Barka da zuwa darasi na 8. Darasi na da matukar muhimmanci, domin... Bayan kammalawa, zaku iya saita hanyar shiga Intanet don masu amfani da ku! Dole ne in yarda cewa mutane da yawa sun daina kafawa a wannan lokacin 🙂 Amma ba mu ɗaya daga cikinsu! Kuma har yanzu muna da abubuwa masu ban sha'awa da yawa a gaba. Yanzu kuma ga batun darasinmu.
Kamar yadda wataƙila kun riga kuka yi tsammani, yau za mu yi magana game da NAT. Na tabbata duk wanda ya kalli wannan darasin ya san menene NAT. Saboda haka, ba za mu bayyana dalla-dalla yadda yake aiki ba. Zan sake maimaita cewa NAT fasahar fassarar adireshi ce wacce aka ƙirƙira don adana "fararen kuɗi," watau. IPs na jama'a (waɗannan adiresoshin da aka lalata su akan Intanet).
A cikin darasin da ya gabata, tabbas kun riga kun lura cewa NAT wani ɓangare ne na manufofin Sarrafa Watsa Labarai. Wannan yana da ma'ana. A cikin SmartConsole, ana sanya saitunan NAT a cikin wani shafin daban. Tabbas zamu duba can yau. Gabaɗaya, a cikin wannan darasi za mu tattauna nau'ikan NAT, daidaita hanyar shiga Intanet da kuma duba misali mai kyau na tura tashar jiragen ruwa. Wadancan. aikin da aka fi amfani dashi a cikin kamfanoni. Mu fara.
Hanyoyi biyu don saita NAT
Check Point yana goyan bayan hanyoyi biyu don saita NAT: Atomatik NAT и Farashin NAT. Bugu da ƙari, ga kowane ɗayan waɗannan hanyoyin akwai nau'ikan fassarar guda biyu: Ɓoye NAT и A tsaye NAT. Gabaɗaya ya yi kama da wannan hoton:
Na fahimci cewa tabbas komai yana kama da rikitarwa a yanzu, don haka bari mu kalli kowane nau'in daki-daki.
Atomatik NAT
Wannan ita ce hanya mafi sauri kuma mafi sauƙi. Ana saita NAT a cikin dannawa biyu kawai. Abin da kawai za ku yi shi ne buɗe abubuwan da ake so (ko ƙofa, cibiyar sadarwa, mai watsa shiri, da sauransu), je zuwa shafin NAT kuma duba "Ƙara dokokin fassarar adireshi ta atomatik" Anan za ku ga filin - hanyar fassarar. Akwai, kamar yadda aka ambata a sama, biyu daga cikinsu.
1. Aitomatic Hide NAT
Ta hanyar tsoho shine Hide. Wadancan. a wannan yanayin, hanyar sadarwar mu za ta "ɓoye" a bayan wasu adireshin IP na jama'a. A wannan yanayin, ana iya ɗaukar adireshin daga mashigin waje na ƙofar, ko za ku iya tantance wani. Irin wannan nau'in NAT ana kiransa da ƙarfi ko dayawa-zuwa-daya, saboda Ana fassara adiresoshin ciki da yawa zuwa waje ɗaya. A zahiri, wannan yana yiwuwa ta amfani da tashoshin jiragen ruwa daban-daban lokacin watsa shirye-shirye. Ɓoye NAT yana aiki ne kawai a hanya ɗaya (daga ciki zuwa waje) kuma yana da kyau ga cibiyoyin sadarwar gida lokacin da kawai kuke buƙatar samar da damar shiga Intanet. Idan an fara zirga-zirga daga hanyar sadarwa ta waje, to NAT a zahiri ba za ta yi aiki ba. Ya zama ƙarin kariya don cibiyoyin sadarwa na ciki.
