I-ProHoster > Блог > Ukuphatha > Isetha i-BGP ukuthi idlule ukuvimbela, noma "Indlela engayeka ngayo ukwesaba futhi ngathandana no-RKN"

Isetha i-BGP ukuthi idlule ukuvimbela, noma "Indlela engayeka ngayo ukwesaba futhi ngathandana no-RKN"

Hhayi-ke, kulungile, mayelana nokuthi "uthandiwe" kuyihaba. Kunalokho, “wakwazi ukuhlalisana naye.”

Njengoba nonke nazi, kusukela ngo-Ephreli 16, 2018, i-Roskomnadzor ibilokhu ivimbela ukufinyelela kwezinsiza eziku-inthanethi ngezindlela ezibanzi kakhulu, yengeza “kuRejista Ehlanganisiwe yamagama wesizinda, izinkomba zamakhasi zamasayithi aku-inthanethi namakheli enethiwekhi avumela ukuhlonza amasayithi. ku-inthanethi,” equkethe imininingwane okungavunyelwe ukusatshalaliswa kwayo eRussian Federation” (embhalweni - nje irejista) ngo/10 kwesinye isikhathi. Ngenxa yalokho, izakhamizi zaseRussian Federation kanye namabhizinisi ziyahlupheka, njengoba zilahlekelwe ukufinyelela ezinsizeni ezisemthethweni ezizidingayo.

Ngemva kokuba ngishilo ekuphawuleni kwesinye sezihloko ezikhuluma ngoHabré ukuthi ngangikulungele ukusiza izisulu ngokusungula uhlelo lokudlula, abantu abaningana beza kimi becela usizo olunjalo. Lapho konke kubasebenzela, omunye wabo wancoma ukuthi kuchazwe inqubo esihlokweni. Ngemva kokucabanga okuthile, nganquma ukuphula ukuthula kwami ​​​​kusayithi futhi ngizame kanye kanye ukubhala okuthile okuphakathi phakathi kwephrojekthi nokuthunyelwe kwe-Facebook, i.e. habrapost. Umphumela uphambi kwakho.

Disclaimer

Njengoba kungekho emthethweni kakhulu ukushicilela izindlela zokudlula ukuvimba ukufinyelela olwazini olungavunyelwe endaweni yeRussian Federation, inhloso yalesi sihloko kuzoba ukukhuluma ngendlela ekuvumela ukuthi uzenzele ngokuzenzakalelayo ukufinyelela kwezinsiza ezivunyelwe indawo ye-Russian Federation, kodwa ngenxa yezenzo zomunye umuntu azifinyeleleki ngokuqondile ngomhlinzeki wakho. Futhi ukufinyelela kwezinye izinsiza ezitholwe ngenxa yezenzo ezivela ku-athikili kuwumphumela ongemuhle futhi akuyona neze injongo ye-athikili.

Futhi, njengoba ngokuyinhloko ngingumklami wenethiwekhi ngomsebenzi, ubizo nendlela yokuphila, ukuhlela kanye neLinux akuwona amaphuzu ami aqinile. Ngakho-ke, yiqiniso, imibhalo ingabhalwa kangcono, izinkinga zokuphepha ku-VPS zingasetshenzwa ngokujulile, njll. Iziphakamiso zakho zizokwamukelwa ngokubonga, uma zinemininingwane eyanele - ngizokujabulela ukuzifaka embhalweni wesihloko.

TL; DR

Senza ukufinyelela kuzisetshenziswa ngokuzenzakalelayo ngomhubhe wakho okhona sisebenzisa ikhophi yokubhalisa kanye nephrothokholi ye-BGP. Umgomo uwukukhipha yonke ithrafikhi eqondiswe ezinsizeni ezivinjiwe emhubheni. Izincazelo ezincane, ikakhulukazi imiyalelo yesinyathelo nesinyathelo.

Yini oyidingayo kulokhu?

