Na te mate urutaru covid-19 me te taratahi whanui i nga whenua maha, ko te huarahi mo nga kamupene maha ki te mahi tonu ko te uru mamao ki nga waahi mahi ma te Ipurangi. He maha nga tikanga haumaru mo nga mahi mamao - engari i runga i te nui o te raru, ko te mea e hiahiatia ana he tikanga ngawari mo nga kaiwhakamahi katoa ki te hono atu ki te tari a-mamao me te kore e hiahia ki etahi atu tautuhinga, whakamaramatanga, korero hoha me te roa. tohutohu. Ko tenei tikanga e arohaina ana e te maha o nga kaiwhakahaere RDP (Remote Desktop Protocol). Ma te hono tika ki te teihana mahi ma te RDP ka whakatauhia to maatau raru, engari mo te kotahi namu nui i roto i te hinu - ko te pupuri i te tauranga RDP kia tuwhera mo te Ipurangi he tino kino. Na reira, kei raro nei ka whakaaro ahau he tikanga whakamarumaru ngawari engari pono.
I te mea he maha nga wa ka tae atu ahau ki nga whakahaere iti e whakamahia ana nga taputapu Mikrotik hei hononga Ipurangi, kei raro nei ka whakaatu ahau me pehea te whakatinana i tenei ki runga i a Mikrotik, engari ko te tikanga whakamarumaru Port Knocking ka taea te whakamahi i runga i etahi atu taputapu teitei ake me nga tautuhinga pouara whakauru rite. pātūahi
He poto mo te Port Patoto. Ko te tino whakamarumaru o waho o te whatunga hono ki te Ipurangi ka kati nga rauemi me nga tauranga katoa mai i waho e te paahi. A ahakoa ko te pouara me te papangaahi whirihora penei karekau e aro ki nga paatete e puta mai ana i waho, ka whakarongo ia ki a raatau. Na reira, ka taea e koe te whirihora i te pouara kia whiwhi ai ia i tetahi raupapa (waehere) o nga paatete whatunga i runga i nga tauranga rereke, ko ia (te pouara) mo te IP mai i te wahi i puta mai ai nga paatete, ka kore e uru ki etahi rauemi (tauranga, kawa, aha atu. .).
Inaianei ki te waahi. E kore e hoatu e ahau he whakamaarama taipitopito mo te whakatu i tetahi papangaahi i runga i Mikrotik - kua ki tonu te Ipurangi i nga punaa kounga mo tenei. Ko te tikanga, ka parea e te paahi ahi nga paanui taumai katoa, engari
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,relatedWhakaaetia nga waka taumai mai i nga hononga kua whakapumautia (kua whakaritea, e pa ana).
Inaianei ka whirihorahia e matou te Port Knocking on Mikrotik:
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389Inaianei mo etahi atu korero:
e rua nga ture tuatahi
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRuleste aukati i nga paatete taumai mai i nga wahitau IP i whakararangi pango i te wa e tirotirohia ana te tauranga;
Ture tuatoru:
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
ka taapiri ip ki te rarangi o nga kaihautu nana i patoto tuatahi ki te tauranga e hiahiatia ana (19000);
Ko nga ture e wha e whai ake nei:
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRuleshanga tauranga mahanga mo te hunga e hiahia ana ki te matawai i o tauranga, a, ka kitea enei nganatanga, ka whakararangihia o ratou IP mo te 60 meneti, i te wa e kore e hoatu e nga ture tuatahi e rua te whai waahi ki te patuki i nga tauranga tika;
Ture panuku:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRuleska waiho te ip ki te rarangi o nga mea e whakaaetia ana mo te 1 meneti (he nui ki te whakatu hononga), na te mea ka mahia te patoto tuarua ki te tauranga e hiahiatia ana (16000);
Tono Panuku:
move [/ip firewall filter find comment=RemoteRules] 1ka neke ake a tatou ture ki runga i te mekameka tukatuka paahi ahi, i te mea tera pea kua whirihorahia e tatou etahi momo ture aukati kia kore ai e mahi a tatou mea hou. Ko te ture tuatahi i roto i te Mikrotik ka timata mai i te kore, engari i runga i taku taputapu kore i nohohia e te ture hanga-i roto, a kaore e taea te neke - i nekehia e ahau ki te 1. Na reira, ka titiro tatou ki o tatou tautuhinga - ki hea ka taea e tatou te neke. me tohu te nama e hiahiatia ana.
Tautuhinga Panuku:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389ka tukuna he tauranga 33890 kua kowhiria matapōkeretia ki te tauranga RDP 3389 me te IP o te rorohiko, te tūmau tauranga ranei e hiahia ana matou. Ka hangaia e matou enei ture mo nga rauemi o roto katoa, he pai ki te whakarite i nga tauranga o waho (me nga momo rereke). Ko te tikanga, ko te IP o nga rauemi a-roto me noho pumau, me tuku ranei ki tetahi tūmau DHCP.
