Nā diagnostics o nā pili pūnaewele ma ka EDGE virtual router

I kekahi mau hihia, hiki mai nā pilikia i ka hoʻonohonoho ʻana i kahi router virtual. No ka laʻana, ʻaʻole hana ka port forwarding (NAT) a i ʻole he pilikia i ka hoʻonohonoho ʻana i nā lula Firewall iā lākou iho. A i ʻole pono ʻoe e kiʻi i nā lāʻau o ke alalai, e nānā i ka hana o ke kahawai, a hana i nā diagnostics network. Hōʻike ka mea hāʻawi Cloud Cloud4Y pehea e hana ʻia ai kēia.

Ke hana pū nei me kahi mea hoʻokele virtual

ʻO ka mea mua, pono mākou e hoʻonohonoho i ke komo ʻana i ka router virtual - EDGE. No ka hana ʻana i kēia, hoʻokomo mākou i kāna mau lawelawe a hele i ka pā kūpono - EDGE Settings. Ma laila mākou e hiki ai ke kūlana SSH, hoʻonohonoho i kahi hua'ōlelo, a mālama pono i nā loli.

Inā mākou e hoʻohana i nā lula Firewall koʻikoʻi, i ka wā i pāpā ʻia ai nā mea āpau ma ke ʻano maʻamau, a laila hoʻohui mākou i nā lula e ʻae ai i nā pilina i ke alalai ponoʻī ma o ke awa SSH:

A laila pili mākou me kekahi mea kūʻai aku SSH, no ka laʻana ʻo PuTTY, a hele i ka console.

I loko o ka console, loaʻa nā kauoha iā mākou, kahi papa inoa e ʻike ʻia me ka hoʻohana ʻana:
papa

He aha nā kauoha e pono ai iā mākou? Eia ka papa inoa o nā mea pono loa:

• hōʻike ʻike - e hōʻike i nā loulou i loaʻa a me nā helu IP i kau ʻia ma luna o lākou
• hōʻike log - e hōʻike i nā log router
• hōʻike log hahai - e kōkua iā ʻoe e nānā i ka log i ka manawa maoli me nā hoʻonui mau. ʻO kēlā me kēia lula, ʻo ia ʻo NAT a i ʻole Firewall, he koho Enable logging, inā hiki ke hoʻopaʻa ʻia, e hoʻopaʻa ʻia nā hanana i loko o ka log, e ʻae ai i nā diagnostics.
• hōʻike flowtable - e hōʻike i ka papaʻaina holoʻokoʻa o nā pilina paʻa a me kā lākou mau palena
  Pākuhi:1: tcp 6 21599 ESTABLISHED src=9Х.107.69.ХХХ dst=178.170.172.XXX sport=59365 dport=22 pkts=293 bytes=22496 src=178.170.172.ХХХ dst=91.107.69.173 sport=22 dport=59365 pkts=206 bytes=83569 [ASSURED] mark=0 rid=133427 use=1
• e hōʻike i ka papa kuhikuhi ma lunaN 10 — hiki iā ʻoe ke hōʻike i ka helu o nā laina i makemake ʻia, ma kēia hiʻohiʻona 10
• hōʻike flowtable topN 10 sort-by pkts - e kōkua i ka hoʻokaʻawale ʻana i nā pilina ma ka helu o nā ʻeke mai ka liʻiliʻi a i ka nui
• e hōʻike i ka papa hoʻoheheʻe topN 10 sort-by bytes - e kōkua i ka hoʻokaʻawale ʻana i nā pilina ma ka helu o nā byte i hoʻoili ʻia mai ka liʻiliʻi a i ka nui
• e hōʻike i ka flowtable rule-id ID topN 10 - e kōkua i ka hōʻike ʻana i nā pilina e ka ID rula koi
• hōʻike flowtable flowspec SPEC — no ka oi hikiwawe koho o ka pili, kahi SPEC — hoonoho i ka pono kānana lula, no ka laʻana proto=tcp:srcip=9Х.107.69.ХХХ:sport=59365, no ke koho ʻana me ka hoʻohana ʻana i ka protocol TCP a me ke kumu IP address 9Х.107.69. XX mai ka awa hoʻouna 59365
  Pākuhi:> show flowtable flowspec proto=tcp:srcip=90.107.69.171:sport=59365
1: tcp 6 21599 ESTABLISHED src=9Х.107.69.XX dst=178.170.172.xxx sport=59365 dport=22 pkts=1659 bytes=135488 src=178.170.172.xxx dst=xx.107.69.xxx sport=22 dport=59365 pkts=1193 bytes=210361 [ASSURED] mark=0 rid=133427 use=1
Total flows: 1
• hōʻike i nā hāʻule o ka ʻeke - e ʻae iā ʻoe e nānā i nā ʻikepili ma nā pūʻolo
• hōʻike i nā kahe ahi - Hōʻike i nā helu pāpaʻi pahu ahi me nā kahe ʻeke.

