¡m¤À¨É¡nProxy mode¤UXGµo¥X¹L´Á¾ÌÃÒ

«È¤á©óProxy mode¤U¡A¥X²{¤FXGµo¥X¹L´Á¾ÌÃÒµ¹¥~³¡¯u¹ê¯¸¥xªº°ÝÃD¡C
¥Ñ©ó¾ÌÃÒ¹L´Á¡A¥Î¤áºÝªºÂsÄý¾¹µLªk¦¨¥\ÂsÄý¥~³¡¯¸¥x¡C



ºô¸ô¤W¬d¨ì³o¬O¤@­Óbug(NC-100078/NC-100265)¡A
¥i¥H³z¹L²M°£ /var/certcache/ ¥Ø¿ý¤Uªº¾ÌÃÒ§Ö¨ú¡D¨Ó¸Ñ¨M¦¹°ÝÃD¡C
¦ý¤S¤£«Øij§R¥ú¦¹¥Ø¿ý¤Uªº©Ò¦³§Ö¨ú¡A©Ò¥H§Ú´N¶}¤Fcase¸ß°Ý­ì¼t¡C

­ì¼tµ¹¤F¥H¤Uadvanced shellªº«ü¥O¡A
³z¹L¥H¤U«ü¥O¨Ó²M°£§Ö¨ú¡A¦A­«±Òweb proxyªA°È¨Ó±Æ°£¦¹¾ÌÃÒ¹L´Á°ÝÃD¡C

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¡m¤À¨É¡nXG³s¤£¤W¤F¡A«ç»ò¿ì¡H

Sophos XG¦bV18ª©«á°µ¤F«Ü¤jªºÅÜ­²¡A
NAT³W«h¦Û­ì¥»¨¾¤õÀð³W«h¤À©î«á¡A³y¦¨«Ü¦h³W«h³]©w¤Wªº°ÝÃD¡A
¬Æ¦Ü¦³´X­Ó«È¤á¦]¬°NAT³W«hªº¿ù»~°t¸m¡A¦Ó¾É­PXGªº¥¢Áp¡I

­ì¥»§Ú¥H¬°¦b³o±¡ªp¤U¡A¥u¯à«ì´_¥X¼t¹w³]­È¡AµM«á¦A§â³Æ¥÷ªº²ÕºAÀɭ˦^¥h¡C
(³o®É­Ô§A´Nª¾¹D²ÕºA³Æ¥÷±K½X»PSSMKªº­«­n©Ê¤F§a!)

¤£¹L¬Q¤Ñ«È¤áÅý§Úª¾¹D¤F¥t¤@ºØ§ó¦³®Ä²vªº°µªk - enable appliance access¡C


¨ä¹êconsole¤Uªº³o­Ó«ü¥O¡A§Ú¦b¤@¶}©l±µÄ²Sophos XG®É´Nª¾¹D¤F¡C

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¡m¤À¨É¡n´ª¥XATP¨Æ¥ó¤¤¯u¥¿ªº³s½uclient

SophosªºATP¼Ò²Õ¯à¦btraffic³z¹LXG°µrouting®É¡A§Y®Éªº¹LÂoÄdªý¦³®`³s½u¡A
¦ý¦bºô°ìÀô¹Ò¤¤¡A³ÌÀYµhªº´N¬ODNS Clientªº¸ÑªR°ÝÃD¡C

ÁöµM´c·NdomainªºDNS¸ÑªR³QXGªºATPÄd¤U¨Ó¤F¡A
¤£¹Lºô°ì¤¤clientªºDNS¬O«ü¦V¤º³¡ªºDNS Server¡A
·íclient±ý³s¨ì´c·Ndomain®É¡A²Ä¤@¨BªºDNS¸ÑªR¤u§@·|¥æµ¹¤º³¡DNS Server¨Ó¶i¦æ¡A
¤º³¡DNS Server¨S¦³´c·NdomainªºIP¹ïÀ³¸ê°T¡A¦]¦¹·|¦A¦V¤W¼hDNS¥D¾÷­n¨D¸ÑªR¡A
¥H¦Ü©óATPÄdºI¨Æ¥ó¤¤¡AÄdªº¨Ó·½IP©¹©¹³£¬O¤º³¡ªºDNS Server¡A¦Ó¤£¬Oª½¥¿ªºDNS Client...

