为啥路由器的WAN口不好打？

你猜？

以totolink T10为例：

# ifconfig
br0       Link encap:Ethernet  HWaddr F4:28:53:DC:96:58
          inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0
          inet6 addr: fe80::f628:53ff:fedc:9658/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5387 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4135 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2178275 (2.0 MiB)  TX bytes:2756549 (2.6 MiB)

br0:1     Link encap:Ethernet  HWaddr F4:28:53:DC:96:58
          inet addr:10.188.188.188  Bcast:10.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr F4:28:53:DC:96:58
          inet6 addr: fe80::f628:53ff:fedc:9658/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:4

eth1      Link encap:Ethernet  HWaddr F4:28:53:DC:96:59
          inet addr:192.168.0.108  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f628:53ff:fedc:9659/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11854 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6782 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6996943 (6.6 MiB)  TX bytes:998271 (974.8 KiB)
          Interrupt:4

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9945 (9.7 KiB)  TX bytes:9945 (9.7 KiB)

wlan0     Link encap:Ethernet  HWaddr F4:28:53:DC:96:58
          inet6 addr: fe80::f628:53ff:fedc:9658/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7625 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8650 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3136430 (2.9 MiB)  TX bytes:7084982 (6.7 MiB)
          Interrupt:5

wlan1     Link encap:Ethernet  HWaddr F4:28:53:DC:96:5C
          inet6 addr: fe80::f628:53ff:fedc:965c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14435 errors:0 dropped:0 overruns:0 frame:0
          TX packets:242 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2897769 (2.7 MiB)  TX bytes:43590 (42.5 KiB)
          Interrupt:6

# ./busybox-mipsel netstat -pantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1395/lighttpd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1395/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      7242/dnsmasq
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN      1375/cs_broker
tcp        0      0 192.168.0.108:49138     120.24.109.166:9090     ESTABLISHED 7224/crpc
tcp        0      0 127.0.0.1:58225         127.0.0.1:1883          ESTABLISHED 1376/cste_sub
tcp        0      0 127.0.0.1:1883          127.0.0.1:58225         ESTABLISHED 1375/cs_broker
tcp        0      0 :::53                   :::*                    LISTEN      7242/dnsmasq
tcp        0      0 :::23                   :::*                    LISTEN      887/telnetd
tcp        0      0 :::1883                 :::*                    LISTEN      1375/cs_broker
tcp        0    378 ::ffff:192.168.55.1:23  ::ffff:192.168.55.2:54033 ESTABLISHED 887/telnetd
udp        0      0 0.0.0.0:53              0.0.0.0:*                           7242/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1091/udhcpd
udp        0      0 0.0.0.0:9034            0.0.0.0:*                           882/UDPserver
udp        0      0 :::53                   :::*                                7242/dnsmasq
#

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         localhost       0.0.0.0         UG    0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
192.168.0.1     localhost       255.255.255.255 UGH   0      0        0 eth1
192.168.1.1     localhost       255.255.255.255 UGH   0      0        0 eth1
192.168.55.0    *               255.255.255.0   U     0      0        0 br0

# iptables -nvL
Chain PREROUTING (policy ACCEPT 2596 packets, 1341K bytes)
 pkts bytes target     prot opt in     out     source       destination

Chain INPUT (policy DROP 70 packets, 21278 bytes)
 pkts bytes target     prot opt in     out     source       destination
  442 31181 ACCEPT     all  --  *      *       0.0.0.0/0    0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 DROP       tcp  --  eth1   *       0.0.0.0/0    192.168.0.108       tcp dpt:80
    0     0 DROP       udp  --  eth1   *       0.0.0.0/0    192.168.0.108       udp dpt:1900
    1   576 ACCEPT     udp  --  eth1   *       0.0.0.0/0    0.0.0.0/0           udp dpt:68
    0     0 DROP       icmp --  eth1   *       0.0.0.0/0    192.168.0.108       icmp type 8
   12   432 ACCEPT     2    --  eth1   *       0.0.0.0/0    0.0.0.0/0
   67 10242 ACCEPT     all  --  br0    *       0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0    0.0.0.0/0
    5   321 ACCEPT     all  --  lo     *       0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     2    --  *      *       0.0.0.0/0    0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source       destination
  202 12548 TCPMSS     tcp  --  *      *       0.0.0.0/0    0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0    0.0.0.0/0           udp spt:1701
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0    0.0.0.0/0           udp dpt:1701
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0    0.0.0.0/0           tcp dpt:1723
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0    0.0.0.0/0           tcp spt:1723
    0     0 ACCEPT     47   --  *      *       0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0    224.0.0.0/4         udp
    0     0 ACCEPT     114  --  eth1   *       0.0.0.0/0    224.0.0.0/4
    1    52 DROP       all  --  *      *       0.0.0.0/0    0.0.0.0/0           state INVALID
  907  108K ACCEPT     all  --  br0    *       0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     udp  --  eth1   br0     0.0.0.0/0    0.0.0.0/0           udp dpt:500
 1077 1167K ACCEPT     all  --  eth1   *       0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0    224.0.0.0/4         udp
    0     0 ACCEPT     esp  --  eth1   br0     0.0.0.0/0    0.0.0.0/0
    0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0    0.0.0.0/0           state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 343 packets, 355K bytes)
 pkts bytes target     prot opt in     out     source               destination

# ./busybox-mipsel nc -vvv -l -u -p 68
listening on [::]:68 ...
connect to 192.168.0.108:68 from localhost:46744 ([::ffff:192.168.0.113]:46744)
hello

你知道答案了么？回答此问题可能需要如下知识：

• 通过iptables配置加强服务器安全
• iptables
• List of IP protocol numbers
• iptables中的默认规则
• iptables 指定网卡
• iptables ACCEPT DROP REJECT 说明
• Linux禁止ping以及开启ping的方法
• Linux 路由表详解及 route 命令详解