æ°åã³ãããŠã€ã«ã¹ææçã®ãã³ãããã¯ãšå€ãã®åœã§ã®äžè¬çãªéé¢ã®ãããå€ãã®äŒæ¥ãæ¥åãç¶ç¶ããå¯äžã®æ¹æ³ã¯ãã€ã³ã¿ãŒããããä»ããŠè·å Žã«ãªã¢ãŒãã¢ã¯ã»ã¹ããããšã§ãã ãªã¢ãŒãã¯ãŒã¯ã®ããã®æ¯èŒçå®å
šãªæ¹æ³ã¯æ°å€ããããŸãããåé¡ã®èŠæš¡ãèãããšãè¿œå ã®èšå®ã説æãé¢åãªçžè«ãé·ãæ瀺ãå¿
èŠãšããããããããŠãŒã¶ãŒããªãã£ã¹ã«ãªã¢ãŒãæ¥ç¶ã§ããç°¡åãªæ¹æ³ãå¿
èŠã§ãã ãã®æ¹æ³ã¯ãå€ãã®ç®¡çè
ã«æçšãããŠãã RDP (ãªã¢ãŒã ãã¹ã¯ããã ãããã³ã«) ã§ãã RDP çµç±ã§è·å Žã«çŽæ¥æ¥ç¶ããããšã§ãåé¡ãçæ³çã«è§£æ±ºã§ããŸããäŸå€ã¯ã19 å¹ã®å€§ããªããšã§ããã€ã³ã¿ãŒãããçšã« RDP ããŒããéãããŸãŸã«ããŠããã®ã¯ãéåžžã«å±éºã§ãã ãããã£ãŠã以äžã§ã¯ãã·ã³ãã«ã ãä¿¡é Œæ§ã®é«ãä¿è·æ¹æ³ãææ¡ããŸãã
Mikrotik ããã€ã¹ãã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ãšããŠäœ¿çšãããŠããå°èŠæš¡ãªçµç¹ã«ããééããããã以äžã§ã¯ Mikrotik ã§ãããå®è£
ããæ¹æ³ã瀺ããŸãããããŒã ãããã³ã°ä¿è·æ¹æ³ã¯ãåæ§ã®å
¥åã«ãŒã¿ãŒèšå®ãšãã¡ã€ã¢ãŠã©ãŒã«ãåããä»ã®äžäœã¯ã©ã¹ã®ããã€ã¹ã§ãç°¡åã«å®è£
ã§ããŸãã ã
ããŒããããã³ã°ã«ã€ããŠç°¡åã«èª¬æããŸãã ã€ã³ã¿ãŒãããã«æ¥ç¶ããããããã¯ãŒã¯ã®çæ³çãªå€éšä¿è·ã¯ããã¹ãŠã®ãªãœãŒã¹ãšããŒãããã¡ã€ã¢ãŠã©ãŒã«ã«ãã£ãŠå€éšããéããããããšã§ãã ãã®ããã«æ§æããããã¡ã€ã¢ãŠã©ãŒã«ãåããã«ãŒã¿ãŒã¯ãå€éšããã®ãã±ããã«ã¯äžååå¿ããŸãããããã±ããããªãã¹ã³ããŸãã ãããã£ãŠããããã¯ãŒã¯ ãã±ããã®ç¹å®ã® (ã³ãŒã) ã·ãŒã±ã³ã¹ãå¥ã®ããŒãã§åä¿¡ããããšãã«ããã±ããã®éä¿¡å ã® IP ã«å¯ŸããŠã«ãŒã¿ãŒ (ã«ãŒã¿ãŒ) ãç¹å®ã®ãªãœãŒã¹ (ããŒãããããã³ã«ãçãïŒã
ããŠããžãã¹ã§ãã Mikrotik ã®ãã¡ã€ã¢ãŠã©ãŒã«èšå®ã«ã€ããŠã¯è©³ãã説æããŸãããã€ã³ã¿ãŒãããã«ã¯ãããã«é¢ããé«å質ã®ãœãŒã¹ããããããããŸãã çæ³çã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã¯ãã¹ãŠã®åä¿¡ãã±ããããããã¯ããŸããã
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,related
確ç«ãããé¢é£æ¥ç¶ããã®åä¿¡ãã©ãã£ãã¯ãèš±å¯ããŸãã
次ã«ãMikrotik ã§ããŒã ãããã³ã°ãèšå®ããŸãã
