Otu esi eme nzacha ngwugwu, ntụgharị okwu adresị netwọkụ yana tọọ kernel oge ọsọ ọsọ - Nkebi 2

Dị ka e kwere ná nkwa na Nkebi 1 (Setup Static Network Routing), n'isiokwu a (Nkebi nke 2 nke usoro RHCE) anyị ga-amalite site na iwebata ụkpụrụ nke nzacha ngwugwu na nsụgharị adreesị netwọk (NAT) na Red Hat Enterprise Linux 7, tupu. ndakpu n'ime ịtọ ntọala kernel runtime iji gbanwee omume nke kernel na-agba ọsọ ma ọ bụrụ na ọnọdụ ụfọdụ agbanwee ma ọ bụ mkpa bilitere.

Ihe nzacha netwọkụ na RHEL 7

Mgbe anyị na-ekwu maka nzacha ngwugwu, anyị na-ezo aka na usoro nke firewall na-eme ebe ọ na-agụ isi nke ngwugwu data ọ bụla nke na-anwa ịgafe ya. Mgbe ahụ, ọ na-enyocha ngwugwu ahụ site na ime ihe achọrọ dabere na iwu nke onye nchịkwa sistemụ kọwapụtara na mbụ.

Dị ka ị maara, malite na RHEL 7, ọrụ ndabara na-achịkwa iwu firewall bụ firewalld. Dị ka iptables, ọ na-agwa modul netfilter na Linux kernel iji nyochaa na ịchịkwa ngwugwu netwọk. N'adịghị ka iptables, mmelite nwere ike ịmalite ozugbo na-akwụsịghị njikọ ndị na-arụ ọrụ - ị pụghị ịmalitegharị ọrụ ahụ.

Uru ọzọ nke firewalld bụ na ọ na-enye anyị ohere ịkọwa iwu dabere na aha ọrụ ahaziri ahazi (karịa na nke ahụ na nkeji).

Na akụkụ nke 1, anyị jiri ọnọdụ ndị a:

Agbanyeghị, ị ga-echeta na anyị kwụsịrị firewall na rawụta #2 iji mee ka ihe atụ dị mfe ebe ọ bụ na anyị ekpuchibeghị nzacha ngwugwu. Ka anyị hụ ugbu a ka anyị nwere ike isi mee ka ngwugwu na-abata echere maka otu ọrụ ma ọ bụ ọdụ ụgbọ mmiri na ebe a na-aga.

Nke mbụ, ka anyị tinye iwu na-adịgide adịgide iji kwe ka okporo ụzọ mbata na enp0s3 (192.168.0.19) gaa na enp0s8 (10.0.0.18):

# firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i enp0s3 -o enp0s8 -j ACCEPT

Iwu a dị n'elu ga-echekwa iwu na /etc/firewalld/direct.xml:

# cat /etc/firewalld/direct.xml

Mgbe ahụ nye iwu ka ọ malite ọrụ ozugbo:

# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp0s3 -o enp0s8 -j ACCEPT

Ugbu a ị nwere ike telnet gaa na sava weebụ site na igbe RHEL 7 wee gbaa tcpdump ọzọ iji nyochaa okporo ụzọ TCP n'etiti igwe abụọ ahụ, oge a na firewall na rawụta #2 nyeere.

# telnet 10.0.0.20 80
# tcpdump -qnnvvv -i enp0s3 host 10.0.0.20

Kedu ihe ma ọ bụrụ na ịchọrọ ịhapụ naanị njikọ mbata na sava weebụ (ọdụ ụgbọ mmiri 80) site na 192.168.0.18 wee gbochie njikọ sitere na isi mmalite ndị ọzọ na netwọk 192.168.0.0/24?

Na firewall nke sava weebụ, tinye iwu ndị a:

# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.0.18/24" service name="http" accept'
# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.0.18/24" service name="http" accept' --permanent
# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" drop'
# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" drop' --permanent

Ugbu a ị nwere ike ịrịọ arịrịọ HTTP na sava weebụ, site na 192.168.0.18 yana site na ụfọdụ igwe ọzọ na 192.168.0.0/24. N'okwu nke mbụ njikọ kwesịrị imecha nke ọma, ebe nke abụọ ọ ga-emecha kwụsị.

Iji mee nke a, iwu ọ bụla ga-eme aghụghọ:

# telnet 10.0.0.20 80
# wget 10.0.0.20

Ana m adụ gị ọdụ ka ị lelee akwụkwọ ndekọ asụsụ Ọgaranya Firewalld na Fedora Project Wiki maka nkọwa ndị ọzọ gbasara iwu bara ụba.

Ntụgharị asụsụ netwọkụ na RHEL 7

Network Address Translation (NAT) bụ usoro ebe otu kọmputa (ọ nwekwara ike ịbụ naanị otu n'ime ha) na netwọk nzuzo na-enye adreesị IP ọha pụrụ iche. N'ihi ya, a ka na-amata ha n'ụzọ pụrụ iche site na adreesị IP nke onwe ha n'ime netwọk ahụ mana n'èzí ha niile yiri otu.