Ngeshwa, lokhu okuthunyelwe akukona okwawo wonke umuntu. Ukuze usebenzise le nqubo, uzodinga ukuhlanganisa izici eziningana:

  1. Kufanele ube neseva ye-linux kwenye indawo ngaphandle kwenkundla yokuvimbela. Noma okungenani isifiso sokuba neseva enjalo - ngenhlanhla manje ibiza kusuka ku-$ 9 / ngonyaka, futhi mhlawumbe ngaphansi. Indlela ibuye ifanele uma unomhubhe we-VPN ohlukile, khona-ke iseva ingatholakala ngaphakathi kwenkundla yokuvimba.
  2. Irutha yakho kufanele ihlakaniphe ngokwanele ukuze ukwazi
    • noma yiliphi iklayenti le-VPN olithandayo (ngikhetha i-OpenVPN, kodwa ingaba i-PPTP, i-L2TP, i-GRE+IPSec nanoma iyiphi enye inketho eyakha isixhumi esibonakalayo somhubhe);
    • Iphrothokholi ye-BGPv4. Okusho ukuthi ku-SOHO kungaba yi-Mikrotik noma yimuphi umzila one-OpenWRT/LEDE/i-firmware yangokwezifiso efanayo ekuvumela ukuthi ufake i-Quagga noma Inyoni. Ukusebenzisa irutha ye-PC nakho akunqatshelwe. Esimeni sebhizinisi, bheka ukwesekwa kwe-BGP emibhalweni yerutha yakho yasemngceleni.
  3. Kufanele ube nokuqonda kokusetshenziswa kwe-Linux nobuchwepheshe benethiwekhi, okuhlanganisa nephrothokholi ye-BGP. Noma okungenani ufuna ukuthola umbono onjalo. Njengoba ngingakakulungeli ukwamukela ubukhulu ngalesi sikhathi, kuzomele ufunde izici ezithile ongaziqondi uwedwa. Kodwa-ke, ngizophendula imibuzo ethile kumazwana futhi anginakwenzeka ukuthi kube ngedwa ophendulayo, ngakho ungangabazi ukubuza.

Yini esetshenziswa esibonelweni

  • Ikhophi yerejista - kusuka https://github.com/zapret-info/z-i 
  • VPS - Ubuntu 16.04
  • Isevisi yomzila - inyoni 1.6.3   
  • Irutha - I-Mikrotik hAP ac
  • Amafolda asebenzayo - njengoba sisebenza njengempande, yonke into izotholakala kufolda yasekhaya yempande. Ngokulandelana:
    • /impande/uhlu olumnyama - ifolda esebenzayo enombhalo wokuhlanganisa
    • /root/zi - ikhophi yokubhalisa kusuka ku-github
    • /etc/bird - ifolda ejwayelekile yezilungiselelo zesevisi yezinyoni
  • Ikheli le-IP langaphandle le-VPS elineseva yomzila kanye nendawo yokuqeda umhubhe ngu-194.165.22.146, ASN 64998; Ikheli le-IP langaphandle lomzila - 81.177.103.94, ASN 64999
  • Amakheli e-IP angaphakathi emhubheni athi 172.30.1.1 kanye no-172.30.1.2, ngokulandelanayo.

Isetha i-BGP ukuthi idlule ukuvimbela, noma "Indlela engayeka ngayo ukwesaba futhi ngathandana no-RKN"

Yiqiniso, ungasebenzisa noma yimaphi amanye ama-routers, amasistimu wokusebenza nemikhiqizo yesofthiwe, ukulungisa isisombululo ku-logic yabo.

Kafushane - logic of ikhambi

  1. Imisebenzi Yokulungiselela
    1. Ukuthola i-VPS
    2. Ukuphakamisa umhubhe kusuka ku-router kuya ku-VPS
  2. Sithola futhi sibuyekeza njalo ikhophi yokubhalisa
  3. Ukufaka nokumisa isevisi yomzila
  4. Sakha uhlu lwemizila emile yesevisi yomzila ngokusekelwe ekubhaliseni
  5. Sixhuma i-router kusevisi futhi silungiselele ukuthumela yonke ithrafikhi ngomhubhe.

Isixazululo sangempela

Imisebenzi Yokulungiselela

Kunezinsizakalo eziningi ku-inthanethi ezihlinzeka nge-VPS ngamanani anengqondo kakhulu. Kuze kube manje ngithole futhi ngisebenzisa inketho ye-$ 9 / ngonyaka, kodwa ngisho noma ungakhathazeki kakhulu, kunezinketho eziningi ze-1E / inyanga kuwo wonke amagumbi. Umbuzo wokukhetha i-VPS ulele ngaphezu kobubanzi balesi sihloko, ngakho-ke uma othile engakuqondi okuthile ngalokhu, buza kumazwana.

