通信人家园

标题: [分享]详解端口映射功能 [查看完整版帖子] [打印本页]

时间: 2010-4-1 09:04

作者: sz0755520 标题: [分享]详解端口映射功能

端口映射功能，都是为实现MODEM里建立一条五元组表PAT表：
Port Forwarding
配置：
Application       = a
Start Port       = 10
End port          = 20
Protocol          = TCP
WAN-side IP address = 1.1.1.1
LAN-side IP address = 192.168.8.3

此配置表示：内网主机192.168.8.3的TCP报文端口任意对应公网IP1.1.1.1的TCP报文端口为10~20；
即从公网主动访问的TCP报文，其目的端口为10到20之间，MODEM会把它转发给192.168.8.3主机；

Port Triggering
配置：
Application    = b
Service User = 192.168.8.4
Service Type = TCP
Triggering Port = 12345

Inbound Connection
Connection Type = TCP
Start Port    = 123
End Port    = 1234

此配置表示：内网主机192.168.8.4向公网发TCP报文且目的端口为12345，modem会被触发生成一条PAT表项：
内网主机192.168.8.4的TCP报文端口为端口为123到1234 对应公网IP的TCP报文端口为123到1234；

UPnP
配置：只有开关；表项通过协议，由主机主动下发；
upnpd[420]: HTTP connection from 192.168.8.3:1059
upnpd[420]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
upnpd[420]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
upnpd[420]: AddPortMapping: ext port 87 to 192.168.8.3:89 protocol TCP for: BitSpirit - Powered by LANSPIRIT.NET!
upnpd[420]: no permission rule matched : accept by default (n_perms=4)
upnpd[420]: redirecting port 87 to 192.168.8.3:89 protocol TCP for: BitSpirit - Powered by LANSPIRIT.NET!

UPnP Portmap Table :
Protocol                = TCP
Internal Port          = 89
External Port          = 87

此表项表示：内网主机192.168.8.3的TCP报文端口为89 对应公网IP的TCP端口为87；

DMZ
配置：指定DMZ主机
Router(config)#show dmz

WAN interface IP address = 1.1.1.1
LAN interface IP address  = 192.168.8.8

此表项表项：访问MODEM公网IP的报文，其端口没有被指定默认发给DMZ主机192.168.8.8

-----------------------------------------
注：公网IP的对应的端口只能被唯一占用

通信人家园 (https://www.txrjy.com/)