§ä¤£¥X¨Ó¯u¥¿¦³°ÝÃDªºDNS Client¡A¤£¬ODNS Server¤]¤£¬OATPªº°ÝÃD¡A
¥¦­Ì³£¥¿±`ªº°õ¦æ¥æ¥Iªº¤u§@¡D³o¬Oºô°ìÀô¹Ò¬[ºc¤Uªº­­¨î¡C
¨º»ò¦b³o¼Ëªº¬[ºc¤U¡A¦³¨S¦³¿ìªk´ª¥X¯u¥¿ªºDNS Client©O¡H


¶¶¤l·Q¨ì¤F¤@­Ó°µªk¡A¤£¹L¥¦»Ý­nDNS Serverªº°t¦X¡C
¬JµMDNS¸ÑªR¤u§@¬O¥Ñ¤º³¡ªºDNS Server¨Ó¶i¦æ¡A¨º»ò§Ú­Ì´Nª½±µ¦bDNS Server¤W«Ø¥ß¤@µ§¸ÓdomainªºIP¹ïÀ³record¡A
¨Ò¦p±N´c·Ndomain msdnupdate.com ¹ïÀ³¨ì 10.199.199.2 ³o­Ó¨S¦b¨Ï¥ÎªºIP¡C
¦p¦ó³]©w¡HWindowsªºDNS¥D¾÷¥i¥H°Ñ¦Ò ³o¤@½g ªº°µªk¡C

µM«á¦bXG¤W±Ò¥Î¤@­Ó¶¢¸m¤¶­±¡A°t¸m¤@­Ózone»P³o­Ó°²IP¦Pºô¬qªºIP¡A¨Ò¦p 10.199.199.1/29¡A
±µµÛ³]©w¤º³¡¨ì³o­Ózone(©ÎIP)ªºªý¾×³W«h¡A¨Ã¤Ä¿ïlog°O¿ý¡A
³o¼Ë·í¤º³¡¹q¸£±ý³s¨ì³o­Ó´c·Ndomain®É¡ADNS Server´N·|«ü¦V³o­Ó°²IP¡A
¦Ó¹q¸£¨Ì·ÓDNS¸ÑªR¥X¨Óªºµ²ªG¡A³z¹LXG routing­n³s¨ì³o­Ó°²IP®É¡A´N·|³QXG¤Wªºªý¾×³W«h©Ò°O¿ý¤U¨Ó¡A
§Ú­Ì¥u­n¥h¬d¬Ýlog¡A´N¥i¥H²M·¡ª¾¹D¦³­þ¨Ç¤º³¡IP¸Õ¹Ï³s¨ì³o­Ó´c·Ndomain¡A´ª¥X¯u¥¿ªºDNS client¡I

¬°¤FÁקK³s½u³QATP©ÒÄdºI¡A³]©w§¹¦¨«á¡A
½Ð±N³o­Ó´c·Ndomain¥[¨ìATPªºexception¤¤¡A°µ¨Ò¥~©ñ¦æ¡A¥Ñ³]©wªý¾×³W«h¨Ó¶i¦æÄdªý¡C


³o­Ó¤èªk¦b¹ê°µ¤W¦³´X­Ó­«ÂI­nª`·N¡C

1. ¸jIPªººô¥d¥²»Ý¬°upª¬ºA¡A²³æ¨Ó»¡´N¬O³o±iºô¥d¥²»Ý±µ¤Wswitch¡A
   ³o¼Ë¤¶­±¸ô¥Ñ¤~·|¹B§@¡A¾É¦V°²IPªº¬y¦V¤~·|routing¨ì³o­Ó¤¶­±¡A¶i¦Ó³Q¨¾¤õÀð³W«hªý¾×¦Ó¯d¤U°O¿ý¡C
   ­Y¥u¬O³]©w¦nIP¸ê°T¡A¦ýºô¥d¤¶­±¬°down¡A«h¤¶­±routing¤£·|¥Í®Ä¡C
   
