首页   注册   登录
 xiaofami 最近的时间轴更新

xiaofami

  •   V2EX 第 70149 号会员,加入于 2014-08-07 13:47:04 +08:00
    2 G 28 S 9 B
    xiaofami 最近回复了
    7 天前
    回复了 luxin88 创建的主题 宽带症候群 你们家宽带有 ipv6 了吗?
    http://www.gov.cn/zhengce/2017-11/26/content_5242389.htm
    按规划到 2018 年末国内 IPv6 活跃用户数达到 2 亿,2020 年 5 亿,2025 年全面普及,部分地区先用上 IPv6 不奇怪
    14 天前
    回复了 spicycoffee 创建的主题 Android 小米的 MIUI 好用,还是华为的 EMUI 好用?
    在用小米 6,已升 android 8。miui 浏览器自带域名黑名单,触发后会跳转到一个提示“网页内容违法”的页面。部分 VPN 类应用 miui 会提示有害建议卸载,其他方面还行。emui 几年前用过,发售不到一年就没更新了
    48 天前
    回复了 nim 创建的主题 问与答 电话卡办哪个比较好?
    电信在推政企合作套餐,月租 19 ~ 29,省内流量超 20G 后限速。额外送 1G 全国流量 + 300 ~ 500 通话时间。不过 2 年后没了返款就要自己掏 99 元月租了。网络质量一般,刷刷网页视频够用了
    上学时宿舍一兄弟开过,当时还有网站貌似是 sushemall.com 来着。主要售卖泡面和饮料,扔阳台上谁来买自己按价目表投钱~挣了多少钱不清楚,库存基本都被自己和周边宿舍消化了 😂
    我用的 Anynode VPS,IPv4 地址已经没办法访问了,还好 IPv6 地址没受影响。搭配 HE TunnelBroker + Pcap_DNSProxy 体验还不错,只是在外面时不太方便
    98 天前
    回复了 xiaofami 创建的主题 宽带症候群 如何为动态 IP 设置 1:1 NAT
    @msg7086 DMZ 是安全措施,NAT 是为了能够被公共访问到,两者经常一起使用,但并不能说 DMZ 是用 1:1 NAT 实现的。某论坛上看到的这段话解释得很清楚:

    The idea of a DMZ is that you have servers that need to be accessed from the internet, as we all know. The DMZ is a separate subnet that's logically outside of your inside LAN by applying security policies to what traffic can reach it. The bigger issue is servers get hacked. Now, if that server is in a DMZ, logic would indicate that you've also created rules in your firewall (which has DMZ and inside facing interfaces) NOT to allow any traffic to originate from that DMZ server and make connections to your inside LAN, protecting your inside LAN if that DMZ server gets compromised. If you put that server on your internal LAN and then NAT a public internet IP to it, people are connecting from the internet to that server in your LAN, and if they crack it they will have access to everything else on your inside LAN from that box. If it were in a DMZ and gets hacked, the firewall will block the hacker from making connections to the inside LAN from it.

    What Sosipater is saying about how you'll probably use NAT in your DMZ anyway because many people create a separate DMZ subnet and assign private, non-internet-routable IPs like 192.168.x.x to the servers in the DMZ. You then have to "NAT" whatever public internet IP, from your ISP, to that private IP assigned to the server. In this case, you're using BOTH a DMZ and NAT.

    Either way, if the server is going to be accessed from the Web, use a DMZ! Its a best practice and just the smart way to go. You already have a firewall. The only cost associated should be if you get payed OT or not... ;-)
    98 天前
    回复了 xiaofami 创建的主题 宽带症候群 如何为动态 IP 设置 1:1 NAT
    @msg7086 我可能混淆了 DMZ 和 exposed host 的概念。一般家用路由器提供的“ DMZ ”功能,其实都是 exposed host ?如果没理解错,DMZ 的子网和 LAN 应该是不同的,而一般路由器提供的“ DMZ ”显然没有做到。
    另外对 DMZ 还有 2 点疑惑之处。一是如何加入 DMZ 区域。我的物理 NIC 没有直通,新建虚拟 NIC 没有问题,不过 ESXI Host 机外的物理设备貌似没办法接入。二是 DMZ 并没有解决 NAT 问题,还是需要做 1:1 map,于是又回到了问题的起点…
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   鸣谢   ·   2413 人在线   最高记录 3541   ·  
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.0 · 14ms · UTC 10:46 · PVG 18:46 · LAX 03:46 · JFK 06:46
    ♥ Do have faith in what you're doing.
    沪ICP备16043287号-1