Gawo loyamba
Titapuma pang'ono timabwerera ku NSX. Lero ndikuwonetsani momwe mungasinthire NAT ndi Firewall.
Mu tabu Administration pitani kumalo anu enieni a data - Cloud Resources - Virtual Datacenters.

Sankhani tabu Njira za Edge ndikudina kumanja pa NSX Edge yomwe mukufuna. Mu menyu omwe akuwoneka, sankhani njira Edge Gateway Services. NSX Edge Control Panel idzatsegulidwa pagawo lina.

Kukhazikitsa malamulo a Firewall

Mwachikhazikitso mu chinthu lamulo losakhazikika la traffic ingress Njira yokana imasankhidwa, mwachitsanzo, Firewall idzaletsa magalimoto onse.

Kuti muwonjezere lamulo latsopano, dinani +. Cholowa chatsopano chidzawoneka ndi dzina Lamulo latsopano. Sinthani minda yake molingana ndi zomwe mukufuna.

M'munda dzina perekani lamulolo dzina, mwachitsanzo intaneti.

M'munda gwero Lowetsani ma adilesi ofunikira. Pogwiritsa ntchito batani la IP, mutha kukhazikitsa adilesi imodzi ya IP, ma adilesi angapo a IP, CIDR.

Pogwiritsa ntchito batani + mutha kutchula zinthu zina:

• Njira zolumikizirana ndi zipata. Maukonde onse amkati (Wamkati), maukonde onse akunja (Akunja) kapena aliwonse.
• Makina a Virtual. Timamanga malamulo ku makina enieni enieni.
• OrgVdcNetworks. Ma network level level.
• IP Seti. Gulu la ogwiritsa ntchito lopangidwa kale la ma adilesi a IP (opangidwa mu Gulu la chinthu).

M'munda Kupita onetsani adilesi ya wolandira. Zosankha pano ndizofanana ndi zomwe zili mugawo la Source.
M'munda Service mukhoza kusankha kapena kutchula pamanja doko kopita (Popita Port), ndondomeko yofunikira (Protocol), ndi doko la wotumiza (Source Port). Dinani Sungani.

M'munda Action sankhani zomwe mukufuna: kulola kapena kukana kuchuluka kwa magalimoto omwe akufanana ndi lamuloli.

Ikani kasinthidwe komwe mwalowa posankha Sungani zosintha.

Malamulo zitsanzo

Lamulo 1 la Firewall (Intaneti) imalola kugwiritsa ntchito intaneti kudzera pa protocol iliyonse kupita ku seva yokhala ndi IP 192.168.1.10.

Lamulo 2 la Firewall (Web-server) imalola mwayi wopezeka pa intaneti kudzera pa (TCP protocol, port 80) kudzera pa adilesi yanu yakunja. Pankhaniyi - 185.148.83.16:80.

Kupanga kwa NAT

NAT (Kutanthauzira Maadiresi a Network) - kumasulira kwa ma adilesi achinsinsi (imvi) a IP kupita akunja (oyera), mosemphanitsa. Kupyolera mu njirayi, makina enieni amapeza intaneti. Kuti mukonze makinawa, muyenera kukonza malamulo a SNAT ndi DNAT.
Zofunika! NAT imagwira ntchito kokha pamene Firewall yayatsidwa ndipo malamulo ovomerezeka ovomerezeka akukonzedwa.

Pangani lamulo la SNAT. SNAT (Source Network Address Translation) ndi makina omwe cholinga chake ndikusintha adilesi yoyambira potumiza paketi.

Choyamba tiyenera kupeza ma adilesi akunja a IP kapena ma adilesi angapo a IP omwe tingapeze. Kuti muchite izi, pitani ku gawo Administration ndikudina kawiri pakatikati pa data. Muzosankha zomwe zikuwoneka, pitani ku tabu Edge Gateways. Sankhani NSX Edge yomwe mukufuna ndikudina pomwepa. Sankhani njira Zida.

Pa zenera lomwe likuwoneka, mu tabu Sub-Allocate IP Pools mutha kuwona ma adilesi akunja a IP kapena ma adilesi osiyanasiyana a IP. Lembani kapena muzikumbukira.

Kenako, dinani kumanja pa NSX Edge. Mu menyu omwe akuwoneka, sankhani njira Edge Gateway Services. Ndipo tabwerera mu gulu lowongolera la NSX Edge.

Pazenera lomwe likuwoneka, tsegulani tabu ya NAT ndikudina Add SNAT.

Muwindo latsopano tikuwonetsa:

• mu Applied on the field - network yakunja (osati network-level network!);
• Gwero Loyamba IP / range - ma adilesi amkati, mwachitsanzo, 192.168.1.0/24;
• Translated Source IP/range - adilesi yakunja yomwe intaneti idzafikiridwe ndi yomwe mudayang'ana pa Sub-Allocate IP Pools tabu.

Dinani Sungani.

Pangani lamulo la DNAT. DNAT ndi njira yomwe imasintha adilesi yopita ya paketi komanso doko lolowera. Amagwiritsidwa ntchito kuwongolera mapaketi obwera kuchokera ku adilesi yakunja / doko kupita ku adilesi yachinsinsi ya IP / doko mkati mwa netiweki yachinsinsi.

Sankhani tabu ya NAT ndikudina Add DNAT.

Pawindo lomwe likuwoneka, tchulani:

- mu Applied on the field - network yakunja (osati network-level network!);
- IP / mtundu woyambira - adilesi yakunja (adilesi yochokera ku Sub-Allocate IP Pools tabu);
- Protocol - ndondomeko;
- Port Yoyambirira - doko la adilesi yakunja;
- Womasulira IP/range - adilesi yamkati ya IP, mwachitsanzo, 192.168.1.10
- Port Womasulira - doko la adilesi yamkati komwe doko la adilesi yakunja lidzamasuliridwa.

Dinani Sungani.

Ikani kasinthidwe komwe mwalowa posankha Sungani zosintha.

Wachita.

Chotsatira pamzere ndi malangizo pa DHCP, kuphatikiza kukhazikitsa DHCP Bindings ndi Relay.

Source: www.habr.com