   ºô¥d¤¶­±¥i¥H¬O¤@¯ëºô¥d¡BVLAN©Î¬OAlias IP¡A
   ­Y¨Ï¥ÎAlias IP¨Ó³]©w¡A¨º«ÊÂê°O¿ýªº¨¾¤õÀð³W«h»Ý¤p¤ß©w¸q¡A¥H§K³s±a¾×±¼©Ò¦³¥¿±`¬y¶q¡C
   
   
2. ¥Î¨Ó¸É§ìDNS Client IPªº¨¾¤õÀð³W«h¥²»Ý¬Oªý¾×Ãþ«¬¡A
   ­Y±Ä¥Î©ñ¦æ³W«h¡A«h¸Óºô¥d¤¶­±¥²»Ý¯uªº±µ¨ì¤@¥x³]©w°²IPªº¥D¾÷¤~·|¯d¤U°O¿ý¡A
   ¤j¤jªº¼W¥[½ÆÂø«×¡C
   

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¡m¤À¨É¡n³q¦æ¶O¶BÄF

5/7¤@¦­¡A¶¶¤l¦¬¨ì¤F¤@«Ê³q¦æ¶O§Y±N¨ì´ÁªºÂ²°T³qª¾¡A
­n¶¶¤l¥ß§Y³z¹L²°T¤¤ªº³sµ²¡A¤U¸üAPP¨Ó½u¤Wú¶O¡C



¶¶¤lªºETC¬OÀx­È¦Û°Ê¦©Ãºªº¡A¦L¶H¤¤ÁÙ¦³¿ú°Ú¡I
³o­Ó29¤¸ªº¶O¥Î¡A¬O§_·N¨ýµÛ¶¶¤lETCùرb¤áùؤw¨S¿ú¤F¡H

³z¹Lºô¸ô¬d¸ß«á¡A
±b¤áùØÁÙ¦³¤C¦Ê¦h¤¸°Ú¡I
¨º»ò³o­Ó³sµ²¬O¤°»ò¡H¡H

½Æ»s³sµ²«á¡Aµo²{¥¦·|¤U¸ü¤@­ÓapkÀÉ¡A
¤@¯ë¨Ó»¡¡A©x¤èªºAPP·|¥s§A¨ì¥«¶°¥h¤U¸ü¡A
©ñ¦b¥«¶°¤WªºAPP°ò¥»¤W¤]³£¸g¹L¤FApple©ÎGoogleªºÅçÃÒ¡A
¦w¥þ©Ê¼h°ò¥»¤W¤ñ¸û¨S¦³°ÝÃD¡C

³o­Ó¥suser¦Û¤v¤U¸üapkÀɨӦw¸Ëªº¡A­·ÀI«Ü°ª¡I
¦A¥[¤W¶¶¤l±b¤áùØ©ú©ú¦³¿ú¡A«o¸ò§A»¡¶O¥Î¥¼Ãº¡A©úÅ㦳°­¡I
§ó¶Bªº¬O¨ì´Á¤é´N¬O²°Tµo°e·í¤é¡AÂ\©ú¤F­n§Q¥Î¨Ï¥ÎªÌ¾á¤ß¹L´Á»@´Úªº¤ß²z¡A
¨Ó¶BÄF¨Ï¥ÎªÌ¤W¤Ä¡A¯u¬O¥i´c°Ú¡I

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¡m¤À¨É¡nSSLVPN«È¤áºÝ³nÅéEoL¡H

