有关 routeros 多线接入 ngixn proxy manger 无法访问问题(内详)
本帖最后由 liuleisail 于 2024-8-10 11:16 编辑电信、联通多线接入,按照运营商进行分流。
白裙docker 安装了nignx proxy manager,结果内外网都可以访问另外家里服务上docker安装的应用,但死活访问不了 https 白裙自己以及白裙 docker 上安装的其他应用,排查了好几天,也没找出问题所在,求助万能的论坛。
单纯端口转发是可以访问的,但 https 却不能访问白裙。
你这配置一样不给,靠猜没人管你的 要么白裙的防火墙问题,要么ROS的分流问题。排除法呗。 本帖最后由 liuleisail 于 2024-8-10 14:44 编辑
jop 发表于 2024-8-10 12:22
要么白裙的防火墙问题,要么ROS的分流问题。排除法呗。
家里其他一个manminim1做服务器,上面用docker搭建的服务https访问正常。
就是白裙docker装的应用有问题,但白裙防火墙是关闭的。http转发是正常的,直接抓狂了…… 难道是局域网内群辉要强制走一条线路?但在routeros上已经做了设置了啊 奇怪的是,单位的机器上安装了drive clent,用nmp搭建的群辉https却能连得上…… 本帖最后由 liuleisail 于 2024-8-10 17:38 编辑
完整设置,请大佬帮忙诊断
mangle
18 ;;; Change MMS
chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp
19 chain=output action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp
20 ;;; Optical Network
chain=prerouting action=accept src-address=192.168.2.0/24 dst-address=192.168.1.0/24 log=no
log-prefix=""
21 ;;; ��վ����
chain=prerouting action=mark-connection new-connection-mark=out_connection passthrough=yes
connection-state=new src-address-list=lan_list dst-address-list=!lan_list connection-mark=no-mark
in-interface=bridge1 log=no log-prefix=""
22 ;;; ���ų�վ����
chain=prerouting action=mark-routing new-routing-mark=Telecom passthrough=yes
src-address-list=lan_list dst-address-list=chinatelecom_cidr connection-mark=out_connection
log=no log-prefix=""
23 ;;; ��ͨ��վ����
chain=prerouting action=mark-routing new-routing-mark=Unicom passthrough=yes
src-address-list=lan_list dst-address-list=unicom_cnc_cidr connection-mark=out_connection log=no
log-prefix=""
24 ;;; �˿�ӳ�� Telcom
chain=prerouting action=mark-connection new-connection-mark=dstnat_telcom passthrough=yes
connection-mark=no-mark in-interface=pppoe-out1 log=no log-prefix=""
25 chain=prerouting action=mark-routing new-routing-mark=Telecom passthrough=yes
src-address-list=lan_list connection-mark=dstnat_telcom log=no log-prefix=""
26 chain=output action=mark-routing new-routing-mark=Telecom passthrough=yes
connection-mark=dstnat_telcom log=no log-prefix=""
27 ;;; Ⱥ����·
chain=prerouting action=mark-routing new-routing-mark=synolongy passthrough=yes
src-address=192.168.2.252 log=no log-prefix=""
nat 设置
0 ;;; FullCone-Nat
chain=srcnat action=endpoint-independent-nat randomise-ports=no protocol=udp log=no log-prefix=""
1 chain=dstnat action=endpoint-independent-nat randomise-ports=no protocol=udp log=no log-prefix=""
2 ;;; Telecom
chain=srcnat action=masquerade to-addresses=电信公网ip log=no log-prefix=""
5 ;;; Optical Network Telecom
chain=srcnat action=masquerade src-address=192.168.2.0/24 dst-address=192.168.3.0/24 log=no
log-prefix=""
7 ;;; 418play-6690
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=6690 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
8 ;;; 418play-webdav
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=5005 protocol=tcp
dst-address=电信公网 ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
9 ;;; Telamate-1
chain=port-nat action=dst-nat to-addresses=192.168.2.116 to-ports=3000 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
10 X;;; ql-1
chain=port-nat action=dst-nat to-addresses=192.168.2.116 to-ports=5700 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
11 ;;; nmp-1
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=5443 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
12 ;;; nmp
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=8181 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
13 ;;; 418play-https-5001
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=5001 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
14 ;;; 418play-http-5000-1
chain=port-nat action=dst-nat to-addresses=192.168.2.252 to-ports=5000 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
15 ;;; vlmcsd-1
chain=port-nat action=dst-nat to-addresses=192.168.2.28 to-ports=1688 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
16 ;;; 418play-ssh
chain=port-nat action=dst-nat to-addresses=192.168.2.108 to-ports=2201 protocol=tcp
dst-address=电信公网ip in-interface=pppoe-out1 dst-port=XXXX log=no log-prefix=""
18 ;;; dynamic_nat
chain=dstnat action=jump jump-target=port-nat dst-address=电信公网ip log=no log-prefix=""
路由设置
# DST-ADDRESS GATEWAY DISTANCE
0Xs 0.0.0.0/0 pppoe-out1 1
1Xs 0.0.0.0/0 pppoe-out1 1
2Xs 0.0.0.0/0 pppoe-out1 1
3Xs 0.0.0.0/0 pppoe-out2 1
DAv 0.0.0.0/0 pppoe-out1 1
D v 0.0.0.0/0 pppoe-out2 2
DAc 10.239.0.0/19 ether2 0
DAc XX.XX.XX.XX/32pppoe-out1 0
DAc 192.168.1.0/24 ether8 0
DAc 192.168.2.0/24 bridge1 0
DAc 192.168.3.0/24 ether1 0
DAc XX.XX.XX.XX/32pppoe-out2 0
4As 0.0.0.0/0 pppoe-out2 6
5As 0.0.0.0/0 pppoe-out1 5
6As 0.0.0.0/0 pppoe-out1 3 有没有可能是https证书问题呢 ros可以抓包的,没什么问题抓包看不出来的。 fit533885 发表于 2024-8-12 08:56
有没有可能是https证书问题呢
指向另外的服务器地址没问题,排除证书问题了[生病] vancho 发表于 2024-8-12 15:58
ros可以抓包的,没什么问题抓包看不出来的。
不会分析[流汗] 昨晚上将 docker 迁移到另外家里服务器上,一点儿问题没有。看来暂时先这样了
页:
[1]