Uma usebenzisa i-VPS hhayi kuphela ngenkonzo yomzila, kodwa futhi ukunqamula umhubhe kuwo, udinga ukuphakamisa lo mhubhe futhi, cishe ngokuqinisekile, ulungiselele i-NAT kuwo. Kunenombolo enkulu yemiyalo kulezi zenzo ku-inthanethi, ngeke ngiyiphinde lapha. Imfuneko eyinhloko yomhubhe onjalo ukuthi kufanele udale isixhumi esibonakalayo esihlukile kumzila wakho osekela umhubhe obheke ku-VPS. Ubuchwepheshe obusetshenziswa kakhulu be-VPN buhlangabezana nale mfuneko - isibonelo, i-OpenVPN kumodi ye-tun iphelele.

Ukuthola ikhophi yokubhalisa

Njengoba uJabrail asho, “Lowo osivimbelayo uzosisiza.” Njengoba i-RKN idala irejista yezinsiza ezingavunyelwe, kungaba isono ukungasebenzisi le rejista ukuxazulula inkinga yethu. Sizothola ikhophi yokubhalisa kusuka ku-github.

Siya kuseva yakho ye-Linux, siwela kumsuka womsuka (sudo su -) bese ufaka i-git uma ingakafakwa.

apt install git

Iya kumkhombandlela wasekhaya bese ukhipha ikhophi yokubhalisa.

cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i 

Setha isibuyekezo se-cron (ngikwenza kanye njalo emizuzwini engama-20, kodwa ungakhetha noma yisiphi isikhawu osithandayo). Ukuze senze lokhu siqala i-crontab-e bese wengeza umugqa olandelayo kuyo:

*/20 * * * * cd ~/z-i && git pull && git gc

Sixhuma ihhuku ezodala amafayela esevisi yomzila ngemva kokubuyekeza ukubhalisa. Ukuze wenze lokhu, dala ifayela /root/zi/.git/hooks/post-merge nokuqukethwe okulandelayo:

#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
    echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"

futhi ungakhohlwa ukulenza lisebenziseke

chmod +x /root/z-i/.git/hooks/post-merge

Sizodala iskripthi se-makebgp ihuku elibhekisela kuyo ngokuhamba kwesikhathi.

Ukufaka nokumisa isevisi yomzila

Faka inyoni. Ngeshwa, inguqulo yenyoni efakwe njengamanje kumakhosombe e-Ubuntu iqhathaniswa nobusha nendle ye-Archeopteryx, ngakho-ke sidinga ukungeza kuqala i-PPA esemthethweni yonjiniyela besoftware ohlelweni.

add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install bird

Ngemva kwalokhu, ngokushesha sikhubaza inyoni ku-IPv6 - ngeke siyidinge kulokhu kufakwa.

systemctl stop bird6
systemctl disable bird6

Ngezansi ifayela lokumisa lesevisi yezinyoni elincane (/etc/bird/bird.conf), okwanele kithi (futhi ngiyaphinda ngikukhumbuze ukuthi akekho owenqabela ukuthuthukisa nokulungisa umbono ukuze uvumelane nezidingo zakho)

log syslog all;
router id 172.30.1.1;

protocol kernel {
        scan time 60;
        import none;
#       export all;   # Actually insert routes into the kernel routing table
}

protocol device {
        scan time 60;
}

protocol direct {
        interface "venet*", "tun*"; # Restrict network interfaces it works with
}

protocol static static_bgp {
        import all;
        include "pfxlist.txt";
        #include "iplist.txt";
}

protocol bgp OurRouter {
        description "Our Router";
        neighbor 81.177.103.94 as 64999;
        import none;
        export where proto = "static_bgp";
        local as 64998;
        passive off;
        multihop;
}

i-router id - isihlonzi somzila, esibukeka njengekheli le-IPv4, kodwa akulona elilodwa. Esimweni sethu, kungaba noma iyiphi inombolo engu-32-bit kufomethi yekheli le-IPv4, kodwa kuyifomu elihle ukukhombisa ngokuqondile ikheli le-IPv4 ledivayisi yakho (kulokhu, i-VPS).

i-protocol direct ichaza ukuthi yiziphi izixhumi ezibonakalayo ezizosebenza nenqubo yomzila. Isibonelo sinikeza izibonelo ezimbalwa zamagama, ungangeza amanye. Ungakwazi ukumane ususe umugqa; kulokhu, iseva izolalela zonke izixhumanisi ezitholakalayo ngekheli le-IPv4.

