ProHoster > Blog > Ulamuliro > Kusindikiza seva kudzera pachipata cha D-Link DFL

Kusindikiza seva kudzera pachipata cha D-Link DFL

Ndinali ndi ntchito - kufalitsa ntchito pa rauta ya D-Link DFL pa adilesi ya IP yomwe siimangiriridwa ndi mawonekedwe a wan. Koma sindinapeze malangizo pa intaneti omwe angathetse vutoli, choncho ndinalemba ndekha.

Deta yoyamba (maadiresi onse amatengedwa mwachitsanzo)

Seva yapaintaneti yamkati yokhala ndi IP: 192.168.0.2 (port 8080).
Ma adilesi oyera akunja omwe aperekedwa ndi wothandizira: 5.255.255.0/28, njira yoperekera: 5.255.255.1, maadiresi otsala “athu” 5.255.255.2-14.

Lolani ma adilesi 5.255.255.2-10 timagwiritsa ntchito NAT ndi zosowa zina. Ulalo wopereka ndiwolumikizidwa kudoko wan1. Kuti mawonekedwe wan1 adilesi yolumikizidwa 5.255.255.2.

Ntchito: sindikizani seva yapaintaneti ku adilesi ya anthu onse 5.255.255.11, pa doko 80.

Yankho lake ndi lalifupi

Kuti musindikize ntchito pa IP yomwe sikugwirizana ndi mawonekedwe adilesi mudzafunika:

  1. Sonyezani kwa rauta kuti ip yosindikizidwa iyenera kufufuzidwa mkati pogwiritsa ntchito matebulo apanjira.
  2. Kusindikiza arpkotero kuti rauta imayankha oyandikana nawo kuti adilesi yosindikizidwa ndi yake.
  3. ndondomeko ya firewall (SAT), yomwe mkati mwa rauta idzasintha adilesi yopita ku adilesi ya seva yomaliza.
  4. Lamulo la Firewall (Lolani), lomwe lidzalola kulumikizana kuchokera ku mawonekedwe akunja kupita ku adilesi yosindikizidwa mkati mwa rauta

Ndipo tsopano zambiri pang'ono za mfundo iliyonse

Kukonzekera

I. Choyamba, tiyeni tipange "Zinthu" pazosowa zathu zonse (tsopano ndikuwonetsa njira ya mawonekedwe a intaneti, ndikuganiza kuti omwe amagwira ntchito ndi console adzatha kusamutsa zochita kuti zikhazikitse malamulo).

1. Onjezani ma adilesi awiri a ipv4 ku bukhu la ma adilesi:
seva yapaintaneti = 192.168.0.2
public-web-server = 5.255.255.11

Kusindikiza seva kudzera pachipata cha D-Link DFL

Kusindikiza seva kudzera pachipata cha D-Link DFL

2. Kenako timawonjezera madoko pamndandanda wantchito:
inu_http = tcp:8080

Kusindikiza seva kudzera pachipata cha D-Link DFL

Kusindikiza seva kudzera pachipata cha D-Link DFL

Doko tcp:80 alipo kale mu mndandanda wa mautumiki, otchedwa http, ali ndi malire 2000 magawo, malirewo akhoza kusinthidwa.

oZinapezeka kuti palibe chifukwa chowonjezera doko la seva pa intaneti yamkati, koma ndikusiya chifukwa ... chitsanzo chingafunike pa doko la anthu onse, koma iwonjezedwa mofananamo

II. Tiyeni tisunthire molunjika ku yankho.

Ndime 1 и 2 akhoza kuphatikizidwa, chifukwa Mukawonjezera njira yokhazikika, ndizotheka kupereka ARP nthawi yomweyo. Kunena zowona, sindinawone mwayi uwu nthawi yomweyo ndikukhazikitsa zofalitsa pamanja; rauta ilinso ndi magwiridwe antchito.

1. Chifukwa chake, ngati simunapangebe gulu la matebulo owongolera ndi malamulo awo, ndiye kuti zonse zitha kuchitika patebulo lalikulu, limatchedwa. waukulu.

Kusindikiza seva kudzera pachipata cha D-Link DFL

Table waukulupadzakhala njira yokhazikika yopita ku netiweki 5.255.255.0/28 pa mawonekedwe wan1. Ndipo metrics Njirayi ikufanana ndi metric yomwe yafotokozedwa pazosintha za mawonekedwe (mwachisawawa 100).

Kusindikiza seva kudzera pachipata cha D-Link DFL

Kuletsa pachipata kutumiza mapaketi kubwerera mawonekedwe wan1, muyenera kupanga njira yokhazikika yopita ku adilesi public-web-server ku mawonekedwe pakati ndi metric zochepa 100 (mawonekedwe ang'onoang'ono metric wan1) - ndiye chipata chidzayang'ana "mkati mwake".

2. Kumeneko, popanga njira, mukhoza kukonza Proxy ARP kuti chipata chiyankhire zopempha za ARP. Patsamba la Proxy ARP, onjezani mawonekedwe a WAN.

Kusindikiza seva kudzera pachipata cha D-Link DFL

pangani njira, koma osadina Chabwino, koma pitani pagawo lachiwiri la Proxy ARP:

Kusindikiza seva kudzera pachipata cha D-Link DFL

ARP, onjezani mawonekedwe wan1:

Kusindikiza seva kudzera pachipata cha D-Link DFL

3.Pomaliza, timapitilira kukhazikitsa NAT ndi firewall (izi zafotokozedwa kale mwatsatanetsatane mu malangizo patsamba dlink.ua).

Kusindikiza seva kudzera pachipata cha D-Link DFL

Timapanga lamulo la SAT kuti mu paketi kuchokera pa mawonekedwe wan1 ndi adilesi yopitira public-web-server doko la kopita http, komwe takonza njira yolumikizira mawonekedwe pakati, sinthani adilesi yolowera ndi adilesi yamkati ya seva yathu seva yapaintaneti ndi doko 8080.

Kusindikiza seva kudzera pachipata cha D-Link DFL

4. Ndipo sitepe yotsatira ndiyo kulola paketi yotereyi - pangani Lolani lamulo lokhala ndi magawo ofanana (ndikoyenera kukopera lamulo la SAT ndikusintha zomwezo ndi Lolani).

Kusindikiza seva kudzera pachipata cha D-Link DFL

ZindikiraniPankhaniyi, malamulo ayenera kukhala ndendende motere: choyamba SAT, kenako Lolani:

Kumbukirani kuti lamulo la SAT liyenera kukhala pamwamba pa lamulo lololeza. Izi ndichifukwa choti paketi, ikagwa mulamulo lololeza kapena kukana, silipita patsogolo patebulo la "Malamulo".

dlink.ua
Pankhaniyi, lamulo lololeza limapangidwanso padoko la anthu onse ndi adilesi:

Chonde dziwani kuti ma protocol, mawonekedwe ndi magawo a netiweki mulamulo lololeza ndizofanana ndi zomwe zili mulamulo ndi "SAT".

Zinkawoneka kwa ine kuti paketiyo idakonzedwa kale ndi lamulo la SAT mzere kale, ndipo adiresi yopita ndi doko zinali zatsopano, koma ayi, zikuwoneka kuti kusinthaku kumachitika nthawi ina malamulo ena onse atakonzedwa.

В malangizo ochokera ku D-link Kugwira ntchito kwa SAT kumawululidwa mozama; imapereka mwayi wambiri wosangalatsa. Cholinga changa chinali kufotokoza nkhani yomwe sinafotokozedwe mu malangizowa komanso malangizo ena. Ndikukhulupirira kuti malangizowa adzakhala othandiza komanso omveka.

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster