Su'esu'ega o feso'ota'iga feso'ota'iga i le EDGE virtual router

I nisi tulaga, e ono tula'i mai ni fa'afitauli pe a fa'atūina se telefoni feavea'i. Mo se faʻataʻitaʻiga, e le aoga le port forwarding (NAT) ma / poʻo o loʻo i ai se faʻafitauli i le faʻatulagaina o tulafono a le Firewall. Pe na'o lou mana'omia e maua ni ogalaau o le router, siaki le fa'agaioiga o le auala, ma fa'atautaia su'esu'ega o feso'ota'iga. O lo'o tu'uina atu le ao Cloud4Y fa'amatalaina pe fa'apefea ona fai lenei mea.

Galulue faʻatasi ma se telefoni feaveaʻi

Muamua lava, tatou te manaʻomia le faʻatulagaina o avanoa i le router virtual - EDGE. Ina ia faia lenei mea, matou te ulufale i ana auaunaga ma alu i le lisi talafeagai - EDGE Settings. O iina matou te faʻatagaina ai le SSH Tulaga, seti se faʻaupuga, ma ia mautinoa e teu suiga.

Afai matou te faʻaogaina tulafono faʻamalosi afi, pe a faʻasaina mea uma e ala i le le mafai, ona matou faʻaopoopoina lea o tulafono e faʻatagaina fesoʻotaʻiga i le router lava ia e ala i le SSH port:

Ona matou faʻafesoʻotaʻi lea ma soʻo se SSH client, mo se faʻataʻitaʻiga PuTTY, ma alu i le faʻamafanafanaga.

I totonu o le faʻamafanafanaga, o loʻo avanoa mai ia i matou poloaiga, o se lisi e mafai ona vaʻaia e faʻaaoga ai:
lisi

O a poloaiga e mafai ona aoga ia i tatou? O se lisi lenei o mea sili ona aoga:

• fa'aali fa'aoga - o le a faʻaalia fesoʻotaʻiga avanoa ma tuatusi IP faʻapipiʻi ia i latou
• fa'aali ogalaau - o le a faʻaalia ogalaau router
• fa'aali ogalaau mulimuli - o le a fesoasoani ia te oe e matamata i le ogalaau i le taimi moni ma faʻafouga faifai pea. O tulafono taʻitasi, pe NAT poʻo le Firewall, o loʻo i ai le Enable logging option, pe a mafai, o mea e tutupu o le a faʻamaumau i totonu o le ogalaau, lea e mafai ai ona faʻamaonia.
• fa'aali laulau fa'afefe - o le a faʻaalia le laulau atoa o fesoʻotaʻiga faʻamautu ma a latou faʻamau
  Faataitaiga:1: tcp 6 21599 ESTABLISHED src=9Х.107.69.ХХХ dst=178.170.172.XXX sport=59365 dport=22 pkts=293 bytes=22496 src=178.170.172.ХХХ dst=91.107.69.173 sport=22 dport=59365 pkts=206 bytes=83569 [ASSURED] mark=0 rid=133427 use=1
• fa'aali luga ole laulau fa'afefeN10 - faʻatagaina oe e faʻaalia le numera manaʻomia o laina, i lenei faʻataʻitaʻiga 10
• fa'aali fa'asolo i lugaN 10 fa'avasega-i pkts - o le a fesoasoani e fa'avasega feso'ota'iga e ala i numera o afifi mai le la'ititi i le tele
• fa'aali fa'asolo i lugaN 10 fa'avasega-i paita - o le a fesoasoani e fa'avasega feso'ota'iga i le aofa'i o bytes e fa'aliliu mai le la'ititi i le tele
• fa'aali le fa'atonu tulafono-id ID pito i lugaN 10 - o le a fesoasoani e faʻaalia fesoʻotaʻiga i le ID tulafono manaʻomia
• fa'aali flowtable flowspec SPEC - mo filifiliga sili atu fetuutuunai o sootaga, lea SPEC - seti tulafono faamama talafeagai, mo se faataitaiga proto=tcp:srcip=9Х.107.69.ХХХ:sport=59365, mo filifiliga e faaaoga ai le TCP protocol ma le puna IP tuatusi 9Х.107.69. XX mai le uafu lafo 59365
  Faataitaiga:> show flowtable flowspec proto=tcp:srcip=90.107.69.171:sport=59365
1: tcp 6 21599 ESTABLISHED src=9Х.107.69.XX dst=178.170.172.xxx sport=59365 dport=22 pkts=1659 bytes=135488 src=178.170.172.xxx dst=xx.107.69.xxx sport=22 dport=59365 pkts=1193 bytes=210361 [ASSURED] mark=0 rid=133427 use=1
Total flows: 1
• fa'aali pa'u o le afifi - o le a faʻatagaina oe e matamata i faʻamaumauga i luga o afifi
• fa'aalia le tafega o firewall - Fa'aali atu fa'amaufa'ailoga afi fa'atasi ma fa'asologa o afifi.