i-protocol static ingumlingo wethu olayisha uhlu lweziqalo namakheli e-IP (empeleni okuyiziqalo ezingu-/32, kunjalo) ukusuka kumafayela ukuze kumenyezelwe okulandelayo. Ukuthi lolu hlu luvelaphi kuzoxoxwa ngakho ngezansi. Sicela uqaphele ukuthi ukulayisha amakheli e-IP kubekwa amazwana ngokuzenzakalelayo, isizathu salokhu umthamo omkhulu wokulayisha. Ukuze uqhathanise, ngesikhathi sokubhala, kukhona imigqa engu-78 ohlwini lweziqalo, kanye no-85898 ohlwini lwamakheli e-IP. Ngincoma kakhulu ukuqala nokulungisa iphutha kuphela ohlwini lweziqalo, kanye nokuthi ukunika amandla ukulayisha kwe-IP noma cha. ikusasa likuwe ukuthi unqume ngemuva kokuhlola umzila wakho. Akuwona wonke wawo ongagaya kalula okufakiwe okuyizinkulungwane ezingama-85 kuthebula lomzila.

I-protocol bgp, empeleni, imisa ukubuka kwe-bgp ngerutha yakho. Ikheli le-IP yikheli le-interface yangaphandle yomzila (noma ikheli le-interface yomhubhe ohlangothini lwe-router), 64998 kanye ne-64999 izinombolo zezinhlelo ezizimele. Kulokhu, zinganikezwa ngesimo sanoma yiziphi izinombolo ze-16-bit, kodwa kuwumkhuba omuhle ukusebenzisa izinombolo ze-AS ezivela ebangeni eliyimfihlo elichazwe yi-RFC6996 - 64512-65534 ehlanganisiwe (kukhona ifomethi yama-32-bit ASNs, kodwa ngokwethu lokhu kungaphezu kwamandla). Ukucushwa okuchaziwe kusebenzisa ukubuka kwe-eBGP, lapho izinombolo zezinhlelo ezizimele zesevisi yomzila kanye nomzila kufanele zihluke.

Njengoba ubona, isevisi idinga ukwazi ikheli le-IP lomzila, ngakho-ke uma unekheli langasese eliguquguqukayo noma elingathutheki (RFC1918) noma okwabelwana ngalo (RFC6598), awunayo inketho yokuphakamisa ukubuka ngaphandle. interface, kodwa isevisi isazosebenza ngaphakathi emhubheni.

Kuyacaca futhi ukuthi usuka kusevisi eyodwa ungahlinzeka ngemizila eya kuma-router amaningana ahlukene - vele uwaphindiselele izilungiselelo ngokukopisha isigaba se-protocol bgp nokushintsha ikheli le-IP lomakhelwane. Kungakho isibonelo sibonisa izilungiselelo zokulunguza ngaphandle komhubhe, njengowomhlaba wonke. Kulula ukuwakhipha emhubheni ngokushintsha amakheli e-IP kuzilungiselelo ngokufanele.

Icubungula ukubhaliswa kwesevisi yomzila

Manje sidinga, empeleni, ukwakha uhlu lweziqalo namakheli e-IP, okushiwo ku-protocol static esigabeni sangaphambilini. Ukuze senze lokhu, sithatha ifayela lokubhalisa bese senza amafayela esiwadingayo kuwo sisebenzisa iskripthi esilandelayo, afakwe kuwo /root/blacklist/makebgp

#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' |  tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'

Ungakhohlwa ukulenza lisebenziseke

chmod +x /root/blacklist/makebgp

Manje usungayiqhuba ngesandla futhi ubheke ukubukeka kwamafayela ku-/etc/bird.

Cishe, inyoni ayikusebenzeli okwamanje, ngoba esigabeni esedlule uyicelile ukuthi ibheke amafayela abengekho. Ngakho-ke, siyethula futhi sihlole ukuthi isiqalile:

systemctl start bird
birdc show route

Ukukhishwa komyalo wesibili kufanele kubonise amarekhodi angaba ngu-80 (lokhu okwamanje, kodwa uma ukusetha, konke kuzoxhomeka ekushisekeleni kwe-RKN ekuvimbeni amanethiwekhi) into enjengale:

54.160.0.0/12      unreachable [static_bgp 2018-04-19] * (200)

