Nekuda kwedenda rehutachiona hweCovid-19 uye kugara wega munyika dzakawanda, nzira chete yekuti makambani mazhinji arambe achishanda kuenda kure kunzvimbo dzebasa kuburikidza neInternet. Kune nzira dzakawanda dzakachengeteka dzebasa riri kure - asi nekupihwa kukura kwedambudziko, chinodiwa inzira iri nyore kune chero mushandisi kuti abatanidze kuhofisi ari kure uye pasina kudiwa kwemamwe marongero, tsananguro, kubvunza kunonetesa uye kureba. mirayiridzo. Iyi nzira inodiwa nevazhinji vatariri RDP (Remote Desktop Protocol). Kubatanidza zvakananga kunzvimbo yekushandira kuburikidza neRDP kunogadzirisa dambudziko redu, kunze kwenhunzi imwe huru mumafuta - kuchengetedza RDP port yakavhurika yeInternet hakuna kuchengetedzeka. Naizvozvo, pazasi ini ndinokurudzira nzira iri nyore asi yakavimbika yekudzivirira.
Sezvo ini kazhinji ndichisangana nemasangano madiki uko Mikrotik michina inoshandiswa seInternet, pazasi ini ndicharatidza maitiro ekuita izvi paMikrotik, asi nzira yekudzivirira yePort Knocking inogona kuitwa zviri nyore pane mamwe madhizaini emhando yepamusoro ane akafanana ekuisa router marongero uye. firewall
Muchidimbu nezvePort Knocking. Iyo yakanaka yekudzivirira yekunze yetiweki yakabatana neInternet ndipo apo zvese zviwanikwa uye zviteshi zvakavharwa kubva kunze nefirewall. Uye kunyangwe router ine firewall yakagadziriswa yakadaro isingaite chero nzira kumapaketi anobva kunze, inovateerera. Naizvozvo, iwe unogona kugadzirisa iyo router kuitira kuti kana ikagamuchira imwe (kodhi) kutevedzana kwetiweki mapaketi pazviteshi zvakasiyana, iyo (iyo router) yeIP kubva kwakauya mapaketi, inoramba kuwana kune zvimwe zviwanikwa (zviteshi, maprotocol, nezvimwewo) .).
Zvino kune pfungwa. Ini handisi kuzopa tsananguro yakadzama yekumisikidza firewall paMikrotik - iyo Internet izere nemhando dzemhando dzeizvi. Zvakanaka, firewall inovhara ese anouya mapaketi, asi
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,relatedInobvumira traffic inouya kubva kune yakatogadzwa (yakagadzirwa, ine hukama) kubatana.
Iye zvino isu tinogadzirisa Port Knocking paMikrotik:
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389Iye zvino mune zvimwe zvakadzama:
mitemo miviri yekutanga
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRuleskurambidza mapaketi anouya kubva kuIP kero dzaive dzakasvibiswa panguva yekuongorora pachiteshi;
Mutemo wechitatu:
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
inowedzera ip kune rondedzero yevaenzi vakaita kugogodza kwekutanga pachiteshi chaidiwa (19000);
Mitemo mina inotevera:
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesgadzira zviteshi zvemusungo kune avo vanoda kuongorora zviteshi zvenyu, uye kana kuedza kwakadaro kwaonekwa, vanonyora IP yavo kwemaminetsi makumi matanhatu, panguva iyo mitemo miviri yekutanga isingazopi mauto akadaro mukana wekugogodza pamachiteshi akakodzera;
Mutemo unotevera:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesinoisa ip mune runyorwa rwevanobvumidzwa kweminiti 1 (yakakwana kumisikidza chinongedzo), sezvo kugogodza kwechipiri kwakaringana kunoitwa pachiteshi chinodiwa (16000);
Next command:
move [/ip firewall filter find comment=RemoteRules] 1inofambisa mitemo yedu kumusoro kweketani yekugadzirisa firewall, sezvo zvichida tichave tatova nemitemo yakasiyana-siyana inorambidza yakagadziridzwa inodzivirira avo vachangobva kusikwa kushanda. Mutemo wekutanga muMikrotik unotanga kubva ku zero, asi pamudziyo wangu zero yakanga yakagarwa nemutemo wakavakirwa-mukati uye zvakanga zvisingakwanisi kuifambisa - ndakaifambisa kune 1. Nokudaro, tinotarisa zvirongwa zvedu - kwatinogona kuifambisa. uye ratidza nhamba yaunoda.
Setting inotevera:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389inoendesa mberi yakasarudzika yakasarudzwa chiteshi 33890 kune yenguva dzose RDP port 3389 uye IP yekombuta kana terminal server yatinoda. Isu tinogadzira mitemo yakadai kune ese anodiwa zviwanikwa zvemukati, zviri nani kuseta isiri-yakajairwa (uye akasiyana) ekunze madoko. Nomuzvarirwo, iyo IP yezviwanikwa zvemukati inofanirwa kunge iri static kana kupihwa kune DHCP server.