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389
ãã詳现ã«ïŒ
æåã® XNUMX ã€ã®ã«ãŒã«
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
ããŒã ã¹ãã£ã³äžã«ãã©ãã¯ãªã¹ãã«ç»é²ãããŠãã IP ã¢ãã¬ã¹ããã®åä¿¡ãã±ãããçŠæ¢ããŸãã
XNUMXçªç®ã®ã«ãŒã«ïŒ
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
æ£ããããŒã (19000) ã§æ£ããæåã®ããã¯ãè¡ã£ããã¹ãã®ãªã¹ãã« ip ãè¿œå ããŸãã
次㮠XNUMX ã€ã®ã«ãŒã«ã¯æ¬¡ã®ãšããã§ãã
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
ããªãã®ããŒããã¹ãã£ã³ããã人ã®ããã«ãã©ãã ããŒããäœæãããã®ãããªè©Šã¿ãæ€åºãããå Žåã¯ããã® IP ã 60 åéãã©ãã¯ãªã¹ãã«ç»é²ããŸãããã®éãæåã® XNUMX ã€ã®ã«ãŒã«ã¯ãã®ãããªãã¹ãã«æ£ããããŒããããã¯ãªã³ããæ©äŒãäžããŸããã
次ã®ã«ãŒã«:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
1 çªç®ã®æ£ããããã¯ãç®çã®ããŒã (16000) ã§è¡ããããããip ãèš±å¯ãªã¹ãã« XNUMX åé (æ¥ç¶ã確ç«ããã®ã«ååãªæé) è¿œå ããŸãã
次ã®ã³ãã³ã:
move [/ip firewall filter find comment=RemoteRules] 1
ã«ãŒã«ããã¡ã€ã¢ãŠã©ãŒã«ã®åŠçãã§ãŒã³ã®äžæµã«ç§»åããŸããããã¯ãæ°ããäœæããã«ãŒã«ãæ©èœããªãããã«ããã§ã«å¥ã®æåŠã«ãŒã«ãèšå®ãããŠããå¯èœæ§ãé«ãããã§ãã Mikrotik ã®æåã®ã«ãŒã«ã¯ 1 ããå§ãŸããŸãããç§ã®ããã€ã¹ã§ã¯ XNUMX ã¯çµã¿èŸŒã¿ã«ãŒã«ã«ãã£ãŠå æãããŠããã移åããããšã¯äžå¯èœã§ãããç§ã¯ããã XNUMX ã«ç§»åããŸããããã®ãããèšå®ã確èªããŸããã©ãã«ç§»åã§ãããã§ããåžæã®çªå·ãæå®ããŸãã
次ã®èšå®:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389
ä»»æã«éžæããããŒã 33890 ãéåžžã® RDP ããŒã 3389 ãšå¿ èŠãªã³ã³ãã¥ãŒã¿ãŸãã¯ã¿ãŒããã« ãµãŒããŒã® IP ã«è»¢éããŸãã å¿ èŠãªãã¹ãŠã®å éšãªãœãŒã¹ã«å¯ŸããŠãã®ãããªã«ãŒã«ãäœæããã§ããã°éæšæº (ããã³ç°ãªã) å€éšããŒããèšå®ããŸãã åœç¶ã®ããšãªãããå éšãªãœãŒã¹ã® IP ã¯éçã§ããããDHCP ãµãŒããŒäžã«åºå®ãããŠããå¿ èŠããããŸãã