Ithimba

birdc show protocol

izobonisa isimo samaphrothokholi ngaphakathi kwesevisi. Kuze kube yilapho usulungise umzila (bona iphuzu elilandelayo), iphrothokholi ye-OurRouter izoba sesimweni sokuqala (Isigaba sokuxhuma noma esisebenzayo), futhi ngemva kokuxhumeka okuphumelelayo izoya ku-up state (Isigaba esimisiwe). Isibonelo, ohlelweni lwami ukuphuma kwalo myalo kubukeka kanje:

BIRD 1.6.3 ready.
name     proto    table    state  since       info
kernel1  Kernel   master   up     2018-04-19
device1  Device   master   up     2018-04-19
static_bgp Static   master   up     2018-04-19
direct1  Direct   master   up     2018-04-19
RXXXXXx1 BGP      master   up     13:10:22    Established
RXXXXXx2 BGP      master   up     2018-04-24  Established
RXXXXXx3 BGP      master   start  2018-04-22  Connect       Socket: Connection timed out
RXXXXXx4 BGP      master   up     2018-04-24  Established
RXXXXXx5 BGP      master   start  2018-04-24  Passive

Ixhuma irutha

Wonke umuntu cishe ukhathele ukufunda le ndwangu yezinyawo, kodwa yima isibindi - ukuphela kuseduze. Ngaphezu kwalokho, kulesi sigaba ngeke ngikwazi ukunikeza imiyalelo yesinyathelo ngesinyathelo - izohluka kumkhiqizi ngamunye.

Nokho, ngingakubonisa izibonelo ezimbalwa. Umqondo oyinhloko uwukuphakamisa ukubuka kwe-BGP bese unikeza i-nexthop kuzo zonke iziqalo ezitholiwe, sikhomba emhubheni wethu (uma sidinga ukuthumela ithrafikhi ngesixhumi esibonakalayo se-p2p) noma ikheli le-IP le-nexthop uma ithrafikhi izoya ku-ethernet).

Isibonelo, ku-Mikrotik ku-RouterOS lokhu kuxazululwa kanje

/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1

nakuCisco IOS - kanje

router bgp 64999
  neighbor 194.165.22.146 remote-as 64998
  neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
  neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
  set ip next-hop 172.30.1.1

Uma umhubhe ofanayo usetshenziswa kukho kokubili ukubuka kwe-BGP kanye nokudlulisa ithrafikhi ewusizo, akudingekile ukusetha i-nexhop; izosethwa kahle kusetshenziswa umthetho olandelwayo. Kodwa uma ukusetha ngesandla, ngeke kukwenze kube kubi nakakhulu.

Kwamanye amapulatifomu, kuzodingeka uzitholele ukucushwa ngokwakho, kodwa uma unobunzima, bhala kumazwana, ngizozama ukusiza.

Ngemva kokuba iseshini yakho ye-BGP isiqalile, imizila eya kumanethiwekhi amakhulu isifikile futhi ifakwe etafuleni, ithrafikhi igeleze iye kumakheli avela kubo futhi injabulo iseduze, ungabuyela enkonzweni yezinyoni bese uzama ukukhulula ukungena lapho okuxhumanisa uhlu lwamakheli e-IP, khipha ngemva kwalokho

systemctl reload bird

futhi ubone ukuthi irutha yakho iyidlulise kanjani le mizila eyizinkulungwane ezingama-85. Zilungiselele ukunqamula futhi ucabange ukuthi wenzeni ngakho :)

Inani

Ngokusobala, ngemva kokuqeda izinyathelo ezichazwe ngenhla, manje usunesevisi eqondisa kabusha ngokuzenzakalelayo ithrafikhi kumakheli e-IP avinjelwe e-Russian Federation ngaphambi kwesistimu yokuhlunga.

Yiqiniso, ingathuthukiswa. Isibonelo, kulula kakhulu ukufingqa uhlu lwamakheli e-IP usebenzisa izixazululo ze-perl noma ze-python. Umbhalo olula we-Perl wenza lokhu usebenzisa i-Net::CIDR::Lite iguqula iziqalo eziyizinkulungwane ezingu-85 zibe ngu-60 (hhayi inkulungwane), kodwa, kunjalo, ihlanganisa ububanzi obukhulu kakhulu bamakheli kunalawo avinjiwe.

