N'ihi ọrịa na-efe efe nke Covid-19 na mgbochi iche n'ọtụtụ mba, naanị ụzọ ọtụtụ ụlọ ọrụ ga-esi gaa n'ihu na-arụ ọrụ bụ ịnweta ebe ọrụ site na ịntanetị. Enwere ọtụtụ ụzọ dị nchebe maka ọrụ dịpụrụ adịpụ - mana enyere ya nsogbu ahụ, a chọrọ usoro dị mfe maka onye ọrụ ọ bụla iji jikọọ na ụlọ ọrụ na-enweghị mkpa maka ntọala ndị ọzọ, nkọwa, ndụmọdụ na-agwụ ike na ntuziaka ogologo. Usoro a na-ahụ n'anya nke ọtụtụ admins RDP (Remote Desktop Protocol). Ijikọ ozugbo na ebe ọrụ site na RDP na-edozi nsogbu anyị nke ọma, ewezuga otu nnukwu ijiji na ude - idebe ọdụ ụgbọ mmiri RDP maka ịntanetị adịghị mma. Ya mere, n'okpuru ebe a, m na-atụ aro ụzọ nchebe dị mfe ma a pụrụ ịdabere na ya.
Ebe ọ bụ na m na-ahụkarị obere ụlọ ọrụ ebe a na-eji ngwaọrụ Mikrotik dị ka ịnweta Ịntanetị, n'okpuru ebe a, a ga-egosi ya ka esi emejuputa nke a na Mikrotik, ma a na-eme usoro nchebe Port Knocking ngwa ngwa na ngwaọrụ ndị ọzọ dị elu nke nwere ntọala ntinye rawụta yiri ya na firewall. .
Na nkenke gbasara Port Knocking. Ezigbo nchebe mpụga nke netwọk ejikọrọ na ịntanetị bụ mgbe ejiri firewall mechie akụrụngwa na ọdụ ụgbọ mmiri niile site na mpụga. Ma ọ bụ ezie na rawụta nwere ụdị firewall ahaziri adịghị emeghachi omume n'ụzọ ọ bụla na ngwugwu si n'èzí pụta, ọ na-ege ha ntị. Ya mere, ị nwere ike hazie rawụta ka ọ bụrụ na enwetara ụfọdụ (koodu) usoro nke ngwugwu netwọkụ na ọdụ ụgbọ mmiri dị iche iche, ya (onye rawụta) maka IP ebe ngwugwu ahụ si bịa, na-ewepụ ohere ịnweta ụfọdụ akụrụngwa (ọdụ ụgbọ mmiri, ụkpụrụ, wdg).
Ugbu a maka azụmahịa. Agaghị m eme nkọwa zuru ezu nke ntọala firewall na Mikrotik - ịntanetị juputara na isi mmalite dị elu maka nke a. Dị ka o kwesịrị, firewall na-egbochi ngwugwu niile na-abata, mana
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,relatedNa-enye ohere okporo ụzọ na-abata site na njikọ guzosiri ike, nwere njikọ.
