Xa ujongene nombuzo kunye nekhefu kwinani elikhulu lamaxwebhu, zama ukulungelelanisa nokubhala oko ufunde ukukhumbula kakuhle. Kwaye wenze imiyalelo kulo mba ukuze ungaphinde uhambe kuyo yonke indlela kwakhona.
Amaxwebhu entsusa afumaneka ngobuninzi e
ΠΡ ΡΠ Β° Β°
Umxhasi ufuna ukudibanisa iiseva ezininzi eziqeshiweyo kuthungelwano olunye ukuze asuse imfuneko yokuhlawula ii-subnets ezongezelelweyo, ukuxhoma indlu yakhe yonke ngasemva kwe-router, anike iidilesi zendawo kubo, kwaye akhuselwe ngumlilo. Ukuze zonke iinkonzo zetrafikhi ziqhube ngaphakathi kweVLAN. Ngaphezu koko, hambisa oomatshini benyani ukusuka kwiseva endala ukuya kwentsha kwaye uyishiye, uphucule ihardware endala oyisebenzisayo kwaye kwangaxeshanye uye kwiProxmox entsha.
Ekuqaleni, umxhasi unamaseva e-5, nganye ine-subnet eyongezelelweyo, idilesi yokuqala evela kwi-subnet ezinikeleyo inikezelwa kwibhuloho eyongezelelweyo kwiProxmox.
Kwangaxeshanye, ii-VMs zisebenza kwi-Windows kwaye zinedilesi 85.xx177/29 elungiselelwe ngesango 85.xx176
Kwaye zonke iiseva ezi-5 ezinoomatshini bazo benyani ziqwalaselwe ngendlela efanayo.
Kuyahlekisa ukuba olu lungelelwaniso luphosakele ekusekweni komsebenzi womnatha ngokomgaqo; sebenzisa idilesi yenethiwekhi kwindawo yokuqala kwaye okufanayo kwisango. Ukuba uzama ukwenza olu qwalaselo kumatshini wenyani ku-Ubuntu, inethiwekhi ayisebenzi.
β
Ukuphunyezwa
- Senza i-vSwitch kwi-interface, sinikeze iVlanID kuyo, kwaye songeze le vSwitch kuzo zonke iiseva esizifunayo.
- Senza umncedisi wokuvavanya ukuze sikwazi ukuseta kwaye sihambe ngaphandle kweengxaki.
Siphakamisa umatshini wokuqala onenyani chr ngo .
Ukuba usebenzisa iskripthi esingentla, nceda uqaphele ukuba kuqala ijonga ubukho be- -d / ingcambu / ulawulo lwexesha, kwaye ukuba alukho, i / ikhaya / ingcambu / ulawulo lwexesha luyenziwa, kodwa umsebenzi owongezelelweyo usaqhutywa. ngaphandle nge/root/temp directory. Iskripthi kufuneka silungiswe ukwenza uvimba weefayili ofanelekileyo.
- Ukumisela inethiwekhi yeProxmox.
Songeza i-subinterface enenombolo yeVLAN, ebonisa ukuba iidilesi ziya kuqwalaselwa kwiibhulorho usebenzisa i-inet manual. KUBALULEKILEYO. Awunako ukuqwalasela iidilesi ze IP kujongano oya kuthi emva koko uquke kwibhulorho, ukuba oku kuya kusebenza njani kwaye nokuba iyakusebenza ingaziwa nakubani na.
Emva koko, sakha ibhulorho i-vmbr0 - kwaye unamathisele kuyo idilesi yokuqala yomncedisi ngokwawo, esinike yona ngababoneleli be-Hetzner, bonisa izibuko lebhulorho - ujongano lokuqala lomzimba ngaphandle kweVLAN, kwaye ucacise ngomyalelo owongezelelweyo ukongeza. yendlela eya kwinethiwekhi yethu eyongezelelweyo, eyalelwe kwi-Hetzner kulo mncedisi ngale bhulorho. Ukongeza umzila kuya kusebenza xa ujongano lusiya phezulu.
