Mahele ʻekahi
Ma hope o ka hoʻomaha pōkole, hoʻi mākou i ka NSX. I kēia lā, e hōʻike wau iā ʻoe pehea e hoʻonohonoho ai iā NAT a me Firewall.
Ma ka pā hooponopono e hele i kāu kikowaena data virtual – Nā Punawai Kapua – Nā ʻIkepili Kūikawā.

Koho i kahi kapu Nā ʻīpuka lihi a kaomi ʻākau ma ka NSX Edge i makemake ʻia. Ma ka papa kuhikuhi i hōʻike ʻia, koho i ke koho Nā lawelawe ʻo Edge Gateway. E wehe ʻia ka NSX Edge Control Panel ma kahi ʻaoʻao ʻokoʻa.

Hoʻonohonoho ʻana i nā lula Firewall

Ma ka paʻamau i ka mea lula paʻamau no ka hoʻokomo ʻana Ua koho ʻia ke koho hōʻole, ʻo ia hoʻi, na ka Firewall e ālai i nā kaʻa a pau.

No ka hoʻohui ʻana i kahi lula hou, kaomi +. E hōʻike ʻia kahi helu hou me ka inoa Rula hou. Hoʻoponopono i kāna mau māla e like me kāu mau koi.

Ma kahua inoa hāʻawi i ka inoa i ka lula, no ka laʻana Internet.

Ma kahua kahi E hoʻokomo i nā helu kumu i makemake ʻia. Ke hoʻohana nei i ka pihi IP, hiki iā ʻoe ke hoʻonohonoho i kahi helu IP hoʻokahi, kahi ākea o nā helu IP, CIDR.

Me ka pihi + hiki iā ʻoe ke kuhikuhi i nā mea ʻē aʻe:

• Nā puka puka. ʻO nā pūnaewele kūloko āpau (Internal), nā pūnaewele waho āpau (External) a i ʻole kekahi.
• Nā mīkini uila. Hoʻopaʻa mākou i nā lula i kahi mīkini virtual kikoʻī.
• OrgVdcNetworks. Nā pūnaewele pae hoʻonohonoho.
• IP Sets. He pūʻulu mea hoʻohana i hana mua ʻia o nā helu IP (i hana ʻia ma ka mea Grouping).

Ma kahua Loaʻa hōʻike i ka helu wahi o ka mea loaʻa. ʻO nā koho maʻaneʻi e like me ke kahua Source.
Ma kahua Service hiki iā ʻoe ke koho a kuhikuhi lima paha i ke awa e hele ai (Destination Port), ka protocol i koi ʻia (Protocol), a me ka awa hoʻouna (Source Port). Kaomi iā Keep.

Ma kahua hana koho i ka hana i makemake ʻia: e ʻae a hōʻole paha i nā kaʻa e pili ana i kēia lula.

E noi i ka hoʻonohonoho i hoʻokomo ʻia ma ke koho ʻana hoola loli hou.

Nā laʻana lula

Rula 1 no ka pā ahi (Internet) hiki ke komo i ka Pūnaewele ma o kekahi protocol i kahi kikowaena me IP 192.168.1.10.

Rula 2 no ka Pahu Puhi Puhi (Web-server) hiki ke komo mai ka Pūnaewele ma o (TCP protocol, port 80) ma o kāu helu wahi waho. Ma keia hihia - 185.148.83.16:80.

Hoʻonohonoho NAT

NAT (Unuhi Wae Pūnaewele) - ka unuhi ʻana o nā leka uila IP pilikino (hina) i waho (keʻokeʻo), a me ka hope. Ma o kēia kaʻina hana, loaʻa i ka mīkini virtual ke komo i ka Pūnaewele. No ka hoʻonohonoho ʻana i kēia mīkini, pono ʻoe e hoʻonohonoho i nā lula SNAT a me DNAT.
Mea nui! Hana wale ʻo NAT i ka wā e hiki ai ka pā ahi a hoʻonohonoho ʻia nā lula ʻae kūpono.

E hana i kahi lula SNAT. ʻO SNAT (Source Network Address Translation) kahi hana nona ke kumu e hoʻololi i ka helu kumu i ka wā e hoʻouna ai i kahi ʻeke.

Pono mua mākou e ʻike i ka helu IP waho a i ʻole ka laulā o nā helu IP i loaʻa iā mākou. No ka hana ʻana i kēia, hele i ka ʻāpana hooponopono a kaomi pālua i ke kikowaena data virtual. Ma ka papa kuhikuhi i hōʻike ʻia, e hele i ka pā Puka Pukas. E koho i ka NSX Edge i makemake ʻia a kaomi ʻākau ma luna. E koho i kahi koho Nā Kuleana.

Ma ka puka aniani e hōʻike ʻia, ma ka pā Hoʻokaʻawale i nā Pool IP hiki iā ʻoe ke ʻike i ka helu IP waho a i ʻole ka laulā o nā helu IP. E kākau i lalo a hoʻomanaʻo paha.

A laila, kaomi ʻākau ma NSX Edge. Ma ka papa kuhikuhi i hōʻike ʻia, koho i ke koho Nā lawelawe ʻo Edge Gateway. A ua hoʻi mākou i ka papa mana NSX Edge.

Ma ka puka aniani e ʻike ʻia, wehe i ka pā NAT a kaomi iā Add SNAT.

Ma ka puka aniani hou mākou e hōʻike ai:

• i loko o ka Applied on field - he pūnaewele waho (ʻaʻole he hui-level network!);
• Kumu kumu IP/nui – ka helu helu kūloko, no ka laʻana, 192.168.1.0/24;
• Unuhi ʻia Source IP/range – ka helu waho kahi e komo ai ka Pūnaewele a āu i nānā ai ma ka Sub-Allocate IP Pools tab.

Kaomi iā Keep.

E hana i kahi lula DNAT. ʻO ka DNAT kahi hana e hoʻololi i ka helu wahi e hele ai o kahi ʻeke a me ke awa e hele ai. Hoʻohana ʻia e hoʻihoʻi hou i nā ʻeke komo mai kahi helu waho / awa i kahi IP address / awa pilikino i loko o kahi pūnaewele pilikino.

E koho i ka ʻaoʻao NAT a kaomi iā Add DNAT.

Ma ka puka aniani e hōʻike ʻia, e wehewehe:

— i loko o ka Applied on field – he pūnaewele waho (ʻaʻole he hui-level network!);
- IP kumu / pae - ka helu waho (ka helu mai ka Sub-Allocate IP Pools tab);
— Kūkākūkā – protocol;
— Awa kumu – awa no ka helu wahi waho;
— Unuhi ʻia ʻo IP/range – kūloko IP address, no ka laʻana, 192.168.1.10
— Awa Unuhi – awa no ka helu kūloko kahi e unuhi ʻia ai ke awa o ka helu wahi waho.

Kaomi iā Keep.

E noi i ka hoʻonohonoho i hoʻokomo ʻia ma ke koho ʻana hoola loli hou.

Hanaʻia.

Aia ma ka laina aʻe nā ʻōlelo kuhikuhi ma DHCP, me ka hoʻonohonoho ʻana i nā DHCP Bindings a me Relay.

Source: www.habr.com