2. Atomatik Static NAT
Ɓoye NAT yana da kyau ga kowa, amma ƙila kana buƙatar samar da dama daga hanyar sadarwar waje zuwa wasu sabar na ciki. Misali, zuwa uwar garken DMZ, kamar a misalinmu. A wannan yanayin, Static NAT zai iya taimaka mana. Hakanan yana da sauƙin saitawa. Ya isa a canza hanyar fassara zuwa Static a cikin abubuwan abubuwan kuma saka adireshin IP na jama'a wanda za a yi amfani da shi don NAT (duba hoton da ke sama). Wadancan. idan wani daga cibiyar sadarwar waje ya sami dama ga wannan adireshin (a kowane tashar jiragen ruwa!), za a tura buƙatar zuwa uwar garken tare da IP na ciki. Bugu da ƙari, idan uwar garken kanta ta shiga kan layi, IP ɗinsa kuma zai canza zuwa adireshin da muka ƙayyade. Wadancan. Wannan shi ne NAT a duka kwatance. Ana kuma kiransa daya-to-daya kuma wani lokacin ana amfani da su don sabar jama'a. Me yasa "wani lokaci"? Domin yana da babban koma baya - adireshin IP na jama'a ya mamaye gaba daya (duk tashoshin jiragen ruwa). Ba za ku iya amfani da adireshi ɗaya na jama'a don sabobin ciki daban-daban (tare da tashoshin jiragen ruwa daban-daban). Misali HTTP, FTP, SSH, SMTP, da sauransu. Manual NAT zai iya magance wannan matsala.
Farashin NAT
Mahimmancin Manual NAT shine cewa kuna buƙatar ƙirƙirar ƙa'idodin fassarar da kanku. A cikin shafin NAT iri ɗaya a cikin Manufofin Sarrafa Shiga. A lokaci guda, Manual NAT yana ba ku damar ƙirƙirar ƙa'idodin fassara masu rikitarwa. Ana samun filaye masu zuwa a gare ku: Tushen Asalin, Wurin Asali, Sabis na Asali, Tushen Fassara, Wurin Fassara, Sabis ɗin Fassara.
Hakanan akwai nau'ikan NAT guda biyu mai yiwuwa anan - Hide da Static.
1. Manual Hide NAT
Boye NAT a wannan yanayin ana iya amfani dashi a yanayi daban-daban. Misalai biyu:
- Lokacin samun dama ga takamaiman hanya daga cibiyar sadarwar gida, kuna son amfani da adireshin watsa shirye-shirye daban-daban (bambanta da wanda aka yi amfani da shi don duk wasu lokuta).
- Akwai adadi mai yawa na kwamfutoci akan hanyar sadarwar gida. Hide NAT ta atomatik ba zai yi aiki a nan ba, saboda ... Tare da wannan saitin, yana yiwuwa a saita adireshin IP na jama'a ɗaya kawai, wanda kwamfutoci za su "ɓoye". Wataƙila ba a sami isassun tashar jiragen ruwa don watsa shirye-shirye ba. Akwai, kamar yadda ka tuna, kadan fiye da 65 dubu. Haka kuma, kowace kwamfuta na iya samar da ɗaruruwan zama. Manual Hide NAT yana ba ku damar saita tafki na adiresoshin IP na jama'a a cikin filin Tushen Fassara. Ta haka ƙara yawan yuwuwar fassarar NAT.
2. Manual Static NAT
Ana amfani da NAT a tsaye sau da yawa lokacin ƙirƙirar ƙa'idodin fassara da hannu. Misalin gargajiya shine tura tashar jiragen ruwa. Shari'ar lokacin da adireshin IP na jama'a (wanda zai iya zama na ƙofa) ana samun isa ga hanyar sadarwar waje akan takamaiman tashar jiragen ruwa kuma ana fassara buƙatar zuwa tushen ciki. A cikin aikin gwajin mu, za mu tura tashar jiragen ruwa 80 zuwa uwar garken DMZ.
Darasi na Bidiyo
Ku kasance tare da mu domin jin karin bayani 🙂
source: www.habr.com