ãã㧠Mikrotik ãæ§æããããŠãŒã¶ãŒãå éš RDP ã«æ¥ç¶ããããã®ç°¡åãªæé ãå¿ èŠã«ãªããŸããã 䞻㫠Windows ãŠãŒã¶ãŒããããããåçŽãªããã ãã¡ã€ã«ãäœæããStartRDP.bat ãšããååãä»ããŸãã
1.htm
1.rdp
ãããã 1.htm ã«ã¯æ¬¡ã®ã³ãŒããå«ãŸããŠããŸãã
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
МажЌОÑе ПбМПвОÑÑ ÑÑÑаМОÑÑ ÐŽÐ»Ñ Ð¿ÐŸÐ²ÑПÑМПгП заÑ
ПЎа пП RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">
ããã«ã¯ãmy_router.sn.mynetname.net ã«ããæ¶ç©ºã®åçãžã® XNUMX ã€ã®ãªã³ã¯ãå«ãŸããŠããŸãããã®ã¢ãã¬ã¹ã¯ãMikrotik ã§æå¹ã«ããåŸãMikrotik DDNS ã·ã¹ãã ããååŸããŸãã[IP] -> [Cloud] ã¡ãã¥ãŒã«ç§»åãã[DDNS Enabled] ãã§ãã¯ããã¯ã¹ããªã³ã«ããŸãã [é©çš] ãã¯ãªãã¯ããã«ãŒã¿ãŒã® DNS åãã³ããŒããŸãã ãã ãããããå¿ èŠã«ãªãã®ã¯ãã«ãŒã¿ãŒã®å€éš IP ãåçã§ããããè€æ°ã®ã€ã³ã¿ãŒããããããã€ããŒã«ããæ§æã䜿çšãããŠããå Žåã®ã¿ã§ãã
æåã®ãªã³ã¯ã®ããŒã 19000 ã¯ãããã¯ããå¿ èŠãããæåã®ããŒãã«å¯Ÿå¿ãã1 çªç®ã®ããŒã㯠16000 çªç®ã®ããŒãã«ãããã察å¿ããŸãã ãªã³ã¯ã®éã«ã¯ãçããããã¯ãŒã¯ã®åé¡ã«ããæ¥ç¶ãçªç¶äžæãããå Žåã®å¯ŸåŠæ³ã瀺ãçã説æããããŸããããŒãžãæŽæ°ãããšãRDP ããŒãã 30 åéåã³éããã»ãã·ã§ã³ã埩å ãããŸãã ãŸããimg ã¿ã°éã®ããã¹ãã¯ãã©ãŠã¶ã«ãšã£ãŠãã€ã¯ãé 延ã圢æããæåã®ãã±ããã XNUMX çªç®ã®ããŒã (XNUMX) ã«é ä¿¡ãããå¯èœæ§ãäœããªããŸãããããŸã§ã®ãšãããXNUMX é±éã®äœ¿çšã§ãã®ãããªã±ãŒã¹ã¯ãããŸãã (XNUMX)人ã ïŒã
次㫠1.rdp ãã¡ã€ã«ãæ¥ãŸããããã¯ããã¹ãŠã®ãŠãŒã¶ãŒã«å¯Ÿã㊠15 ã€ãæ§æããããšããåãŠãŒã¶ãŒã«å¯ŸããŠåå¥ã«æ§æããããšãã§ããŸã (ç§ã¯ãããè¡ããŸãããç解ã§ããªã人ã«æ°æéçžè«ãããããè¿œå 㧠XNUMX åãè²»ããã»ããç°¡åã§ã)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomain
ããã§ã®èå³æ·±ãèšå®ã¯ã use multimon: i: 1 ã§ããããã«ã¯è€æ°ã®ã¢ãã¿ãŒã®äœ¿çšãå«ãŸããŸãããããå¿ èŠãšãã人ãããŸããã圌ãèªèº«ã¯ããããªã³ã«ããããšãèããŠããŸããã