Ugbu a, anyị melite Port Knocking na Mikrotik:
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389Ugbu a na nkọwa ndị ọzọ:
mbụ iwu abụọ
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRulesmachibido ngwugwu mbata site na adreesị IP nke edobere aha ojii n'oge nyocha ọdụ ụgbọ mmiri;
Iwu nke atọ:
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
na-agbakwụnye ip na ndepụta nke ndị ọbịa nke mere nke ọma na mbụ ịkụ aka na ọdụ ụgbọ mmiri ziri ezi (19000);
Iwu anọ na-esote bụ:
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesmepụta ọdụ ụgbọ mmiri ọnyà maka ndị chọrọ iṅomi ọdụ ụgbọ mmiri gị, ma ọ bụrụ na achọpụtara mgbalị ndị dị otú ahụ, depụta ip ha maka nkeji 60, n'oge nke iwu abụọ mbụ agaghị enye ndị ọbịa dị otú ahụ ohere ịkụ aka na ọdụ ụgbọ mmiri ziri ezi;
Iwu na-esote:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesna-etinye ip na ndepụta a na-enye ohere maka nkeji 1 (zuru ezu iji guzobe njikọ), ebe ọ bụ na a na-akụ aka nke abụọ ziri ezi na ọdụ ụgbọ mmiri achọrọ (16000);
Iwu na-esote:
move [/ip firewall filter find comment=RemoteRules] 1na-akpali iwu anyị elu agbụ nhazi firewall, ebe ọ bụ na o yikarịrị ka anyị ga-enweworị iwu ngọnarị dị iche iche ahaziri nke ga-egbochi ndị anyị mepụtara ọhụrụ ịrụ ọrụ. Iwu mbụ na Mikrotik na-amalite site na efu, ma na ngwaọrụ m efu ejiri iwu arụnyere na ọ gaghị ekwe omume ịkwaga ya - M kpaliri ya na 1. Ya mere, anyị na-ele anya na ntọala anyị - ebe ị nwere ike ibugharị ya. ma gosi nọmba achọrọ.
Ntọala na-esote:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389na-ebuga ọdụ ụgbọ mmiri 33890 nke ahọrọghị aka ike gaa na ọdụ ụgbọ mmiri RDP 3389 na-emebu yana ip nke kọmputa ma ọ bụ ihe nkesa ọnụ anyị chọrọ. Anyị na-emepụta iwu ndị dị otú ahụ maka ihe niile dị mkpa dị n'ime, ọkacha mma ịtọ ọdụ ụgbọ mmiri ndị na-abụghị ọkọlọtọ (na dị iche iche). Dị ka o kwesịrị ịdị, ip nke akụrụngwa dị n'ime ga-abụrịrị nke kwụ ọtọ ma ọ bụ guzobe na sava DHCP.
Ugbu a ahaziri Mikrotik anyị ma anyị chọrọ usoro dị mfe maka onye ọrụ iji jikọọ na RDP anyị dị n'ime. Ebe ọ bụ na anyị nwere ndị ọrụ Windows, anyị na-emepụta faịlụ bat dị mfe wee kpọọ ya StartRDP.bat:
1.htm
1.rdpotu 1.htm nwere koodu a:
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
нажмите обновить страницу для повторного захода по RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">o nwere njikọ abụọ na foto ndị e chepụtara echepụta dị na my_router.sn.mynetname.net - anyị na-ewere adreesị a site na sistemụ Mikrotik DDNS mgbe anyị nyechara ya na Mikrotik anyị: gaa na IP-> menu igwe ojii - lelee igbe nrịbama DDNS, pịa Tinye ma detuo aha DNS nke rawụta anyị. Mana nke a dị mkpa naanị mgbe ip mpụga nke rawụta dị ike ma ọ bụ na-eji nhazi ya na ọtụtụ ndị na-eweta ịntanetị.
Ọdụ ụgbọ mmiri dị na njikọ mbụ: 19000 kwekọrọ na ọdụ ụgbọ mmiri mbụ nke ịchọrọ ịkụ aka, na nke abụọ, n'otu n'otu, na nke abụọ. N'etiti njikọ ndị ahụ enwere ntụziaka dị mkpirikpi nke na-egosi ihe ị ga-eme ma ọ bụrụ na mberede na njikọ anyị kwụsịrị n'ihi nsogbu netwọk dị mkpirikpi - anyị na-eme ka ibe ahụ dị ọhụrụ, ọdụ ụgbọ mmiri RDP na-emeghe anyị maka nkeji 1 ma weghachite nnọkọ anyị. Ọzọkwa, ederede dị n'etiti mkpado img na-etolite obere oge maka ihe nchọgharị, nke na-ebelata ohere nke ibunye ngwugwu mbụ n'ọdụ ụgbọ mmiri nke abụọ (16000) - ruo ugbu a enwebeghị ụdị ikpe dị otú ahụ n'ime izu abụọ eji eme ihe (30). ndị mmadụ).
