Tom qab ib pliag peb rov qab mus rau NSX. Hnub no kuv yuav qhia koj yuav ua li cas teeb tsa NAT thiab Firewall.
Hauv tab Administration mus rau koj lub virtual data center β Cloud Resources - Virtual Datacenters.
Xaiv ib lub tab Ntug Gateways thiab right-click rau qhov xav tau NSX Edge. Hauv cov ntawv qhia zaub mov uas tshwm, xaiv qhov kev xaiv Edge Gateway Services. NSX Ntug Tswj Vaj Huam Sib Luag yuav qhib rau hauv ib lub tab cais.
Teeb tsa Firewall cov cai
Nyob rau hauv cov khoom default txoj cai rau ingress tsheb Qhov kev xaiv tsis lees txais yog xaiv, piv txwv li Firewall yuav thaiv tag nrho cov tsheb.
Txhawm rau ntxiv txoj cai tshiab, nyem + . Kev nkag tshiab yuav tshwm sim nrog lub npe Txoj cai tshiab. Kho nws cov teb raws li koj xav tau.
Nyob rau hauv lub teb lub npe muab txoj cai lub npe, piv txwv li Internet.
Nyob rau hauv lub teb Tau qhov twg los Nkag mus rau qhov chaw nyob xav tau. Siv tus IP khawm, koj tuaj yeem teeb tsa ib tus IP chaw nyob, ntau qhov chaw nyob IP, CIDR.
Siv lub pob + koj tuaj yeem qhia lwm yam khoom:
- Rooj vag interfaces. Tag nrho cov network sab hauv (Internal), tag nrho cov network sab nraud (External) lossis Ib qho.
- Cov tshuab virtual. Peb khi cov cai rau ib lub tshuab virtual tshwj xeeb.
- OrgVdcNetworks. Lub koom haum theem tes hauj lwm.
- IP Teeb. Ib pawg neeg siv ua ntej tsim ntawm IP chaw nyob (tsim nyob rau hauv Grouping object).
Nyob rau hauv lub teb Lo lus peb qhia tus neeg txais qhov chaw nyob. Cov kev xaiv ntawm no yog tib yam li nyob rau hauv qhov chaw.
Nyob rau hauv lub teb Service koj tuaj yeem xaiv lossis manually qhia qhov chaw nres nkoj (Chaw Nres Tsheb), qhov yuav tsum tau muaj raws tu qauv (Protocol), thiab qhov chaw xa khoom (Source Port). Nyem Keep.
Nyob rau hauv lub teb Action xaiv qhov yuav tsum tau ua: tso cai los yog tsis kam khiav tsheb uas phim txoj cai no.
Siv cov kev teeb tsa nkag los ntawm kev xaiv Txuag cov kev hloov.
Txoj cai piv txwv
Txoj Cai 1 rau Firewall (Internet) tso cai nkag mus rau Is Taws Nem ntawm ib qho kev cai rau ib tus neeg rau zaub mov nrog IP 192.168.1.10.
Txoj Cai 2 rau Firewall (Web-server) tso cai nkag los ntawm Is Taws Nem ntawm (TCP raws tu qauv, chaw nres nkoj 80) los ntawm koj qhov chaw nyob sab nraud. Hauv qhov no - 185.148.83.16:80.
NAT kev teeb tsa
NAT (Network Txhais Chaw Nyob) - Kev txhais lus ntawm tus kheej (grey) IP chaw nyob rau sab nraud (dawb) sawv daws yuav, thiab rov ua dua. Los ntawm cov txheej txheem no, lub tshuab virtual tau nkag mus rau hauv Internet. Txhawm rau txhim kho cov txheej txheem no, koj yuav tsum teeb tsa SNAT thiab DNAT cov cai.
Tseem ceeb! NAT tsuas yog ua haujlwm thaum Firewall qhib thiab cov cai tsim nyog tau teeb tsa.
Tsim ib txoj cai SNAT. SNAT (Source Network Address Translation) yog ib lub tswv yim uas nws lub ntsiab yog los hloov qhov chaw nyob thaum xa ib pob ntawv.
Ua ntej peb yuav tsum nrhiav seb tus IP chaw nyob sab nraud lossis thaj chaw ntawm IP muaj rau peb. Txhawm rau ua qhov no, mus rau ntu Administration thiab muab ob npaug rau nyem rau ntawm lub virtual data center. Hauv cov ntawv qhia zaub mov uas tshwm, mus rau lub tab Ntug rooj vags. Xaiv qhov xav tau NSX Ntug thiab right-click rau nws. Xaiv ib qho kev xaiv Properties.
Hauv qhov rai uas tshwm, hauv tab Sub-Allocate IP Pools koj tuaj yeem saib tus IP chaw nyob sab nraud lossis ntau qhov chaw nyob IP. Sau cia los yog nco ntsoov.
Tom ntej no, right-click on NSX Edge. Hauv cov ntawv qhia zaub mov uas tshwm, xaiv qhov kev xaiv Edge Gateway Services. Thiab peb rov qab rau hauv NSX Edge tswj vaj huam sib luag.
Hauv qhov rai uas tshwm, qhib NAT tab thiab nyem Ntxiv SNAT.
Hauv qhov rais tshiab peb qhia:
- hauv Applied on field β ib lub network sab nraud (tsis yog lub koom haum-theem network!);
- Thawj Qhov Chaw IP/ntaus - qhov chaw nyob sab hauv, piv txwv li, 192.168.1.0/24;
- Txhais Qhov Chaw IP/ntaus - qhov chaw nyob sab nraud los ntawm Internet yuav nkag mus thiab uas koj tau saib hauv Sub-Allocate IP Pools tab.
Nyem Keep.
Tsim ib txoj cai DNAT. DNAT yog lub tshuab hloov pauv qhov chaw nyob ntawm lub pob ntawv nrog rau qhov chaw nres nkoj. Siv los hloov cov ntawv xa tuaj los ntawm qhov chaw nyob sab nraud / chaw nres nkoj mus rau tus IP chaw nyob / chaw nres nkoj hauv ib lub network ntiag tug.
Xaiv NAT tab thiab nyem Ntxiv DNAT.
Hauv qhov rai uas tshwm, qhia meej:
- hauv Applied on field β ib lub network sab nraud (tsis yog lub koom haum-theem network!);
- Thawj tus IP / ntau - chaw nyob sab nraud (chaw nyob los ntawm Sub-Allocate IP Pools tab);
- raws tu qauv - raws tu qauv;
- Thawj Chaw nres nkoj - chaw nres nkoj rau chaw nyob sab nraud;
- Txhais IP/ntaus - qhov chaw nyob IP sab hauv, piv txwv li, 192.168.1.10
β Txhais Port β chaw nres nkoj rau qhov chaw nyob sab hauv uas qhov chaw nres nkoj ntawm qhov chaw nyob sab nraud yuav raug muab txhais.
Nyem Keep.
Siv cov kev teeb tsa nkag los ntawm kev xaiv Txuag cov kev hloov.
Ua li cas.
Tom ntej no hauv kab yog cov lus qhia ntawm DHCP, suav nrog teeb tsa DHCP Bindings thiab Relay.
Tau qhov twg los: www.hab.com