Hiki iā mākou ke hoʻohana pono i nā mea hana diagnostic network maʻamau mai ka mea hoʻokele EDGE:

• ping ip WORD
• ping ip WORD nui SIZE helu COUNT nofrag – ping e hōʻike ana i ka nui o ka ʻikepili i hoʻouna ʻia a me ka helu o nā loiloi, a pāpā pū i ka ʻāpana o ka nui o ka ʻeke i hoʻonohonoho ʻia.
• traceroute ip WORD

ʻO ke kaʻina o ka ʻike ʻana i ka hana ʻo Firewall ma Edge

1. Hoʻolana hōʻike pā ahi a e nānā i nā lula kānana maʻamau i hoʻokomo ʻia i ka papaʻaina usr_rules
2. Nānā mākou i ke kaulahao POSTROUTIN a mālama i ka helu o nā ʻeke i hāʻule me ka hoʻohana ʻana i ke kahua DROP. Inā loaʻa kahi pilikia me ke ala ala asymmetric, e hoʻopaʻa mākou i ka piʻi ʻana o nā waiwai.
   E hoʻokō i nā loiloi hou aʻe:
   • E hana ana ka ping ma kahi ʻaoʻao a ʻaʻole ma ka ʻaoʻao ʻē aʻe
   • E hana ka ping, akā ʻaʻole e hoʻokumu ʻia nā kau TCP.
3. Nānā mākou i ka puka o ka ʻike e pili ana i nā helu IP - hōʻike ipset
4. E ʻae i ka hoʻopaʻa inoa ʻana i ka lula ahi ma nā lawelawe Edge
5. Nānā mākou i nā hanana i loko o ka log - hōʻike log hahai
6. Nānā mākou i nā pilina me ka rule_id pono - hōʻike flowtable rule_id
7. Me ke kōkuaʻana o hōʻike flowstats Hoʻohālikelike mākou i nā hoʻopili ʻana i kēia manawa ʻo Current Flow Entries me ka nui i ʻae ʻia (Total Flow Capacity) i ka hoʻonohonoho o kēia manawa. Hiki ke nānā ʻia nā hoʻonohonoho a me nā palena i loaʻa ma VMware NSX Edge. Inā makemake ʻoe, hiki iaʻu ke kamaʻilio e pili ana i kēia ma ka ʻatikala aʻe.

He aha hou kāu e heluhelu ai ma ka blog? Cloud4Y

→ Hoʻokumu nā maʻi maʻi kūʻē CRISPR i nā "pale" e pale i nā genome mai nā enzyme komo DNA
→ Pehea i hāʻule ai ka panakō?
→ Ka Manaʻo Hauʻoli Nui
→ Pūnaewele ma nā baluna
→ ʻO nā Pentesters i ka mua o ka cybersecurity

Kau inoa i kā mākou Telegram-channel i ʻole ʻoe e poina i ka ʻatikala aʻe! ʻAʻole mākou e kākau ʻoi aku ma mua o ʻelua manawa i ka pule a ma ka ʻoihana wale nō. Hoʻomanaʻo mākou iā ʻoe e hiki i nā mea hoʻomaka ke loaʻa iā RUB 1. mai Cloud000Y. Hiki ke loaʻa nā kūlana a me ka palapala noi no ka poʻe hoihoi ma kā mākou pūnaewele: bit.ly/2sj6dPK

Source: www.habr.com