Amanqaku okwenene azalwa kwiileta ukuya kwinkxaso yobugcisa beTucha. Ngokomzekelo, umxhasi usandul 'ukuza kuthi ngesicelo sokucacisa oko kwenzekayo ngexesha lokudibanisa ngaphakathi kwe-tunnel ye-VPN phakathi kweofisi yomsebenzisi kunye ne-cloud environment, kunye nangexesha lokudibanisa ngaphandle kwe-tunnel ye-VPN. Ke ngoko, yonke isicatshulwa esingezantsi yileta yokwenyani esiyithumele komnye wabathengi bethu ukuphendula umbuzo wakhe. Ngokuqinisekileyo, iidilesi ze-IP zatshintshwa ukuze ungafihli igama lomxhasi. Kodwa, ewe, inkxaso yezobugcisa ye-Tucha idume ngokwenene ngeempendulo zayo ezineenkcukacha kunye nee-imeyile ezifundisayo. π
Ewe kunjalo, siyaqonda ukuba kwabaninzi eli nqaku aliyi kuba sisityhilelo. Kodwa, ekubeni amanqaku abalawuli be-novice evela kuHabr amaxesha ngamaxesha, kwaye njengoko eli nqaku livela kwileta yokwenyani ukuya kumxhasi wokwenyani, siya kuhlala sabelane ngolu lwazi apha. Kukho amathuba aphezulu okuba iya kuba luncedo kumntu.
Ke ngoko, sichaza ngokweenkcukacha okwenzekayo phakathi komncedisi efini kunye neofisi ukuba ziqhagamshelwe yi-site-to-site network. Qaphela ukuba ezinye iinkonzo zifumaneka kuphela kwiofisi, kwaye ezinye zifumaneka naphi na kwi-Intanethi.
Masichaze ngokukhawuleza ukuba umxhasi wethu wayefuna ntoni kumncedisi 192.168.A.1 unokuvela naphi na nge-RDP, uqhagamshela ku AAA2:13389, kunye nokufikelela kwezinye iinkonzo kuphela kwiofisi (192.168.B.0/24)iqhagamshelwe ngeVPN. Kwakhona, umxhasi ekuqaleni wayeyilungiselele ukuba imoto 192.168.B.2 e-ofisini kwakunokwenzeka ukuba kusetyenziswe i-RDP naphi na, ukuqhagamshela BBB1:11111. Sincede ukuququzelela uxhulumaniso lwe-IPSec phakathi kwefu kunye neofisi, kwaye ingcali ye-IT yomthengi yaqala ukubuza imibuzo malunga nokuba kuya kwenzeka ntoni kule nto okanye loo meko. Ukuphendula yonke le mibuzo, thina, enyanisweni, sambhalela yonke into onokuyifunda ngezantsi.
Ngoku makhe sijonge ezi nkqubo ngokubanzi.
Indawo enye
Xa into ithunyelwa ukusuka 192.168.B.0/24 Π² 192.168.A.0/24 okanye ukusuka 192.168.A.0/24 Π² 192.168.B.0/24, ingena kwiVPN. Oko kukuthi, le ipakethi iguqulelwe ngokufihlakeleyo kwaye idluliselwe phakathi BBB1 ΠΈ AAA1kodwa 192.168.A.1 ibona ipakethe ngqo ukusuka 192.168.B.1. Banokunxibelelana omnye nomnye ngokusebenzisa nayiphi na iprotocol. Iimpendulo zokubuya zihanjiswa ngendlela efanayo nge-VPN, oku kuthetha ukuba ipakethi evela 192.168.A.1 kuba 192.168.B.1 iya kuthunyelwa njenge datagram ye ESP ukusuka AAA1 phezu BBB1, apho i-router iya kutyhila ngapha nangapha, khupha ipakethi kuyo kwaye uyithumele kuyo 192.168.B.1 njengephakheji evela 192.168.A.1.
