Diagnostics yekubatanidza network pane EDGE virtual router

Mune zvimwe zviitiko, matambudziko anogona kumuka pakumisikidza chaiyo router. Semuyenzaniso, port forwarding (NAT) haishande uye/kana kuti pane dambudziko mukumisikidza Firewall mitemo pachayo. Kana kuti iwe unongoda kutora matanda eiyo router, tarisa kushanda kwechiteshi, uye itisa network diagnostics. Cloud mupi Cloud4Y anotsanangura kuti izvi zvinoitwa sei.

Kushanda ne virtual router

Chekutanga pane zvese, isu tinofanirwa kugadzirisa kuwana kune chaiyo router - EDGE. Kuti tiite izvi, tinopinda masevhisi ayo uye tinoenda kune yakakodzera tab - EDGE Settings. Ikoko isu tinogonesa SSH Status, isa password, uye uve nechokwadi chekuchengetedza shanduko.

Kana tikashandisa mitemo yakasimba yeFirewall, kana zvinhu zvose zvichirambidzwa nekusingaperi, tobva tawedzera mitemo inobvumira kubatanidza kune router pachayo kuburikidza nechiteshi cheSSH:

Ipapo tinobatana nechero SSH mutengi, semuenzaniso PuTTY, uye tosvika kune iyo console.

Mune iyo console, mirairo inowanikwa kwatiri, rondedzero inogona kuoneka uchishandisa:
Pamazita

Mirayiro ipi inogona kutibatsira? Heino rondedzero yezvinonyanya kubatsira:

• show interface - icharatidza nzvimbo dzinowanikwa uye iyo yakaiswa IP kero pavari
• ratidza danda - icharatidza router matanda
• ratidza log kutevera - ichakubatsira iwe kuona iyo logi munguva chaiyo nekugara uchigadziridza. Mutemo wega wega, ingave NAT kana Firewall, ine Inogonesa matanda sarudzo, kana yagoneswa, zviitiko zvicharekodhwa murogi, izvo zvinobvumira kuongororwa.
• show flowtable - icharatidza tafura yese yezvibatanidza zvakasimbiswa uye ma parameter avo
  Muenzaniso:1: tcp 6 21599 ESTABLISHED src=9Х.107.69.ХХХ dst=178.170.172.XXX sport=59365 dport=22 pkts=293 bytes=22496 src=178.170.172.ХХХ dst=91.107.69.173 sport=22 dport=59365 pkts=206 bytes=83569 [ASSURED] mark=0 rid=133427 use=1
• ratidza inoyerera yepamusoroN 10 - inobvumidza iwe kuratidza nhamba inodiwa yemitsara, mumuenzaniso uyu 10
• ratidza inoyerera yepamusoroN 10 mhando-ne pkts - ichabatsira kuronga zvinongedzo nenhamba yemapakiti kubva padiki kusvika pakukura
• ratidza inoyerera yepamusoroN 10 ronga-ne bytes - ichabatsira kuronga zvinongedzo nenhamba yemabhayiti anotamiswa kubva padiki kusvika pakukura
• ratidza inoyerera mutemo-id ID topN 10 - ichabatsira kuratidza kubatana neinodiwa mutemo ID
• ratidza flowtable flowspec SPEC - nokuda kwezvimwe zvinogadziriswa zvakasarudzwa zvekubatanidza, apo SPEC - inogadzirisa mitemo yekusefa inodiwa, semuenzaniso proto=tcp:srcIP=9Х.107.69.ХХХ:sport=59365, pakusarudza uchishandisa TCP protocol uye inobva IP address 9Х.107.69. XX kubva kune inotumira port 59365
  Muenzaniso:> show flowtable flowspec proto=tcp:srcip=90.107.69.171:sport=59365
1: tcp 6 21599 ESTABLISHED src=9Х.107.69.XX dst=178.170.172.xxx sport=59365 dport=22 pkts=1659 bytes=135488 src=178.170.172.xxx dst=xx.107.69.xxx sport=22 dport=59365 pkts=1193 bytes=210361 [ASSURED] mark=0 rid=133427 use=1
Total flows: 1
• ratidza madonhwe epakiti - ichakubvumidza kuti utarise nhamba pamapakeji
• ratidza firewall inoyerera - Inoratidza firewall packet counters pamwe nekuyerera kwepaketi.

Isu tinogona zvakare kushandisa zvakakosha network diagnostic maturusi zvakananga kubva kuEDGE router:

• ping ip SHOKO
• ping ip WORD size SIZE kuverenga COUNT nofrag - ping inoratidza ukuru hwe data iri kutumirwa uye nhamba yekutarisa, uye zvakare inorambidza kupatsanurwa kweiyo set packet size.
• traceroute ip WORD

Sequence yekuongorora Firewall oparesheni paEdge

1. Kutanga ratidza firewall uye tarisa iyo yakaiswa tsika yekusefa mitemo muusr_rules tafura
2. Isu tinotarisa iyo POSTROUTIN ketani uye tinodzora huwandu hweakadonhedza mapaketi tichishandisa iyo DROP munda. Kana paine dambudziko neasymmetric routing, isu tichanyora kuwedzera kwemitengo.
   Ngatiitei mamwe macheki:
   • Ping ichashanda mune imwe nzira uye kwete kune imwe nzira
   • ping ichashanda, asi TCP zvikamu hazvizogadzirwe.
3. Isu tinotarisa kuburitswa kweruzivo nezve IP kero - ratidza ipset
4. Gonesa kutema matanda pane firewall mutemo muEdge masevhisi
5. Isu tinotarisa zviitiko mulog - ratidza log kutevera
6. Isu tinotarisa kubatanidza tichishandisa inodiwa rule_id - ratidza inoyerera mutemo_id
7. Nekubatsirwa kwe ratidza flowstats Isu tinofananidza iyo ikozvino yakaiswa Current Flow Entries yekubatanidza neiyo yakanyanya kubvumidzwa (Total Flow Capacity) mukugadziriswa kwazvino. Inowanikwa zvigadziriso uye miganhu inogona kutariswa muVMware NSX Edge. Kana iwe uchida, ndinogona kutaura pamusoro peizvi munyaya inotevera.

Ndezvipi zvimwe zvaungaverenga pane blog? Cloud4Y

→ CRISPR-inodzivirira mavhairasi anovaka "pokugara" kuchengetedza genomes kubva kuDNA-inopinda enzymes.
→ Bhangi rakakundikana sei?
→ The Great Snowflake Theory
→ Indaneti pamabharumu
→ MaPentesters ari kumberi kwecybersecurity

Nyorera kune yedu teregiramu-chiteshi kuti usapotsa chinyorwa chinotevera! Isu tinonyora kwete kanopfuura kaviri pavhiki uye chete pabhizinesi. Tinokuyeuchidza kuti vanotanga vanogona kugamuchira RUB 1. kubva Cloud000Y. Mamiriro uye fomu rekunyorera kune avo vanofarira rinogona kuwanikwa pane yedu webhusaiti: bit.ly/2sj6dPK

Source: www.habr.com