Dejinta Mikrotik, soo gudbiyo iyo dekedda FTP rdp. Sidee soo gudbiyo dekedda ee Mikrotik?

Waayo, router brand Mikrotik soo gudbiyo dekedda waxaa looga baahan yahay in ay inta badan sameeyaan. Si kastaba ha ahaatee, maamulka network, iyo in ay xal u user layli ah in dhibaatadan inta badan waa kuwo ku adag. Kuwa soo socda waa edbinta kooban, socda oo ay suurogal tahay in ay fuliyaan howlgal kasta oo noocan ah si fudud, si kastaba ha ahaatee, waxay leeyihiin xoogaa ah dhib.

Dejinta Mikrotik la soo gudbiyo dekedda. Maxay sameeyaan?

Ka hor isku dayay in uu qotomiyey router ee, waa in ay wax yar oo ku saabsan mabaadi'da dekedaha soo gudbiyo, iyo xaqiiqda ah in loo isticmaali oo dhan.

Dejinta Mikrotik, rakibay by default, sida in kombiyuutarada ee shabakadda gudaha ama dibadda, cinwaanada IP loo xilsaaray in ay boosteejada kale, waxba ma uu arki karin. Waxa uu isticmaalaa xukunka waxa loogu yeero ee calajadda ah, marka router laftiisa marka aad hesho codsiga in lagu badalo cinwaanka mishiinka, taas oo uu loogu tala galay isaga u gaar ah oo ka baxsan IP ah, inkasta oo laga furay dekadda loo baahan yahay. Ay muuqato in dhammaan qalabka ku xiran shabakadda, arki router oo keliya, iyo isu sii arki karin.

Marka tan la eego, in xaaladaha qaarkood, waayo Mikrotik qalabka dekedda gudbinta waxa uu noqonayaa mid lagama maarmaan. The xaaladaha ugu badan waxaa ka mid ah kuwan soo socda:

• Ururka fog in ay helaan qalabka on shabakadda ku saleysan teknoolajiyada RDP;
• ciyaaraha ama FTP-server;
• urur ee ay kuwa iskufilka shabakadaha iyo reserved shaqaynaya saxda ah ee macaamiisha durdurka,
• helitaanka kamaradaha iyo hababka la-socoshada video ka baxsan internetka.

Helitaanka web interface ah

Hadda waxaad diyaar u tahay. router Mikrotik gudbinta dekedaha (RDP ah, FTP ah, iwm) bilaabmaa galo nidaamka maareynta qalabka loo yaqaan Web interface. Oo haddii inta badan ee router yaqaan cinwaanada caadiga ah by isku 192,168 dhamaanayey midkood 0.1 ama 1.1, halka ay doorashadan aan la gudbin isticmaalo.

Si aad u hesho browser web (fiican in la isticmaalo caadiga ah Internet Explorer) ee bar cinwaanka wajibiyay isku-dar ah 192.168.88.1, duurka login aad soo gashid admin u ah, iyo string sirta ah waxaa inta badan ka tagay bannaan. Haddii ay dhacdo in ay helaan sabab qaar ka mid ah laga xannibo (router uusan aqbali login) waxay u baahan yihiin inay sameeyaan keddibna warshad adigoo riixaya badhanka ama deminta qalabka xoogga 10-15 ilbiriqsi.

goobaha Guud iyo fursadaha

Soo gal saaray interface ka. Hadda waxa ugu muhiimsan ee soo gudbiyo dekedda Mikrotik ku salaysan yahay abuurista marka laga reebo wax-u si xeerarka shaqada isu ekaysiiyaan ah (isku buufinta calajadda IP-cinwaanada, kaas oo kor ku xusan).

In qaybta General Settings Brannmur / NAT aad ka arki kartaa in mid ka mid sharci waa horeba ay jiraan. Waxaa lagu wadaa sida goobaha default warshad. Port soo gudbiyo guud ahaan ka kooban yahay ku daray xeerka cusub adigoo gujinaya icon la button lagu daray, ka dibna waxaa lagama maarmaan noqon doontaa inaad buuxiso qaar ka mid ah goobaha beeraha ee aasaasiga ah.

Tusaalooyinka dekedaha lugeeyaa

Haddaba ha ka fikiro si aynu qaar ka mid ah tusaalayaal suurto galka ah ee isticmaalka dekedaha. Iyada oo ku xidhan ujeedada taas oo u isticmaali doonaa mid kasta oo furay qiimaha dekedda laga yaabaa:

• Torrent: TCP / 51413;
• Ssh: TCP / 22;
• Server SQL, TCP / 1433;
• Server -KA: TCP / 80;
• Telnet: TCP / 23;
• RDP: TCP / 3389;
• snmp: udp / 161, iwm

qiimayaashan kaliya waa in loo isticmaalo gudbinta kasta oo dekedaha, kuwaas oo.

Abuuritaanka xeerarka iyo doorashada garoomada

Haddaba abuuro sharci cusub iyo sii wadi in la buuxiyo duurka goobaha. Halkan waxa aad u baahan tahay in aad si taxaddar leh oo sii wadi ka nooca helaan waa lagama maarmaan si ay u fuliyaan (gudaha si ka baxsan ama qeybsanaan ku xigeenka).