Umzekelo othile:
1) 192.168.B.1 izibheno ku 192.168.A.1, ifuna ukuseka uqhagamshelwano lwe-TCP nge 192.168.A.1:3389;
2) 192.168.B.1 ithumela isicelo soqhagamshelo ukusuka 192.168.B.1:55555 (ukhetha inombolo yezibuko yengxelo ngokwakhe; emva koku siya kusebenzisa inani 55555 njengomzekelo wenombolo yezibuko ekhethwa yinkqubo xa isenza udibaniso lweTCP) kwi. 192.168.A.1:3389;
3) inkqubo yokusebenza esebenza kwikhompyuter enedilesi 192.168.B.1, ithatha isigqibo sokuthumela le pakethi kwidilesi yesango lomzila (192.168.B.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi 192.168.A.1, ayinayo, ngoko ke, ihambisa ipakethi ngendlela engagqibekanga (0.0.0.0/0);
4) kule nto izama ukufumana idilesi ye-MAC yedilesi ye-IP 192.168.B.254 kwi ARP protocol cache table. Ukuba ayibonwa, ithumela isuka kwidilesi 192.168.B.1 kusasaza ukuba ngubani-onesicelo kuthungelwano 192.168.B.0/24. Xa 192.168.B.254 ekuphenduleni, ithumela idilesi yayo ye-MAC, inkqubo idlulisela ipakethe ye-Ethernet kuyo kwaye ifaka le ngcaciso kwitafile ye-cache;
5) i-router ifumana le pakethi kwaye ithatha isigqibo sokuba ingayithumela phi: inomgaqo-nkqubo obhaliweyo ngokubhekiselele kuyo kufuneka ithumele zonke iipakethi phakathi. 192.168.B.0/24 ΠΈ 192.168.A.0/24 ukudluliselwa phezu koqhagamshelwano lweVPN phakathi BBB1 ΠΈ AAA1;
6) i-router ivelisa i-datagram ye-ESP ukusuka BBB1 phezu AAA1;
7) i-router ithatha isigqibo sokuba ngubani oza kuthumela le pakethi kuye, ayithumele kuye, athi, BBB254 (isango le-ISP) kuba kukho iindlela ezithe ngqo eziya AAA1, kuno-0.0.0.0/0, ayinayo;
8) kanye njengokuba sele kukhankanyiwe, ifumana idilesi ye-MAC BBB254 kwaye ithumela ipakethe kwisango le-ISP;
I-9) Ababoneleli be-intanethi bahambisa i-datagram ye-ESP ukusuka BBB1 phezu AAA1;
10) i-router ebonakalayo ivuliwe AAA1 ifumana le datagram, iyikhuphele kwaye ifumane ipakethi kuyo 192.168.B.1:55555 kuba 192.168.A.1:3389;
I-11) i-router ebonakalayo ihlola ukuba ngubani oza kuyidlulisela kuye, ifumana inethiwekhi kwitafile yomzila 192.168.A.0/24 kwaye uyithumele ngqo ku 192.168.A.1, kuba inojongano 192.168.A.254/24;
12) kule nto, i-router ebonakalayo ifumana idilesi ye-MAC 192.168.A.1 kwaye idlulisela le pakethi kuye ngenethiwekhi ye-Ethernet enenyani;
13) 192.168.A.1 ifumana le pakethi kwi-port 3389, iyavuma ukuseka uqhagamshelwano kwaye yenza ipakethi ekuphenduleni 192.168.A.1:3389 phezu 192.168.B.1:55555;
14) inkqubo yakhe idlulisela le pakethi kwidilesi yesango yerutha yenyani (192.168.A.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi 192.168.B.1, ayinayo, ngoko ke, kufuneka idlulise ipakethi ngendlela engagqibekanga (0.0.0.0/0);
15) ngokufanayo nakwiimeko zangaphambili, inkqubo esebenza kumncedisi enedilesi 192.168.A.1, ifumana idilesi ye-MAC 192.168.A.254, kuba ikwinethiwekhi efanayo kunye nojongano lwayo 192.168.A.1/24;
