1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
| @startuml
skinparam componentStyle uml2
skinparam backgroundColor white
skinparam packageStyle rectangle
' 定义图标和样式
skinparam interface {
backgroundColor RosyBrown
}
skinparam rectangle {
BackgroundColor<<Firewall>> #FF3333
FontColor<<Firewall>> White
BorderColor<<Firewall>> DarkRed
BorderStyle<<Firewall>> Solid
RoundCorner<<Firewall>> 0
Shadowing<<Firewall>> true
}
package "互联网 (Internet)" {
[Google / External Web] as Web
}
package "校园网环境 (Campus LAN)" {
note as N1
<b>红色墙壁</b>代表校园网网关防火墙
阻断了 Host A 直接访问外网
(需要认证或端口被封)
end note
rectangle "受限区域 (宿舍/实验室)" {
node "内网主机 A (Host A)" as HostA {
port "SSHd (Port 22)" as p22
interface "127.0.0.1:7890\n(映射端口)" as pLocal
[Curl / Browser] as App
}
}
rectangle "跳板/管理区域 (Host B 位置)" {
node "本地主机 B (Host B)" as HostB {
component "SSH Client\n(ssh -R)" as SSHClient
component "Clash Proxy\n(Port 7890)" as Clash
interface "WLAN/4G\n(外网网卡)" as NicExt
interface "Eth/LAN\n(内网网卡)" as NicInt
}
}
rectangle "校园网网关/防火墙" as Firewall <<Firewall>>
}
' 物理链路连接
HostA -right-> NicInt : 1. 局域网连接 (LAN)
NicExt -up-> Web : 2. 独立上网链路 (热点/已认证)
HostA .up.> Firewall : 3. 直接上网流量
Firewall -up-x Web : ❌ 阻断 (未认证/无权限)
' 逻辑隧道连接
pLocal <..> SSHClient : <color:blue><b>SSH 反向隧道 (Tunnel)</b></color>\n数据流经 TCP Port 22
SSHClient -> Clash : 流量转发
Clash -> NicExt : 代理请求
' 内部流向
App -> pLocal : export http_proxy\n指向本地映射端口
@enduml
|