Wani abu mai mahimmanci lokacin sarrafa sabobin yana tura zirga-zirga.
A ce muna da sabar tare da wasu ayyuka da ke gudana, amma saboda kowane irin dalili ne muka canza ɗayan waɗannan ayyukan (Ban sani ba, misali pop3 wanda shine tashar jiragen ruwa 110) zuwa wani sabar. Abu na al'ada kuma mafi yawan lokuta zai zama kawai canza IP a cikin rikodin DNS, duk da haka idan wani yana amfani da IP maimakon ofarfin yankin da abin zai shafa.
Menene abin yi? ... mai sauƙi, sake tura zirga-zirgar da sabar ta karɓa ta wannan tashar zuwa wani sabar tare da tashar guda.
Ta yaya za mu fara tura turawa?
Abu na farko shine cewa lallai ne mun kunna aikawa akan sabar, saboda wannan zamu sanya waɗannan masu zuwa:
echo "1" > /proc/sys/net/ipv4/ip_forward
Hakanan zaka iya amfani da wannan umarnin, idan wanda ya gabata baya muku aiki (ya faru da ni kamar wannan a kan CentOS):
sysctl net.ipv4.ip_forward=1
Sannan zamu sake farawa cibiyar sadarwa:
service networking restart
A cikin RPM hargitsi kamar CentOS da sauransu, zai zama:
service nertwork restart
Yanzu za mu ci gaba zuwa muhimmin abu, gaya wa sabar ta hanyar iptables abin da za a turawa:
iptables -t nat -A PREROUTING -p tcp --dport <puerto receptor> -j DNAT --to-destination <ip final>:<puerto de ip final>
Wato, da kuma bin misalin da na ambata, a ce muna son tura duk hanyoyin da sabar mu ke karba ta tashar 110 zuwa wani sabar (tsohon: 10.10.0.2), wanda har yanzu zai sami wannan hanyar ta hanyar 110 (iri daya ne):
iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 10.10.0.2:110
Sabis na 10.10.0.2 zai ga cewa duk fakiti ko buƙatun sun fito ne daga IP na abokin ciniki, idan suna son yin iyo a cikin buƙatun, wato, sabar ta 2 ta ga cewa buƙatun sun zo tare da IP na uwar garken na 1 (kuma a cikin wanda muke amfani da shi redirection), zai sanya wannan layin na biyu:
iptables -t nat -A POSTROUTING -j MASQUERADE
Wasu tambayoyi da amsoshi
A cikin misali na yi amfani da tashar jirgin ruwa iri ɗaya a duka lokutan (110), duk da haka suna iya tura zirga-zirga daga tashar zuwa wani ba tare da matsala ba. Misali, a ce ina so in karkatar da zirga-zirga daga tashar jiragen ruwa ta 80 zuwa 443 a kan wani sabar, saboda wannan zai zama:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.10.0.2:443
Wannan shi ne iptables, suna iya amfani da duk sauran sigogin da muka sani, misali, idan kawai muna so mu tura zirga-zirga daga takamaiman IP, zai zama yana ƙara -s … Misali Zan sake tura hanyar zirga-zirgar data zo daga 10.10.0.51:
iptables -t nat -A PREROUTING -p tcp -s 10.10.0.51 --dport 80 -j DNAT --to-destination 10.10.0.2:443
Ko kuma duk hanyar sadarwa (/ 24):
iptables -t nat -A PREROUTING -p tcp -s 10.10.0.0/24 --dport 80 -j DNAT --to-destination 10.10.0.2:443
Hakanan zamu iya tantance aikin haɗin cibiyar sadarwa tare da -i :
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.10.0.2:443
Karshe!
Wannan kamar yadda na fada tuni, abubuwa ne masu kyau, zaka iya amfani da abin da aka riga aka sani don sabar tayi daidai yadda kake so tayi it
Na gode!
Hakanan zamu iya yin wannan daga Tacewar bango wanda ke ba da izinin tura tashar jiragen ruwa, dama? (aiwatar da dokokin da suka dace).
