# 接入网关

## 接入网关 <a href="#access-gateway" id="access-gateway"></a>

接入网关是用于访问隐藏在某一个SSH主机后面的设备，NextCLi 所在服务器无法直接访问目标资产，只有这台SSH主机可以访问。

其原理是SSH隧道功能，在访问目标资产时需要将目标资产先映射到 NextCLi 所在服务器上的某一个端口上，因此本地映射地址最好不要设置为公网IP，以防被不法分子入侵。

本地映射地址为空时会自动设置为 localhost 这个本地环回主机名称，当guacd服务和 NextCLi 服务不在同一台主机上时需要设置为IP地址或主机名称（前提是guacd所在服务器可以访问到此主机名称）。

使用 docker-compose 安装的服务需要把本地映射地址设置为 `nextcli`，docker容器在内部已经做过了dns映射，因此设置为容器名称即可。

![](/files/fUXS86uQNaESVjxpYPvR)

![](/files/z3AbPjbzbLtEygJdBonq)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nextcli.com/jumpserver/access-gateway.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.