IPHEPHA: iintlobo zeetafile

Isaac

Imizuzu ye4

Umsebenzi weIptable

Ukuba awazi nto malunga IPHEPHA, Ndiyakuncoma funda inqaku lethu lokuqala kwintshayelelo kwi-IPTABLES ukuze uthathe isiseko ngaphambi kokuqala ukucacisa umxholo weetafile kule nto intle yeLinux kernel ukucoca kunye nokusebenza njenge firewall enamandla okanye firewall. Kwaye kukuba ukhuseleko yinto ekhathazayo nangakumbi nangakumbi, kodwa ukuba uyiLinux unethamsanqa, kuba iLinux isebenzisa esinye sezixhobo ezingcono esinokuzifumana ukuze silwe nosongelo.

I-IPTABLES, njengoko kufanele ukuba sele uyazi, idibanisa kwi-Linux kernel uqobo, kwaye yinxalenye yeprojekthi ye-netfilter, ethi ukongeza kwi-iptables yenziwe nge-ip6tables, ebtables, arptable kunye ipset. Sisakhelo somlilo esiqwalaselweyo kwaye esiguquguqukayo njengezinto ezininzi zeLinux, kwaye ngaphandle kokuba sesichengeni, isenamandla ngakumbi. Ukuba ngaphakathi kwekernel, kuqala ngenkqubo kwaye ihlala isebenza ngalo lonke ixesha kwaye ikwinqanaba le-kernel, iya kufumana iipakethi kwaye ezi ziya kwamkelwa okanye zamkelwe ngokubonisana nemithetho ye-iptables.

Iintlobo ezintathu zetafile:

Kodwa iptables isebenza enkosi kwiindidi zeetafile esona sihloko siphambili kweli nqaku.

Iitafile zeMANGLE

Las Iibhodi ze-MANGLE Banoxanduva lokutshintsha iipakeji, kwaye ngenxa yoko banokukhetha:

  • UKUKHOKA: Uhlobo lweNkonzo lusetyenziselwa ukuchaza uhlobo lwenkonzo yepakethi kwaye kufuneka isetyenziselwe ukuchaza ukuba iipakethi kufuneka zihanjiswe njani, hayi iipakethi eziya kwi-Intanethi. Uninzi lwee-routers azilihoyi ixabiso lale ndawo okanye zinokusebenza ngokungafezekanga ukuba zisetyenziselwa ukuphuma kwazo kwi-Intanethi.

  • TTL: utshintsha intsimi yobomi bephakheji. Isichazi sayo simela ixesha lokuPhila kwaye, umzekelo, inokusetyenziselwa xa singafuni kufunyanwa ngabanikezeli abathile beenkonzo ze-Intanethi (ii-ISPs) abalandelayo.

  • PHAWULA: isetyenziselwa ukumakisha iipakethi ezinamaxabiso athile, ukunciphisa umda wendlela kunye nokwenza imigca nge-CBQ (imigca esekwe kuDidi). Emva kwexesha banokuqatshelwa ziinkqubo ezinje nge-iproute2 yokwenza imizila eyahlukeneyo kuxhomekeke kuphawu lwazo ezi pakethi zinazo okanye azinazo.

Mhlawumbi olu khetho aluvakali luqhelekile kuwe kwinqaku lokuqala, kuba asichukumisi nanye kuzo.

Iitafile ze-NAT: UKUFUNDA, UKUGQIBELA

Las NAT (iNguqulelo yeeDilesi zenethiwekhi) iitafileOko kukuthi, ukuguqulelwa kwedilesi yenethiwekhi, kuya kuboniswana nayo xa ipakethi idala unxibelelwano olutsha. Bavumela i-IP yoluntu ukuba yabelwe phakathi kweekhompyuter ezininzi, yiyo loo nto zibalulekile kwiprothokholi ye-IPv4. Ngazo singongeza imigaqo yokutshintsha iidilesi ze-IP zeepakethi, kwaye zinemithetho emibini: i-SNAT (i-masquerading ye-IP) yedilesi yomthombo kunye ne-DNAT (ukuDlulisela ngePort) kwiidilesi zalapho ziya khona.

ukuba Yenza uhlengahlengiso, ivumela iindlela ezintathu Sele sizibonile ezinye zazo kwinqaku lokuqala le-iptables:

  • UKUZIPHATHA: ukuguqula iipakethe ngokukhawuleza xa zifika kwikhompyutha.
  • ISIPHUMO: Iziphumo zepakethi eziveliswe apha ekhaya kwaye ziya kuthunyelwa kwimveliso yazo.
  • UKUGQIBELA: lungisa iipakeji ezikulungeleyo ukushiya ikhompyuter.

Ukucoca iitafile:

Las iitafile zokucoca ulwelo zisetyenziswa ngokungagqibekanga ukulawula iipakethi zedatha. Ezi zezona zisetyenzisiweyo kwaye zinoxanduva lokucoca iipakethi njengoko i-firewall okanye icebo lokucoca ulungiselelwe. Zonke iipakeji zingena kule tafile, kwaye ukutshintsha uneendlela ezintathu ezichazwe kwangaphambili esizibonileyo kwinqaku lokuqala:

  • Igalelo: okokufaka, okt zonke iipakethi ezimiselwe ukuba zingene kwinkqubo yethu kufuneka zidlule kule khonkco.
  • ISIPHUMO: Iziphumo, zonke iiphakeji ezenziwe yinkqubo kwaye ziya kuyishiya kwesinye isixhobo.
  • PHAMBILI: uhlengahlengiso, njengoko usenokwazi, umane ubathumela kwindawo yabo entsha, echaphazela zonke iipakethi ezihamba kula matyathanga.

Iitafile ezinokubakho

Okokugqibela ndingathanda ukuthi ipakethi nganye yenethiwekhi ethunyelweyo okanye efunyenweyo kwinkqubo yeLinux kufuneka ixhomekeke kwenye yezi tafile, enye yazo okanye ezininzi ngaxeshanye. Kuya kufuneka kwakhona ixhomekeke kwimigaqo yeetafile ezininzi. Umzekelo, ngo-ACCEPT kuvunyelwe ukuba iqhubeke nendlela yayo, kunye nokufikelela kwi-DROP kuyaliwe okanye kungathunyelwa kwaye nge-REJECT ilahlwe ngokulula, ngaphandle kokuthumela impazamo kwiseva okanye ikhompyuter ebithumele ipakethi. Njengoko ubona, itheyibhile nganye ineethagethi zayo okanye imigaqo-nkqubo Kukhetho ngalunye okanye imixokelelwane ekhankanywe apha ngasentla. Kwaye ezi zikhankanywe apha njenge-ACCEPT, DROP kunye REJECT, kodwa kukho enye efana neQUEUE, eyokugqibela, ongayaziyo, isetyenziselwa ukwenza iipakethi ezifika kwinkqubo ethile, nokuba yeyiphi idilesi.

Ewe, njengoko ubona, ii-iptables zinzima ukuyicacisa kwinqaku elinye ngendlela enzulu, ndiyathemba ukuba ngenqaku lokuqala uyakuba nombono osisiseko wokusebenzisa ii-iptable ngeminye imizekelo, kwaye nantsi eminye ithiyori. Shiya izimvo zakho, amathandabuzo okanye igalelo, baya kwamkeleka.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.