Lokacin fuskantar tambaya da hutu daga babban adadin takardu, yi ƙoƙarin tsarawa da rubuta abin da kuka koya don tunawa da kyau. Sannan kuma a ba da umarni kan wannan batu don kar a sake bi ta gaba ɗaya.
Takaddun tushen yana samuwa da yawa a
Tsara matsalar
Abokin ciniki yana so ya haɗa sabobin haya da yawa cikin hanyar sadarwa guda ɗaya don kawar da buƙatar biyan ƙarin ƙarin hanyoyin sadarwa, rataya dukan gidansa a bayan na'ura mai ba da hanya tsakanin hanyoyin sadarwa, sanya musu adiresoshin gida, kuma a kiyaye su ta hanyar wuta. Ta yadda duk zirga-zirgar sabis ke gudana a cikin VLAN. Bugu da ƙari, matsar da injunan kama-da-wane daga tsohuwar uwar garken zuwa sabo kuma ka watsar da shi, haɓaka tsohuwar kayan aikin da kuke amfani da su kuma a lokaci guda matsa zuwa sabo Proxmox.
Da farko, abokin ciniki yana da sabobin 5, kowannensu yana da ƙarin subnet, adireshin farko daga rukunin yanar gizon sadaukarwa an sanya shi zuwa ƙarin gada akan Proxmox.
A lokaci guda, VMs suna gudana akan Windows kuma suna da adireshin 85.xx177/29 da aka saita tare da ƙofar 85.xx176.
Kuma duk sabobin 5 masu na'urorin na'ura mai kama da nasu an daidaita su ta irin wannan hanya.
Yana da ban dariya cewa wannan tsarin ba daidai ba ne wajen saita hanyar sadarwa bisa manufa; yi amfani da adireshin cibiyar sadarwa don kumburin farko kuma iri ɗaya don ƙofar. Idan kuna ƙoƙarin gudanar da wannan tsari akan injin kama-da-wane a cikin Ubuntu, hanyar sadarwar ba ta aiki.
Aiwatarwa
- Mun ƙirƙiri vSwitch a cikin dubawa, sanya VlanID zuwa gare shi, kuma mu ƙara wannan vSwitch zuwa duk sabar da muke buƙata.
- Muna yin uwar garken gwaji don mu iya saitawa da motsawa ba tare da matsala ba.
Muna ɗaga na'urar kama-da-wane ta farko chr ta .
Idan kun yi amfani da rubutun da ke sama, da fatan za a lura cewa ya fara bincikar kasancewar -d / tushen / temp directory, kuma idan ba a can ba, an ƙirƙiri littafin / gida / tushen / temp directory, amma ana ci gaba da aiki gaba ɗaya. fita tare da /root/temp directory. Ana buƙatar gyara rubutun don ƙirƙirar jagorar da ta dace.
- Kafa hanyar sadarwa don Proxmox.
Muna ƙara ƙaramin fuska tare da lambar VLAN, yana nuna cewa za a saita adiresoshin akan gadoji ta amfani da littafin inet. MUHIMMI. Ba za ku iya saita adiresoshin IP a kan musaya da za ku haɗa a cikin gada ba; yadda wannan zai yi aiki da ko zai yi aiki ba kowa zai sani ba.
Bayan haka, mun ƙirƙiri gada vmbr0 - kuma muna haɗa shi da adireshin farko na uwar garken da kansa, wanda masu samar da Hetzner suka ba mu, saka tashar jiragen ruwa gada - ƙirar farko ta zahiri ba tare da VLAN ba, sannan kuma saka tare da ƙarin umarnin ƙari. hanyar zuwa ƙarin hanyar sadarwar mu, wanda aka umarce shi daga Hetzner don wannan uwar garken ta wannan gada. Ƙara hanya zai yi aiki lokacin da ke dubawa ya tashi.