Iye zvino Mikrotik yedu yakagadziridzwa uye tinoda nzira iri nyore yekuti mushandisi abatanidze kune yedu yemukati RDP. Sezvo isu kazhinji tiine vashandisi veWindows, tinogadzira faira rakareruka rebat toridaidza kuti StartRDP.bat:
1.htm
1.rdpsaizvozvo 1.htm ine kodhi inotevera:
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
Π½Π°ΠΆΠΌΠΈΡΠ΅ ΠΎΠ±Π½ΠΎΠ²ΠΈΡΡ ΡΡΡΠ°Π½ΠΈΡΡ Π΄Π»Ρ ΠΏΠΎΠ²ΡΠΎΡΠ½ΠΎΠ³ΠΎ Π·Π°Ρ
ΠΎΠ΄Π° ΠΏΠΎ RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">pano pane zvinongedzo zviviri kumifananidzo yekufungidzira iri pakero my_router.sn.mynetname.net - tinotora iyi kero kubva kuMikrotik DDNS system mushure mekugonesa izvi muMikrotik yedu: enda kuIP-> Cloud menyu - tarisa iyo DDNS Inogoneswa. bhokisi, tinya Shandisa uye kopi zita re dns re router yedu. Asi izvi zvinongodiwa chete kana iyo yekunze IP yerouter ine simba kana gadziriso ine akati wandei Internet vanopa inoshandiswa.
Chiteshi muchikamu chekutanga: 19000 inoenderana nechiteshi chekutanga chaunoda kugogodza, chechipiri chinofanana nechechipiri. Pakati pezvisungo pane murairo mupfupi unoratidza zvekuita kana kamwe kamwe kubatana kwedu kukanganisika nekuda kwedambudziko retiweki pfupi - tinozorodza peji, chiteshi cheRDP chinovhurwazve isu kweminiti 1 uye musangano wedu unodzorerwa. Zvakare, iwo mameseji ari pakati peiyo img tags anogadzira kunonoka kwebrowser, izvo zvinoderedza mukana wepaketi yekutanga kuendeswa kuchiteshi chechipiri (16000) - pari zvino hapasati pave nezviitiko zvakadaro mumavhiki maviri ekushandiswa (30). vanhu).
Inotevera inouya iyo 1.rdp faira, iyo yatinogona kumisikidza imwe kune wese munhu kana zvakasiyana kumushandisi wega wega (ndizvo zvandakaita - zviri nyore kushandisa mamwe maminetsi gumi nemashanu pane maawa akati wandei uchibvunza avo vasingazvikwanise)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomainImwe yeanonakidza marongero apa ndeye kushandisa multimon:i: 1 - izvi zvinosanganisira kushandiswa kweakawanda mamonitor - vamwe vanhu vanoda izvi, asi havafunge kuzvishandura ivo pachavo.
mhando yekubatanidza: i: 6 uye networkautodetect: i: 0 - sezvo ruzhinji rweInternet rwuri pamusoro pe10 Mbit, wobva wagonesa yekubatanidza mhando 6 (yemunharaunda network 10 Mbit uye pamusoro) uye disable networkautodetect, sezvo kana iyo default iri (otomatiki), ipapo kunyange isingawanzo diki Network latency inogadzirisa kumhanyisa kwesesheni yedu nekumhanya kwakaderera kwenguva yakareba, izvo zvinogona kugadzira kunonoka kunooneka pabasa, kunyanya mumapurogiramu emifananidzo.
dzima Wallpaper: i: 1 - dzima iyo desktop mufananidzo
username:s:myuserlogin - isu tinoratidza mushandisi wekupinda, sezvo chikamu chakakosha chevashandisi vedu vasingazive yavo yekupinda.
domain:s:mydomain - ratidza domain kana zita rekombuta
Asi kana tichida kurerutsa basa rekugadzira nzira yekubatanidza, tinogona zvakare kushandisa PowerShell - StartRDP.ps1
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890Zvakare zvishoma nezveRDP mutengi muWindows: MS yasvika kure mukugadzirisa iyo protocol uye sevha yayo uye zvikamu zvevatengi, ichiita akawanda anobatsira maficha - sekushanda nehardware 3D, optimizing screen resolution yemonitor yako, multi-screen, etc. Asi chokwadi, zvese zvinoitwa mukudzokera kumashure kunoenderana modhi uye kana mutengi ari Windows 7 uye PC iri kure iri Windows 10, ipapo RDP ichashanda ichishandisa protocol vhezheni 7.0. Asi nerombo rakanaka, unogona kugadzirisa RDP shanduro kune dzimwe shanduro dzichangoburwa - semuenzaniso, unogona kukwidziridza protocol vhezheni kubva 7.0 (Windows 7) kusvika 8.1. Naizvozvo, kuitira kurerukira kwevatengi, iwe unofanirwa kuwedzera mavhezheni eiyo server chikamu, uye zvakare nekupa zvinongedzo zvekuvandudza kune itsva shanduro dzeRDP protocol vatengi.
Nekuda kweizvozvo, isu tine yakapusa uye yakachengeteka tekinoroji yekubatanidza kure kune inoshanda PC kana terminal server. Asi nokuda kwekubatana kwakachengeteka, nzira yedu yePort Knocking inogona kuoma pakurwiswa nemirairo yakawanda yehukuru nekuwedzera zviteshi kutarisa - uchishandisa pfungwa imwechete, unogona kuwedzera 3,4,5,6 ... port uye mune izvi. nyaya yekupinda yakananga kunetiweki yako inenge isingaite.
.
Source: www.habr.com