Dzoreredza traffic kubva kune imwe IP uye chiteshi kune imwe IP uye chiteshi

Chinhu chakajairika kwazvo pakuchengeta maseva kuri kuendesa zvakare traffic.

Ngatitii tine server ine mamwe masevhisi anomhanya, asi chero chikonzero isu tinoshandura rimwe remasevhisi aya (Ini handizive, semuenzaniso pop3 inova chiteshi 110) kune imwe server. Icho chakajairwa uye chinowanzoitika chinhu chingangove kungochinja iyo IP mune iyo DNS rekodhi, zvisinei kana mumwe munhu aishandisa iyo IP panzvimbo peiyo subdomain inozobatwa.

Zvekuita? ... yakapusa, tungamira iwo traffic iyo server inogamuchira kuburikidza neiyo chiteshi kune imwe sevha ine imwechete chiteshi.

server-node-lan-ethernet

Tinotanga sei kudzoreredza traffic?

Chinhu chekutanga ndechekuti isu tinofanirwa kunge takagonesa iyo kuendesa mberi pane server, nekuda kweizvi tichaisa zvinotevera:

echo "1" > /proc/sys/net/ipv4/ip_forward

Yese mirairo inoratidzwa mune ino dzidziso inofanirwa kuitwa pamwe nehutongi rombo, ini ndinokurudzira kuti vaurayiwe zvakananga nemudzi mushandisi.

Iwe unogona zvakare kushandisa uyu umwe kuraira, kana iyo yapfuura ikasashanda kwauri (zvakaitika kwandiri seizvi paCentOS):
sysctl net.ipv4.ip_forward=1
Ipapo isu tinotangazve network:

service networking restart

MuRPM distros senge CentOS nevamwe, zvingave:

service nertwork restart

Iye zvino tichaenderera mberi kuchinhu chakakosha, udza sevha kuburikidza iptables chii chaunodzoreredza:

iptables -t nat -A PREROUTING -p tcp --dport <puerto receptor> -j DNAT --to-destination <ip final>:<puerto de ip final>

Mune mamwe mazwi, uye nekutevera iwo muenzaniso wandakataura, ngatiti isu tinoda kudzoreredza traffic yese iyo server yedu inogamuchira kuburikidza nechiteshi 110 kune imwe server (ex: 10.10.0.2), iyo ichiri kugashira iyo traffic kuburikidza ne110 (ibasa rimwe chete):

iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 10.10.0.2:110

Iyo 10.10.0.2 server ichaona kuti mapakeji ese kana zvikumbiro zvinobva kune IP yemutengi, kana vachida kushambira zvikumbiro, ndiko kuti, iyo yechipiri sevha inoona kuti zvikumbiro zvinosvika neIP yeiyo yekutanga server (uye mune yatinoshandisa redirection), zvingave zvakare kuisa iyi yechipiri mutsara:

iptables -t nat -A POSTROUTING -j MASQUERADE

Mimwe mibvunzo nemhinduro

Mumuenzaniso ini ndaishandisa chiteshi chakafanana pazviitiko zvese izvi (110), zvisinei ivo vanokwanisa kudzoreredza traffic kubva kune chimwe chiteshi kuenda kune chimwe pasina matambudziko. Semuenzaniso, ngatiti ini ndoda kuendesa zvakare traffic kubva port 80 kusvika 443 pane imwe server, nekuti izvi zvingave:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.10.0.2:443

Izvi ndizvo iptables, ivo vanogona kushandisa mamwe ese ma parameter atinoziva, semuenzaniso, kana isu tichingoda kudzosera traffic kubva kune chaiyo IP, inenge iri kuwedzera -s … Semuenzaniso ndichaendesa chete traffic inobva kuna 10.10.0.51:

iptables -t nat -A PREROUTING -p tcp -s 10.10.0.51 --dport 80 -j DNAT --to-destination 10.10.0.2:443

Kana rese network (/ 24):

iptables -t nat -A PREROUTING -p tcp -s 10.10.0.0/24 --dport 80 -j DNAT --to-destination 10.10.0.2:443

Isu tinogona zvakare kudoma network interface ne -i :

iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.10.0.2:443

Magumo!

Izvi sezvandambotaura, iptables, unogona kuisa izvo zvinozivikanwa kuti sevha iite chaizvo zvaunoda kuti iite

Ndinokutendai!

DedicatedServer_SubImage


Makomendi gumi, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Fer akadaro

    Isu tinogona zvakare kuita izvi kubva kune firewall iyo inobvumidza chiteshi kufambisa, handiti? (kushandisa mitemo inoenderana).