Ee tabbas, a karshen katangar bango kamar Pfsense ko wasu, yi amfani da kayan kwalliya daga baya.
Don zama daidai, pfsense baya amfani da abubuwa masu mahimmanci amma pf, ka tuna cewa bsd ne a ciki.
Oh daidai, na sharri!
Na gode sosai da nasihar 🙂
Ina da shakku kamar haka:
1 - Canji na dindindin ne? ko ya ɓace lokacin sake farawa sabar?
2 - Ina da misalai da yawa (faɗi A, B da C) a kan wannan subnet. Misali A Na yi amfani da doka don yin zirga-zirga zuwa IP na waje, da gwaji tare da curls daga yanayin B da C, komai yana yin abubuwan al'ajabi. Matsalar ita ce daga misali A baya aiki. Nayi kokarin amfani da ip dinku da maɓallin kewayawa, kuma ba aiki:
$ iptables -t nat -A GABATARWA -p tcp –darwa 8080 -j DNAT –to-makoma xxxx: 8080
$ iptables -t nat-PREROUTING -p tcp -i lo –dport 8080 -j DNAT –to-makoma xxxx: 8080
$ curl ip-yyyy: 8080 / hello_world
curl: (7) An kasa haɗawa zuwa tashar ip-yyyy 8080: Haɗin ya ƙi
$ curl localhost: 8080 / hello_world
curl: (7) Ba a yi nasarar haɗi zuwa tashar jirgin ruwa na localhost 8080 ba: Haɗin ya ƙi
Duk wani ra'ayin menene matsalar na iya zama?
Haka ne, canjin ya ɓace akan sake yi, dole ne ku yi amfani da iptables-save & iptables-restore ko wani abu makamancin haka don kaucewa hakan.
Ban fahimci abin da kuke son yi ba, misali A?
Ina da sabar da kawai ke goyan bayan haduwa daga wani ip (uwar garken A's), ba zan iya ko so in kara wasu ips a cikin wanda ake kara ba (don matsalolin daidaitawa), don haka ina son duk zirga-zirga zuwa sabar waje ta wuce ya ce uwar garke (A).
A matsayina na aiki, Ina da daidaitawa na duniya waɗanda ke ayyana wane IP ɗin da zan yi amfani da shi don kowane sabis, don haka a wannan yanayin abu ne kamar "duk wanda yake son yin amfani da sabis na waje, dole ne ya yi amfani da IP A"
Na sami nasarar cimma wannan ta amfani da hanyar a cikin wannan labarin, amma na shiga cikin matsalar cewa yayin amfani da shi, uwar garken A ba zai iya samun damar sabis ɗin ta amfani da nasa ip ba (amma duk sauran sabobin suna yi).
Ya zuwa yanzu mafi kyawun abin da na samo shine ƙara taswira a cikin fayil ɗin A's / etc / runduna, tare da nuna ip ɗin waje, ƙetare tsarin duniya.
Yayi kyau sosai, idan ina da wata sabar wasiku, zan iya tura safarar daga tashar ta 143 daga server1 zuwa server2 kuma imel din zai isa ga server2, dama?
gaisuwa
A ka'idar ee, yana aiki kamar haka. Tabbas, dole ne a shigar da sabar imel da kyau akan server2 🙂
Irin abubuwan da muke son karantawa, na gode!
Kyakkyawan labari, Ina da aikin da nake aiki kuma ina so in yi tambaya, akwai masu sauya masana'antu tare da aikin NAT (Ina tsammanin suna amfani da IPTables a ƙasa), don fassara adireshin IP ba tare da yin canje-canje ga kayan aikin ba, misali, Ina da Server 10.10.2.1 wanda ke sadarwa tare da 10.10.2.X kwakwalwa kuma ta hanyar canzawa an tsara ta yadda za'a iya ganin kwamfutar da ke da adireshi 192.168.2.4 daga uwar garken a matsayin 10.10.2.5, ta fassara wannan adireshin IP ɗin da za a gani Daga sauran kwamfyutocin da ke wannan adireshin, Ina so in yi daga sabar tare da Ubuntu ko wani rarraba, menene dokokin ƙaura?
Kyakkyawan bayani na gode ^ _ ^
Kyakkyawan yamma.
Ina da matsala game da yunƙurin yin turawa Na bayyana:
Ina da sabar wakili a Ubuntu, tare da katunan cibiyar sadarwa 2:
eth0 = 192.168.1.1 an haɗa shi da sauran hanyoyin sadarwa na gida.
eth1 = 192.168.2.2 an haɗa shi da na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
Ina bukatan duk abin da yazo ta hanyar eth0 don tafiya ta hanyar eth1, kuma ta hanyar wakili (Ina amfani da Squid, wanda tashar sa ta 3128 ce), kuma ba zan iya samun maɓallin a cikin tsarin IPTABLES ba.
Ba na buƙatar ƙuntatawa kowane iri, kawai cewa rikodin ya rage a cikin log ɗin adiresoshin yanar gizon da aka ziyarta.
Ina fatan za ku iya taimaka min saboda aiki ne mai wahala wanda ke damuna kwanaki ƙalilan.
Gode.
Aboki, ni sabo ne ga sauran sabobin, ban sani ba amma na fahimci batun kuma na koya da sauri, tambayata ita ce mai biyowa Ina da sabobin 2 serv_1 da serv_2 wanda na haɗa su da intanet ɗin, a cikin waɗannan sabobin ina da sauti na kaina Ina so in yi haka:
cewa wasu kewayon ips misali rangeip_1 yayin sanya ip damar zuwa ga muryar (ipowncloud) ana nufata ne zuwa ga serv_1 kuma idan wani yanki ne sai a sanya ipowncloud iri daya zuwa serv_2, wannan domin a samu sabobin 2 a cikin birane daban-daban guda biyu kuma yanayin IP ya bambanta amma duk suna kan hanyar sadarwa guda ɗaya, wannan zai zama sashi na farko, na biyu zai bayyana shine daidaitawa waɗannan sabobin 2 don su zama madubai ko kuma suna bani shawara wannan don inganta faɗin band, don Allah, idan za ku bayyana mani yadda za a yi shi mataki-mataki ba super programmer mode = (
Barka dai, yi min uzuri, ina da mai sauya layin sadarwa na duk na'urorin da suka hada hanyar sadarwar tawa, kuma bayan wannan katangar kuma daga karshe hanyar fita ta Intanet, abin da ya faru shine ina son a ba da canjin hanyar a cikin sauyawa kuma ba lallai bane ya isa ga bango sai dai idan sabis ɗin da aka nema shine intanet.
Amfani da wannan hanyar zaka iya tura HTTPS zuwa HTTP?
Barka dai, wataƙila ya ɗan makara, amma ina so in tambaye ku, ta yaya zan sa squid ba zai canza IP na abokin ciniki ba yayin da nake son haɗi zuwa sabar yanar gizo a kan hanyar sadarwa ɗaya?
Kada ku wulakanta ni don tambaya. Shin ana iya yin hakan a cikin Windows?
Wannan bayanin ya amfane ni. Kamar koyaushe, ana iya amintar da samari, idan na kasa samun wani abu a Ingilishi yawanci ina karasawa da Sifaniyanci, a waɗancan lokutan kusan koyaushe ina zuwa wannan rukunin yanar gizon.
Ina da na'ura mai ba da hanya tsakanin hanyoyin sadarwa na 4G wanda abokin ciniki ne na hanyar sadarwar da ba na sarrafa (a zahiri, ni abokin ciniki ne)… wannan hanyar sadarwa ce ta hanyar OpenVPN. Bugu da ƙari, ya ce na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana cika aikin aikawa don samun damar tashar jiragen ruwa 80 na uwar garken ɗaya daga cikin waɗancan hanyoyin sadarwa a cikin filin.
Wannan ita ce sanarwar da na sanya a cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa a matsayin ka'idar al'ada ta Firewall "-t nat -A POSTROUTING -j MASQUERADE"
Godiya ga taimako!