Moni! Takulandirani ku phunziro lachisanu la maphunzirowa . pa Tazindikira momwe ndondomeko zachitetezo zimagwirira ntchito. Tsopano ndi nthawi yomasula anthu am'deralo pa intaneti. Kuti tichite izi, mu phunziro ili tiwona momwe makina a NAT amagwirira ntchito.
Kuphatikiza pa kumasula ogwiritsa ntchito pa intaneti, tiwonanso njira yosindikizira ntchito zamkati. Pansi pa odulidwawo pali chiphunzitso chachidule cha kanema, komanso phunziro la kanema palokha.
Ukadaulo wa NAT (Network Address Translation) ndi njira yosinthira ma adilesi a IP a mapaketi a netiweki. M'mawu a Fortinet, NAT imagawidwa m'mitundu iwiri: Source NAT ndi Destination NAT.
Mayina amadzinenera okha - mukamagwiritsa ntchito Source NAT, magwero akusintha, mukamagwiritsa ntchito Destination NAT, adilesi yopita imasintha.
Kuphatikiza apo, palinso zosankha zingapo zokhazikitsa NAT - Firewall Policy NAT ndi Central NAT.
Mukamagwiritsa ntchito njira yoyamba, Gwero ndi Kopita NAT ziyenera kukhazikitsidwa pa mfundo iliyonse yachitetezo. Pankhaniyi, Source NAT imagwiritsa ntchito adilesi ya IP ya mawonekedwe otuluka kapena IP Pool yokonzedweratu. Kopita NAT imagwiritsa ntchito chinthu chokonzedweratu (chotchedwa VIP - Virtual IP) monga adilesi yopita.
Mukamagwiritsa ntchito Central NAT, kasinthidwe ka Gwero ndi Malo a NAT amachitidwa pa chipangizo chonse (kapena domain domain) nthawi imodzi. Pamenepa, zosintha za NAT zimagwira ntchito pa ndondomeko zonse, kutengera malamulo a Source NAT ndi Destination NAT.
Malamulo a NAT adakhazikitsidwa mu mfundo yapakati ya Source NAT. Malo a NAT amakonzedwa kuchokera ku menyu ya DNAT pogwiritsa ntchito ma adilesi a IP.
Mu phunziro ili, tingoganizira za Firewall Policy NAT - monga momwe zimasonyezera, njira iyi yosinthira ndiyofala kwambiri kuposa Central NAT.
Monga ndanenera kale, pokonza Firewall Policy Source NAT, pali njira ziwiri zosinthira: m'malo mwa adilesi ya IP ndi adilesi yotuluka, kapena ndi adilesi ya IP kuchokera padziwe lokonzedweratu la ma adilesi a IP. Zikuwoneka ngati zomwe zikuwonetsedwa pachithunzichi. Kenaka, ndilankhula mwachidule za maiwe omwe angakhalepo, koma pochita ntchitoyi tidzangoganizira za chisankho ndi adiresi ya mawonekedwe otuluka - m'mapangidwe athu, sitikusowa madzi adilesi a IP.
Phukusi la IP limatanthawuza ma adilesi amodzi kapena angapo a IP omwe adzagwiritsidwe ntchito ngati adilesi yoyambira panthawi yagawo. Maadiresi a IP awa adzagwiritsidwa ntchito m'malo mwa adilesi ya IP ya FortiGate yotuluka.
Pali mitundu inayi ya maiwe a IP omwe amatha kukhazikitsidwa pa FortiGate:
- Yambani
- Mmodzi-kwa-mmodzi
- Fixed Port Range
- Kugawidwa kwa ma port block
Kuchulukitsa ndiye dziwe lalikulu la IP. Imatembenuza maadiresi a IP pogwiritsa ntchito njira zambiri kapena zambiri. Kumasulira kwadoko kumagwiritsidwanso ntchito. Ganizirani dera lomwe likuwonetsedwa pachithunzichi. Tili ndi phukusi lomwe lili ndi magawo ofotokozedwa ndi Kopita. Ngati ibwera pansi pa ndondomeko ya firewall yomwe imalola kuti paketi iyi ifike pa intaneti yakunja, lamulo la NAT likugwiritsidwa ntchito. Zotsatira zake, mu paketi iyi gawo la Source limasinthidwa ndi amodzi mwa ma adilesi a IP omwe atchulidwa mu dziwe la IP.
