Sababo la xiriira faafitaanka fayraska covid-19 iyo karantiil guud ee wadamo badan, dariiqa kaliya ee shirkado badan ay ku sii wadan karaan shaqada waa marin durugsan oo goobaha shaqada laga helo internetka. Waxaa jira habab badan oo ammaan ah oo loogu talagalay shaqada fog - laakiin marka la eego baaxadda dhibaatada, waxa loo baahan yahay waa hab u fudud qof kasta oo isticmaala inuu ku xiro xafiiska meel fog oo aan u baahnayn goobo dheeraad ah, sharraxaad, la-talin adag iyo waqti dheer. tilmaamo. Habkan waxaa jecel maamulayaal badan oo RDP ah (Protocol-ka fog fog). Ku xidhidhiyaha tooska ah ee goobta shaqada iyada oo loo marayo RDP waxay si fiican u xallisaa dhibaheena, marka laga reebo hal duqsi oo weyn oo boomaatada ku jira - ilaalinta dekedda RDP ee internetka waa mid aan ammaan ahayn. Sidaa darteed, hoos waxaan soo jeedinayaa hab fudud oo lagu kalsoonaan karo oo ilaalin ah.
Maadaama aan inta badan la kulmo ururo yaryar oo aaladaha Mikrotik loo isticmaalo sida isku xirka internetka, hoos waxaan ku tusi doonaa sida tan loo hirgeliyo Mikrotik, laakiin habka ilaalinta Port-ga ayaa si fudud loogu hirgelin karaa qalabyo kale oo heer sare ah oo leh qalab isku mid ah oo router ah iyo firewall
Si kooban oo ku saabsan garaacista Dekedda. Ilaalinta dibadeed ee ugu habboon ee shabakada ku xidhan internetka waa marka dhammaan agabka iyo dekedaha laga xidho bannaanka dab-damiska. Iyo in kasta oo router leh sida dab-damiska loo habeeyey uusan sinaba uga falcelin xirmooyinka dibadda ka imaanaya, wuu dhegeysanayaa iyaga. Sidaa darteed, waxaad u habeyn kartaa router si marka uu helo xirmo cayiman (code) oo taxane ah oo xirmo shabakado ah oo ku yaal dekedo kala duwan, isaga (router-ka) ee IP-ga halka baakidhyadu ka yimaadeen, u diido helitaanka kheyraadka qaarkood (dekedo, borotokool, iwm.) .)
Hadda ilaa barta. Ma bixin doono sharraxaad faahfaahsan oo ku saabsan samaynta dab-damiska Mikrotik - internetka waxaa ka buuxa ilo tayo leh tan. Fikrad ahaan, firewall-ku wuxuu xannibaa dhammaan baakadaha soo galaya, laakiin
/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,relatedOggolow taraafikada ka imanaya xidhiidhada hore loo aasaasay (la aasaasay, la xidhiidha)
Hadda waxaan ku habeyneynaa Port garaaca Mikrotik:
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389Hadda si faahfaahsan:
labada xeer ee hore
/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRulesmamnuuc baakooyinka ka imanaya ciwaanka IP-ga ee liiska madow ku jiray intii lagu jiray iskaanka dekedda;
Xeerka saddexaad:
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
wuxuu ku darayaa ip liiska martida loo yahay ee sameeyay garaacii ugu horeeyay ee saxda ah ee deked la rabay (19000);
Afarta xeer ee soo socota:
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRulesu samee dekedo dabino ah kuwa raba inay iskaan ku sameeyaan dekedahaaga, iyo marka la ogaado isku daygan oo kale, waxay liiska madow geliyeen IP-gooda 60 daqiiqo, inta lagu guda jiro labada xeer ee ugu horeeya ma siin doonaan martigaliyayaashaas fursad ay ku garaacaan dekedaha saxda ah;
Xeerka xiga:
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRuleswuxuu dhigayaa ip liiska kuwa la oggol yahay 1 daqiiqo (ku filan in la sameeyo xiriir), tan iyo garaaca labaad ee saxda ah ayaa lagu sameeyay dekedda la rabo (16000);
Amarka xiga:
move [/ip firewall filter find comment=RemoteRules] 1waxay kor u qaaddaa xeerarkeena silsiladda farsamaynta dab-damiska, maadaama ay u badan tahay inaynu yeelan doono xeerar kala duwan oo mamnuuc ah oo la habeeyey kuwaas oo ka ilaalin doona kuwayada cusub ee la abuuray inay shaqeeyaan. Xeerka ugu horreeya ee Mikrotik wuxuu ka bilaabmaa eber, laakiin aaladdayda eber waxaa qabsaday xeer ku dhex jira oo ay suurtagal ahayn in la raro - waxaan u raray 1. Sidaa darteed, waxaan eegnaa goobahayada - halka aan ka dhaqaajin karno oo tilmaan lambarka la rabo.