I-16) i-router enenyani ifumana le pakethi kwaye ithatha isigqibo sokuba ingayithumela phi: inomgaqo-nkqubo obhaliweyo malunga nokuba kufuneka ithumele zonke iipakethi phakathi kwayo. 192.168.A.0/24 ΠΈ 192.168.B.0/24 ukudluliselwa phezu koqhagamshelwano lweVPN phakathi AAA1 ΠΈ BBB1;
17) i-router ebonakalayo ivelisa i-datagram ye-ESP ukusuka AAA1 kuba BBB1;
18) i-router ebonakalayo ithatha isigqibo sokuba ngubani oza kuthumela le pakethi kuye, ayithumele kuyo AAA254 (Isango le-ISP, kule meko, nathi nathi), kuba kukho iindlela ezithe ngqo zokuya BBB1, kuno-0.0.0.0/0, ayinayo;
I-19) Ababoneleli be-intanethi bahambisa i-datagram ye-ESP kwiinethiwekhi zabo kunye AAA1 phezu BBB1;
20) i-router ivuliwe BBB1 ifumana le datagram, iyikhuphele kwaye ifumane ipakethi kuyo 192.168.A.1:3389 kuba 192.168.B.1:55555;
21) uyaqonda ukuba kufuneka idluliselwe ngokuthe ngqo 192.168.B.1, ekubeni ekuthungelwano olufanayo kunye naye, ngoko ke, unokungena okuhambelanayo kwitafile yomzila, nto leyo emnyanzelayo ukuba athumele iipakethi zayo yonke. 192.168.B.0/24 ngqo;
22) i-router ifumana idilesi ye-MAC 192.168.B.1 aze amnike le phakheji;
23) inkqubo yokusebenza kwikhompyuter enedilesi 192.168.B.1 ifumana ipakethe evela 192.168.A.1:3389 kuba 192.168.B.1:55555 kwaye iqalise amanyathelo alandelayo ukuseka uxhumano lwe-TCP.
Lo mzekelo ngokufutshane kwaye lula (kwaye apha ungakhumbula iqela lezinye iinkcukacha) uchaza okwenzekayo kumanqanaba 2-4. Amanqanaba 1, 5-7 awaqwalaselwa.
Isikhundla sesibini
Ukuba nge 192.168.B.0/24 into ithunyelwa ngokuthe ngqo kuyo AAA2, ayiyi kwiVPN, kodwa ngokuthe ngqo. Oko kukuthi, ukuba umsebenzisi evela kwidilesi 192.168.B.1 izibheno ku AAA2:13389, le pakethi ivela kwidilesi BBB1, idlula AAA2, kwaye emva koko i-router iyayifumana kwaye iyithumele kuyo 192.168.A.1. 192.168.A.1 andazi nto ngayo 192.168.B.1, ubona ipakethe evela BBB1, ngokuba wamfumana. Ngoko ke, impendulo yesi sicelo ilandela indlela eqhelekileyo, ivela kwidilesi ngendlela efanayo AAA2 kwaye uya ku BBB1, kwaye loo router ithumela le mpendulo kuyo 192.168.B.1, ubona impendulo evela AAA2, lowo wayethetha naye.
Umzekelo othile:
1) 192.168.B.1 izibheno ku AAA2, ifuna ukuseka uqhagamshelwano lwe-TCP nge AAA2:13389;
2) 192.168.B.1 ithumela isicelo soqhagamshelo ukusuka 192.168.B.1:55555 (eli nani, njengakumzekelo odlulileyo, linokwahluka) kwi AAA2:13389;
3) inkqubo yokusebenza esebenza kwikhompyuter enedilesi 192.168.B.1, ithatha isigqibo sokuthumela le pakethi kwidilesi yesango lomzila (192.168.B.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi AAA2, ayinayo, oku kuthetha ukuba ihambisa ipakethi ngendlela engagqibekanga (0.0.0.0/0);
4) kule nto, njengoko sitshilo kumzekelo wangaphambili, izama ukufumana idilesi ye-MAC yedilesi ye-IP 192.168.B.254 kwi ARP protocol cache table. Ukuba ayibonwa, ithumela isuka kwidilesi 192.168.B.1 kusasaza ukuba ngubani-onesicelo kuthungelwano 192.168.B.0/24. Xa 192.168.B.254 ekuphenduleni, ithumela idilesi yayo ye-MAC, inkqubo idlulisela ipakethe ye-Ethernet kuyo kwaye ifaka le ngcaciso kwitafile ye-cache;
