我目前有 2 个负载平衡的 Ubuntu 12.04 服务器。如果我从 shell 去找任何人并输入:
wget stackoverflow.com
该页面被提取到index.html. 但是,假设托管在这些服务器上的站点称为mysite.com,则调用
wget mysite.com
我得到:
Resolving mysite.com (mysite.com)... 50.XXX.YY.ZZZ
Connecting to mysite.com (mysite.com)|50.XXX.YY.ZZZ|:80... failed: Connection refused.
50.XXX.YY.ZZZ的公共 IP在哪里mysite.com。任何想法在这些服务器上有什么问题?
基本问题是这样的:
服务器有一个私有的内部 IP 地址。(为简单起见,我将其称为 192.168.0.2。)
它打开从其私有内部 IP 地址到其公共地址的连接。(从 192.168.0.2 到 59.XXX.YY.ZZ)
这将转到路由器,遵循服务器的默认路由。(因为机器不知道公共地址与自身相关联。)
路由器端口将请求转发到公网IP地址,再转发给本机。该请求的源仍然是 192.168.0.2,但现在它的目标是 192.168.0.2。
The machine receives a connection from 192.168.0.2 to 192.168.0.2, accepts the connection, and sends itself a response. (Since it knows 192.168.0.2 is local.)
The machine is baffled to receive a response from 192.168.0.2 since it was expecting one from 59.XXX.YY.ZZ, and the connection attempt fails.
For hairpin NAT to work, the router has to not only forward the request to the correct inside machine rewriting the destination but it also has to rewrite the source to make sure the reply packets go back through the router so they can be NATted too. Many routers can't do this, and many that can require specific configuration.