E mafai fo'i ona matou fa'aoga sa'o mea faigaluega su'esu'e feso'ota'iga mai le router EDGE:

• ping ip UPU
• ping ip WORD size SIZE count COUNT nofrag – ping e fa'ailoa mai ai le tele o fa'amaumauga o lo'o lafo ma le numera o siaki, ma fa'asa fo'i le vaevaega o le lapo'a fa'atulaga.
• traceroute ip UPU

Fa'asologa o le su'esu'eina o fa'agaioiga Firewall i Edge

1. Fa'alauiloa fa'aali firewall ma vaʻavaʻai i tulafono faʻapipiʻi faʻapipiʻi masani ile usr_rules laulau
2. Matou te vaʻavaʻai i le filifili POSTROUTIN ma pulea le numera o paʻu pa'ū e faʻaaoga ai le DROP fanua. Afai ei ai se faʻafitauli i le faʻaogaina o le asymmetric routing, o le a matou faʻamauina se faʻaopoopoga o tau.
   Sei o tatou faia ni siaki faaopoopo:
   • Ping o le a galue i le tasi itu ae le o le isi itu
   • ping o le a aoga, ae o TCP sauniga o le a le faʻatuina.
3. Matou te vaʻavaʻai i le gaosiga o faʻamatalaga e uiga i tuatusi IP - faaali ipset
4. Fa'ataga le fa'amauina i luga o le tulafono afi i Edge auaunaga
5. Matou te vaʻavaʻai i mea na tutupu i le ogalaau - fa'aali ogalaau mulimuli
6. Matou te siakiina fesoʻotaʻiga e faʻaaoga ai le rule_id manaʻomia - fa'aali flowtable rule_id
7. Faatasi ai ma le fesoasoani a fa'aali fa'asologa o tafega Matou te faʻatusatusaina fesoʻotaʻiga o loʻo faʻapipiʻiina nei Faʻasalalau Faʻasalalau Faʻatasi ma le maualuga o loʻo faʻatagaina (Total Flow Capacity) i le faʻatulagaga o loʻo iai nei. E mafai ona va'aia fa'atonuga ma tapula'a avanoa ile VMware NSX Edge. Afai e te fiafia, e mafai ona ou talanoa e uiga i lenei mea i le isi mataupu.

O le a se isi mea e mafai ona e faitauina i luga o le blog? Ao4Y

→ O fa'ama'i e fa'asa'o e le CRISPR e fausia ai "fale puipui" e puipuia ai genomes mai enzymes e ulu atu i DNA
→ Na faapefea ona faaletonu le faletupe?
→ The Great Snowflake Theory
→ Initaneti i paluni
→ Pentesters i luma ole cybersecurity

Fa'asoa i la matou uālesi-auala ina ia e le misia le isi tala! Matou te tusitusi e le sili atu i le faalua i le vaiaso ma naʻo pisinisi. Matou te faʻamanatu atu ia te oe e mafai e tagata amata ona maua RUB 1. mai Cloud000Y. Tulaga ma pepa talosaga mo i latou e fiafia e mafai ona maua i luga o la matou upega tafaʻilagi: bit.ly/2sj6dPK

puna: www.habr.com