æ¥ç¶ã¿ã€ã: i: 6 ããã³ networkautodetect: i: 0 - ã€ã³ã¿ãŒãããã®å€§éšåã 10 Mbps 以äžã§ãããããæ¥ç¶ã¿ã€ã 6 (ããŒã«ã« ãããã¯ãŒã¯ 10 Mbps 以äž) ããªã³ã«ããããã©ã«ã (èªå) ã®å Žå㯠networkautodetect ããªãã«ããŸããå ŽåããŸãã«å°ããªãããã¯ãŒã¯é 延ãçºçããå Žåã§ããã»ãã·ã§ã³ãèªåçã«é·æéäœéã«èšå®ãããç¹ã«ã°ã©ãã£ãã¯ã¹ ããã°ã©ã ã§äœæ¥ã«é¡èãªé 延ãçºçããå¯èœæ§ããããŸãã
å£çŽãç¡å¹ã«ãã: i: 1 - ãã¹ã¯ãããã®ãã¯ãã£ãç¡å¹ã«ãã
username:s:myuserlogin - ãŠãŒã¶ãŒã®å€§éšåãèªåã®ãã°ã€ã³æ
å ±ãç¥ããªãããããŠãŒã¶ãŒ ãã°ã€ã³ãæå®ããŸãã
domain:s:mydomain - ãã¡ã€ã³ãŸãã¯ã³ã³ãã¥ãŒã¿åãæå®ããŸã
ãã ããæ¥ç¶ããã·ãŒãžã£ãäœæããã¿ã¹ã¯ãç°¡ç¥åãããå Žåã¯ãPowerShell - StartRDP.ps1 ã䜿çšããããšãã§ããŸãã
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890
Windows ã® RDP ã¯ã©ã€ã¢ã³ãã«ã€ããŠãå°ã説æããŸããMS ã¯ããããã³ã«ãšãã®ãµãŒããŒããã³ã¯ã©ã€ã¢ã³ãéšåã®æé©åã«ãããŠå€§ããªé²æ©ãéããããŒããŠã§ã¢ 3D ã®æäœãã¢ãã¿ãŒã®ç»é¢è§£å床ã®æé©åããã«ãã¹ã¯ãªãŒã³ãçã ã ãã ãããã¡ããããã¹ãŠãäžäœäºæã¢ãŒãã§å®è£ ãããŠãããã¯ã©ã€ã¢ã³ãã Windows 7 ã§ãªã¢ãŒã PC ã Windows 10 ã®å ŽåãRDP ã¯ãããã³ã« ããŒãžã§ã³ 7.0 ã䜿çšããŠæ©èœããŸãã ãã ããRDP ããŒãžã§ã³ãããæ°ããããŒãžã§ã³ã«æŽæ°ã§ãããšããå©ç¹ããããŸããããšãã°ããããã³ã« ããŒãžã§ã³ã 7.0 (Windows 7) ãã 8.1 ã«ã¢ããã°ã¬ãŒãã§ããŸãã ãããã£ãŠãã¯ã©ã€ã¢ã³ãã®å©äŸ¿æ§ãèæ ®ããŠããµãŒããŒéšåã®ããŒãžã§ã³ãã§ããã ãé«ãããšãšãã«ããªã³ã¯ãããããããŠæ°ããããŒãžã§ã³ã® RDP ãããã³ã« ã¯ã©ã€ã¢ã³ãã«ã¢ããã°ã¬ãŒãããå¿ èŠããããŸãã
ãã®çµæã皌åäžã® PC ãŸãã¯ã¿ãŒããã« ãµãŒããŒã«ãªã¢ãŒãæ¥ç¶ããããã®ãã·ã³ãã«ã§æ¯èŒçå®å šãªãã¯ãããžãåŸãããŸããã ããããããå®å šãªæ¥ç¶ãå®çŸããã«ã¯ããã§ãã¯ããããŒããè¿œå ããããšã§ãããŒã ãããã³ã°ææ³ãæ°æ¡æ»æãã«ããããããšãã§ããŸããåãããžãã¯ã«åŸã£ãŠ 3,4,5,6ãXNUMXãXNUMXãXNUMX ... ããŒããè¿œå ããããšãã§ããŸãããã®å Žåããããã¯ãŒã¯ãžã®çŽæ¥äŸµå ¥ã¯ã»ãŒäžå¯èœã«ãªããŸãã
åºæïŒ habr.com