Sophos¤½§i¡A°ò©óOpen VPNªºSSLVPN¥Î¤áºÝ³nÅé(¬õ½t¿Oª©)±N©ó2022¦~1¤ë31¤éEoL¡C



­ì¥»¤w¤U¸ü¦w¸Ëªº¬õºñ¿Oª©SSLVPN³nÅé¨ÌµM¥i¥H¨Ï¥Î¡A
¦ý«áÄò¦bUser Portal¤W´£¨ÑªºVPN¼·±µ³nÅé¡A±N·|¥ÑSophos Connect¨Ó¨ú¥N¡C




³o·N¿×µÛSophos¦bWindows¤W©ñ±ó¤FOpen VPN³o­Ó¤½ª©³nÅé¡A
§ï±À¦Û®a¶}µo¥i¦P®É¤ä´©IPsec VPNªºSophos Connect³nÅé¡C
¦ý¦b¨ä¥¦¨t²Î¤W¡A¨Ò¦pMac¡A¦æ°Ê¸Ë¸m¤W­Ë¬O¨S¦³Sophos Connectªº¹ïÀ³¤è®×¡A
©Ò¥HÁÙ¬O­n¾aOpen VPN¡C

´«¦¨Sophos Connect¹ïWindows User¨Ó»¡¦³¤°»ò¼vÅT¡H

1. Sophos Connect¤£¤ä´©Win7¡A©Ò¥H­Y§AÁÙ¬OWin7ªº¨Ï¥ÎªÌ¡AÁÙ¬O«O¯d§Aªº¬õºñ¿Oª©³nÅé¡C
   ¤£µM´N¥h¤U¸ü¤½ª©ªºOpen VPN¨Ó¨Ï¥Î§a¡C
   
   
2. Sophos Connect¤£¤ä´©¦h±b¸¹¤Á´«¡C
   ¬õºñ¿Oª©ªº³nÅé¤ä´©¦h±b¸¹²ÕºA¶×¤J¡A
   ¦P¤@­Ó¼·±µIP¦b¶×¤J¦h­Ó²ÕºA«á¡A±z¥i¥H¦Û¥Ñ¤Á´«­n¥Î­þ­Ó±b¸¹¨Ó¶i¦æSSLVPNªº¼·±µ¡C
   
   
   
   ¦ýSophos Connect¤£¦æ¡I
   ¤@­Ó¥Øªº¦aIP¥u¯à¦³¤@­Ó²ÕºAÀÉ¡C
   
   
3. ¦w¸ËSophos Connect«á¡A¨Ï¥ÎªÌ²ÕºAªº¨ú±oµLªk³z¹LUser PortalªºDownload Configuration for Windows¨Ó¦w¸Ë¡A
   ¥²»Ý³z¹LDownload Configuration for Other OSs¨Ó¤U¸ü²ÕºAÀÉ¡A
   
   
   
   µM«á¦A¥ÑSophos Connect¶×¤Jovpn®æ¦¡ªº²ÕºAÀÉ¡C
   
   

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¡m¤À¨É¡nV18ªºDirect Proxy³]©w

¦bV18¤§«á¡ASophos§â­ì¥»ÁôÂêº0¸¹ªý¾×³W«h±j¨îÅã¥Ü¤F¡I
¦Ó³o±ø³W«h¦bDirect Proxyªº¨Ï¥Î¤W¤S·|³y¦¨¤°»ò¼vÅT¡H
´NÅý¶¶¤l¨Ó¹ê´ú¬Ý¬Ý¡C



¸g¹ê»Ú´ú¸Õ¡A±N¥i¥¿±`¹B§@ªºV17 Direct Proxy¤É¯Å¨ìV18«á¡A
­ì¥»user¥i¥H¥¿±`¶}±Òªººô­¶¡A²{¦b³£¥´¤£¶}¤F¡I



­ì¦]´N¸òV17ª©¤@¼Ë¡A·í²M³æ³Ì«á¦³¤@±øªý¾×http/httpsªº³W«h®É¡A
´N¥²»Ý¦b³oªý¾×³W«hªº«e­±¡A¥[¤W¤@±ø®M¥ÎDeny AllªºWeb filterªºhttp/https©ñ¦æ³W«h¡A
§_«h©Ò¦³ºô­¶³£±NµLªk¥¿±`¶}±Ò¡I





