Ona o le faʻamaʻi faʻamaʻi o le covid-19 ma le karantina lautele i le tele o atunuʻu, naʻo le pau le auala mo le tele o kamupani e faʻaauau ai galuega o le avanoa mamao i fale faigaluega e ala i le Initaneti. E tele auala saogalemu mo galuega mamao - ae tuʻuina atu le fua o le faʻafitauli, o le mea e manaʻomia o se auala e faigofie mo soʻo se tagata faʻaoga e faʻafesoʻotaʻi mamao atu i le ofisa ma e aunoa ma le manaʻomia o faʻaopoopoga faʻaopoopo, faʻamatalaga, faʻatalanoaga faigata ma umi. faatonuga. O lenei metotia e alofagia e le tele o pule RDP (Remote Desktop Protocol). O le fa'afeso'ota'i sa'o i se fale faigaluega e ala i le RDP e fa'ato'a lelei ai lo tatou fa'afitauli, se'i vagana ai le lago tele e tasi i totonu o le suauu - o le fa'aavanoaina o le uafu RDP mo le Initaneti e matua le saogalemu lava. O le mea lea, i lalo ou te tuʻuina atu se auala faigofie ae faʻatuatuaina o le puipuiga.
Talu ai e masani ona ou oʻo atu i faʻalapotopotoga laiti e faʻaogaina ai masini Mikrotik e avea o se Initaneti, o loʻo i lalo o le a ou faʻaalia pe faʻapefea ona faʻatinoina lenei mea i luga o Mikrotik, ae o le auala e puipuia ai le Port Knocking e mafai ona faigofie ona faʻatinoina i luga o isi masini maualuga atu ma faʻapipiʻi tutusa faʻaoga router ma pa puipui
Fa'apuupuu e uiga i Port Knocking. O le puipuiga lelei i fafo o se feso'otaiga e feso'ota'i i le Initaneti o le taimi lea e tapunia uma punaoa ma ports mai fafo e se pa puipui. Ma e ui lava o se alalaupapa faʻatasi ai ma se pa puipui faʻapipiʻi e le tali atu i soʻo se auala i afifi e sau mai fafo, e faʻalogo ia i latou. O le mea lea, e mafai ona e faʻatulagaina le alalaupapa ina ia maua ai se faʻasologa (code) faʻasologa o paʻu fesoʻotaiga i luga o vaʻa eseese, o ia (le router) mo le IP mai le mea na oʻo mai ai pepa, faʻafitia le avanoa i nisi punaoa (taulaga, protocols, etc. .).
O lea la i le tulaga. O le a ou le tuʻuina atu se faʻamatalaga auiliili o le setiina o se pa puipui i luga o Mikrotik - o le Initaneti e tumu i punaoa lelei mo lenei mea. O le mea e sili ona lelei, e poloka e le firewall ia afifi uma e sau, ae
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,relatedFa'ataga fe'avea'i sau mai feso'ota'iga ua uma ona fa'amauina (fa'amauina, feso'ota'iga).
O lea ua matou faʻatulagaina le Port Knocking i Mikrotik:
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389I le taimi nei i nisi auiliiliga:
tulafono muamua e lua
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRulesfa'asa pepa ulufale mai tuatusi IP na fa'auliuli i le taimi o su'esu'ega o le taulaga;
Tulafono lona tolu:
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
faʻaopoopo ip i le lisi o 'au na faia le tuʻituʻi saʻo muamua i luga o le uafu manaʻomia (19000);
O tulafono nei e fa:
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesfaia ni mailei ports mo i latou e mananao e suʻesuʻe au ports, ma pe a maua ia taumafaiga, latou te faʻauliuligia a latou IP mo le 60 minute, lea e le maua ai e tulafono muamua e lua le avanoa e tuʻituʻi ai i ports saʻo;
Tulafono e sosoo ai:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulestuʻu le ip i le lisi o mea faʻatagaina mo le 1 minute (lava e faʻavae ai se fesoʻotaʻiga), talu ai o le tuʻituʻi saʻo lona lua e faia i luga o le uafu manaʻomia (16000);
Poloaiga e sosoo ai:
move [/ip firewall filter find comment=RemoteRules] 1fa'aoso a tatou tulafono i luga ole filifili ole faiga o firewall, talu ai e foliga mai o le a iai a tatou tulafono fa'asaina eseese ua fa'atulagaina e taofia ai a tatou tulafono fou na faia mai le galue. O le tulafono muamua lava i Mikrotik e amata mai le zero, ae i luga o laʻu masini zero na nofoia e se tulafono faʻapipiʻiina ma e le mafai ona faʻanofoina - na ou siitia i le 1. O le mea lea, matou te vaʻavaʻai i a matou faʻatulagaga - o fea e mafai ona matou faʻaogaina ai. ma fa'ailoa le numera e mana'omia.
Fa'atulaga le isi:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389tu'u atu se uafu filifilia fa'afuase'i 33890 i se tau RDP masani 3389 ma le IP o le komepiuta po'o le fa'aumau fa'aumau matou te mana'omia. Matou te faia ia tulafono mo punaoa faʻalotoifale uma e manaʻomia, e sili atu le faʻatulagaina o ports fafo e le masani ai (ma eseese). E masani lava, o le IP o punaoa i totonu e tatau ona faʻamaonia pe tuʻuina atu i se DHCP server.
