ProHoster > Blog > Utongi > VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Chikamu chekutanga
Mushure mechinguva chidiki tinodzokera kuNSX. Nhasi ini ndichakuratidza maitiro ekugadzirisa NAT uye Firewall.
Mune tab adhimini enda kunzvimbo yako yedata data - Cloud Resources - Virtual Datacenters.

Sarudza tebhu Edge Gateways uye tinya-kurudyi pane yaunoda NSX Edge. Mune menyu inooneka, sarudza sarudzo Edge Gateway Services. Iyo NSX Edge Control Panel ichavhura mune imwe tebhu.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Kuisa mitemo yeFirewall

By default muchinhu default mutemo wekupinda traffic Iyo yekuramba sarudzo inosarudzwa, kureva kuti Firewall ichavhara traffic yese.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Kuti uwedzere mutemo mutsva, tinya +. Pachabuda patsva ine zita Mutemo mutsva. Rongedza minda yayo zvinoenderana nezvaunoda.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Mumunda zita ipa mutemo zita, semuenzaniso Internet.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Mumunda mabviro Isa kero dzekwauri kudiwa. Uchishandisa IP bhatani, unogona kuseta imwe kero yeIP, huwandu hwe IP kero, CIDR.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Uchishandisa bhatani + unogona kutsanangura zvimwe zvinhu:

  • Gateway interfaces. Zvese zvemukati network (Yemukati), ese ekunze network (Ekunze) kana Chero.
  • Virtual michina. Isu tinosunga mitemo kune chaiyo chaiyo muchina.
  • OrgVdcNetworks. Manetiweki level yesangano.
  • IP Sets. A pre-yakagadzirwa mushandisi boka reIP kero (yakagadzirwa muGrouping chinhu).

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Mumunda Enda ratidza kero yemugamuchiri. Sarudzo pano dzakafanana nezviri muSource field.
Mumunda sevhisi unogona kusarudza kana kutsanangura nemaoko chiteshi chengarava (Yekuenda Chiteshi), iyo inodiwa protocol (Protocol), uye inotumira chiteshi (Source Port). Click Keep.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Mumunda Action sarudza chiito chinodiwa: bvumidza kana kuramba traffic inoenderana nemutemo uyu.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Isa iyo yakaiswa gadziriso nekusarudza Save the changes.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Mirai mienzaniso

Mutemo wekutanga weFirewall (Internet) inobvumira kupinda paInternet kuburikidza nechero protocol kune server ine IP 192.168.1.10.

Mutemo 2 weFirewall (Web-server) inobvumira kupinda kubva paInternet kuburikidza (TCP protocol, port 80) kuburikidza nekero yako yekunze. Muchiitiko ichi - 185.148.83.16:80.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

NAT setup

NAT (Network Kero Dudziro) - kushandura yakavanzika (grey) IP kero kune ekunze (chena) ayo, uye zvinopesana. Kuburikidza nemaitiro aya, muchina chaiwo unowana mukana kuInternet. Kugadzirisa iyi michina, unofanirwa kugadzirisa mitemo yeSNAT neDNAT.
Zvakakosha! NAT inoshanda chete kana Firewall ikagoneswa uye mitemo yekubvumidza yakakodzera inogadziriswa.

Gadzira mutemo weSNAT. SNAT (Source Network Kero Dudziro) idhizaini ine musimboti wekutsiva iyo sosi kero kana uchitumira pakiti.

Chekutanga tinoda kutsvaga kero yekunze yeIP kana huwandu hwemakero eIP anowanikwa kwatiri. Kuti uite izvi, enda kune chikamu adhimini uye tinya kaviri pane virtual data center. Mumenu yezvigadziriso inoonekwa, enda kune tab Edge Gateways. Sarudza yaunoda NSX Edge uye tinya-kurudyi pairi. Sarudza imwe sarudzo Properties.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Muhwindo rinoonekwa, mune tab Sub-Govera IP Pools iwe unogona kuona yekunze IP kero kana huwandu hwe IP kero. Zvinyore pasi kana kuzvirangarira.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Tevere, tinya-kurudyi paNSX Edge. Mune menyu inooneka, sarudza sarudzo Edge Gateway Services. Uye isu tadzoka muNSX Edge control panel.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Muhwindo rinoonekwa, vhura iyo NAT tebhu uye tinya Wedzera SNAT.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Muhwindo idzva tinoratidza:

  • muApplied on field - network yekunze (kwete sangano-level network!);
  • Original Source IP/range - kero yemukati, semuenzaniso, 192.168.1.0/24;
  • Yakashandurwa Source IP/range - kero yekunze iyo iyo Internet ichawanikwa nayo uye iyo yawakatarisa mu Sub-Allocate IP Pools tab.

Click Keep.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Gadzira mutemo weDNAT. DNAT inzira inoshandura kero yekwaienda yepakiti pamwe chete nechiteshi chengarava. Inoshandiswa kutungamira mapaketi anouya kubva kukero yekunze/chiteshi kuenda kune yakavanzika IP kero/chiteshi mukati meyakavanzika network.

Sarudza iyo NAT tebhu uye tinya Wedzera DNAT.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Muhwindo rinoonekwa, tsanangura:

- muApplied on field - network yekunze (kwete sangano-level network!);
- Yepakutanga IP / renji - kero yekunze (kero kubva ku Sub-Allocate IP Pools tab);
- Protocol - protocol;
- Yekutanga Port - chiteshi chekero yekunze;
- Yakashandurwa IP/range - yemukati IP kero, semuenzaniso, 192.168.1.10
- Yakashandurwa Port - chiteshi chekero yemukati iyo iyo chiteshi chekero yekunze ichashandurirwa.

Click Keep.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Isa iyo yakaiswa gadziriso nekusarudza Save the changes.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Yakaitwa.

VMware NSX yevadiki. Chikamu 2. Kugadzira Firewall uye NAT

Inotevera mumutsetse ndiyo mirairo paDHCP, kusanganisira kumisikidza DHCP Bindings uye Relay.

Source: www.habr.com

Voeg