Ingxenye yokuqala
Ngemuva kwekhefu elincane sibuyela kuNSX. Namuhla ngizokukhombisa ukuthi ungayimisa kanjani i-NAT ne-Firewall.
Kuthebhu Administration ngena esikhungweni sakho sedatha esibonakalayo - Izinsiza Zefu - I-Virtual Datacenters.

Khetha ithebhu Ama-Edge Gateways bese uchofoza kwesokudla ku-NSX Edge oyifunayo. Kumenyu evelayo, khetha inketho I-Edge Gateway Services. Iphaneli yokulawula ye-NSX Edge izovula kuthebhu ehlukile.

Ukusetha imithetho ye-Firewall

Ngokuzenzakalelayo entweni umthetho ozenzakalelayo wethrafikhi yokungena Inketho ye-Deny ikhethiwe, okungukuthi i-Firewall izovimba yonke ithrafikhi.

Ukwengeza umthetho omusha, chofoza +. Kuzovela okufakiwe okusha negama Umthetho omusha. Hlela izinkambu zayo ngokuya ngezidingo zakho.

Ensimini Igama nikeza umthetho igama, isibonelo i-inthanethi.

Ensimini Umthombo Faka amakheli omthombo adingekayo. Usebenzisa inkinobho ye-IP, ungasetha ikheli le-IP elilodwa, uhla lwamakheli e-IP, i-CIDR.

Ngokusebenzisa inkinobho ethi + ungacacisa ezinye izinto:

• Izixhumanisi zesango. Wonke amanethiwekhi angaphakathi (Okwangaphakathi), wonke amanethiwekhi angaphandle (Okwangaphandle) noma Noma yikuphi.
• Imishini ebonakalayo. Sibophezela imithetho emshinini othize obonakalayo.
• I-OrgVdcNetworks. Amanethiwekhi ezingeni lenhlangano.
• IP Sets. Iqembu lomsebenzisi elakhiwe ngaphambili lamakheli e-IP (elidalwe entweni yokuQeqesha).

Ensimini Indawo khombisa ikheli lomamukeli. Izinketho lapha ziyefana nalezo ezisenkambu yomthombo.
Ensimini Izikhungo ungakhetha noma ucacise mathupha imbobo okuyiwa kuyo (Imbobo Yendawo), iphrothokholi edingekayo (Iphrothokholi), kanye nembobo yomthumeli (Imbobo yomthombo). Chofoza Gcina.

Ensimini Action khetha isenzo esidingekayo: vumela noma nqabela ithrafikhi efana nalo mthetho.

Sebenzisa ukucushwa okufakiwe ngokukhetha Londoloza izinguquko.

Izibonelo zokubusa

Umthetho 1 we-Firewall (I-inthanethi) ivumela ukufinyelela ku-inthanethi nganoma iyiphi iphrothokholi kuseva ene-IP 192.168.1.10.

Umthetho 2 we-Firewall (Web-server) ivumela ukufinyelela ku-inthanethi nge-(TCP protocol, port 80) ngekheli lakho langaphandle. Kulokhu - 185.148.83.16:80.

Ukusethwa kwe-NAT

I-NAT (Ukuhumusha Ikheli Lenethiwekhi) - ukuhunyushwa kwamakheli e-IP ayimfihlo (ampunga) kuya kwangaphandle (amhlophe), futhi ngokuphambene nalokho. Ngale nqubo, umshini obonakalayo uthola ukufinyelela ku-inthanethi. Ukuze ulungiselele lo mshini, udinga ukumisa imithetho ye-SNAT ne-DNAT.
Okubalulekile! I-NAT isebenza kuphela lapho i-Firewall inikwe amandla futhi nemithetho efanele yokuvumela imisiwe.

Dala umthetho we-SNAT. I-SNAT (Ukuhunyushwa Kwekheli Lenethiwekhi Yomthombo) iwumshini umnyombo wayo okuwukushintsha ikheli lomthombo lapho kuthunyelwa iphakethe.

Okokuqala sidinga ukuthola ikheli le-IP langaphandle noma ububanzi bamakheli e-IP atholakalayo kithi. Ukuze wenze lokhu, yiya esigabeni Administration bese uchofoza kabili kusikhungo sedatha esibonakalayo. Kumenyu yezilungiselelo evelayo, yiya kuthebhu I-Edge Gateways. Khetha i-NSX Edge oyifunayo bese uchofoza kwesokudla kuyo. Khetha inketho Izakhiwo.

Efasiteleni elivelayo, kuthebhu Sub-Yabela IP Pools ungabuka ikheli le-IP langaphandle noma ububanzi bamakheli e-IP. Kubhale phansi noma ukukhumbule.

Okulandelayo, chofoza kwesokudla ku-NSX Edge. Kumenyu evelayo, khetha inketho I-Edge Gateway Services. Futhi sibuyele kuphaneli yokulawula ye-NSX Edge.

Efasiteleni elivelayo, vula ithebhu ye-NAT bese uchofoza Engeza i-SNAT.

Ewindini elisha sibonisa:

• ku-Applied on field - inethiwekhi yangaphandle (hhayi inethiwekhi yezinga lenhlangano!);
• Umthombo Wangempela we-IP/ububanzi – ububanzi bekheli langaphakathi, isibonelo, 192.168.1.0/24;
• Umthombo Ohunyushiwe I-IP/ububanzi – ikheli langaphandle okuzofinyelelwa ngalo i-inthanethi futhi olibhekile kuthebhu ethi I-Sub-Allocate IP Pools.

Chofoza Gcina.

Dala umthetho we-DNAT. I-DNAT iwumshini oshintsha ikheli lendawo okuyiwa kuyo lephakethe kanye nembobo okuyiwa kuyo. Isetshenziselwa ukuqondisa kabusha amaphakethe angenayo ukusuka ekhelini/imbobo yangaphandle ukuya ekhelini/imbobo yangasese ngaphakathi kwenethiwekhi yangasese.

Khetha ithebhu ye-NAT bese uchofoza Engeza i-DNAT.

Ewindini elivelayo, cacisa:

— ku-Applied on field - inethiwekhi yangaphandle (hhayi inethiwekhi yezinga lenhlangano!);
- I-IP/ububanzi bangempela - ikheli langaphandle (ikheli elivela kuthebhu ye-Sub-Allocate IP Pools);
- Iphrothokholi - iphrothokholi;
- Imbobo yoqobo - ichweba lekheli langaphandle;
- I-IP/ububanzi obuhunyushiwe - ikheli le-IP langaphakathi, isibonelo, 192.168.1.10
- Ichweba Elihunyushiwe - ichweba lekheli langaphakathi okuzohunyushelwa kulo ichweba lekheli langaphandle.

Chofoza Gcina.

Sebenzisa ukucushwa okufakiwe ngokukhetha Londoloza izinguquko.

Kwenziwe.

Okulandelayo emgqeni kunemiyalelo ku-DHCP, ehlanganisa ukusetha i-DHCP Bindings kanye ne-Relay.

Source: www.habr.com