Inaianei kua whirihorahia to tatou Mikrotik me te hiahia he tikanga ngawari mo te kaiwhakamahi ki te hono atu ki to tatou RDP o roto. I te mea he kaiwhakamahi Windows te nuinga, ka hangaia he konae pekapeka ngawari ka kiia ko StartRDP.bat:
1.htm
1.rdpna 1.htm kei roto te waehere e whai ake nei:
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
нажмите обновить страницу для повторного захода по RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">kei konei nga hononga e rua ki nga pikitia pohewa kei te wahitau my_router.sn.mynetname.net - ka tangohia e matou tenei wahitau mai i te punaha DDNS Mikrotik i muri i te whakahohe i tenei i roto i to tatou Mikrotik: haere ki te IP-> tahua Kapua - tirohia te DDNS Whakahohea pouaka, paatohia te Tono ka kape i te ingoa dns o to maatau pouara. Engari he mea tika tenei ina he hihiri te IP o waho o te pouara, ka whakamahia ranei he whirihoranga me etahi kaiwhakarato Ipurangi.
Ko te tauranga i te hononga tuatahi: 19000 e rite ana ki te tauranga tuatahi e hiahia ana koe ki te patoto, i te tuarua ka rite ki te tuarua. I waenga i nga hononga he tohutohu poto e whakaatu ana me aha mena ka pakaru to taatau hononga na te raru o te whatunga poto - ka whakahouhia e matou te wharangi, ka whakatuwherahia te tauranga RDP mo matou mo te 1 meneti ka whakahokia mai to maatau huihuinga. Ano, ko te tuhinga i waenga i nga tohu img ka hanga he moroiti-roa mo te kaitirotiro, e whakaiti ana i te tupono ka tukuna te paatete tuatahi ki te tauranga tuarua (16000) - tae noa ki tenei wa kaore ano he keehi pera i roto i nga wiki e rua o te whakamahi (30 tangata).
Ka whai ake ko te konae 1.rdp, ka taea e tatou te whirihora i tetahi mo te katoa, wehe ke ranei mo ia kaiwhakamahi (koinei taku mahi - he maamaa ake te whakapau i te 15 meneti atu i te maha o nga haora ki te tirotiro i te hunga kaore e mohio ana)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomainKo tetahi o nga ahuatanga whakamere i konei ko te whakamahi multimon:i:1 - kei roto i tenei ko te whakamahi i nga kaitirotiro maha - kei te hiahia etahi o nga tangata, engari kaore ratou e whakaaro ki te huri i a raatau ano.
momo hononga:i:6 me te networkautodetect:i:0 - na te mea ko te nuinga o te Ipurangi kei runga ake i te 10 Mbit, katahi ka taea te momo hononga 6 (whatunga paetata 10 Mbit me runga ake) ka mono i te networkautodetect, na te mea ko te taunoa (aunoa), katahi ano te iti onge Whatunga torohūtanga ka tautuhi aunoa i te tere mo to tatou huihuinga i te tere iti mo te wa roa, ka taea te hanga whakaroa i roto i nga mahi, ina koa i nga kaupapa whakairoiro.
monohia te pepapātū:i:1 - monohia te pikitia papamahi
ingoakaiwhakamahi:s:myuserlogin - ka tohu matou i te takiurunga kaiwhakamahi, na te mea ko tetahi waahanga nui o a matou kaiwhakamahi kaore i te mohio ki o raatau takiuru
rohe:s:mydomain - tohuhia te rohe, te ingoa rorohiko ranei
Engari ki te hiahia maatau ki te whakangawari i te mahi o te hanga tikanga hononga, ka taea hoki te whakamahi PowerShell - StartRDP.ps1
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890He iti ano mo te kiritaki RDP i Windows: Kua roa te mahi a MS ki te arotau i te kawa me ona waahanga tūmau me te kiritaki, te whakatinana i te maha o nga waahanga whai hua - penei i te mahi me te taputapu 3D, te arotau i te taumira mata mo to kaitutei, mata-maha, etc. Engari ko te tikanga, ka whakatinanahia nga mea katoa i roto i te aratau hototahi whakamuri me te mea ko te kiritaki Windows 7 me te PC mamao Windows 10, katahi ka mahi a RDP ma te whakamahi i te putanga kawa 7.0. Engari ko te waimarie, ka taea e koe te whakahou i nga putanga RDP ki nga putanga hou ake - hei tauira, ka taea e koe te whakahou i te putanga kawa mai i te 7.0 (Windows 7) ki te 8.1. Na reira, mo te pai o nga kiritaki, me whakanui koe i nga putanga o te waahanga o te tūmau, me te whakarato hoki i nga hononga ki te whakahou ki nga putanga hou o nga kiritaki kawa RDP.
Ko te mutunga mai, he hangarau ngawari me te tino haumaru mo te hononga mamao ki te PC mahi, ki te tūmau kāpeka ranei. Engari mo te hononga haumaru ake, ka kaha ake to maatau tikanga Whakatau Tauranga ki te whakaeke ma te maha o nga ota nui, ma te taapiri i nga tauranga hei tirotiro - ma te whakamahi i te whakaaro kotahi, ka taea e koe te taapiri i te 3,4,5,6... tauranga me i roto i tenei take, ka kore e taea te uru tika ki to whatunga.
.
Source: will.com