¦b¹w³]ªý¾×³W«h«e¡A¥[¤WDeny All Web filterªºhttp/https©ñ¦æ³W«h«á¡Aºô­¶´N¥i¥H¥¿±`¶}±Ò¤F¡A
¤£¶È¥i¥H¨Ì·ÓProxy³W«h¤¤ªºWeb filter¨Ó¶i¦æºô­¶±±ºÞ¡A
¦Ó¥Blog¤¤¡A¤]¥i¥H¬Ý¨ìProxyªºWeb filter log°O¿ý¡C



¦ÓºÝÂI¨S¦³±¾¤Wproxy¡A´NµLªk¥´¶}©Ò¦³ºô­¶¡C



°ò¥»¤WV18ªºDirect proxyªº³]©w´N¨S¦³¤Ó¤j°ÝÃD¤F¡C
(°£¤F¨º­Ó¾ã­Ó¥Ø¼Ðºô¬qµLªk¦bweb exception¤¤©ñ¦æªº°ÝÃDµLªk¸Ñ¨M¥H¥~...)


°Ñ¦Ò¸ê®Æ
Resolve issues related to web proxy when...l rule is added

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

SD WAN Policy Route

¶¶¤l¦b³o½g¤å³¹¤@¶}©l´N´£¨ì¦ÛV18«á¡§±N­ì¥»³æ¤@firewall rule¥i¥H§¹¦¨ªº¤u§@¡Aµw¬O¤À©î¦¨¤TºØ³W«h¨Ó¨ó¤O¹F¦¨¡¨¡A
²{¦b¦³firewall rule¡A¦³NAT rule¡A¨º²Ä¤TºØ³W«h¬O¤°»ò¡H

²Ä¤TºØ³W«h´N¬OSD WAN Policy Route¡C

­ì¥»¦bV17¤¤¡A¥i¥Hª½±µ¦bfirewall ruleùØ«ü©w³o±ø³W«h­n³z¹L­þ¤@­ÓWAN port³s¥~¡A
³o­Ó¥\¯à¦bV18¤¤¤]³Q­é¹Ü¤F...

¦bV18ª©¤¤¡A¦hWANªº±¡¹Ò¤U¡A­n«ü©w³z¹L­þ¤@­ÓWAN³s¥~¡A
²{¦b¥u¯à³z¹LSD WAN Policy Route¨Ó³]©w¤F...



¥t¥~¡A­Y±z¬O¥ÑV17¤Éª©¨ìV18¡A¦b³o­ÓSD WAN Policy Route­¶­±ÁÙ¥i¥H¬Ý¨ì³]©w³Q²¾Âà¹L¨Óªº¹ï¥~²ÕºA³]©w¡C



³o­Ó²¾Âà¹L¨Óªº²ÕºA³]©w¥u´£¨Ñ­×§ï»P§R°£ªº¥\¯à¡A
­n«Ø¥ß·sªº¹ï¥~ºÝ¤f³]©w¡A´N¥u¯à³z¹L·sªºSD WAN Policy Route¨Ó«Ø¥ß¤F¡C


§Ú­Ì©h¥B¤£½×V18¦bfirewall UI¤W¤£«Kªº¦a¤è¡A
¦ý³W«h¤@©î¤T¡A«ç»ò¬Ý³£¬O¤Æ²¬°Ác¡A¦³¹HSophosªºªì°J¡I

¤£¹L¦bV17´N­n¦b2021/11/30°±¤î¤ä´©ªº±¡ªp¤U¡A
©Î³\¤]¸Ó¬O®É­Ô¡A¬D­Ó¾A¦Xªº®É¶¡¤É¯Å¨ìV18¤F...

