Nasasho yar ka dib waxaan ku laabaneynaa NSX. Maanta waxaan ku tusi doonaa sida loo habeeyo NAT iyo Firewall.
In tab Maamulka aad xaruntaada xogta farsamada - Khayraadka Cloud - Xogta-Xogta Farta ah.
Dooro tab Gateways Edge oo midigta ku dhufo NSX Edge la doonayo. Liiska soo muuqda, dooro ikhtiyaarka Edge Gateway Services. NSX Edge Control Panel wuxuu ku furmi doonaa tab gaar ah.
Dejinta xeerarka Firewall
Sida caadiga ah shayga xeerka caadiga ah ee gaadiidka soo galaya Doorashada Diidmada waa la doortay, i.e. Firewall-ku wuxuu xannibi doonaa dhammaan taraafikada.
Si aad ugu darto xeer cusub, dhagsii +. Gelin cusub ayaa la soo bixi doona magaca Xeer cusub. Wax ka beddel goobaheeda si waafaqsan shuruudahaaga.
In berrinka magaca Sharciga magac u bixi, tusaale ahaan Internetka.
In berrinka source Geli ciwaanada isha loo baahan yahay Adigoo isticmaalaya badhanka IP-ga, waxaad dejin kartaa hal ciwaan oo IP ah, dhawr cinwaan oo IP ah, CIDR.
Adigoo isticmaalaya badhanka + waxaad qeexi kartaa shay kale:
- Interfaces-ka Gateway Dhammaan shabakadaha gudaha (Gudaha), dhammaan shabakadaha dibadda (Dibadda) ama Mid kasta.
- Mashiinnada casriga ah. Waxaan ku xireynaa xeerarka mashiinka farsamada ee gaarka ah.
- Shabakadaha OrgVdc. Shabakadaha heerka ururka.
- Hababka IP Koox isticmaale oo horay loo sameeyay oo cinwaanada IP ah (oo lagu sameeyay shayga kooxaynta).
In berrinka Goob Tilmaan ciwaanka qaataha. Ikhtiyaarada halkan waxay la mid yihiin kuwa goobta Isha.
In berrinka Service waxaad dooran kartaa ama gacanta ku qeexi kartaa dekedda aad ku socoto (Destination Port), borotokoolka loo baahan yahay (Protocol), iyo dekedda soo dirida (Source Port). Guji Hayso.
In berrinka Action dooro tallaabada loo baahan yahay: oggolow ama diid gaadiidka u dhigma sharcigan.
Codso qaabeynta la geliyey adiga oo dooranaya Save isbedel.
Tusaalooyinka xeer
Xeerka 1 ee Firewall (Internetka) Waxay u ogolaataa gelitaanka internetka iyada oo loo marayo borotokool kasta oo loo maro server leh IP 192.168.1.10.
Xeerka 2 ee Firewall (Web-server) Waxay ogolaataa in laga galo internetka iyada oo loo marayo (TCP protocol, port 80) iyada oo loo marayo ciwaanka dibadda. Xaaladdan oo kale - 185.148.83.16:80.
dejinta NAT
NAT (Tarjumaadda Cinwaanka Shabakadda) - tarjumaada ciwaannada IP-ga gaarka ah (cawlan) kuwa dibadda (caddaan), iyo lidkeeda. Iyadoo loo marayo habkan, mashiinka farsamada wuxuu helayaa gelitaanka internetka. Si loo habeeyo habkan, waxaad u baahan tahay inaad habayso xeerarka SNAT iyo DNAT.
Muhiim! NAT kaliya waxay shaqeysaa marka Firewall-ku shaqeeyo oo sharciyada oggolaanshaha ku habboon la habeeyo.
Samee xeer SNAT. SNAT (Turjumaada Ciwaanka Shabakadda Isha) waa hab nuxurkiisu yahay in la beddelo ciwaanka isha marka xidhmo la dirayo.
Marka hore waxaan u baahanahay inaan ogaano ciwaanka IP-ga dibadda ah ama tirada cinwaannada IP-ga ee noo diyaarsan. Si tan loo sameeyo, tag qaybta Maamulka oo laba jeer guji xarunta xogta farsamada. In the settings menu soo muuqda, aad tab tab Kadinka Edges. Dooro NSX Edge ee la rabo oo ku dhufo midig. Dooro ikhtiyaar Guryaha.
Daaqada soo muuqata, ee tab Sub-Qaybta Barkadaha IP Waxaad arki kartaa ciwaanka IP-ga dibadda ah ama tirada cinwaannada IP-ga. Qor ama xasuuso.
Marka xigta, midig-guji NSX Edge. Liiska soo muuqda, dooro ikhtiyaarka Edge Gateway Services. Oo waxaan ku soo laabannay guddiga kontoroolka NSX Edge.
Daaqada soo muuqata, fur NAT tab oo guji Add SNAT.
Daaqadda cusub waxaan ku muujineynaa:
- gudaha Applied on field - shabakad dibadda ah (ma aha shabakad heer-urur ah!);
- Isha asalka ah IP/kala duwan - kala duwanaanta ciwaanka gudaha, tusaale ahaan, 192.168.1.0/24;
- Isha la turjumay ee IP/range β ciwaanka dibadda ee intarneedka laga gelayo oo aad ka eegtay tab-hoosaadka IP Pools.
Guji Hayso.
Samee xeerka DNAT DNAT waa hab beddela ciwaanka loo socdo ee baakidhka iyo sidoo kale dekedda lagu socdo. Loo isticmaalo in baakooyinka ka soo gala ciwaanka/dekedda dibadda looga jiheeyo loona gudbiyo ciwaanka IP-ga gaarka ah/deked ku dhex taal shabakad gaar ah.
Dooro tab NAT oo guji Add DNAT.
Daaqada soo muuqata, sheeg:
- gudaha goobta lagu codsado - shabakad dibadda ah (ma aha shabakad heer-urur ah!);
- IP asalka ah / kala duwan - ciwaanka dibadda (cinwaanka ka hoose-Qaybta IP Pools tab);
- Protocol - borotokool;
Dekadda asalka ah - deked loogu talagalay ciwaanka dibadda;
- IP/kala duwan oo la turjumay - ciwaanka IP gudaha, tusaale ahaan, 192.168.1.10
Deked la turjumay β deked loogu talagalay ciwaanka gudaha kaas oo dekedda ciwaanka dibadda loo tarjumi doono.
Guji Hayso.
Codso qaabeynta la geliyey adiga oo dooranaya Save isbedel.
Done.
Safka xiga ayaa ah tilmaamaha DHCP, oo ay ku jiraan dejinta DHCP Bindings iyo Relay.
Source: www.habr.com