Settings waa in ay ahaataa:

• Chain: srcnat loo isticmaalo si ay u helaan shabakad degaanka, sidaas si la hadasho, si ay dunida ka baxsan, dstnat - si ay u helaan shabakad degaanka ka baxsan ka (dooran version labaad Inbound);
• SRC cinwaanada duurka. iyo Dst. tago dirina;
• beerta maamuuska xusho TCP, ama udp (sida caadiga ah qarka u saaran inuu 6 (TCP);
• SRC. Port tagay bannaan, ie, dekedda xilka xiriir dibadda ma aha mid muhiim,
• Dst. Port (Kismaayo ee caga): waa dekedda ee tusaalooyinka aan kor ku ah (tusaale ahaan 51413 for daadkii, 3389 for RDP, iwm);
• Port kasta waa laga tegi karo maran, laakiin haddii aad u sheeg tiro, mid ka mid ah dekedda waxaa loo isticmaali doonaa sida soo socda iyo xilka ah;
• In. Interface: haboon dekedda router ah (sida caadiga ah ether1-albaab);
• Out. Interface: muujinaysaa interface xilka (waxay noqon kartaa laga booday).

Fiiro gaar ah: in kiiska soo gudbiyo dekedda for xiriir fog oo ka baxsan (RDP) duurka SRC. Cinwaanka IP muujinaysaa ee computer ka fog, ka kaas oo loo malaynayo in ay u helaan. The standard dekedda RDP-xidhiidh 3389. Si kastaba ha ahaatee, khubarada badankooda waxyaalaha caynkaas ah laguma talinayo sameeyo, sida aad uga badbaado iyo fududahay in la rights reserved on router VPN yahay.

falalka dheeraad ah, router Mikrotik soo gudbiyo dekedda lug xulashada (Action). Dhab ahaantii, waxaa ku filan in caddee dhammaan saddexda xuduudaheedu:

• Action: aqbali (hab fudud), laakiin in ay helaan meel ka baxsan ku qeexan dst-NAT (waxaad cayimi kartaa goobaha netmap sare);
• Si Cinwaanada: haboon cinwaanka gudaha ee mishiinka ku jira oo la isugeeyey waa in ay dhici doonaan;
• Si Dekedaha: guud ahaan, qiimaha ayaa lagu wadaa inuu 80, laakiin hawlgalka saxda ah ee durdurka isku tilmaamay 51413.

Dejinta Mikrotik: gudbiyo dekedda FTP

Ugu dambeyntii, dhawr eray oo ku saabsan waxa ay goobaha loo baahan yahay FTP. First of dhan, waxaad u baahan tahay in ay reserved FTP-server, tusaale ahaan, ku salaysan FileZilla, laakiin waa sheeko oo kala duwan. Xaaladdan oo kale, waxaan ku badan yihiin ee u gudbinta dekedaha FTP Mikrotik, halkii server-dhinaca qaabeynta.

Waxaa la rumeysan yahay, FTP-server, in kastoo u baahan tahay kala duwan oo ka mid ah dekedaha, laakiin sida caadiga ah ilaa xad ka shaqeeya dekedda gacanta ku 21. Waxaa lagama maarmaan ah in la isticmaalo.

Sida ay dhacdo in guud, waa inaad marka hore la abuuro sharci cusub, laakiin in xaaladda this, waxaa jiri doona laba: in la xakameeyo dekedda iyo kala duwan oo dhan dekedaha.

Wixii dekedda 21 xuduudaheedu waa in ay ahaadaan:

• Chain: dst-NAT;
• Dst. Cinwaanka: Cinwaanka dibadda ee router ah (tus, 1.1.1.28);
• Protocol: 6 (TCP);
• Dst. Port: 21
• In. Interface: ether1-albaab.

Waayo, tab Action ah, dhigay qiyamka soo socda:

• Action: dst-NAT;
• Dst. Cinwaanka: Cinwaanka ah terminal ka mid ah FTP-server la geliyo;
• Si Dekedaha: 21.

Wixii kala duwan (tus, 50000-50050) dhammaan xulashooyinka la mid yihiin, marka laga reebo laba oo xuduudaheedu:

• ee goobaha guud ee Dst. Port qeexan kala duwan ee ka buuxa dekedaha;
• marka aad dooran kala duwan oo la mid ah tallaabo ku haboon duurka Si Dekedaha.

Ogsoonow in markii aad qotomisay soo gudbiyo waayo FTP u baahan tahay in la raaco waraaqo ee router ah, iyo waxa ay sheegay in aan la talinayaa in la isticmaalo marinka laga bilaabo kala duwan dekedda hoose qiimaha 1024. Markan, sidoo kale, waa mid tixgalin mudan.

In mabda'a, weli waxaad isticmaali kartaa shaqo Hairpin NAT Mikrotik, laakiin waxaa lagama maarmaan ah oo kaliya xaaladaha halkaas oo talooyin looga baahan yahay IP dibadda ka LAN. Guud ahaan, uma baahnid inaad si aad u dhaqaajiso.