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

Loopback³W«h (SNAT+DNAT)

¦p¤W±¡¹Ò¡A°²³]DMZ°Ïªº¨ä¥¦¥D¾÷¤]·|³z¹LXG¤Wªº¥~³¡IP¨Ó³s¨ì¦P¬°DMZ°ÏªºFTP Server¡A
¨º»ò±¡¹Ò¤W¦³¤°»ò¤£¦P©O¡H

³oºØ¦Pºô¬q¹q¸£¡A³s¨ìSFOSªº¥~³¡IP«á¦A¾É¦^¦Pºô¬q¥D¾÷ªº¤º³¡ªA°Èªº»Ý¨D¡A
¦bCyberoam¨t¦C¤Wªº¨¾¤õÀð³£¥²»Ý³z¹LLoopback³W«h¨Ó¹F¦¨¡C
Loopback¸Ô²Ó»¡©ú¥i°Ñ¦Ò ³o½g¡C

Loopback³W«h¤@­Ó³]©w¤Wªº­«ÂI´N¬O­n°µSNAT¡I
¦Ó­ì¥»¹ï¥~ªA°Èªº³W«h¤w¸g°µ¤FDNAT¡A
©Ò¥H³o±øloopback³W«h±N¦P®É¶i¦æSNAT»PDNATÂà§}¡A
³o¬Oloopback³W«h³]©w¤W³Ì¯S§Oªº¦a¤è¡I



Loopback³W«h§¹¦¨«á¡A¦A§â­ì¥»firewall ruleªºsource zone¥[¤WDMZ¡A
¦P®É¤¹³\¨Ó¦Û¢åAN»PDMZªº³s½u¡A³o¼Ëloopback³W«h´N§¹¦¨¤F¡ã

¨º¨ä¥¦¤º³¡zone¥h¦s¨úDMZªº¥~³¡ªA°È®É¡A¤]»Ý­n³z¹Lloopback¨Ó§¹¦¨¶Ü¡H
¨ä¹ê­n³z¹Lloopback¨Ó¾É¦V¤]¤£¬O¤£¦æ¡A
¦ý³z¹Lloopback¾É¦V«á¡A¦]¬°°µ¤FSNAT¡A©Ò¥HªA°Èserver¬Ý¨ìªº¨Ó·½IP²Î¤@·|Åܦ¨XGªº¤¶­±IP¡A
µLªk¥¿½TÃѧO¨Ó·½IP¡A¦w¥þ©Ê¸û§C¡A¦]¦¹¤£«Øij³z¹Lloopback³W«h¨Ó¾É³q¡A
³oºØ±¡§Î¶¶¤l«Øij¦b­ì¨Óªºfirewall rule¤¤¡Aª½±µ§â¤º³¡zone¥[¶i¥hsource zone§Y¥i¡C

¥B¥H¤W­z½d¨ÒÀô¹Ò¨Ó»¡¡ALAN¨ìDMZªº¥~³¡ªA°ÈIP¦A¾É¦^DMZ¡A¨Ã¨S¦³¤£¹ïºÙ¸ô¥Ñªº°ÝÃD¡A¤£»Ý­n°µSNAT¡A
©Ò¥H°£¤F¬Û¦Pzoneªº¦s¨ú¥H¥~¡A¨ä¥¦¤º³¡zone¥h¦s¨ú¥~³¡ªA°È¡A³z¹L°ò¥»ªºDNAT´N¥i¥H¹F¦¨¡C

¦Ó¦b¹ï¥~ªA°È¦P®É¦³DNAT»PLoopback³W«hªº±¡ªp¤U¡A
³o¨â±øªºÀu¥ý¶¶§Ç¸Ó¦p¦ó±Æ¦C©O¡H

¥Ñ©óloopback³W«hªº¨Ó·½½d³ò¸û¤p¡A¥uÂê©w¦b»PªA°È¥D¾÷©ÒÄݪººô¬q¡F
¦ÓDNATªº¨Ó·½½d³ò¬OAny¡A©Ò¥H¦b®M¥Î®É¡AÀ³¸Ó¬O¥ýloopback³W«h¡AµM«á¤~¬ODNAT³W«h¡C

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¥Øªº¦aºÝNAT³W«h (DNAT)