Ọzọ na-abịa na faịlụ 1.rdp, nke anyị nwere ike hazie otu maka mmadụ niile ma ọ bụ iche maka onye ọrụ ọ bụla (Emere m nke a - ọ dị mfe iji nkeji iri na ise ọzọ karịa awa ole na ole na-agba ndị na-enweghị ike ịchọpụta ya)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomainnke ntọala na-adọrọ mmasị ebe a bụ iji multimon: i: 1 - nke a na-agụnye iji ọtụtụ nlekota - ụfọdụ chọrọ nke a, ma ha onwe ha agaghị eche echiche ịgbanye ya.
ụdị njikọ: i: 6 na networkautodetect: i: 0 - ebe ọ bụ na ọtụtụ ịntanetị karịrị 10 Mbps, wee gbanye ụdị njikọ 6 (netwọọdụ mpaghara 10 Mbps na n'elu) wee gbanyụọ networkautodetect, ebe ọ bụrụ na ndabara (akpaaka) , mgbe ahụ, ọbụlagodi obere obere netwọkụ na-adịghị ahụkebe na-akpaghị aka na-edobe nnọkọ anyị ka ọ bụrụ ngwa ngwa ngwa ngwa ruo ogologo oge, nke nwere ike ime ka oge na-aga n'ihu na-arụ ọrụ, karịsịa na mmemme ndịna-emeputa.
gbanyụọ akwụkwọ ahụaja: i: 1 - gbanyụọ foto desktọpụ
aha njirimara:s:myuserlogin - anyị na-akọwapụta nbanye onye ọrụ, ebe ọ bụ na akụkụ dị mkpa nke ndị ọrụ anyị amaghị nbanye ha.
domain:s:mydomain - ezipụta ngalaba ma ọ bụ aha kọmputa
Ma ọ bụrụ na anyị chọrọ ime ka ọrụ anyị dị mfe nke ịmepụta usoro njikọ, mgbe ahụ anyị nwekwara ike iji PowerShell - StartRDP.ps1
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890Ọzọkwa ntakịrị banyere onye ahịa RDP na Windows: MS abịawo ogologo oge n'ịkwalite usoro ahụ na ihe nkesa ya na akụkụ ndị ahịa ya, emejuputala ọtụtụ atụmatụ bara uru - dị ka ịrụ ọrụ na 3D ngwaike, na-eme ka mkpebi ihuenyo maka nyochaa gị, multiscreen, were gabazie. Mana n'ezie, etinyere ihe niile na ọnọdụ ndakọrịta azụ, ma ọ bụrụ na onye ahịa bụ Windows 7, yana PC dịpụrụ adịpụ bụ Windows 10, mgbe ahụ RDP ga-arụ ọrụ site na iji ụdị protocol 7.0. Mana uru dị na ya bụ na ị nwere ike imelite ụdị RDP na ụdị ọhụrụ - dịka ọmụmaatụ, ị nwere ike kwalite ụdị protocol site na 7.0 (Windows 7) gaa na 8.1. Ya mere, maka ịdị mma nke ndị ahịa, ọ dị mkpa iji bulie nsụgharị nke akụkụ nkesa, yana dobe njikọ iji kwalite na nsụgharị ọhụrụ nke ndị ahịa RDP protocol.
N'ihi ya, anyị nwere teknụzụ dị mfe ma dịkwa nchebe maka njikọ dịpụrụ adịpụ na PC ma ọ bụ ihe nkesa na-arụ ọrụ. Mana maka njikọ dị nchebe karị, usoro ịkụ ọkpọ Port anyị nwere ike ime ka ọ sie ike ịwakpo ọtụtụ iwu dị ukwuu, site n'ịgbakwunye ọdụ ụgbọ mmiri iji lelee - ị nwere ike itinye 3,4,5,6 ... ọdụ ụgbọ mmiri dị ka otu echiche ahụ si dị. , na nke a, ntinye aka na netwọk gị agaghị ekwe omume.
.
isi: www.habr.com