Kuteteza netiweki yanu ndi Iptables - Proxy - NAT - IDS: GAWO 1

@KamemeTvKenya | | Ma Network / Seva

12 Comments

Chotsatirachi chikuyesa kufotokoza pang'ono za momwe ma netiweki amagwirira ntchito komanso momwe tingasinthire zida zathu za Linux kukhala Router yomwe imatsimikizira maukonde athu, kaya kunyumba kapena bizinesi. Chifukwa chake tiyeni tichite bizinesi:

Izi ndizotengera buku la "Linux - System Administration and Network Services Operation" - Sébastien BOBILLIER

Kuyendetsa ndi kusefa

Kuti mulankhule ndikumvetsetsa zamayendedwe, titha kudziwa tanthauzo la rauta? Pachifukwa ichi titha kunena kuti rauta, kuwonjezera pakupanga netiweki ndikuloleza kulumikizana ndi zida zina (podziwa kuti titha kuchita izi ndi AP, switch, Hub kapena ena) amatha kulumikiza ma netiweki awiriwa.

rauta

Monga tikuonera pachithunzichi, pali netiweki yakomweko "10.0.1.0" yomwe imapangidwa ndi rauta, ndikufikira chimodzi mwanjira zake ziwiri. Kenako rauta pamawonekedwe ena, ili ndi netiweki ina, yomwe ili ndi IP yapagulu yomwe ingalumikizane ndi intaneti. Ntchito yoyendetsera ntchitoyo ndiyofunika kukhala mkhalapakati pakati pa ma netiweki awiriwa kuti athe kulumikizana.

Linux ngati rauta.

Mwachilengedwe, Linux Kernel ili ndi kuthekera koti "kupita patsogolo", koma mwachisawawa ndi yolumala, kotero ngati tikufuna kuti Linux yathu ichite ntchitoyi tiyenera kupita kufayiloyi.

/proc/sys/net/ipv4/ip_forward

Pamenepo tiona kuti ndi fayilo yomwe imangokhala ndi zero "0", zomwe tiyenera kuchita ndikusintha kukhala "1" imodzi kuti titsegule khalidweli. Izi mwatsoka zimachotsedwa tikayambitsanso kompyuta, kuti siyiyike itayikidwa mwachisawawa tiyenera kugwiritsa ntchito lamulo ili:

sysctl net.ipv4.ip_forward=1

Kapena sungani fayiloyo mwachindunji /etc/sysctl.conf. Kutengera magawidwe kasinthidweka kangakhalenso mu fayilo mu  /etc/sysctl.d/.

Mwachikhazikitso Linux yathu iyenera kukhala ndi tebulo loyendetsa, lomwe nthawi zambiri limakhala kasinthidwe ka network yathu ndi kulumikizana ndi rauta. Ngati tikufuna kuwona njira iyi titha kugwiritsa ntchito malamulo awiri:

route -n

o

netstat -nr

Malamulo onsewa ayenera kubwerera chimodzimodzi.

Chithunzi chojambula kuchokera ku 2014-09-30 18:23:06

Mwambiri, kukonzekera kumeneku ndikokwanira kuti Linux yanu ikhale ngati Chipata ndipo makompyuta ena amatha kuyenda pa kompyuta yathu. Tsopano, ngati tikufuna kuti Linux yathu ilumikizane ndi ma netiweki awiri kapena kupitilira apo, kaya ndi akomweko kapena ayi, titha kugwiritsa ntchito njira za static.

Tiyerekeze kuti Linux yanga ili ndi ma network awiri, yoyamba ili ndi intaneti yomwe netiweki yake ndi 172.26.0.0 ndipo yachiwiriyo (10.0.0.0) ili ndi makompyuta ena kuchokera pa netiweki ina yakomweko. Ngati tikufuna kuyendetsa mapaketi kulumikizano ina titha kugwiritsa ntchito:

route add -net 10.0.0.0 netmask 255.0.0.0 gw 172.26.0.8

Mwambiri ndi:

route add -net REDDESTINO netmask MASCARA gw IPDELLINUX

ngati tipereka njira -n mosasamala kanthu kuti netiweki iyi ilipo kapena ayi, kuyendetsa uku kudzakonzedwa patebulo lathu.

Chithunzi chojambula kuchokera ku 2014-09-30 18:31:35

Ngati tikufuna kuthetsa mayendedwe omwe titha kugwiritsa ntchito

route del -net 10.0.0.0 netmask 255.0.0.0

Zolankhula.

Kwenikweni iptables imagwiritsidwa ntchito kusefa mapaketi, otuluka, obwera kapena ena, izi zimapangitsa kukhala chida chothandizira kuwongolera kuchuluka kwama network. Chabwino, iptables, monga momwe zimatilolera kusefa magalimoto pamakompyuta omwewo, zimatithandizanso kusefa magalimoto omwe amadutsamo. (Kutumiza). Zolemba zimatha kugawidwa m'matawuni, unyolo, ndi zochita.

  • Matabwa:  kungakhale magome awiri, fyuluta, kusefa mapaketi ndi  nat kumasulira ma adilesi, ndiye kuti, kuchoka pa netiweki imodzi kupita kwina.
  • Unyolo: Unyolo umatanthauza mtundu wamagalimoto omwe tikufuna kusefa kapena kusambira, ndiye kuti, tiika magome pamsewu uti? ndipo akhoza kukhala:  MuzifunsaMagalimoto omwe akubwera, Zotsatira: kuchuluka kwa magalimoto kapena PATSOGOLO: Magalimoto omwe amadutsamo, koma si kulumikizana koyenera.
  • Zitha kuwonekeranso KULAMBIRA, yomwe imagwiritsidwa ntchito pochizira paketiyo mwanjira ina itatha.
  • Zochita: Zochita ndizochita zomwe ziyenera kuchitidwa ndi unyolo. Izi zitha kukhala WOPANDA zomwe zimangowononga magalimoto amenewo kapena Landirani. zomwe zimalola magalimoto kuchita izi.

Malamulo a IPTABLES amasungidwa ndikuchitidwa mwanjira yomwe adalengedwa, ndipo ngati lamulo lichotsa lamuloli, lamuloli limagwiritsidwa ntchito nthawi zonse.

Malamulo a Firewall.

Nthawi zambiri, zotchingira moto zimagwira ntchito m'njira ziwiri:

  1. Lolani magalimoto onse kupatula, kapena
  2. Musalole magalimoto aliwonse kupatula ...

Kuti mugwiritse ntchito mfundo, gwiritsani IPTABLES - P MITU YA NKHANI

Komwe chingwe chikuyimira mtundu wamagalimoto (INPUT, OUTPUT, FORWARD, POSTROUTING ...) ndipo chochitikacho ndi DROP OR ACCEPT.

Tiyeni tiwone chitsanzo.

Chithunzi chojambula kuchokera ku 2014-09-30 18:53:23

 

Apa tikuwona kuti poyamba ndimatha kuthana, kenako ndidauza IPTABLES kuti magalimoto onse a OUTPUT anali DROP kapena sanaloledwe. Kenako ndidauza IPTABLES kuti avomere.

Ngati tikufuna kupanga firewall kuyambira pachiyambi nthawi zonse tiyenera kugwiritsa ntchito malamulo a (Osalola magalimoto aliwonse kupatula ... Pazomwezi ndiye kuti tikugwiritsa ntchito malamulowo

iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P PAKATI PA DROP
Malamulowa akagwira ntchito, sangakhale ndi kulumikizana kwamtundu uliwonse
.

Kubwerera timalemba zomwezo ndikusintha DROP ndi ACCEPT.

Pakadali pano, popeza magalimoto onse akukanidwa, timayamba kuuza athu IPTABLES mtundu wamagalimoto omwe angakhale nawo.

Mawu omasulira ndi:

iptables -A cadena -s ip_orgigen -d ip_destino -p protocolo --dport puerto -j acción

Kumeneko:

Chingwe = Lowetsani, linanena bungwe kapena patsogolo

chiyambi_ip = Chiyambi cha mapaketi, iyi ikhoza kukhala IP imodzi kapena netiweki ndipo pamenepa tiyenera kufotokoza chigoba).

malo_ip = komwe mapaketi akupita. iyi ikhoza kukhala IP imodzi kapena netiweki ndipo pankhaniyi tiyenera kufotokoza chigoba).

protocol = ikuwonetsa protocol yomwe imagwiritsidwa ntchito ndi mapaketi (icmp, tcp, udp ...)

doko = doko lofika pamsewu.

kanthu = Dontho kapena Landirani.

Chitsanzo:

 

Chithunzi chojambula kuchokera ku 2014-09-30 19:26:41

Malamulo onse oletsedwa amagwiritsidwa ntchito.

Chithunzi chojambula kuchokera ku 2014-09-30 19:27:42

Kenako timawonjezera malamulowo kuti tikhale ndi magalimoto kudzera pa doko 80 HTTP ndi 443 HTTPS, ndi protocol ya TCP. Kenako port 53 Ikugwiritsidwa ntchito kwa kasitomala wa DNS kuti athetse madambwewo, apo ayi simungayende. Izi zimagwira ntchito ndi udp protocol.

Mzere:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Ndi chifukwa cha izi: Mukapanga pempho la HTTP mwachitsanzo, mumalumikiza ku doko 80 la seva, koma seva kuti ibwezeretse chidziwitsochi iyenera kulumikizana nanu kudzera padoko lililonse. (Nthawi zambiri kuposa 1024).

Momwe madoko athu onse amatsekedwa izi sizingachitike pokhapokha titatsegula madoko onse kuposa 1024 (Maganizo Oipa). Zomwe izi zikunena ndikuti magalimoto onse obwera kuchokera kulumikizano yomwe ndidakhazikitsa ndokha amavomerezedwa. Ndikutanthauza, kulumikizana komwe ndidayamba.