5) i-router ifumana le ipakethe kwaye inqume ukuba ingayithumela phi: inomgaqo-nkqubo obhaliweyo ngokubhekiselele kuyo kufuneka idlulisele (ukutshintsha idilesi yokubuyisela) zonke iipakethi ezivela kuyo. 192.168.B.0/24 kwezinye iindawo ze-Intanethi;
6) ekubeni lo mgaqo-nkqubo uthetha ukuba idilesi yokubuyisela kufuneka ihambelane nedilesi ephantsi kwi-interface apho le pakethi iya kuhanjiswa khona, i-router kuqala inquma ukuba ngubani kanye kanye oza kuthumela le pakethi kuye, kwaye yena, njengoko kumzekelo wangaphambili, kufuneka ayithumele. ukuya BBB254 (isango le-ISP) kuba kukho iindlela ezithe ngqo eziya AAA2, kuno-0.0.0.0/0, ayinayo;
7) ngoko ke, i-router ithatha indawo yedilesi yokubuyisela ipakethi, ukususela ngoku ipakethi ivela BBB1:44444 (inombolo yezibuko, ngokuqinisekileyo, inokuba yahlukile) ukuya AAA2:13389;
8) i-router ikhumbula oko yakwenzayo, oku kuthetha nini AAA2:13389 ΠΊ BBB1:44444 impendulo ifika, uya kwazi ukuba kufuneka atshintshe idilesi yendawo kunye ne-port 192.168.B.1:55555.
9) ngoku i-router kufuneka idlulise kwinethiwekhi ye-ISP nge BBB254kungoko, njengoko sele sitshilo, ifumana idilesi ye-MAC BBB254 kwaye ithumela ipakethe kwisango le-ISP;
10) Ababoneleli be-Intanethi bahambisa iipakethi ukusuka BBB1 phezu AAA2;
11) i-router ebonakalayo ivuliwe AAA2 ifumana le pakethi kwi-port 13389;
12) kukho umthetho kwirutha enenyani echaza ukuba iipakethi ezifunyenwe kuye nawuphi na umthumeli kweli zibuko kufuneka zithunyelwe 192.168.A.1:3389;
13) i-router ebonakalayo ifumana inethiwekhi kwitafile yomzila 192.168.A.0/24 kwaye uyithumele ngokuthe ngqo 192.168.A.1 kuba inojongano 192.168.A.254/24;
14) kule nto, i-router ebonakalayo ifumana idilesi ye-MAC 192.168.A.1 kwaye idlulisela le pakethi kuye ngenethiwekhi ye-Ethernet enenyani;
15) 192.168.A.1 ifumana le pakethi kwi-port 3389, iyavuma ukuseka uqhagamshelwano kwaye yenza ipakethi ekuphenduleni 192.168.A.1:3389 phezu BBB1:44444;
16) inkqubo yakhe idlulisela le pakethi kwidilesi yesango yerutha yenyani (192.168.A.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi BBB1, ayinayo, ngoko ke, kufuneka idlulise ipakethi ngendlela engagqibekanga (0.0.0.0/0);
17) ngokufana nqwa nakwezi meko zangaphambili, inkqubo esebenza kumncedisi enedilesi 192.168.A.1, ifumana idilesi ye-MAC 192.168.A.254, kuba ikwinethiwekhi efanayo kunye nojongano lwayo 192.168.A.1/24;
18) i-router ebonakalayo ifumana le pakethi. Kufuneka kuqatshelwe ukuba ukhumbula oko wafumana kuyo AAA2:13389 ipakethe ukusuka BBB1:44444 kwaye watshintsha idilesi yomamkeli kunye nezibuko ukuya 192.168.A.1:3389, ke ngoko, ipakethe evela 192.168.A.1:3389 kuba BBB1:44444 itshintsha idilesi yomthumeli kuye AAA2:13389;
19) i-router ebonakalayo ithatha isigqibo sokuba ngubani oza kuthumela le pakethi kuye, eyithumela kuyo AAA254 (Isango le-ISP, kule meko, nathi nathi), kuba kukho iindlela ezithe ngqo zokuya BBB1, kuno-0.0.0.0/0, ayinayo;