Dziwe la One to One limatanthauziranso ma adilesi ambiri akunja a IP. Phukusi likagwa pansi pa ndondomeko ya firewall ndi lamulo la NAT lololedwa, adilesi ya IP yomwe ili mu Source field imasinthidwa kukhala imodzi mwa maadiresi a dziwe ili. Kusintha kumatsatira lamulo la "choyamba, choyamba". Kuti timveke bwino, tiyeni tione chitsanzo.
Kompyuta pa netiweki yapafupi yokhala ndi adilesi ya IP 192.168.1.25 imatumiza paketi ku netiweki yakunja. Imagwera pansi pa lamulo la NAT, ndipo gawo la Source limasinthidwa kukhala adilesi yoyamba ya IP kuchokera padziwe, kwa ife ndi 83.235.123.5. Ndizofunikira kudziwa kuti mukamagwiritsa ntchito dziwe la IP ili, kumasulira kwa doko sikugwiritsidwe ntchito. Ngati izi zitachitika kompyuta yochokera ku netiweki yomweyi, yokhala ndi adilesi, iti, 192.168.1.35, itumiza paketi ku netiweki yakunja komanso ikugwera pansi pa lamulo ili la NAT, adilesi ya IP yomwe ili mgawo la Source la paketi iyi isintha kukhala. 83.235.123.6. Ngati palibenso maadiresi omwe atsala mu dziwe, malumikizidwe otsatira adzakanidwa. Ndiko kuti, pamenepa, makompyuta 4 akhoza kugwa pansi pa ulamuliro wathu wa NAT nthawi yomweyo.
Fixed Port Range imalumikiza ma adilesi amkati ndi akunja a IP. Kumasulira padoko nakonso kuyimitsidwa. Izi zimakupatsani mwayi wogwirizanitsa chiyambi kapena mapeto a dziwe la ma adilesi amkati a IP ndi chiyambi kapena mapeto a dziwe la ma adilesi akunja a IP. Muchitsanzo chomwe chili pansipa, dziwe lamkati la ma adilesi 192.168.1.25 - 192.168.1.28 likujambulidwa ku dziwe lakunja 83.235.123.5 - 83.235.125.8.
Port Block Allocation - dziwe la IP ili limagwiritsidwa ntchito kugawira madoko kwa ogwiritsa ntchito dziwe la IP. Kuphatikiza pa IP dziwe lokha, magawo awiri ayeneranso kufotokozedwa apa - kukula kwa chipika ndi kuchuluka kwa midadada yomwe imaperekedwa kwa wogwiritsa ntchito aliyense.
Tsopano tiyeni tiwone ukadaulo wa Destination NAT. Zimatengera ma adilesi a IP (VIP). Pamapaketi omwe amagwera pansi pa malamulo a Destination NAT, adilesi ya IP mugawo la Kopita amasintha: nthawi zambiri adilesi yapaintaneti imasintha kukhala adilesi yachinsinsi ya seva. Maadiresi a IP a Virtual amagwiritsidwa ntchito mu ndondomeko zozimitsa moto ngati Malo Opitako.
Mtundu wokhazikika wa ma adilesi a IP ndi Static NAT. Uku ndi kulemberana m'modzi-m'modzi pakati pa ma adilesi akunja ndi amkati.
M'malo mwa Static NAT, ma adilesi enieni amatha kuchepetsedwa potumiza madoko ena. Mwachitsanzo, kulumikizana ndi adilesi yakunja padoko 8080 ndi kulumikizana ndi adilesi yamkati ya IP padoko 80.
Muchitsanzo chomwe chili pansipa, kompyuta yokhala ndi adilesi 172.17.10.25 ikuyesera kupeza adilesi 83.235.123.20 padoko 80. Kulumikizana uku kumagwera pansi pa lamulo la DNAT, kotero kuti adilesi ya IP imasinthidwa kukhala 10.10.10.10.
Kanemayu akukambirana za chiphunzitsocho komanso amapereka zitsanzo zothandiza pakukonza Source ndi Destination NAT.
M'maphunziro otsatirawa tipitilira kuonetsetsa chitetezo cha ogwiritsa ntchito pa intaneti. Mwachindunji, phunziro lotsatira lidzakambirana za magwiridwe antchito a kusefa ndi kuwongolera kugwiritsa ntchito intaneti. Kuti musaphonye, ββtsatirani zosintha pamayendedwe otsatirawa:
Source: www.habr.com