Mukayika OUTPUT m'malamulo, izi zimangogwira ntchito pazida zomwe zikufunsidwa, ngati tikugwiritsa ntchito zida zathu ngati rauta kulola kulumikizaku, tiyenera kusintha OUTPUT kupita patsogolo. Popeza magalimoto amadutsa pakompyuta koma samayambitsidwa
Malamulo onsewa amachotsedwa pambuyo poyambiranso, chifukwa chake muyenera kupanga zolembedwa kuti ziziyamba mwachisawawa. Koma tiwona izi mtsogolomo

Ndikukhulupirira kuti mudakonda izi. Potsatira ndidzakambirana za NAT, Proxy ndi zolemba za Firewal.


Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Ndemanga za 12, siyani anu

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.

  1.   Rogelio pinto anati
    amapanga zaka 9

    Umu ndiye maziko omwe amalonda ambiri amatenga kuti apange ma firewall awo, ndichifukwa chake pali zopangira ma firewall zambiri zokhala ndi zomata zolimba pamsika, zina zabwino ndi zina osati zochuluka.

    Yankhani kwa Rogelio Pinto
  2.   Heberi anati
    amapanga zaka 9

    Nkhani yabwino kwambiri. Ndikuyembekezera gawo lachiwiri.

    Yankhani kwa Heber
  3.   Milton anati
    amapanga zaka 9

    Kulongosola kwabwino kwambiri, kunandithandiza kumvetsetsa woimira ntchito yanga. Zikomo

    Yankhani Milton
  4.   faustod anati
    amapanga zaka 9

    Moni Jlcmux,

    Chabwino, ndidasangalaladi, phwando linalo lipezeka liti?

    Moni ndikuthokoza pogawana

    Yankhani ku faustod
    1.    @KamemeTvKenya anati
      amapanga zaka 9

      Zikomo chifukwa cha ndemanga.

      Ndatumiza gawo linalo dzulo, mkati mwa tsikulo ndikuganiza kuti azilengeza.

      Zikomo.

      Yankhani kwa @Jlcmux
  5.   Israel anati
    amapanga zaka 9

    Nkhani yabwino kwambiri mzanga @ Jlcmux, ndidaphunzira naye kuyambira pomwe adafotokozera kukayikira komwe ndidakhala nako kwakanthawi, mwanjira yomwe simungadandaule kugawana nawo buku loyambira nkhaniyo, la Sébastien BOBILLIER, slau2s wabwino tsopano onani gawo lachiwiri, salu2s.

    Yankhani kwa Israeli
    1.    @KamemeTvKenya anati
      amapanga zaka 9

      Moni Zikomo poyankha Israeli.

      Likukhalira kuti bukuli ndili nalo mwakuthupi. Koma ndapeza ulalowu pa Google Books. http://books.google.com.co/books?id=zxASM3ii4GYC&pg=PA356&lpg=PA356&dq=S%C3%A9bastien+BOBILLIER+Linux+%E2%80%93+Administraci%C3%B3n+del+sistema+y+explotaci%C3%B3n+de+los+servicios+de+red#v=onepage&q=

      Ndikuganiza kuti zonse.

      Yankhani kwa @Jlcmux
  6.   Ariel anati
    amapanga zaka 9

    Nkhani yabwino kwambiri, ndikuwonjezera funso: Kodi ntchito yabwinobwino yogwiritsira ntchito linux ngati rauta, ngati ilipo, pokhudzana ndi hardware yoperekedwa kwa iyo? Kapena ndizongolimbitsa thupi? Ndikudziwa kuti pali ma distros odzipereka koma sindikudziwa ngati akuyenera kupulumutsa ma PC akale kapena kuperekanso kusintha kosintha.

    Yankhani kwa Ariel
    1.    @KamemeTvKenya anati
      amapanga zaka 9

      Ndikuganiza kuti maubwino ndi zovuta zake zimadalira momwe mudzagwiritsire ntchito izi. Chifukwa chiyani simupita kukagula UTM kapena zina zotere kunyumba kwanu? Ndipo mwina pabizinesi yaying'ono yomwe singakwanitse. Ndilinso zolimbitsa thupi, chifukwa zimakuthandizani kuti mumvetsetse tanthauzo la izi ndipo mutha kukhazikitsa bwino FWall. Kuphatikiza apo pafupifupi zida zonsezi zili ndi Linux Yosungidwa.

      Zikomo.

      Yankhani kwa @Jlcmux
  7.   Ariel anati
    amapanga zaka 8

    Moni, funso, kodi mutha kupanga mawonekedwe "achinyengo" mu linux kuti muziwayendetsa mofanana pakati pa netiweki? (packet tracer style) kuti mugwire ntchito ndi makina enieni? Mwachitsanzo ngati ndili ndi eth0 (chifukwa ndili ndi khadi limodzi) nditha kupanga eth1 kuti ipange netiweki ina? Namkungwi wabwino kwambiri!

    Yankhani kwa Ariel
    1.    achira anati
      amapanga zaka 8

      Mu Linux mutha kupanga maulalo, inde. Ngati muli ndi eth0, mutha kukhala ndi eth0: 0, eth0: 1, eth0: 2 ... etc.

      Yankhani kwa elav
  8.   chinoloco anati
    amapanga zaka 8

    Zabwino kwambiri, zikomo pogawana

    Yankhani chinoloco