Goobta xigta:
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389waxay u gudbisaa deked si aan kala sooc lahayn loo doortay 33890 una gudbisa dekeda caadiga ah ee RDP 3389 iyo IP-ga kumbuyuutarka ama server-ka aan u baahanahay. Waxaan u abuurnaa xeerarkan oo dhan dhammaan agabyada lagama maarmaanka ah ee gudaha, iyadoo la doorbidayo dejinta dekedo dibadda ah oo aan caadi ahayn (iyo kala duwan). Dabiici ahaan, IP-ga agabka guduhu waa in uu ahaado mid taagan ama loo qoondeeyay serfarka DHCP.
Hadda Mikrotikkeena waa la habeeyey waxaanan u baahanahay hab fudud oo isticmaaluhu ugu xidhi karo RDP gudahayaga. Maadaama aan inta badan haysano isticmaalayaasha Windows, waxaan abuurnaa fayl fudud oo fiidmeerta oo u wac StartRDP.bat:
1.htm
1.rdpsidaas awgeed 1.htm waxa uu ka kooban yahay koodka soo socda:
<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
Π½Π°ΠΆΠΌΠΈΡΠ΅ ΠΎΠ±Π½ΠΎΠ²ΠΈΡΡ ΡΡΡΠ°Π½ΠΈΡΡ Π΄Π»Ρ ΠΏΠΎΠ²ΡΠΎΡΠ½ΠΎΠ³ΠΎ Π·Π°Ρ
ΠΎΠ΄Π° ΠΏΠΎ RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">halkan waxa ay ka kooban tahay laba xidhiidhin oo sawiro khayaali ah oo ku yaala ciwaanka my_router.sn.mynetname.net - waxa aanu ka soo qaadanaynaa ciwaanka Mikrotik DDNS ka dib markii aanu tan awood u siinno Mikrotikkayaga: tag IP-> menu-ka daruuriga ah - hubi DDNS Enabled sanduuqa, dhagsii Codso oo koobiyi magaca DNS ee routerkeena. Laakiin tani waa lagama maarmaan kaliya marka IP-ga dibedda ee router-ku uu firfircoon yahay ama qaabeynta leh dhowr bixiyeyaasha internetka la isticmaalo.
Dekadda ku taal isku xirka koowaad: 19000 waxay u dhigantaa dekeddii ugu horreysay ee aad u baahan tahay inaad garaacdo, tan labaad waxay u dhigantaa tan labaad. Xiriirinta dhexdooda waxaa jira tilmaamo gaaban oo muujinaya waxa la sameeyo haddii si lama filaan ah xiriirkeena u go'o sababtoo ah dhibaatooyinka shabakada gaaban - waxaan dib u cusbooneysiineynaa bogga, dekedda RDP ayaa dib noo furmay 1 daqiiqo iyo fadhigayagii waa la soo celiyay. Sidoo kale, qoraalka u dhexeeya tags img wuxuu abuuraa dib-u-dhac yar oo browserka ah, kaas oo yareynaya suurtagalnimada xirmada ugu horreysa ee lagu keeno dekedda labaad (16000) - ilaa hadda ma jiraan kiisaska noocaas ah laba toddobaad oo la isticmaalo (30) dadka).