20) Ababoneleli be-Intanethi bahambisa ipakethi nge AAA2 phezu BBB1;
21) i-router ivuliwe BBB1 ufumana le packet kwaye ukhumbule ukuba xa wathumela ipakethi ukusuka 192.168.B.1:55555 kuba AAA2:13389, watshintsha idilesi yakhe kunye nomthumeli wezibuko BBB1:44444, ke le yimpendulo ekufuneka ithunyelwe kuyo 192.168.B.1:55555 (eneneni, kukho iitshekhi ezininzi apho, kodwa asingeni nzulu kuloo nto);
22) uyaqonda ukuba kufuneka idluliselwe ngokuthe ngqo 192.168.B.1, ekubeni ekuthungelwano olufanayo kunye naye, ngoko ke, unokungena okuhambelanayo kwitafile yomzila, nto leyo emnyanzelayo ukuba athumele iipakethi zayo yonke. 192.168.B.0/24 ngqo;
23) i-router ifumana idilesi ye-MAC 192.168.B.1 aze amnike le phakheji;
24) inkqubo yokusebenza kwikhompyuter enedilesi 192.168.B.1 ifumana ipakethe evela AAA2:13389 kuba 192.168.B.1:55555 kwaye iqalise amanyathelo alandelayo ukuseka uxhumano lwe-TCP.
Kufuneka kuqatshelwe ukuba kule meko ikhomputha enedilesi 192.168.B.1 akazi nto malunga nomncedisi ngedilesi 192.168.A.1, unxibelelana naye kuphela AAA2. Ngokufanayo, iseva enedilesi 192.168.A.1 akazi nto malunga nekhompyuter enedilesi 192.168.B.1. Ukholelwa ukuba uqhagamshelwe kwidilesi BBB1, kwaye akukho nto yimbi ayaziyo.
Kufuneka kwakhona kuqatshelwe ukuba le khompyutha iyafikelela AAA2:1540, umdibaniso awuyi kusekwa kuba uxhulumaniso logqithiso kwizibuko 1540 alubumbekelwanga kwirutha yenyani, nokuba nakweyiphi na abancedisi kumsebenzi womnatha wenyani. 192.168.A.0/24 (umzekelo, kwiseva enedilesi 192.168.A.1) kwaye kukho ezinye iinkonzo ezilinde uqhagamshelo kweli zibuko. Ukuba umsebenzisi wekhompyuter enedilesi 192.168.B.1 Kunyanzelekile ukuseka uqhagamshelo kule nkonzo, kufuneka isebenzise i-VPN, okt. qhagamshelana ngqo 192.168.A.1:1540.
Kufuneka kugxininiswe ukuba nayiphi na inzame yokuseka unxibelelwano kunye AAA1 (ngaphandle koqhagamshelo lwe-IPSec olusuka kwi BBB1 ayiyi kuphumelela. Naziphi na iinzame zokuseka uqhagamshelwano ne AAA2, ngaphandle koqhagamshelo kwi-port 13389, nayo ayiyi kuphumelela.
Kwakhona siphawula ukuba ukuba AAA2 Ukuba omnye umntu uyasebenza (umzekelo, iCCCC), yonke into eboniswe kwisiqendu 10-20 iya kusebenza nakuye. Kwenzeka ntoni ngaphambi nangemva koku kuxhomekeke ekubeni yintoni kanye kanye esemva kwale CCCC Asinalo ulwazi olunjalo, ngoko sikucebisa ukuba udibane nabalawuli bendawo ngedilesi yeCCCC.
Isikhundla sesithathu
Kwaye, ngokuchaseneyo, ukuba kunye 192.168.A.1 into ithunyelwa kwelinye izibuko elilungiselelwe ukuba ligqithise ngaphakathi kwi-BBB1 (umzekelo, i-11111), nayo ayipheleli kwi-VPN, kodwa iphuma ngokulula. AAA1 kwaye ingena BBB1, kwaye sele eyidlulisa kwenye indawo, athi, 192.168.B.2:3389. Uyabona le phakheji ayiveli 192.168.A.1, kwaye ukusuka AAA1. Kwaye nini 192.168.B.2 iimpendulo, ipakethe ivela BBB1 phezu AAA1, kwaye kamva ifika kumqalisi womdibaniso - 192.168.A.1.
Umzekelo othile:
1) 192.168.A.1 izibheno ku BBB1, ifuna ukuseka uqhagamshelwano lwe-TCP nge BBB1:11111;
2) 192.168.A.1 ithumela isicelo soqhagamshelo ukusuka 192.168.A.1:55555 (eli nani, njengakumzekelo odlulileyo, linokwahluka) kwi BBB1:11111;
3) inkqubo yokusebenza esebenza kwiseva enedilesi 192.168.A.1, ithatha isigqibo sokuthumela le pakethi kwidilesi yesango lomzila (192.168.A.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi BBB1, ayinayo, ngoko ke, ihambisa ipakethi ngendlela engagqibekanga (0.0.0.0/0);
4) kule nto, njengoko sichazile kwimizekelo yangaphambili, izama ukufumana idilesi ye-MAC yedilesi ye-IP 192.168.A.254 kwi ARP protocol cache table. Ukuba ayibonwa, ithumela isuka kwidilesi 192.168.A.1 kusasaza ukuba ngubani-onesicelo kuthungelwano 192.168.A.0/24. Xa 192.168.A.254 ekuphenduleni, umthumelela idilesi yakhe ye-MAC, inkqubo idlulisela ipakethe ye-Ethernet kuyo kwaye ifaka le ngcaciso kwitafile yayo ye-cache;
5) i-router ebonakalayo ifumana le ipakethe kwaye ithatha isigqibo sokuba ingayithumela phi: inomgaqo-nkqubo obhaliweyo ngokubhekiselele kuyo kufuneka idlulisele (ukutshintsha idilesi yokubuyisela) zonke iipakethi ezivela 192.168.A.0/24 kwezinye iindawo ze-Intanethi;
6) ekubeni lo mgaqo-nkqubo ucinga ukuba idilesi yokubuyisela kufuneka ihambelane nedilesi ephantsi kwi-interface apho le pakethi iya kuhanjiswa, i-router ebonakalayo ithatha isigqibo sokuba ngubani kanye kanye oza kuthumela le pakethi kuye, kwaye yena, njengoko kumzekelo wangaphambili, kufuneka athumele. qhubeka AAA254 (Isango le-ISP, kule meko, nathi nathi), kuba kukho iindlela ezithe ngqo zokuya BBB1, kuno-0.0.0.0/0, ayinayo;
7) oku kuthetha ukuba i-router ebonakalayo ithatha indawo yedilesi yokubuyisela yepakethi, ukususela ngoku iipakethi evela. AAA1:44444 (inombolo yezibuko, ngokuqinisekileyo, inokuba yahlukile) ukuya BBB1:11111;
8) i-router ebonakalayo ikhumbula into eyenzileyo, ngoko ke, xa ivela BBB1:11111 kuba AAA1:44444 impendulo ifika, uya kwazi ukuba kufuneka atshintshe idilesi yendawo kunye ne-port 192.168.A.1:55555.
