 2004-3-11 23:55:33

。。。。怪不得。。BT端口占一堆。。。连续的端口可以用设置端口范围。。。
关键是这里...
destportfrom num 8881 destportto num 8884 lclport num 0
另外，由于你只有两台机，可以把两组BT端口设置合为一条(惟下简写)
from 192.168.1.2 to 192.168.1.3 portfrom 8881 portto 8999
注意：此法对BT连接的效能有一些影响，modem消耗的内存也相对多，不过，你只有两台机，响影不大的，不过，表格够位置的话还是分开比较好

kenji1029 · 发表于 2004-3-12 00:06:48

谢谢
不行的话就干脆填BIMAP

goingchan · 发表于 2004-3-12 00:10:00

BIMAP只对一台机有效，而且排在BIMAP后的规则无效....
去看卡通了。。。有什么问题我也暂时看不到。。。

kenji1029 · 发表于 2004-3-12 00:16:42

映射端口改为
1 ppp-0 NAPT ANY 0.0.0.0 255.255.255.255
8891 ppp-0 RDR TCP 192.168.1.3 192.168.1.3
8892 ppp-0 RDR TCP 192.168.1.3 192.168.1.3
65535 ppp-0 BIMAP ANY 192.168.1.2 192.168.1.2
可以解决了

BOYMZJ · 发表于 2004-3-13 14:11:21

请问：kenji1029
65535 ppp-0 BIMAP ANY 192.168.1.2 192.168.1.2 Bimap Rule：此方式是否是将局网中的192.168.1.2完全透明对应到公网的IP，其中BIMAP和rdr有什么区别啊？BIMAP好象不用设置端口啊？另外8891 ppp-0 RDR TCP 192.168.1.3 192.168.1.3 后面是否省略了？怎么没添8891端口啊？
我很菜，盼您回复，谢谢

kenji1029 · 发表于 2004-3-13 16:27:47

65535 ppp-0 BIMAP ANY 192.168.1.2 192.168.1.2 Bimap Rule：此方式是否是将局网中的192.168.1.2完全透明对应到公网的IP，其中BIMAP和rdr有什么区别啊？BIMAP好象不用设置端口啊？
> 是的,所有的端口都对应到公网的IP,不需要设置端口
8891 ppp-0 RDR TCP 192.168.1.3 192.168.1.3 后面是否省略了？怎么没添8891端口啊？
> 不是省略,显示而已

NAT Rule Entry添加映射端口竟最大限制12个表格? @_@