¦b´£¨Ñ¹ï¥~ªA°Èªº¥Øªº¦aºÝDNAT³W«h¤W¡A
¶¶¤l«Øijªì¦¸±µ¤âªº¤uµ{®v³z¹LDNATºëÆF¨Ó«Ø¥ß¡C
¤£¹L¥ÑDNATºëÆF«Ø¥ßªº³W«h¤£¨£±o§¹¥þ¾A¥Î¡A¥i¯à»Ý­n­×§ï¨ä¤º®e¡A
¥Ñ§Ú­Ì¥i¥Ñ³o¼Ëªº½d¥»³W«h¨Ó«Ø¥ß²Å¦X¦Û¤v»Ý¨Dªºfirewall»PDNAT rule¡C

°²³]SFOS¤Wªº°tÓ_¦p¤U¡A
Port1 LAN 192.168.23.1/24
Port2 WAN 123.123.123.1/24
Port3 DMZ 172.18.10.254/24

§Ú­Ì­n«Ø¤@±øDNAT³W«h¡AÅýDMZ°ÏªºFTP server 172.18.10.1¯à°÷´£¨Ñ¹ï¥~ªA°È¡A
¨º»ò§Ú­Ì¥i¥H¥ý«Ø¥ß¤@±ø¦p¤Ufirewall rule¡C



µM«á¦A«Ø¥ß¦p¤U¹ïÀ³ªºDNAT rule¡A±N³s±µ¨ìXG¤¶­±ªºFTPªA°ÈÂà¨ì¤º³¡ªº172.18.10.1 FTP server¡C



°ò¥»¤W³z¹L¥H¤W¨â±ø³W«hªº¨ó¤O¦X§@¡A´N¥i¥HÅýFTP Server³z¹LXG¤WWAN IP´£¨Ñ¹ï¥~ªA°È¤F¡ã

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!

¨Ó·½ºÝNAT³W«h (SNAT)

¦b¤º¨ì¥~ªº¨Ó·½ºÝSNAT³W«h¤W¡A
SFOS¤w¦³¤@±ø¤º«ØªºSNAT³W«h - Default SNAT IPv4¡C
³z¹L³o±ø³W«h·|§â¤º³¡¥h¨ì¥~³¡public IPªº©Ò¦³traffic¡A²Î¤@¶i¦æSFOS¤¶­±IPªºMASQÂà§}«á¡A¦A³s¨ì¥~³¡¡A
Åý¤º³¡¨ì¥~³¡public IP¯à°÷¥HSFOSªº¤¶­±IP¥h³X°Ý¡A¦Ó¤£¬O¥H¤º³¡µêÀÀIP¥h»r©b¡C
³o±ø³W«h¹w³]¾A¥Î©ó©Ò¦³¤º³¡IP¡A¥]§tLAN¡BDMZ¡BWifi¡BVPNµ¥zone¹ï¥~ªº¬y¶q¡C



¤£¹L­Y¬O¦ÛV17ª©¤É¯Å¨ìV18ª©¡A³o±ø¹w³]SNAT³W«h¬O³Q°±¥Îªº¡A
¥i¥H¦b²M¾ã©Ò¦³¤º¹ï¥~ªº³W«h«á¡A¦A±Ò¥Î³o±ø³W«h¨Ó¨ú¥N¡C

§Ú­Ì­Y·Q³]©w¤£¦P¨Ó·½IP©Ò¹ïÀ³ªºSNAT¹ï¥~³W«h®É¡A¥i¥H°Ñ¦Ò³o±ø¹w³]³W«h¨Ó³]©w¡A
¥u­n§â¨Ó·½ºÝ¹ïÀ³¨ì·Q­n®M¥ÎªºIP°Ï¬q§Y¥i¡C

¥t¥~¡A­Y¤¶­±¤W¦³¦h­Óalias IP¥i¥Î¡A¹ï¥~·Q¥Î¤£¦Pªºalias IP¥h³sµ²¡A
«h¥i¥H¦bMAQS IP³oÃä±a¤W§A­nªºalias IP¥h¨ú¥N¡C

♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!