O lea la ua fa'atulaga la matou Mikrotik ma matou mana'omia se faiga faigofie mo le tagata fa'aoga e fa'afeso'ota'i i la matou RDP i totonu. Talu ai e tele a matou tagata faʻaoga Windows, matou te fatuina se faila peʻa faigofie ma faʻaigoaina StartRDP.bat:
1.htm
1.rdpe tusa ai ma le 1.htm o loʻo i ai le code lea:
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
нажмите обновить страницу для повторного захода по RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">o loʻo i ai ni fesoʻotaʻiga se lua i ata faʻapitoa o loʻo i le tuatusi my_router.sn.mynetname.net - matou te ave lenei tuatusi mai le Mikrotik DDNS system pe a uma ona mafai lenei mea i la matou Mikrotik: alu i le IP-> Cloud menu - siaki le DDNS Enabled pusa, kiliki Talosaga ma kopi le igoa dns o le matou router. Ae e naʻo le mea e manaʻomia pe a faʻaogaina le IP fafo o le router poʻo se faʻatulagaina ma le tele o kamupani Initaneti e faʻaaogaina.
O le taulaga i le sootaga muamua: 19000 e fetaui ma le taulaga muamua lea e te manaʻomia e tuʻituʻi ai, i le lona lua e fetaui ma le lona lua. I le va o fesoʻotaʻiga o loʻo i ai se faʻatonuga puupuu e faʻaalia ai le mea e fai pe a faʻafuaseʻi ona motusia la matou fesoʻotaʻiga ona o faʻafitauli puʻupuʻu fesoʻotaʻiga - matou te faʻafouina le itulau, ua toe tatalaina le port RDP mo matou mo le 1 minute ma toe faʻafoʻisia le matou sauniga. E le gata i lea, o le tusitusiga i le va o le img tags e fatuina ai se micro-delay mo le browser, lea e faʻaitiitia ai le ono tuʻuina atu o le pepa muamua i le taulaga lona lua (16000) - e oʻo mai i le taimi nei e leʻi i ai ni tulaga faʻapea i le lua vaiaso o faʻaoga (30). tagata).
E soso'o mai le faila 1.rdp, lea e mafai ona tatou fa'atulagaina se tasi mo tagata uma pe fa'apitoa mo tagata ta'ito'atasi (o le mea lena na ou faia - e sili atu le fa'aalu o se isi 15 minute nai lo le tele o itula e fa'atalanoa ai i latou e le'i mafai ona iloa)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomainO se tasi o tulaga manaia iinei o le faʻaaogaina multimon:i:1 - e aofia ai le faʻaogaina o le tele o mataʻituina - o nisi tagata e manaʻomia lenei mea, ae latou te le mafaufau e liliu ia i latou lava.
ituaiga fesoʻotaʻiga: i: 6 ma networkautodetect: i: 0 - talu ai o le tele o le Initaneti o loʻo i luga aʻe o le 10 Mbit, ona mafai lea ona faʻafesoʻotaʻi le ituaiga 6 (le fesoʻotaʻiga i le lotoifale 10 Mbit ma luga) ma faʻamalo networkautodetect, talu ai afai o le faaletonu o le (auto), ona oʻo lava lea i se mea e le masani ai Network latency e otometi lava ona setiina le saoasaoa mo la tatou vasega i se saoasaoa maualalo mo se taimi umi, lea e mafai ona faʻaalia le tuai i galuega, aemaise lava i polokalame ata.
tape pepa puipui:i:1 - tape le ata o le desktop
username:s:myuserlogin - matou te fa'ailoa le saini a le tagata, talu ai o se vaega taua o matou tagata fa'aoga latou te le iloa lo latou saini
domain:s:mydomain - fa'ailoa le igoa po'o le komipiuta
Ae afai tatou te mananaʻo e faʻafaigofie le galuega o le fatuina o se fesoʻotaʻiga faiga, e mafai foi ona tatou faʻaogaina le PowerShell - StartRDP.ps1
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890E le gata i lea, o sina mea itiiti e uiga i le RDP client i Windows: MS ua oʻo mai i se auala umi i le faʻamalieina o le protocol ma lana 'auʻaunaga ma vaega o tagata o tausia, faʻatinoina le tele o mea aoga - e pei o le galue i meafaigaluega 3D, faʻamalieina le fofoina o lau mataʻitu, tele-screen, ma isi. Ae o le mea moni, o mea uma e faʻatinoina i tua o fesoʻotaʻiga tulaga ma afai o le kalani o Windows 7 ma le PC mamao o Windows 10, ona galue lea o le RDP e faʻaaoga ai le protocol version 7.0. Ae o le mea e lelei ai, e mafai ona e faʻafouina lomiga RDP i faʻamatalaga lata mai - mo se faʻataʻitaʻiga, e mafai ona e faʻaleleia le faʻasologa o le protocol mai le 7.0 (Windows 7) i le 8.1. O le mea lea, mo le faʻaogaina o tagata faʻatau, e te manaʻomia le faʻateleina o faʻamatalaga o le vaega o le server, ma tuʻuina atu foʻi fesoʻotaʻiga e faʻafou i faʻamatalaga fou o tagata faʻatau protocol RDP.
O le i'uga, o lo'o i ai se matou tekonolosi faigofie ma fa'amautu mo feso'ota'iga mamao i se PC faigaluega po'o se fa'aumau fa'aumau. Ae mo se fesoʻotaʻiga sili atu ona malupuipuia, o la matou Port Knocking auala e mafai ona sili atu ona faigata ona osofaʻia e le tele o faʻatonuga o le tele, e ala i le faʻaopoopoina o ports e siaki - faʻaaogaina le manatu tutusa, e mafai ona e faʻaopoopoina le 3,4,5,6 ... port ma i lenei tulaga, o le faʻafefe saʻo i lau fesoʻotaiga o le a toetoe lava a le mafai.
.
puna: www.habr.com