Xiv bob. Tizim xavfsizligi (firewall)
Dastlab, IP manzillarni tekshirib ko’ramiz
Download 3.63 Mb.
|
LSB 14-BOB (1)
- Bu sahifa navigatsiya:
- Gateway (sedicomm-devgateway)
|
Dastlab, IP manzillarni tekshirib ko’ramiz:
Gateway (sedicomm-devgateway) Public IP: 10.20.20.1 Private IP: 192.168.0.101/24 Private Subnet: 192.168.0.0/24 Gateway (sedicomm-prodgateway)Public IP: 10.20.20.3 Private IP: 10.0.2.15/24 Private Subnet: 10.0.2.0/24 Keyingi qadamda, /etc/sysctl.conf buyrug’i yordamida tizim yadrosida paketlarni uzatishni yoqishni amalga oshiramiz: sudo nano /etc/sysctl.conf Endi, quyidagilarni ajratib olamiz: net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 14.35-rasm. IP4 va IP6 sozlamalarini sozlash. Keyin quyidagi buyruqni bajarib, yangi sozlamalarni yuklab olamiz: sudo sysctl –p 14.36-rasm. Yangi sozlamalarni yuklab olish. Agar sizda UFW xavfsizlik (firewall) xizmati yoqilgan bo'lsa, konfiguratsiya fayliga / /etc/ufw/before.rules ni kiritamiz. Gateway (sedicomm-devgateway)*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.0.2.0/24 -d 192.168.0.0/24 -j MASQUERADE COMMIT Gateway (sedicomm-prodgateway)*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/24 -d 10.0.2.0/24 -j MASQUERADE COMMIT Firewall xizmati parametrlari qo’shilgandan so’ng, unga quyidagi o’zgartirishlarni kiritishimiz mumkin: Download 3.63 Mb. Do'stlaringiz bilan baham: 
|