    1.    KZKG ^ Gaara akadaro

      Hongu zvirokwazvo, mukupedzisira firewall yakaita Pfsense kana vamwe, shandisa iptables kubva kumashure.

      1.    dhunter akadaro

        Kutaura chokwadi, pfsense haishandise iptables asi pf, yeuka kuti iri bsd mukati.

        1.    KZKG ^ Gaara akadaro

          Oo, zvakaipa zvangu!

  2.   Nicolas akadaro

    Ndatenda zvikuru nezano 🙂

    Ndine kusahadzika kwakati.
    1 - Iko shanduko ndeyekusingaperi? kana kuti yakarasika kana uchitangazve sevha?
    2 - Ndine zviitiko zvakawanda (taura A, B, uye C) pane imwechete subnet. Mukuenzanisira A ini ndinoshandisa mutemo kuendesa traffic kune yekunze IP, uye kuyedza nema curls kubva kune zviitiko B uye C, zvese zvinoshanda zvinoshamisa. Dambudziko nderekuti kubva pamuenzaniso A hazvishande. Ndakaedza kushandisa zvese ip uye iyo loopback interface, uye haina kushanda:
    $ iptables -t nat -A KUFANANA -p tcp -port 8080 -j DNAT -kuenda-xxxx: 8080
    $ iptables -t nat -A KUFANANA -p tcp -i lo -dhipatimendi 8080 -j DNAT -kuenda-xxxx: 8080

    $ curl ip-yyyy: 8080 / hello_world
    curl: (7) Yakundikana kubatanidza kune ip-yyyy chiteshi 8080: Kubatana kwakaramba
    $ curl yemunohost: 8080 / hello_world
    curl: (7) Yakundikana kubatanidza kune localhost chiteshi 8080: Kubatana kwakaramba

    Chero zano rekuti dambudziko ringave rei?

    1.    KZKG ^ Gaara akadaro

      Ehe, shanduko yarasika paku reboot, uchafanirwa kushandisa iptables-chengeta & iptables-kudzoreredza kana chimwe chinhu chakadai kuti udzivise izvo.
      Ini handina kunyatsonzwisisa zvauri kuda kuita, semuenzaniso A?

      1.    Nicolas akadaro

        Ndine sevha inongotsigira zvinongedzo kubva kune yakasarudzika ip (server A's), ini handigone kana kuda kuwedzera mamwe ips kune whitelist (yezvekushomeka nyaya), saka ndinoda iyo traffic yese kune yekunze server kuti ipfuure akadaro server (A).
        Panyaya yekuita basa, ndine masisitimu epasirese anotsanangura iyo IP yekushandisa pane yega sevhisi, saka mune izvi chinhu chakadai se "munhu wese anoda kushandisa sevhisi yekunze anofanira kushandisa IP A"
        Ini ndakabudirira kuita izvi ndichishandisa nzira iri muchinyorwa chino, asi ini ndinomhanya kupinda muchinetso chekuti kana ndichiishandisa, server A haigone kuwana sevhisi ichishandisa yayo ip (asi mamwe eseva anoita).
        Parizvino chakanakisa chandakawana ndechekuwedzera mepu mu server A's / etc / hosts faira, ichinongedzera kune yekunze ip, ichikunda iyo mamiriro epasirese.

  3.   braybaut akadaro

    Zvakanakisa, kana ndine imwe mail server ini ndaigona kuendesa traffic kubva pachiteshi 143 kubva kuseva1 kuenda kuseva2 uye maemail achandibata pane server2, handiti?

    Reply with quote

    1.    KZKG ^ Gaara akadaro

      Mune dzidziso hongu, inoshanda seizvi. Chokwadi, iwe unofanirwa kuve uine iyo server server yakanyatsoiswa pane server2 🙂

  4.   msx akadaro

    Rudzi rwemapositi atinoda kuverenga, maita basa!

  5.   Abraham Ibarra akadaro

    Yakanaka chinyorwa, ini ndine chirongwa chandiri kushanda uye ndaida kukubvunza mubvunzo, pane maindasitiri switch aneNAT basa (ndinofunga vanoshandisa IPTables pazasi), kududzira IP kero vasina kuita shanduko kumidziyo, semuenzaniso, ini ndine Server 10.10.2.1 iyo inotaurirana ne10.10.2.X makomputa uye kuburikidza neswichi yakarongedzwa kuitira kuti komputa ine kero 192.168.2.4 inyatsoonekwa kubva kuseva sa10.10.2.5, yakashandura kuti IP kero kuti ionekwe Kubva kune mamwe makomputa ane iyo kero, ini ndoda kuzviita kubva kuseva ine Ubuntu kana kumwe kugovera, ndeipi ingave iyo iptables mitemo?