Njengoba isevisi isebenza ezingeni lesithathu lemodeli ye-ISO/OSI, ngeke ikusindise ekuvimbeni isayithi/ikhasi uma ixazulula ikheli elingalungile njengoba lirekhodiwe kurejista. Kodwa kanye nerejista, ifayela elithi nxdomain.txt lifika lisuka ku-github, okuthi ngemivimbo embalwa yeskripthi liguquke kalula libe umthombo wamakheli, isibonelo, i-plugin ye-SwitchyOmega ku-Chrome.

Kuyadingeka futhi ukusho ukuthi isisombululo sidinga ukucolisiswa okwengeziwe uma ungeyena nje umsebenzisi we-inthanethi, kodwa futhi ushicilela ezinye izinsiza uwedwa (ngokwesibonelo, iwebhusayithi noma iseva yemeyili isebenza kulokhu kuxhumana). Usebenzisa izindlela ze-router, kuyadingeka ukubopha ngokuqinile ithrafikhi ephumayo evela kule sevisi eya ekhelini lakho lomphakathi, ngaphandle kwalokho uzolahlekelwa ukuxhumana nalezo zinsiza ezimbozwe uhlu lweziqalo ezitholwe umzila.

Uma unemibuzo, buza, ngilungele ukuphendula.

I-UPD. Ngiyabonga i-navion и TerAnYu kumapharamitha we-git avumela ukunciphisa amavolumu okulanda.

UPD2. Ozakwethu, kubukeka sengathi ngenze iphutha ngokungangezi imiyalelo yokusetha umhubhe phakathi kwe-VPS nomzila esihlokweni. Miningi imibuzo ephakanyiswa ngalokhu.
Uma kwenzeka, ngizophinda ngiqaphele ukuthi ngaphambi kokuqala lo mhlahlandlela, usuvele ulungiselele umhubhe we-VPN lapho udinga khona futhi wahlola ukusebenza kwawo (isibonelo, ngokujikisa ithrafikhi lapho ngokuzenzakalelayo noma ngokwezibalo). Uma ungakaqedi lesi sigaba okwamanje, akuwenzi umqondo omkhulu ukulandela izinyathelo eziku-athikili. Anginawo owami umbhalo kulokhu okwamanje, kodwa uma u-google “umisa iseva ye-OpenVPN” kanye negama lesistimu yokusebenza efakwe ku-VPS, kanye “nokusetha iklayenti le-OpenVPN” ngegama lomzila wakho. , cishe uzothola izindatshana ezimbalwa ezikhuluma ngale ndaba , okuhlanganisa ne-Habré.

UPD3. Okungazinikele Ngibhale ikhodi eshintsha i-dump.csv ibe ifayela eliwumphumela lenyoni elinokufinyezwa kokuzithandela kwamakheli e-IP. Ngakho-ke, isigaba "Ukucubungula ukubhaliswa kwesevisi yomzila" singashintshwa ngokubiza uhlelo lwayo. https://habr.com/post/354282/#comment_10782712

UPD4. Umsebenzi omncane wamaphutha (angiwangezanga embhalweni):
1) esikhundleni layisha kabusha inyoni ye-systemctl kunengqondo ukusebenzisa umyalo birdc lungiselela.
2) kumzila weMikrotik, esikhundleni sokushintsha i-nexhop ibe yi-IP yohlangothi lwesibili lomhubhe. /isihlungi somzila engeza isenzo=yamukela iketango=i-dynamic-in protocol=bgp comment=»Setha i-nexthop» set-in-nexthop=172.30.1.1 kunengqondo ukucacisa umzila ngokuqondile ku-interface yomhubhe, ngaphandle kwekheli /isihlungi somzila engeza isenzo=yamukela iketango=dynamic-in protocol=bgp comment=»Setha i-nexthop» set-in-nexthop-direct=<interface name>

UPD5. Isevisi entsha isivele https://antifilter.download, lapho ungathatha khona uhlu eselenziwe kakade lwamakheli e-IP. Kubuyekezwa njalo ngesigamu sehora. Ohlangothini lweklayenti, okusele nje wukufreyima amarekhodi “ngomzila... wenqaba” ohambisanayo.
Futhi kuleli phuzu, mhlawumbe, kwanele ukugwaza ugogo wakho futhi ubuyekeze isihloko.

UPD6. Inguqulo ebuyekeziwe ye-athikili yalabo abangafuni ukuyithola, kodwa abafuna ukuqalisa - lapha.

Source: www.habr.com

Engeza amazwana