Diagnostics of network networks pa EDGE virtual router

Nthawi zina, mavuto angabwere mukakhazikitsa rauta yeniyeni. Mwachitsanzo, kutumiza ma port (NAT) sikugwira ntchito ndipo/kapena pali vuto pakukhazikitsa malamulo a Firewall okha. Kapena mumangofunika kupeza zipika za rauta, fufuzani momwe tchanelocho chikugwirira ntchito, ndikuwunika ma netiweki. Cloud provider Cloud4Y akufotokoza momwe izi zimachitikira.

Kugwira ntchito ndi rauta yeniyeni

Choyamba, tiyenera kukonza mwayi wofikira ku rauta yeniyeni - EDGE. Kuti tichite izi, timalowetsa mautumiki ake ndikupita ku tabu yoyenera - EDGE Settings. Kumeneko timatsegula SSH Status, kukhazikitsa mawu achinsinsi, ndipo onetsetsani kuti mwasunga zosintha.

Ngati tigwiritsa ntchito malamulo okhwima a Firewall, chilichonse chikaletsedwa mwachisawawa, ndiye kuti timawonjezera malamulo omwe amalola kulumikizana ndi rauta yokha kudzera pa doko la SSH:

Kenako timalumikizana ndi kasitomala aliyense wa SSH, mwachitsanzo PuTTY, ndikufika ku kontrakitala.

Mu console, malamulo amapezeka kwa ife, mndandanda womwe ukhoza kuwonedwa pogwiritsa ntchito:
mndandanda

Kodi ndi malamulo ati amene angakhale othandiza kwa ife? Nawu mndandanda wazothandiza kwambiri:

• Onetsani mawonekedwe - iwonetsa malo omwe alipo ndi ma adilesi a IP omwe adayikidwapo
• onetsani log - idzawonetsa zipika za router
• onetsani chipika kutsatira - zikuthandizani kuti muwone chipikacho munthawi yeniyeni ndi zosintha zosasintha. Lamulo lirilonse, likhale NAT kapena Firewall, liri ndi Yambitsani njira yodula mitengo, ikayatsidwa, zochitika zidzalembedwa mu chipika, zomwe zidzalola kufufuza.
• kuwonetsa flowtable - iwonetsa tebulo lonse la maulumikizidwe okhazikitsidwa ndi magawo awo
  Chitsanzo:1: tcp 6 21599 ESTABLISHED src=9Х.107.69.ХХХ dst=178.170.172.XXX sport=59365 dport=22 pkts=293 bytes=22496 src=178.170.172.ХХХ dst=91.107.69.173 sport=22 dport=59365 pkts=206 bytes=83569 [ASSURED] mark=0 rid=133427 use=1
• Onetsani Flowtable TopN10 - imakulolani kuti muwonetse chiwerengero chofunikira cha mizere, mu chitsanzo ichi 10
• Onetsani flowtable topN 10 yosankhidwa ndi pkts - Ithandizira kusanja maulumikizidwe ndi kuchuluka kwa mapaketi kuyambira ang'onoang'ono mpaka akulu
• Onetsani flowtable topN 10 yosankhidwa mwamabayiti - Zithandizira kusanja maulumikizidwe ndi kuchuluka kwa ma byte omwe amasamutsidwa kuchokera ku zazing'ono kupita zazikulu
• Onetsani flowtable rule-id ID topN 10 - imathandizira kuwonetsa kulumikizana ndi ID yofunikira
• Onetsani flowtable flowspec SPEC - kwa kusankha kosinthika kwa maulumikizi, kumene SPEC - imayika malamulo ofunikira osefa, mwachitsanzo proto=tcp:srcIP=9Х.107.69.ХХХ:sport=59365, posankha pogwiritsa ntchito protocol ya TCP ndi gwero la IP adilesi 9Х.107.69. XX kuchokera pa doko lotumiza 59365
  Chitsanzo:> show flowtable flowspec proto=tcp:srcip=90.107.69.171:sport=59365
1: tcp 6 21599 ESTABLISHED src=9Х.107.69.XX dst=178.170.172.xxx sport=59365 dport=22 pkts=1659 bytes=135488 src=178.170.172.xxx dst=xx.107.69.xxx sport=22 dport=59365 pkts=1193 bytes=210361 [ASSURED] mark=0 rid=133427 use=1
Total flows: 1
• onetsani madontho a paketi - idzakulolani kuti muwone ziwerengero pamaphukusi
• kuwonetsa ma firewall oyenda - Imawonetsa zowerengera zamapaketi a firewall ndikuyenda kwa paketi.

Titha kugwiritsanso ntchito zida zowunikira maukonde mwachindunji kuchokera pa rauta ya EDGE:

• ping ip MAWU
• ping ip WORD size SIZE count COUNT nofrag - ping kusonyeza kukula kwa deta yomwe ikutumizidwa ndi chiwerengero cha macheke, komanso kuletsa kugawikana kwa paketi yokhazikitsidwa.
• traceroute ip WORD

Tsatanetsatane wa kuzindikira ntchito ya Firewall pa Edge

1. Yambitsani kuwonetsa firewall ndipo yang'anani malamulo omwe adayikidwa muzosefera pa tebulo la usr_rules
2. Timayang'ana unyolo wa POSTROUTIN ndikuwongolera kuchuluka kwa mapaketi otsika pogwiritsa ntchito gawo la DROP. Ngati pali vuto ndi njira za asymmetric, tidzalemba kuchuluka kwa zikhalidwe.
   Tiyeni tichite macheke owonjezera:
   • Ping idzagwira ntchito mbali imodzi osati mbali ina
   • ping idzagwira ntchito, koma magawo a TCP sadzakhazikitsidwa.
3. Timayang'ana kutulutsa kwa chidziwitso cha ma adilesi a IP - kuwonetsa ipset
4. Yambitsani kulowa pa lamulo la firewall mu ntchito za Edge
5. Tikuwona zomwe zikuchitika mu chipika - onetsani chipika kutsatira
6. Timayang'ana maulumikizidwe pogwiritsa ntchito lamulo_id yofunikira - onetsani flowtable rule_id
7. Ndi chithandizo cha onetsani ma flowstats Timafanizira maulumikizidwe a Current Flow Entries omwe adayikidwa pano ndi omwe amaloledwa (Total Flow Capacity) pamasinthidwe apano. Zosintha zomwe zilipo ndi malire zitha kuwonedwa mu VMware NSX Edge. Ngati mukufuna, ndingalankhule za izi m'nkhani yotsatira.

Ndi chiyani chinanso chomwe mungawerenge pabulogu? Cloud4Y

→ Ma virus osamva CRISPR amamanga "malo ogona" kuti ateteze ma genomes ku ma enzyme olowa mu DNA.
→ Kodi banki yalephera bwanji?
→ The Great Snowflake Theory
→ Intaneti pa mabuloni
→ Pentesters patsogolo pa cybersecurity

Lembani ku wathu uthengawo-channel kuti musaphonye nkhani yotsatira! Timalemba zosaposa kawiri pa sabata komanso pa bizinesi. Tikukumbutsani kuti oyambitsa angalandire RUB 1. kuchokera Cloud000Y. Mikhalidwe ndi fomu yofunsira omwe ali ndi chidwi angapezeke patsamba lathu: bit.ly/2sj6dPK

Source: www.habr.com