Gada ta biyu za ta zama hanyar mu don zirga-zirgar gida, muna ƙara adireshi zuwa gare ta don samun haɗin kai tsakanin sabobin Proxmox daban-daban akan hanyar sadarwar gida ba tare da samun damar Intanet ba kuma saka tashar jiragen ruwa a matsayin eno1.4000, wanda aka keɓe don VlanID ɗin mu.
A lokacin saitin farko, kun ci karo da shawara cewa zaku iya shigar da ƙarin fakitin ifupdown2 don Proxmox kuma ba lallai ne ku sake kunna sabar gaba ɗaya ba idan akwai canje-canje a cikin mu'amalar hanyar sadarwa. Koyaya, wannan na al'ada ne kawai don saitin farko, kuma lokacin amfani da gadoji da kafa injunan kama-da-wane, kuna fuskantar matsaloli tare da gazawar hanyar sadarwa a cikin injina. Duk da cewa ka gyara, alal misali, vmbr2 interface, kuma lokacin da kake amfani da tsarin, cibiyar sadarwar ta fadi a kan duk hanyoyin sadarwa na ciki kuma ba ta murmurewa har sai an sake kunna uwar garken gaba daya. ifdown&&ifup baya taimaka. Idan wani yana da mafita, zan yi godiya.
Siffofin farko da aka saita akan uwar garken yana ci gaba da aiki da samun dama.
-
Rarraba adireshi don CHR don kar a rasa adiresoshin daga tafkin
Tafkin adiresoshin da Hetzner ke samarwa suna da ban mamaki ga mai sadarwar, wani abu kamar haka:
Abin ban mamaki shi ne cewa ƙofar yana ba da shawarar yin amfani da adireshin sa na uwar garken jiki.
Zaɓin na gargajiya wanda Hetzner da kansa ya gabatar ana nuna shi a cikin bayanin matsalar kuma abokin ciniki ya aiwatar da shi da kansa. A cikin wannan zaɓi, abokin ciniki ya rasa adireshin farko zuwa adireshin cibiyar sadarwa, adireshin na biyu zuwa gadar proxmox kuma zai zama ƙofar, kuma adireshin ƙarshe na watsa shirye-shirye. Adireshin IPv4 ba su taɓa yin aiki ba. Idan kai tsaye kayi ƙoƙarin yin rajistar adireshin IP 136.x.x.177/29 da ƙofa don 0.0.0.0/0 148.x.x.165 akan CHR, zaku iya yin wannan, amma ƙofar ba za a haɗa kai tsaye ba kuma saboda haka ba za a iya isa ba. .
Za mu iya fita daga wannan halin ta hanyar amfani da hanyar sadarwa 32 ga kowane adireshin da kuma ƙayyade adireshin da muke bukata, wanda zai iya zama wani abu, a matsayin sunan cibiyar sadarwa. Yana zama analogue na haɗin batu-zuwa-aya.
A wannan yanayin, ƙofar za ta kasance ba shakka, kuma duk abin da zai yi aiki kamar yadda muke bukata.
Ka tuna cewa a cikin irin wannan tsari ba a ba da shawarar yin amfani da ka'idar masquerade SRC-NAT ba, saboda adireshin fitarwa zai bambanta ba tare da iyakancewa ba, kuma ya fi dacewa don ƙayyade mataki: src-NAT da takamaiman adireshin da za ku iya. saki abokin ciniki.
- Kuma a karshe.
Don toshe damar zuwa Proxmox kanta daga Intanet, yi amfani da ginanniyar kayan aikin: akwai kyakkyawan bangon wuta.
Kada ku yi amfani da Tacewar zaɓi wanda hetzner ke bayarwa, don kada ku rikice game da wurin saitunan. Hetzner kuma zai yi aiki akan duk hanyoyin sadarwa, gami da waɗanda aka kafa akan CHR, kuma don buɗewa da tura tashar jiragen ruwa, zai kuma zama dole a buɗe su a cikin mahaɗin yanar gizo na mai bayarwa.
source: www.habr.com