Xiv bob. Tizim xavfsizligi (firewall)


Dastlab, IP manzillarni tekshirib ko’ramiz


Download 3.63 Mb.
bet5/7
Sana21.11.2023
Hajmi3.63 Mb.
#1790426
1   2   3   4   5   6   7
Bog'liq
LSB 14-BOB (1)

Dastlab, IP manzillarni tekshirib ko’ramiz:
Gateway (sedicomm-devgateway)
Public IP: 10.20.20.1
Private IP: 192.168.0.101/24
Private Subnet: 192.168.0.0/24
Gateway (sedicomm-prodgateway)

Public IP: 10.20.20.3
Private IP: 10.0.2.15/24
Private Subnet: 10.0.2.0/24

Keyingi qadamda, /etc/sysctl.conf buyrug’i yordamida tizim yadrosida paketlarni uzatishni yoqishni amalga oshiramiz:
sudo nano /etc/sysctl.conf

Endi, quyidagilarni ajratib olamiz:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0


14.35-rasm. IP4 va IP6 sozlamalarini sozlash.
Keyin quyidagi buyruqni bajarib, yangi sozlamalarni yuklab olamiz:
sudo sysctl –p

14.36-rasm. Yangi sozlamalarni yuklab olish.

Agar sizda UFW xavfsizlik (firewall) xizmati yoqilgan bo'lsa, konfiguratsiya fayliga / /etc/ufw/before.rules ni kiritamiz.
Gateway (sedicomm-devgateway)

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -d 192.168.0.0/24 -j MASQUERADE
COMMIT

Gateway (sedicomm-prodgateway)

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -d 10.0.2.0/24 -j MASQUERADE
COMMIT

Firewall xizmati parametrlari qoshilgandan song, unga quyidagi ozgartirishlarni kiritishimiz mumkin:

Download 3.63 Mb.

Do'stlaringiz bilan baham:
1   2   3   4   5   6   7




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling