Kanjani port ukudlulisa e Mikrotik? Port Ukudlulisela ( "Mikrotik"): incazelo, imfundo, iseluleko

Port ukudlulisa ingenye imisebenzi ebaluleke kunazo zonke Ukuqondisa kabusha Nat. Ngamafuphi nje, kungenzeka ukusebenzisa amadivaysi ziningana zenziwe LAN olulodwa noma ixhunywe nge kumadivayisi imishini yezokuxhumana engenazo izintambo, esisodwa isikhombikubona zangaphandle. Ukukhuluma ngendlela elula, ukudlulisa port "Mikrotik» (RDP) ikuvumela ukufinyelela kukhompyutha esigungwini ethile noma idivayisi ngokusebenzisa uxhumano lwe-intanethi kusuka ngaphandle. Ngakho, kunoma iyiphi idivayisi zingalawulwa ngokusebenzisa ukungena kokukude. Into kuphela ukuthi iyadingeka, - khona port khulula ku-router. Okulandelayo it kuzoxoxwa ezinye zezimo ezivamile ezidinga ngokuqinile noma bakhuthazwa ukuba benzeni port ukudlulisa. "Mikrotik» RB951-2n onobuhle ukuthatha njengesibonelo. Kodwa lokhu akuyona into ebaluleke kunazo zonke. I-router / imodemu port ukudlulisa ngokusebenzisa "Mikrotik» Client-VPN Kuthi ezahlukene kusukela nezimiso ezijwayelekile. Kodwa izinto zokuqala kuqala.

Router Mikrotik: izici jikelele

Abanikazi bochungechunge imizila Mikrotik lucky ngokwanele. Iqiniso lokuthi amadivayisi e iningi babe okufakiwe okuningi noxhumo lenethiwekhi. Esikhathini ngenhla kukhona onobuhle ezinhlanu.

Lokhu kwenza kube nokwenzeka ukusebenzisa impela eningi izilungiselelo ezahlukene, ngisho nalabo ezimweni lapho abahlinzeki abaningi. Uyavuma inzuzo ngokwanele onohlonze. Ukuze uxhume ukusebenza, futhi isebenze kahle, kubalulekile ukwenza port ukudlulisa "Mikrotik" -routera. Vele wazi ukuthi kufanele silungise kancane. Kodwa umsebenzisi ekupheleni sizothola okuningi amathuba ukusebenzisa yesimanje nobuchwepheshe Inthanethi. Nokho, akufanele sizikhohlise, ngoba kulungiselelwa ukudlulisa ngokungabi bikho oluqondile bangaba indaba ngempela enzima. Kodwa ungalilahli ithemba. ngeke Umqondisi wethu ukusiza ukulungisa imizila kulolu chungechunge ngisho umsebenzisi ongenalwazi kakhulu. Kubalulekile ukulandela zonke izinto afakwe ohlwini.

Port Ukudlulisela "Mikrotik": umnyango esibonakalayo web

Kusukela emnyango kudivayisi esibonakalayo kufanele awunankinga. Inqubo ejwayelekile kuhilela ukusetshenziswa isiphequluli Inthanethi ezivamile, okuyinto kwibha yekheli, faka inhlanganisela 192.168.88.1. Phawula ukuthi leli kheli ngokuphelele sihluke kakhulu nezinye imizila idatha.

Njengoba njalo ngemvume usebenzisa admin, nensimu iphasiwedi nalutho. Uma le ndlela akusebenzi, umane kabusha izilungiselelo ngokucindezela Setha kabusha inkinobho kumbe ukhupha idivayisi kusukela amapayipi amasekhondi 10-15.

incazelo Jikelele nemingcele

Ngemva kokungena ngaphambi kokwenza ukudlulisa "Mikrotik" izimbobo, kuyatuseka kakhulu sokuba bajwayelane ezinye izilungiselelo ezibalulekile kanye nemingcele ukuthi zishintshile.

Ukuze uqale ukungena Interfaces kwesigaba (into yesibili kwimenyu ngakwesokunxele), lapho bonke interface etholakalayo okwamanje kuzovezwa. Ibhuloho wendawo uze nakani ukubheka Ether1 port. It sifana port lokuqala (isixhumi) kwi-router, okubandakanya ikhebula ne RJ-45 Isixhumi ukusuka kumhlinzeki. Washayela Gateway - emnyango lapho ungathola ukufinyelela kudivayisi.

