Nchọpụta nke njikọ netwọk na EDGE mebere rawụta

N'ọnọdụ ụfọdụ, nsogbu nwere ike ibilite mgbe ị na-edozi router mebere. Dịka ọmụmaatụ, mbugharị ọdụ ụgbọ mmiri (NAT) anaghị arụ ọrụ yana/ma ọ bụ enwere nsogbu n'ịtọlite ​​​​Firewall iwu n'onwe ha. Ma ọ bụ naanị ịchọrọ ịnweta ndekọ nke rawụta, lelee ọrụ nke ọwa, wee mee nchọpụta netwọkụ. Onye na-eweta igwe ojii Cloud4Y na-akọwa otu esi eme nke a.

Na-arụ ọrụ na mebere rawụta

Nke mbụ, anyị kwesịrị ịhazi ohere ịnweta rawụta mebere - EDGE. Iji mee nke a, anyị na-abanye ọrụ ya wee gaa na taabụ kwesịrị ekwesị - EDGE Settings. N'ebe ahụ, anyị na-eme ka ọnọdụ SSH, tọọ paswọọdụ, ma jide n'aka na ị ga-echekwa mgbanwe ndị ahụ.

Ọ bụrụ na anyị na-eji iwu Firewall siri ike, mgbe amachibidoro ihe niile na ndabara, mgbe ahụ anyị na-agbakwunye iwu na-enye ohere njikọ na rawụta n'onwe ya site na ọdụ ụgbọ mmiri SSH:

Mgbe ahụ anyị na onye ahịa SSH ọ bụla jikọọ, dịka ọmụmaatụ PuTTY, wee banye na njikwa.

Na console, iwu dịịrị anyị, ndepụta nke enwere ike ịhụ site na iji:
ndepụta

Olee iwu ndị nwere ike ịbara anyị uru? Nke a bụ ndepụta nke kacha baa uru:

• ngosi interface - ga-egosipụta oghere dị na adreesị IP arụnyere na ha
• ihe ngosi ndekọ - ga-egosi rawụta ndekọ
• gosi ndekọ soro - ga - enyere gị aka ilele ndekọ ahụ ozugbo yana mmelite oge niile. Iwu ọ bụla, ma ọ bụ NAT ma ọ bụ Firewall, nwere nhọrọ Kwado ndekọ, mgbe enyere ya aka, a ga-edekọ ihe omume na ndekọ, nke ga-enye ohere nyocha.
• gosi flowtable - ga-egosi tebụl niile nke njikọ ntọala na paramita ha
  Ihe nlele:1: tcp 6 21599 ESTABLISHED src=9Х.107.69.ХХХ dst=178.170.172.XXX sport=59365 dport=22 pkts=293 bytes=22496 src=178.170.172.ХХХ dst=91.107.69.173 sport=22 dport=59365 pkts=206 bytes=83569 [ASSURED] mark=0 rid=133427 use=1
• Gosi flowtable topN 10 - na-enye gị ohere igosipụta ọnụọgụ ahịrị ahịrị achọrọ, na ihe atụ 10 a
• Gosi flowtable topN 10 ụdị-site pkts - ga-enyere aka dozie njikọ site na ọnụ ọgụgụ ngwugwu site na nke kacha nta ruo nke ukwuu
• egosi flowtable topN 10 ụdị-site bytes - ga-enyere aka dozie njikọ site na ọnụọgụ bytes bufere site na kacha nta gaa na nnukwu
• gosi usoro iwu-id nke na-asọ asọ topN 10 - ga-enyere aka igosipụta njikọ site na ID iwu achọrọ
• gosi flowtable flowspec SPEC - n'ihi na ọzọ mgbanwe nhọrọ nke njikọ, ebe SPEC - na-esetịpụrụ mkpa nzacha iwu, ka ihe atụ proto = tcp: srcip = 9Х.107.69.ХХХ: egwuregwu = 59365, maka nhọrọ site na iji TCP protocol na isi iyi IP adreesị 9Х.107.69. XX sitere na ọdụ ụgbọ mmiri 59365
  Ihe nlele:> show flowtable flowspec proto=tcp:srcip=90.107.69.171:sport=59365
1: tcp 6 21599 ESTABLISHED src=9Х.107.69.XX dst=178.170.172.xxx sport=59365 dport=22 pkts=1659 bytes=135488 src=178.170.172.xxx dst=xx.107.69.xxx sport=22 dport=59365 pkts=1193 bytes=210361 [ASSURED] mark=0 rid=133427 use=1
Total flows: 1
• gosi ngwugwu tụlee - ga-enye gị ohere ịlele ọnụ ọgụgụ na ngwugwu
• gosi firewall aga - Na-egosiputa counters ngwungwu firewall yana ngwungwu ngwugwu.

Anyị nwekwara ike iji ngwaọrụ nchọpụta netwọkụ bụ isi ozugbo sitere na rawụta EDGE:

• ping ip Okwu
• ping ip WORD size SIZE count COUNT nofrag – ping na-egosi nha data a na-eziga na ọnụọgụ ndenye ego, machibidokwa nkewa nke nha ngwungwu etinyere.
• traceroute ip WORD

Usoro nke ịchọpụta ọrụ Firewall na Edge

1. Mwepụta gosi firewall wee lelee iwu nzacha omenala arụnyere na tebụl usr_rules
2. Anyị na-elele yinye POSTROUTIN wee jikwaa ọnụ ọgụgụ nke ngwugwu ndị dara ada site na iji ubi DROP. Ọ bụrụ na enwere nsogbu na ntụgharị asymmetric, anyị ga-edekọ mmụba na ụkpụrụ.
   Ka anyị mee nyocha ndị ọzọ:
   • Ping ga-arụ ọrụ n'otu ụzọ ọ bụghị n'akụkụ nke ọzọ
   • ping ga-arụ ọrụ, mana oge TCP agaghị eguzobe.
3. Anyị na-elele nsonaazụ nke ozi gbasara adreesị IP - gosi ipset
4. Kwado ịbanye na iwu firewall na ọrụ Edge
5. Anyị na-elele ihe omume na log - gosi ndekọ soro
6. Anyị na-elele njikọ site na iji iwu_id achọrọ - gosi flowtable rule_id
7. Site n'enyemaka nke gosi flowstats Anyị na-atụnyere njikọ ntinye Flow ugbu a arụnyere ugbu a yana oke ikike (Mkpokọta Flow Capacity) na nhazi ugbu a. Enwere ike ịlele nhazi na oke dị na VMware NSX Edge. Ọ bụrụ na ị nwere mmasị, enwere m ike ikwu banyere nke a n'isiokwu na-esonụ.

Kedu ihe ọzọ ị nwere ike ịgụ na blọgụ? Cloud4Y

→ Nje virus na-eguzogide CRISPR na-ewuli "ebe nchekwa" iji chebe mkpụrụ ndụ ihe nketa site na DNA na-abanye n'ime enzymes
→ Kedu ka ụlọ akụ ahụ siri daa?
→ The Great Snowflake Theory
→ Ịntanetị na balloons
→ Pentesters nọ n'ihu na nchekwa cyber

Debanye aha na anyị telegram- ọwa ka ị ghara ịgbaghara isiokwu na-esote! Anyị na-ede ihe karịrị ugboro abụọ n'izu na naanị na azụmahịa. Anyị na-echetara gị na ndị mbido nwere ike ịnata RUB 1. sitere na Cloud000Y. Enwere ike ịchọta ọnọdụ na akwụkwọ anamachọihe maka ndị nwere mmasị na webụsaịtị anyị: bit.ly/2sj6dPK

isi: www.habr.com