Emva kwekhefu elifutshane sibuyela kwi-NSX. Namhlanje ndiza kukubonisa indlela yokumisela i-NAT kunye ne-Firewall.
Kwithebhu Administration yiya kwiziko lakho ledatha lenyani- Izixhobo zamafu - Amaziko edatha abonakalayo.
Khetha ithebhu Iisango zoMda kwaye ucofe ekunene kwi-NSX Edge oyifunayo. Kwimenyu evelayo, khetha ukhetho Iinkonzo zeSango lomda. Iphaneli yokulawula ye-NSX Edge iya kuvula kwithebhu eyahlukileyo.
Ukumisela imithetho yeFirewall
Ngokungagqibekanga kwinto umthetho ongagqibekanga wokungena kwitrafikhi Ukhetho lwe-Deny lukhethiwe, oko kukuthi i-Firewall iya kuvala yonke i-traffic.
Ukongeza umgaqo omtsha, cofa +. Ungeno olutsha luya kuvela kunye negama Umgaqo omtsha. Hlela iindawo zayo ngokweemfuno zakho.
Kwintsimi igama nika umgaqo igama, umzekelo Internet.
Kwintsimi imvelaphi Ngenisa iidilesi zemithombo efunekayo. Ukusebenzisa iqhosha le-IP, unokuseta idilesi ye-IP enye, uluhlu lweedilesi ze-IP, i-CIDR.
Usebenzisa iqhosha elithi + ungakhankanya ezinye izinto:
- Ujongano lwesango. Zonke iinethiwekhi zangaphakathi (Ngaphakathi), zonke iinethiwekhi zangaphandle (Zangaphandle) okanye Naziphi na.
- Oomatshini benyani. Sibopha imigaqo kumatshini othile wenyani.
- OrgVdcNetworks. Uthungelwano lwenqanaba lombutho.
- IP Seti. Iqela lomsebenzisi elenziwe kwangaphambili leedilesi ze-IP (ezenziwe kwinto yoQeqesho).
Kwintsimi Indawo bonisa idilesi yomamkeli. Iinketho apha ziyafana njengakwindawo yoMthombo.
Kwintsimi inkonzo ungakhetha okanye ukhankanye ngesandla izibuko lendawo (Izibuko lendawo), inkqubo elandelwayo efunekayo (iProtocol), kunye nezibuko lomthumeli (Isibuko soMthombo). Cofa Gcina.
Kwintsimi inyathelo khetha intshukumo efunekayo: vumela okanye chala itrafikhi ehambelana nalo mgaqo.
Faka uqwalaselo olungenisiweyo ngokukhetha Gcina Utshintsho.
Imizekelo yomthetho
Umthetho woku-1 weFirewall (i-Intanethi) ivumela ufikelelo kwi-Intanethi ngokusebenzisa nayiphi na iprothokholi kumncedisi nge IP 192.168.1.10.
Umthetho 2 weFirewall (Web-server) ivumela ukufikelela kwi-Intanethi nge-(TCP protocol, port 80) ngedilesi yakho yangaphandle. Kule meko - 185.148.83.16:80.
ukuseta NAT
NAT (Uguqulo lwedilesi yeNethiwekhi) - ukuguqulelwa kweedilesi ze-IP zabucala (ezimpunga) ukuya kwangaphandle (ezimhlophe), kunye nokunye. Ngale nkqubo, umatshini wenyani ufumana ukufikelela kwi-Intanethi. Ukuqwalasela le ndlela, kufuneka uqwalasele imithetho ye-SNAT kunye ne-DNAT.
Kubalulekile! I-NAT isebenza kuphela xa i-Firewall yenziwe kwaye imigaqo efanelekileyo yokuvumela iqwalaselwe.
Yenza umthetho weSNAT. I-SNAT (Uguqulo lwedilesi yeNethiwekhi yoMthombo) yindlela ondoqo ikukubuyisela idilesi yemvelaphi xa uthumela ipakethi.
Okokuqala kufuneka sifumane idilesi ye-IP yangaphandle okanye uluhlu lweedilesi ze-IP ezikhoyo kuthi. Ukwenza oku, yiya kwicandelo Administration kwaye nqakraza kabini kwiziko ledatha yenyani. Kwiseto semenyu evelayo, yiya kwithebhu Isango loMdas. Khetha i-NSX Edge oyifunayo kwaye ucofe ekunene kuyo. Khetha ukhetho Properties.
Kwifestile evelayo, kwithebhu I-Sub-Allocate IP Pools ungajonga idilesi ye IP yangaphandle okanye uluhlu lweedilesi ze IP. Yibhale phantsi okanye uyikhumbule.
Okulandelayo, cofa ekunene kwi-NSX Edge. Kwimenyu evelayo, khetha ukhetho Iinkonzo zeSango lomda. Kwaye sibuyele kwiphaneli yokulawula ye-NSX Edge.
Kwifestile evelayo, vula ithebhu ye-NAT kwaye ucofe Yongeza i-SNAT.
Kwifestile entsha sibonisa:
- kwi-Applied on field - inethiwekhi yangaphandle (hayi inethiwekhi yezinga lombutho!);
- Umthombo woqobo we-IP/uluhlu β uluhlu lweedilesi zangaphakathi, umzekelo, 192.168.1.0/24;
- Umthombo oGuquliweyo we-IP/uluhlu - idilesi yangaphandle apho i-Intanethi iya kufikelela khona kwaye ojonge kuyo kwi-Sub-Allocate IP Pools ithebhu.
Cofa Gcina.
Yenza umthetho we-DNAT. I-DNAT yindlela etshintsha idilesi yendawo ekuyiwa kuyo yepakethi kunye nezibuko. Isetyenziselwa ukuqondisa kwakhona iipakethi ezingenayo ukusuka kwidilesi yangaphandle / izibuko ukuya kwidilesi yabucala ye-IP / izibuko ngaphakathi kwenethiwekhi yabucala.
Khetha ithebhu ye-NAT kwaye ucofe Yongeza i-DNAT.
Kwifestile evelayo, khankanya:
β kwi-Applied on field - inethiwekhi yangaphandle (hayi inethiwekhi yezinga lombutho!);
- I-IP yoqobo / uluhlu - idilesi yangaphandle (idilesi evela kwi-Sub-Allocate IP Pools tab);
- Umgaqo-nkqubo;
β Izibuko loqobo β izibuko ledilesi yangaphandle;
- IP eguqulelwe / uluhlu - idilesi ye-IP yangaphakathi, umzekelo, 192.168.1.10
- Izibuko eliGuquliweyo - izibuko ledilesi yangaphakathi apho izibuko ledilesi yangaphandle iya kuguqulelwa kuyo.
Cofa Gcina.
Faka uqwalaselo olungenisiweyo ngokukhetha Gcina Utshintsho.
Yenziwe.
Okulandelayo kumgca imiyalelo kwi-DHCP, kuquka ukuseta i-DHCP Bindings kunye ne-Relay.
umthombo: www.habr.com