I-IPTABLES: izinhlobo zethebula

Isaac

Imizuzu ye-4

Iptables Ukusebenza

Uma ungazi lutho mayelana IPTABLESNgincoma lokho funda i-athikili yethu yokuqala yesethulo ku-IPTABLES ukuze uthathe isisekelo ngaphambi kokuqala ukuchaza isihloko samatafula kule nto emnandi ye-Linux kernel ukuhlunga nokwenza njenge-firewall enamandla noma esebenzayo. Futhi ukuthi ukuphepha kuyinto ekhathazayo nokuningi nokuningi, kepha uma uyiLinux unenhlanhla, ngoba iLinux isebenzisa elinye lamathuluzi angcono kakhulu esingathola ukulwa nezinsongo.

I-IPTABLES, njengoba kufanele wazi, ihlangana ne-Linux kernel uqobo, futhi iyingxenye yephrojekthi ye-netfilter, engeza kuma-iptables akhiwe ngama-ip6tables, ebtables, arptables kanye ne-ipset. Kuyisicishamlilo esivuseleleka kalula futhi esiguquguqukayo njengezinto eziningi zeLinux, futhi noma ngabe sengozini ethile, sisenamandla kakhulu. Ukuba ngaphakathi kwe-kernel, kuqala ngohlelo futhi kuhlala kusebenza ngaso sonke isikhathi nokuba sezingeni le-kernel, izothola amaphakethe futhi lawa azokwamukelwa noma enqatshwe ngokubheka imithetho ye-iptables.

Izinhlobo ezintathu zamatafula:

Kodwa iptables isebenza ngenxa yezinhlobo eziningi zethebula okuyisihloko esiyinhloko salesi sihloko.

Amatafula e-MANGLE

I-Las Amabhodi e-MANGLE Baphethe ukuguqula amaphakheji, futhi ngenxa yalokhu banezinketho:

  • KHWELELA: Uhlobo Lensizakalo lusetshenziselwa ukuchaza uhlobo lwenkonzo yephakethe futhi kufanele lisetshenziselwe ukuchaza ukuthi amaphakethe kufanele ahanjiswe kanjani, hhayi amaphakethe aya ku-Intanethi. Amarutha amaningi alinaki inani lale nkambu noma angenza ngokungaphelele uma esetshenziselwa ukukhishwa kwawo kwi-Intanethi.

  • I-TTL: iguqula inkambu yokuphila kwephakeji. Isichazamazwi saso sisho ukuthi Isikhathi Sokuphila futhi, ngokwesibonelo, singasetshenziselwa lapho singafuni ukutholwa abanye babahlinzeki bezinsizakalo ze-Intanethi (ama-ISPs) abafuna ukuqonda kakhulu.

  • UMAKI: isetshenziselwe ukumaka amaphakethe ngamanani athile, kukhawulela umkhawulokudonsa nokwenza ulayini nge-CBQ (Ulayini Osezingeni Elisuselwe). Kamuva zingabonwa ngezinhlelo ezinjenge-iproute2 zokwenza imizila ehlukile ngokuya ngomkhiqizo lawa mapakethe anayo noma cha.

Mhlawumbe lezi zinketho azizwakali ujwayelekile kuwe kusuka ku-athikili yokuqala, ngoba asithinti noma iyiphi yazo.

Amatafula e-NAT: UKUPHILA, UKUDLULISELA

I-Las Amatafula e-NAT (Network Address Translation), okungukuthi, ukuhunyushwa kwekheli lenethiwekhi, kuzobhekwa lapho iphakethe lidala ukuxhumana okusha. Bavumela i-IP yomphakathi ukuthi yabelwe phakathi kwamakhompyutha amaningi, yingakho ibalulekile kuphrothokholi ye-IPv4. Ngazo singangeza imithetho yokushintsha amakheli we-IP wamaphakethe, futhi aqukethe imithetho emibili: i-SNAT (IP masquerading) yekheli lomthombo ne-DNAT (Ukudlulisela phambili kwePort) kwamakheli okuya khona.

para Yenza ukulungiswa, isivumela izinketho ezintathu sesivele sibabonile abanye babo ku-iptables yokuqala:

  • UKUQHUBEKA: ukuguqula amaphakheji ngokushesha nje lapho befika kukhompyutha.
  • UMPHUMELA: kokukhishwa kwamaphakethe akhiqizwe endaweni futhi azohanjiselwa ukuphuma kwawo.
  • UKUDLULA: shintsha amaphakheji alungele ukushiya ikhompyutha.

Ukuhlunga Amathebula:

I-Las izihlungi zokuhlunga zisetshenziswa ngokuzenzakalela ukuphatha amaphakethe wedatha. Lawa asetshenziswa kakhulu futhi anomthwalo wokuhlunga amaphakethe njengoba i-firewall noma isihlungi silungiselelwe. Onke amaphakheji adlula kuleli thebula, futhi ekuguqulweni unezinketho ezintathu ezichazwe ngaphambilini esizibonile esihlokweni sokuqala:

  • OKOKUFAKA: kokufaka, okungukuthi, wonke amaphakethe enzelwe ukungena ohlelweni lwethu kufanele adlule kulolu chungechunge.
  • UMPHUMELA: kokukhiphayo, wonke lawo maphakeji enziwe uhlelo futhi azoyishiya kwenye idivayisi.
  • PHAMBILI: ukuqondiswa kabusha, njengoba kungenzeka usuvele wazi, kumane nje kukuphindisele endaweni yabo entsha, kuthinte wonke amaphakethe ahamba ngalolu chungechunge.

Amatafula we-Iptable

Ekugcineni ngithanda ukusho ukuthi iphakethe lenethiwekhi ngalinye elithunyelwe noma elitholwe kusistimu ye-Linux kufanele libe ngaphansi kwelinye lalawa matafula, okungenani elilodwa lazo noma eziningana ngasikhathi sinye. Kumele futhi kube ngaphansi kwemithetho yetafula eminingi. Isibonelo, nge-ACCEPT kuvunyelwe ukuqhubeka nendlela yayo, ukufinyelela kwe-DROP kuyenqatshwa noma kungathunyelwa, futhi nge-REJECT kumane kulahlwe, ngaphandle kokuthumela iphutha kuseva noma kwikhompyutha ethumele iphakethe. Njengoba ubona, itafula ngalinye linezinhloso zalo noma izinqubomgomo kunketho ngayinye noma amaketanga ashiwo ngenhla. Futhi yilaba okukhulunywe ngabo lapha njenge-ACCEPT, DROP and REJECT, kepha kukhona enye efana ne-QUEUE, eyokugcina, okungenzeka ukuthi awuyazi, isetshenziselwa ukucubungula amaphakethe afika ngenqubo ethile, ngaphandle kwekheli lawo.

Yebo, njengoba ubona, ama-iptables ayinto enzima ukuyichaza ku-athikili eyodwa ngendlela ejulile, ngiyethemba ukuthi nge-athikili yokuqala uzoba nombono oyisisekelo wokusebenzisa ama-iptables ngezibonelo ezithile, nakhu okunye inkolelo. Shiya imibono yakho, ukungabaza noma ukunikela kwakho, bazokwamukelwa.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.