Tinokugamuchirai kuchidzidzo chechisere. Chidzidzo chakakosha kwazvo, nekuti ... Kana wapedza, iwe unozokwanisa kugadzirisa kuwanikwa kweInternet kune vashandisi vako! Ndinofanira kubvuma kuti vanhu vazhinji vanomira kumisikidza panguva ino π Asi isu hatisi mumwe wavo! Uye tichine zvinhu zvakawanda zvinonakidza zviri mberi. Uye zvino kune musoro wechidzidzo chedu.
Sezvaungave watofungidzira, nhasi tichataura nezveNAT. Ndine chokwadi chekuti munhu wese anoona chidzidzo ichi anoziva chinonzi NAT. Naizvozvo, hatizotsananguri zvakadzama kuti inoshanda sei. Ndichangodzokorora zvakare kuti NAT inyanzvi yekushandura kero yakagadzirwa kuchengetedza "mari chena," i.e. public IPs (iyo kero dzinofambiswa paInternet).
Muchidzidzo chakapfuura, ungangove wakatoona kuti NAT chikamu cheiyo Access Control policy. Izvi zvine musoro. MuSmartConsole, zvigadziriso zveNAT zvinoiswa mune imwe tebhu. Chokwadi tichatarisa ikoko nhasi. Kazhinji, muchidzidzo chino tichakurukura marudzi eNAT, gadzirisa kuwanikwa kweInternet uye tarisa muenzaniso wekare wekutumira chiteshi. Avo. kushanda kunonyanya kushandiswa mumakambani. Ngatitangei.
Nzira mbiri dzekugadzirisa NAT
Check Point inotsigira nzira mbiri dzekugadzirisa NAT: Otomatiki NAT ΠΈ Manual NAT. Uyezve, kune imwe neimwe yeiyi nzira kune marudzi maviri ekushandura: Vigai NAT ΠΈ Static NAT. Kazhinji zvinotaridzika semufananidzo uyu:
Ini ndinonzwisisa kuti kazhinji zvese zvinotaridzika zvakanyanya kuomarara izvozvi, saka ngatitarisei mhando yega yega mune zvishoma zvakadzama.
Otomatiki NAT
Iyi ndiyo nzira inokurumidza uye iri nyore. Kugadzirisa NAT kunoitwa nekudzvanya kaviri chete. Zvese zvaunoda kuti uite kuvhura zvivakwa zvechinhu chaunoda (chingave gedhi, network, host, nezvimwewo), enda kuNAT tebhu uye tarisa iyo "Wedzera mitemo yekushandura kero otomatiki" Pano iwe uchaona munda - nzira yekushandura. Kune, sezvataurwa pamusoro apa, maviri acho.
1. Aitomatic Viga NAT
By default is Hide. Avo. mune iyi kesi, network yedu "ichavanda" kuseri kweimwe yeruzhinji IP kero. Muchiitiko ichi, kero inogona kutorwa kubva kunze kwekunze kwegedhi, kana iwe unogona kutsanangura imwe. Mhando iyi yeNAT inowanzonzi dynamic kana vazhinji-kune-mumwe, nokuti Makero akawanda emukati anoturikirwa kuita imwe yekunze. Sezvingatarisirwa, izvi zvinogoneka nekushandisa zviteshi zvakasiyana pakutepfenyura. Viga NAT inoshanda nenzira imwe chete (kubva mukati kuenda kunze) uye yakanakira network yemuno paunenge uchingoda kupa mukana kuInternet. Kana traffic yatangwa kubva kune yekunze network, saka NAT nemasikirwo haishande. Iyo inoshanduka kuve yekuwedzera dziviriro yemukati network.
2. Automatic Static NAT
Viga NAT yakanakira munhu wese, asi pamwe iwe unofanirwa kupa mukana kubva kune yekunze network kune imwe yemukati server. Semuenzaniso, kune sevha yeDMZ, semuenzaniso wedu. Muchiitiko ichi, Static NAT inogona kutibatsira. Zviri nyore zvakare kumisa. Zvakakwana kushandura nzira yekushandura kuti Static mune chinhu zvivakwa uye tsanangura iyo yeruzhinji IP kero ichashandiswa kuNAT (ona mufananidzo uri pamusoro). Avo. kana mumwe munhu wekunze network akawana kero iyi (pane chero chiteshi!), ipapo chikumbiro chinozoendeswa kune server ine IP yemukati. Uyezve, kana sevha pachayo ikaenda online, IP yayo ichachinjawo kune kero yatakatsanangura. Avo. Iyi ndiyo NAT mumativi ese. Inonziwo mumwe-kune-mumwe uye dzimwe nguva inoshandiswa kumaseva eruzhinji. Nei βdzimwe nguvaβ? Nekuti ine imwe hombe drawback - iyo yeruzhinji IP kero yakagarwa zvizere (ese madoko). Iwe haugone kushandisa imwe kero yeruzhinji kune akasiyana emukati maseva (ane madoko akasiyana). Semuenzaniso HTTP, FTP, SSH, SMTP, nezvimwe. Manual NAT inogona kugadzirisa dambudziko iri.
Manual NAT
Hunhu hweManual NAT ndehwekuti iwe unofanirwa kugadzira mitemo yeshanduro iwe pachako. Mune imwechete NAT tebhu mu Access Control Policy. Panguva imwecheteyo, Manual NAT inokubvumira kuti ugadzire mitemo yakaoma yekushandura. Nzvimbo dzinotevera dziripo kwauri: Kwakabva kwabva, Kwakabva kwatanga, Masevhisi Ekutanga, Kwakaturikirwa, Nzvimbo Yakaturikirwa, Masevhisi Akaturikirwa.
Kune zvakare marudzi maviri eNAT anogoneka pano - Hide uye Static.
1. Manual Viga NAT
Viga NAT munyaya iyi inogona kushandiswa mumamiriro akasiyana. Mienzaniso miviri:
- Kana uchiwana imwe sosi kubva kunetiweki yemuno, iwe unoda kushandisa imwe nhepfenyuro kero (yakasiyana neiyo inoshandiswa kune mamwe ese kesi).
- Kune nhamba huru yemakomputa pane network yemuno. Automatic Viga NAT haishande pano, nekuti... Nekuseta uku, zvinokwanisika kuseta imwe chete yeruzhinji IP kero, kumashure uko makomputa "achavanza". Panogona kunge pasina zviteshi zvekutepfenyura zvakakwana. Kune, sezvaunorangarira, zvishoma kudarika 65 zviuru. Uyezve, komputa imwe neimwe inogona kugadzira mazana emasesheni. Manual Vigai NAT inokutendera kuti uise dziva remakero eruzhinji mundima Yakashandurwa Kwakabva. Nekudaro kuwedzera huwandu hweshanduro dzinobvira dzeNAT.
2.Manual Static NAT
Static NAT inoshandiswa zvakanyanya kana uchigadzira nemaoko mitemo yekushandura. Muenzaniso wekare ndeyekutumira mberi kwechiteshi. Mhosva kana yeruzhinji IP kero (iyo inogona kunge iri yegedhi) inowanikwa kubva kune yekunze network pane chaiyo chiteshi uye chikumbiro chinoshandurirwa kune yemukati sosi. Mubasa redu remurabhoritari, tichaendesa port 80 kune server yeDMZ.
Vhidhiyo chidzidzo
Ramba wakatarisa zvimwe uye ubatane nesu π
Source: www.habr.com