Marka xigta waxaa yimaada faylka 1.rdp, kaas oo aan u habeyn karno mid qof kasta ama si gooni ah isticmaale kasta (taasi waa waxa aan sameeyay - way sahlan tahay in aan ku qaato 15 daqiiqo dheeraad ah dhowr saacadood oo la tasho kuwa aan garan karin)
screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomainMid ka mid ah goobaha xiisaha leh ee halkan ku yaal waa isticmaalka multimon: i: 1 - tan waxaa ku jira isticmaalka kormeerayaal badan - dadka qaarkiis waxay u baahan yihiin tan, laakiin uma malaynayaan inay naftooda u rogaan.
nooca isku xirka:i:6 iyo networkautodetect:i:0 -maadaama inta badan intarneetka uu ka sareeyo 10Mbit,kadib awood u yeelo nooca 6 (shabakad maxali ah 10 Mbit iyo wixii ka sareeya) oo dami networkautodetect,maadaama hadii uu default yahay (auto), ka dib xitaa naadirka yar ee yar ee latency Network wuxuu si toos ah u dejiyaa xawaaraha fadhigayaga xawaare hoose muddo dheer, kaas oo abuuri kara dib u dhac muuqda oo shaqada ah, gaar ahaan barnaamijyada sawirada.
dami wallpaper:i:1 - dami sawirka miiska
username:s:myuserlogin - waxaan ku tusin login isticmaalaha, maadaama qayb muhiim ah oo ka mid ah isticmaalayaashayadu aanay garanayn galitaanka
domain:s:mydomain - tilmaan domainka ama magaca kombiyuutarka
Laakin haddii aan rabno in aan fududeyno hawsha abuuritaanka habka isku xirka, waxaan sidoo kale isticmaali karnaa PowerShell - StartRDP.ps1
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890Sidoo kale wax yar oo ku saabsan macmiilka RDP ee Windows: MS wuxuu soo maray waddo dheer si uu u hagaajiyo borotokoolka iyo server-kiisa iyo qaybaha macmiilka, hirgelinta waxyaabo badan oo faa'iido leh - sida la shaqeynta 3D hardware, hagaajinta xallinta shaashadda ee kormeerahaaga, shaashado badan, iwm. Laakiin dabcan, wax walba waxaa lagu fuliyaa habka iswaafajinta gadaal iyo haddii macmiilku yahay Windows 7 iyo PC-ga fog waa Windows 10, markaa RDP waxay ku shaqeyn doontaa iyadoo la adeegsanayo nooca borotokoolka 7.0. Laakiin nasiib wanaag, waxaad u cusbooneysiin kartaa noocyada RDP noocyo cusub - tusaale ahaan, waxaad ka cusboonaysiin kartaa nooca borotokoolka 7.0 (Windows 7) ilaa 8.1. Sidaa darteed, si ay ugu habboonaato macaamiisha, waxaad u baahan tahay inaad sare u qaaddo noocyada qaybta server-ka, iyo sidoo kale inaad bixiso xiriirinta si aad u cusbooneysiiso noocyada cusub ee macaamiisha borotokoolka RDP.
Natiijo ahaan, waxaan haysanaa tignoolajiyad fudud oo ammaan ah oo loogu talagalay isku xirka fog ee kombuyutarka shaqada ama server-ka shaqada. Laakin si loo helo xiriir sugan, habka garaaca Dekedda waxa uu noqon karaa mid aad u adag in lagu weeraro dhowr amar oo baaxad leh, iyadoo lagu darayo dekedo si loo hubiyo - iyadoo la adeegsanayo caqli isku mid ah, waxaad ku dari kartaa 3,4,5,6 ... deked iyo Xaaladdan oo kale, faragelinta tooska ah ee shabakadaada waxay noqon doontaa mid aan macquul ahayn.
.
Source: www.habr.com