Enye nezimbobo ezine zenziwe inkinobho ebonakalayo. Imbobo yesibili has a kuqala Nkosi, lonke - Slave. Ezintathu zokugcina siholwa echwebeni yesibili, okuyinto, eqinisweni, kuyafana futhi usebenza ngesisekelo uxhumano ngowokuqala.

Phakathi amatheku ezinkulu-Inthanethi njengoba uhlobo "spacer", isevisi yokusakaza NAT Network Ikheli Translation. It ikuvumela ukuba ufake amakheli kokubili zangaphakathi nezangaphandle amakhompyutha efanayo wendawo endaweni inethiwekhi, ekungafanele kube okufanayo ekuqaleni.

Kube sekuqala azenza. Yebo, wena wezwa ilungelo, iqiniso! Azenza sici isebenza isimiso VPN noma ummeleli, esikhundleni IP wangaphandle computer at the ophumayo ekhelini Inthanethi router. Ngokufanayo, lapho wesevisi impendulo ikhomba IP ngaphakathi ikhompyutha yakho, okuyinto usuqalise isicelo futhi ithumela impendulo kule moto. Uma isevisi Ayibalwa, uzodinga ukuze uyisebenzise esigabeni esifanele wokusebenza amaningi kukhona.

izilungiselelo eziyisisekelo port

Kuye uluphi uhlelo noma isevisi kufanele usebenzise ezithile port mahhala router, futhi kufanele wenze isiqalo ngokwenza port ukudlulisa "Mikrotik".

Ngokwesibonelo, ngenxa yanoma yisiphi Sesifufula-iklayenti, kufanele usebenzise port 51413 uxhumano akude ngokusebenzisa zomxhaso uxhumano - 3389, ukuze usungule uxhumano ByFly - .. 55555, njll Kodwa kuyafaneleka ukuthi ukudlulisa port "Mikrotik" ngokusebenzisa i-VPN-iklayenti kancane ezahlukene kusukela inqubo ejwayelekile (ngemuva kwalokhu uyoqonda ukuthi kungani).

Ukudala imithetho

Kodwa emuva Uqweqwe. Siya firewall / NAT ithebhu, ubone ukuthi omunye umthetho selivele likhona (efakwe ngokwakhona).

Sidinga ukwengeza entsha (lokhu kwenziwa ngokucindezela izinkinobho isithonjana uphawu lokuhlanganisa). Kukhona imingcele eziningana eziyisisekelo:

• Chain - setha Srcnat, uma ukufinyelela liyadingeka kusukela ngaphakathi kuya ngaphandle, noma Dstnat - kusuka ku-intanethi kunethiwekhi yangaphakathi;
• Protocol - khetha TCP;
• Src. Port - koshintsho;
• DST. Port - 51413 (kulesi simo ngenxa nezigodi zezifufula);
• Ngo. Ukusebenza - ether1-gateway ye;
• Out. Ukusebenza - ngaphandle izinguquko.

Khona-ke ungakwazi ukushintshela uhlobo enwetshiwe (Okuthuthukisiwe noma Extra), kodwa ngaphandle isidingo ngabo angeke wathinta. Kulokhu, thina banesithakazelo kakhulu esigabeni isenzo (Action).

izenzo Ikhetha

Khetha ukusebenza ukuthi izoqaliswa uma ethola amaphakethe engenayo, zikhona amaningi. Ukuze izinkinga isimo, ungabeka Yamukela value. Kulokhu, zonke amaphakheji izokwamukelwa ngokuzenzakalelayo.

Uma ufuna ukwenza i-Ukuqondisa kabusha idatha kusuka yangaphakathi kunethiwekhi zangaphandle, ungasebenzisa ongakhetha DST-nat futhi netmap. Indlela yesibili akukhetha, ngoba yisihumusho ngcono wokuqala.

Okulandelayo Ukuze Ikheli ensimini icacisa igama impi, okuyinto izodluliselwa, bese ufaka ikheli le-port. Cindezela inkinobho Sebenzisa - ikheli umshini livele ohlwini.

Ungase futhi ukuya sokuphawula (Amazwana) futhi ucacise ulwazi ukwakha umthetho ukuthi esikhathini esizayo isistimu hhayi ucele ukhethe isenzo. Ngalesi ukudlulisa port "Mikrotik" angabhekwa ephelele. Kodwa akubona bonke ngakho elula.