Ibhulorho yesibini iya kuba yi-interface yethu yetrafikhi yendawo, songeza idilesi kuyo ukufumana unxibelelwano phakathi kweeseva ezahlukeneyo zeProxmox kwinethiwekhi yendawo ngaphandle kokufikelela kwi-Intanethi kwaye ichaze i-port njenge-subinterface eno1.4000, eyabelwe iVlanID yethu.
Ngexesha lokuseta kokuqala, ufumana ingcebiso yokuba ungafaka iphakheji eyongezelelweyo ifupdown2 yeProxmox kwaye akufuneki uqalise kwakhona iseva yonke ukuba kukho utshintsho kunxibelelwano lwenethiwekhi. Nangona kunjalo, oku kuqhelekile kuphela kulungiselelo lokuqala, kwaye xa usebenzisa iibhulorho kunye nokuseta oomatshini benyani, uhlangabezana neengxaki ngokusilela kwenethiwekhi koomatshini benyani. Ngaphandle kwento yokuba uhlele, umzekelo, ujongano lwe-vmbr2, kwaye xa ufaka uqwalaselo, inethwekhi iyawa kuzo zonke iindawo zangaphakathi kwaye ayibuyiseli de iseva iqaliswe ngokupheleleyo. ifdown&&ifup ayincedi. Ukuba nabani na unesisombululo, ndingabulela.
Ujongano lokuqala oluqwalaselweyo kumncedisi luhlala lusebenza kwaye lufikeleleka.
-
Ukwabiwa kwedilesi ye-CHR ukuze ingaphulukani needilesi equleni
Idama leedilesi eziveliswa nguHetzner likhangeleka lingaqhelekanga kumnatha womnatha, into enje:
Into engaqhelekanga kukuba isango licebisa ukusebenzisa idilesi yalo yomncedisi wenyama.
Inketho yeklasikhi ecetywayo nguHetzner ngokwakhe ibonakaliswe kwinkcazo yengxaki kwaye yaphunyezwa ngumxhasi ngokuzimeleyo. Kolu khetho, umxhasi ulahlekelwa yidilesi yokuqala kwidilesi yenethiwekhi, idilesi yesibini kwibhulorho yeproxmox kwaye iya kuba lisango, kunye nedilesi yokugqibela yokusasazwa. IPv4 iidilesi azinamsebenzi. Ukuba uzama ngokuthe ngqo ukubhalisa idilesi ye-IP 136.x.x.177/29 kunye nesango le-0.0.0.0/0 148.x.x.165 kwi-CHR, ungakwenza oku, kodwa isango aliyi kuba liQhagamshelwe ngokuthe ngqo kwaye ke ngoko aliyi kufikeleleka. .
Sinokuphuma kule meko ngokusebenzisa inethiwekhi 32 kwidilesi nganye kwaye sichaze idilesi esiyifunayo, enokuthi ibe nantoni na, njengegama lomnatha. Ijika ibe yi-analogue yoqhagamshelo lwe-point-to-point.
Kule meko, isango liya kufumaneka, kwaye yonke into iya kusebenza njengoko sifuna.
Gcina ukhumbula ukuba kuqwalaselo olunjalo akukhuthazwa ukuba kusetyenziswe umthetho wokwenza imaski we-SRC-NAT, kuba idilesi yemveliso iya kwahluka ngokungenasiphelo, kwaye ichaneke ngakumbi ukukhankanya isenzo: src-NAT kunye nedilesi ethile oya kuyo. khulula umxhasi.
- Kwaye ekugqibeleni.
Ukuthintela ukufikelela kwiProxmox ngokwayo kwi-Intanethi, sebenzisa izixhobo ezakhelwe ngaphakathi: kukho i-firewall ebalaseleyo.
Akufanele usebenzise i-firewall enikezelwa yi-hetzner, ukuze ungabhideki malunga nendawo yezicwangciso. U-Hetzner uya kusebenza kwakhona kuwo onke amanethiwekhi, kubandakanywa nalawo asekwe kwi-CHR, kunye nokuvula kunye nokuthumela amachweba, kuya kufuneka kwakhona ukuwavula kwi-interface yewebhu yomnikezeli.
umthombo: www.habr.com