9) ngoku i-router ebonakalayo kufuneka idlulise kwinethiwekhi ye-ISP nge AAA254, njengoko besesitshilo, ifumana idilesi ye-MAC AAA254 kwaye ithumela ipakethe kwisango le-ISP;
10) Ababoneleli be-Intanethi bahambisa iipakethi ukusuka AAA1 ukuya kwi-BBB1;
11) i-router ivuliwe BBB1 ifumana le pakethi kwi-port 11111;
12) kukho umgaqo kwirutha enenyani echaza ukuba iipakethi ezifikile zivela kuye nawuphi na umthumeli kweli zibuko kufuneka zithunyelwe 192.168.B.2:3389;
13) i-router ifumana inethiwekhi kwitafile yomzila 192.168.B.0/24 kwaye uyithumele ngqo ku 192.168.B.2, kuba inojongano 192.168.B.254/24;
14) kule nto, i-router ebonakalayo ifumana idilesi ye-MAC 192.168.B.2 kwaye idlulisela le pakethi kuye ngenethiwekhi ye-Ethernet enenyani;
15) 192.168.B.2 ifumana le pakethi kwi-port 3389, iyavuma ukuseka uqhagamshelwano kwaye yenza ipakethi ekuphenduleni 192.168.B.2:3389 phezu AAA1:44444;
16) inkqubo yakhe idlulisela le ipakethi kwidilesi yesango lomzila (192.168.B.254 kwimeko yethu), kuba ezinye, iindlela ezithe ngqo ngakumbi AAA1, ayinayo, ngoko ke, kufuneka idlulise ipakethi ngendlela engagqibekanga (0.0.0.0/0);
17) ngendlela efanayo nakwiimeko zangaphambili, inkqubo esebenza kwikhompyuter enedilesi 192.168.B.2, ifumana idilesi ye-MAC 192.168.B.254, kuba ikwinethiwekhi efanayo kunye nojongano lwayo 192.168.B.2/24;
18) i-router ifumana le pakethi. Kufuneka kuqatshelwe ukuba ukhumbula oko wafumana kuyo BBB1:11111 ipakethe ukusuka AAA1 kwaye watshintsha idilesi yomamkeli kunye nezibuko ukuya 192.168.B.2:3389, ke ngoko, ipakethe evela 192.168.B.2:3389 kuba AAA1:44444 itshintsha idilesi yomthumeli kuye BBB1:11111;
19) umzila uthatha isigqibo sokuba ngubani oza kuthumela le pakethi. Uyayithumela kuye, athi, BBB254 (Isango le-ISP, eyona dilesi esingayaziyo), kuba azisekho iindlela ezithe ngqo ukuya AAA1, kuno-0.0.0.0/0, ayinayo;
20) Ababoneleli be-Intanethi bahambisa ipakethi nge BBB1 phezu AAA1;
21) i-router ebonakalayo ivuliwe AAA1 ufumana le packet kwaye ukhumbule ukuba xa wathumela ipakethi ukusuka 192.168.A.1:55555 kuba BBB1:11111, watshintsha idilesi yakhe kunye nomthumeli wezibuko AAA1:44444. Oku kuthetha ukuba le yimpendulo ekufuneka ithunyelwe kuyo 192.168.A.1:55555 (enyanisweni, njengoko besitshilo kumzekelo wangaphambili, kukho nezinye iitshekhi ezininzi, kodwa ngeli xesha asingeni nzulu nazo);
22) uyaqonda ukuba kufuneka idluliselwe ngokuthe ngqo 192.168.A.1, ekubeni ekuthungelwano olufanayo kunye naye, oko kuthetha ukuba unongeniso oluhambelanayo kwitafile yomzila enyanzelisa ukuba athumele iipakethi kuyo yonke. 192.168.A.0/24 ngqo;
23) i-router ifumana idilesi ye-MAC 192.168.A.1 aze amnike le phakheji;
24) inkqubo yokusebenza kumncedisi ngedilesi 192.168.A.1 ifumana ipakethe evela BBB1:11111 ye 192.168.A.1:55555 kwaye iqalise amanyathelo alandelayo ukuseka uxhumano lwe-TCP.
Ngokuchanekileyo njengakwimeko yangaphambili, kulo mzekelo umncedisi onedilesi 192.168.A.1 akazi nto malunga nekhompyuter enedilesi 192.168.B.1, unxibelelana naye kuphela BBB1. Ikhompyuter enedilesi 192.168.B.1 kwaye akazi nto malunga nomncedisi ngedilesi 192.168.A.1. Ukholelwa ukuba uqhagamshelwe kwidilesi AAA1, yaye okuseleyo kufihlakele kuye.
isiphelo
Yile ndlela yonke into eyenzekayo ukudibanisa ngaphakathi kwi-tunnel ye-VPN phakathi kweofisi yomthengi kunye ne-cloud environment, kunye nokudibanisa ngaphandle kwe-tunnel ye-VPN. Kwaye ukuba unayo nayiphi na imibuzo okanye ufuna uncedo lwethu ekusombululeni iingxaki zamafu,
umthombo: www.habr.com