Takulandirani ku phunziro 8. Mfundo yofunika kwambiri, chifukwa ... Mukamaliza, mudzatha kukonza intaneti kwa ogwiritsa ntchito anu! Ndiyenera kuvomereza kuti anthu ambiri amasiya kukhazikitsa panthawiyi π Koma ife sitiri m'modzi wa iwo! Ndipo tidakali ndi zinthu zambiri zosangalatsa kutsogolo. Ndipo tsopano ku mutu wa phunziro lathu.
Monga mwina mumaganizira kale, lero tikambirana za NAT. Ndikukhulupirira kuti aliyense amene amawonera phunziroli amadziwa zomwe NAT ndi. Choncho, sitidzalongosola mwatsatanetsatane momwe zimagwirira ntchito. Ndingobwerezanso kuti NAT ndiukadaulo womasulira adilesi yomwe idapangidwa kuti ipulumutse "ndalama zoyera," i.e. ma adilesi a IP (adilesi yomwe imayendetsedwa pa intaneti).
Mu phunziro lapitalo, mwinamwake munazindikira kale kuti NAT ndi gawo la ndondomeko ya Access Control. Izi ndi zomveka. Mu SmartConsole, zosintha za NAT zimayikidwa pagawo lina. Ife ndithudi tiyang'ana kumeneko lero. Nthawi zambiri, mu phunziro ili tikambirana mitundu ya NAT, sinthani mwayi wopezeka pa intaneti ndikuyang'ana chitsanzo chapamwamba cha kutumiza madoko. Iwo. zomwe zimagwiritsidwa ntchito nthawi zambiri m'makampani. Tiyeni tiyambe.
Njira ziwiri zosinthira NAT
Check Point imathandizira njira ziwiri zosinthira NAT: Makina a NAT ΠΈ Manual NAT. Komanso, pa njira iliyonseyi pali mitundu iwiri yomasulira: Bisani NAT ΠΈ Zotsatira za NAT. Mwambiri, zikuwoneka ngati chithunzi ichi:
Ndikumvetsa kuti mwina zonse zikuwoneka zovuta kwambiri tsopano, kotero tiyeni tiwone mtundu uliwonse mwatsatanetsatane.
Makina a NAT
Iyi ndiye njira yachangu komanso yosavuta. Kukonza NAT kumachitika ndikudina kuwiri kokha. Zomwe muyenera kuchita ndikutsegula zomwe mukufuna (zikhale chipata, network, host, etc.), pitani ku tabu ya NAT ndikuwunika "Onjezani malamulo omasulira adilesi" Apa muwona munda - njira yomasulira. Pali, monga tafotokozera pamwambapa, awiri a iwo.
1. Atomatic Bisani NAT
Mwachikhazikitso ndi Bisani. Iwo. pamenepa, netiweki yathu "ibisala" kuseri kwa adilesi yapagulu ya IP. Pankhaniyi, adilesi ikhoza kutengedwa kuchokera ku mawonekedwe akunja a chipata, kapena mutha kufotokozeranso zina. Mtundu uwu wa NAT nthawi zambiri umatchedwa dynamic kapena zambiri-kwa-zimodzi, chifukwa Maadiresi angapo amkati amamasuliridwa kukhala amodzi akunja. Mwachilengedwe, izi zimatheka pogwiritsa ntchito madoko osiyanasiyana pofalitsa. Bisani NAT imagwira ntchito mbali imodzi yokha (kuchokera mkati mpaka kunja) ndipo ndiyabwino pamamanetiweki am'deralo mukangofunika kupeza intaneti. Ngati magalimoto ayambika kuchokera pa netiweki yakunja, ndiye kuti NAT mwachilengedwe sigwira ntchito. Zimakhala chitetezo chowonjezera cha ma network amkati.
2. Automatic Static NAT
Bisani NAT ndi yabwino kwa aliyense, koma mwina muyenera kupereka mwayi kuchokera pa netiweki yakunja kupita ku seva yamkati. Mwachitsanzo, ku seva ya DMZ, monga chitsanzo chathu. Pamenepa, Static NAT ingatithandize. Ndikosavuta kukhazikitsa. Ndikokwanira kusintha njira yomasulira kukhala Static muzinthu za chinthu ndikutchula adilesi ya IP yomwe idzagwiritsidwe ntchito ku NAT (onani chithunzi pamwambapa). Iwo. ngati wina kuchokera pa netiweki yakunja apeza adilesi iyi (pa doko lililonse!), Pempholo litumizidwa ku seva yokhala ndi IP yamkati. Kuphatikiza apo, ngati sevayo ikapita pa intaneti, IP yake isinthanso kukhala adilesi yomwe tidatchula. Iwo. Izi ndi NAT mbali zonse ziwiri. Amatchedwanso m'modzi ndi m'modzi ndipo nthawi zina amagwiritsidwa ntchito pa ma seva aboma. Chifukwa chiyani βnthawi zinaβ? Chifukwa ili ndi drawback imodzi yayikulu - adilesi ya IP ya anthu onse (madoko onse). Simungagwiritse ntchito adilesi imodzi yapagulu pamaseva osiyanasiyana amkati (okhala ndi madoko osiyanasiyana). Mwachitsanzo HTTP, FTP, SSH, SMTP, etc. Buku la NAT limatha kuthetsa vutoli.
Manual NAT
Chodabwitsa cha Manual NAT ndikuti muyenera kupanga malamulo omasulira nokha. Mu tabu yomweyo ya NAT mu Access Control Policy. Nthawi yomweyo, Manual NAT imakupatsani mwayi wopanga malamulo ovuta kumasulira. Magawo otsatirawa akupezeka kwa inu: Komwe Koyambira, Komwe Komwe Munkapita, Ntchito Zoyambirira, Komasulira, Malo Omasulira, Ntchito Zomasulira.
Palinso mitundu iwiri ya NAT yotheka pano - Bisani ndi Static.
1. Bisani NAT pamanja
Bisani NAT mu nkhani iyi angagwiritsidwe ntchito zosiyanasiyana. Zitsanzo zingapo:
- Mukapeza chinthu china kuchokera pa netiweki yakumaloko, mukufuna kugwiritsa ntchito adilesi ina yowulutsira (yosiyana ndi yomwe imagwiritsidwa ntchito pazinthu zina zonse).
- Pali makompyuta ambiri pa intaneti yakomweko. Bisani Automatic NAT sigwira ntchito pano, chifukwa... Ndi kukhazikitsidwa uku, ndizotheka kukhazikitsa adilesi imodzi yokha ya IP, kumbuyo komwe makompyuta "adzabisala". Pakhoza kukhala palibe madoko okwanira owulutsira. Pali, monga mukukumbukira, pang'ono kuposa 65 zikwi. Komanso, kompyuta iliyonse imatha kupanga mazana a magawo. Bisani NAT Buku limakupatsani mwayi woyika maadiresi a IP omwe ali mugulu la Translated Source. Potero akuwonjezera kuchuluka kwa zomasulira za NAT.
2.Manual Static NAT
Static NAT imagwiritsidwa ntchito nthawi zambiri popanga pamanja malamulo omasulira. Chitsanzo chapamwamba ndi kutumiza madoko. Mlanduwo pamene adilesi ya IP (yomwe ingakhale ya pachipata) imapezeka kuchokera pa netiweki yakunja padoko linalake ndipo pempho limamasuliridwa kuzinthu zamkati. Pantchito yathu ya labotale, tidzatumiza port 80 ku seva ya DMZ.
Vidiyo phunziro
Khalani tcheru kuti mumve zambiri ndikulumikizana nafe π
Source: www.habr.com