Port Ukudlulisela "Mikrotik" kusuka ku-intanethi kuya LAN: ukudlulisa kubanikeli amaningi shayela

Ucabange ukuthi uxhumano eyenziwa abahlinzeka ngemisebenzi eziningana futhi umsebenzisi esikhathini esithile ufuna ukukhetha okungukuthi amasevisi ukusebenzisa noma ukuzisabalalisa ku imishini ezahlukene. I imizila "Mikrotik" emachwebeni amabili umhlinzeki zigcinwe ngaphandle kwezinkinga Uqweqwe.

Kulokhu kukhethwa senzo misa inqubo DST-nat, futhi ukubhekana (isib for ByFly) ukubhekana 10.24.3.2 (TCP 55555) isetshenziswa. Ukuze Izimbobo nto kungenzeka ziyothinteka.

Osele ubizwa i-Shell njengoba umengameli, okuyinto sinquma okulandelayo:

• / Ip nat lokuvikela;
• engeza isinyathelo = dstnat uchungechunge = dstnat amazwana = sesifufula DST-port = 55555 e-interface = \;
• ByFly olandelwayo = TCP kuya amakheli = 10.24.3.2.

Idlulisela i-port 3389 (RDP)

Manje amagama ambalwa mayelana elawulwa kude besebenzisa khulula router nezimbobo. Empeleni, le nqubo Cishe efanayo.

ongakhetha Ukufakwa kumele kube:

• Gateway: 192.168.8.1.
• Action: ukwamukela.
• NAT (ngokuvamile kufanele sifakwe ngaphambi imithetho azenza).
• Chain: dstnat.
• Protocol 6 (TCP) (okuzenzakalelayo).
• Destination port 3389 (inombolo port kuwo kudlulisela port kuthunyelwa ku-inthanethi).
• Eziphumayo esibonakalayo lwemsebenti: pppoe ukuphuma.
• Action: DST-nat.
• Edluliselwe ukuze: 192.168.0.232.

I-IPv4 izilungiselelo olandelwayo, udinga ukuya izilungiselelo ezithuthukile futhi ukhombise IP thebhu, amakheli ezengeziwe (njengoba kuboniswe esithombeni ngenhla), khona-ke ukubhalisa ikheli lapho router ngeke basebenzisane.

Okulandelayo, khetha umnikeli bese ufaka idatha elandelayo:

Yakha umthetho umhlinzeki yesibili ukuze ungeze imingcele azenza.

imibuzo ukubhekwa

Ake sibone ukuthi router "Mikrotik" Imbobo ukudlulisa for video ukubhekwa usebenza practice. Ngomqondo onabile, inkulumo ukucushwa cishe iyafana ukuthi esimweni esikhulu.

imbobo kuphela ukudlulisa "Mikrotik" I-DVR libukeka kanje:

• Chain: dstnat.
• Protocol: 6 (TCP).
• Imbobo Kude: 200.
• Ngo. Interface: ether1-kwesango.
• Action: netmap.
• Edluliselwe ukuze: 192.168.HHH.HHH.
• Port: 80.

Njengoba ubona, izilungiselelo musa ihluke ngenhla, kodwa usebenzisa inombolo 80. Yilokho njengoba itheku elikhulu.

isiphetho

Efingqa, kungase kuqashelwe ukuthi ukudlulisa "Mikrotik" nezimbobo - kuba kunalokho xaka futhi umsebenzisi isilinganiso ongeyena ujwayelene okungenani babe nolwazi oluyisisekelo imizila esibonakalayo kulolu chungechunge, akunakwenzeka ukuba ngibhekane nenkinga yami. Ngenxa imiyalelo ngenhla uzokwazi zizifundele zona ngokwazo imininingwane ebaluleke futhi enze echwebeni ukumisa phambili i ngokwakho.

Cishe yonke nemingcele kanye nesimo ongakhetha yayo ayafana yini. Ziyahlukahluka kuye kuphela izindlela kanye ne-port izinombolo. Kukho konke, lapho ukuhleleka okuhle kufanele kube khona izinkinga. Umbuzo ka-konke lokhu kwagcwaliseka kanjani, kuyodingeka anqume. Yiqiniso, ezishintshayo uxhumano kwi-Inthanethi, ikakhulukazi lapho ufinyelela inethiwekhi yendawo noma esigungwini ethize kusukela ngaphandle, akusebenzi njalo. Ngakho kufanele asebenzise isikhathi esincane ukwenza kulungiselelwa ilungile, ngisho ne ukufinyelela ngabahlinzeki abaningi.