  6.   kuk akadaro

    Akanaka kwazvo info ndatenda ^ _ ^

  7.   yisus akadaro

    Manheru akanaka.
    Ndine dambudziko rekuedza kuita redirect. Ini ndinotsanangura:
    Ndine proxy server muUbuntu, iine 2 network makadhi:
    eth0 = 192.168.1.1 yakabatana kune yese network yemuno.
    eth1 = 192.168.2.2 yakabatana neiyo router.
    Ini ndinoda zvese zvinouya kuburikidza neeth0 kupfuura eth1, uye zvakare kuburikidza neyakagamuchirwa (ini ndinoshandisa squid, ine default doko iri 3128), uye ini handisi kuwana kiyi mune IPTABLES kumisikidzwa.
    Ini handidi kubvumidzwa kwerudzi rupi zvarwo, chete kuti rekodhi inoramba iri mudanda remakero ewebhu anoshanyirwa.

    Ndinovimba munogona kundibatsira sezvo riri rakaoma basa rave kundinetsa kwemazuva mashoma.

    Ndinokutendai.

  8.   Gabriel akadaro

    Shamwari, ini ndiri mutsva kwazvo kune mamwe maseva, handina zano asi ini ndinonzwisisa chidzidzo uye ndinodzidza nekukurumidza, mubvunzo wangu ndewunotevera ndine maseva maviri serv_2 uye serv_1 ayo andakabatana neiyo intranet imwechete, mumaseva aya ndine yangu yega Ndinoda kuita zvinotevera:

    kuti imwe nhanho yeips semuenzaniso rangeip_1 paunenge uchiisa yekuwana ip kune wegacloud (ipowncloud) yakanangiswa kune serv_1 uye kana iri imwe rangeip_2 yakaiswa iyo ipowncloud imwechete inotungamirwa kusev_2, izvi kuitira kuti maseva maviri aripo mumaguta maviri akasiyana uye neIP maseru akasiyana asi ese ari pane imwechete network, icho chingave chikamu chekutanga, chechipiri chingave chiri pachena kuwiriranisa maseva maviri aya kuti ave magirazi kana kuti vandiudze izvi kuitira kuti vawedzere hupamhi bhendi, ndapota, kana uchizonditsanangurira maitiro ekuzviita nhanho nhanho, kwete super programmer mode = (

  9.   Antonio Carrizosa akadaro

    Mhoroi, ndiregererei, ndine switch in charge yekutaurirana kwezvose zvishandiso zvinoita network yangu, uye mushure meizvi firewall uye pakupedzisira kubuda kweInternet, zvinoitika ndezvekuti ndinoda kuti redirection ipiwe mu switch uye haifanirwe kusvika kune iyo firewall kunze kwekunge basa rakakumbirwa iri internet.

  10.   Juan akadaro

    Uchishandisa nzira iyi ungadzoreredza HTTPS kuHTTP?

  11.   mati akadaro

    Mhoroi, pamwe zvanonoka, asi ini ndaida kukubvunza iwe, ndingaite sei kuti squid isashandure IP yemutengi kana ndichida kubatana newebhu server pane imwechete network?

  12.   lafat32 akadaro

    Usandibata zvakaipa nekubvunza. Izvi zvinogona kuitwa muWindows here?

  13.   Martin akadaro

    Ruzivo urwu rwakabatsira kwandiri. Semazuva ese, imi vakomana munogona kuvimbwa navo, kana ndisingakwanise kuwana chimwe chinhu muChirungu ini ndinowanzopedzisira ndotarisa muchiSpanish, pazviitiko izvi ndinenge nguva dzose ndinouya kune ino saiti. Ndatenda.

  14.   Seba akadaro

    Ndine 4G router inova mutengi wenetiweki yandisingaite (zviri pachena, ndiri mutengi)… router iyi isuwo kune iyo kure network kuburikidza neOpenVPN. Uye zvakare, akati router inozadzisa basa rekutakura kuti uwane port 80 yeseva yeimwe yeaya ma subnets mumunda.

    Ichi ndicho chiziviso chandaifanira kuisa mu router semutemo we firewall "-t nat -A POSTROUTING -j MASQUERADE"

    Kutenda nerubatsiro!