Ṣiṣawari Iṣeto ogiri ogiri Shorewall ati Awọn aṣayan Laini Commandfin
Ninu nkan iṣaaju mi, a wo Shorewall, bawo ni a ṣe le fi sii, ṣeto awọn faili iṣeto, ati tunto ibudo ṣiṣatunkọ lori NAT. Ninu nkan yii, a yoo ṣe iwadi diẹ ninu awọn aṣiṣe wọpọ ti Shorewall, diẹ ninu awọn solusan, ati lati gba ifihan si awọn aṣayan laini aṣẹ rẹ.
- Shorewall - Ogiriina Ipele Ipele giga fun tito leto Awọn olupin Linux - Apá 1
Shorewall nfunni ni ọpọlọpọ awọn ofin ti o le ṣiṣẹ lori laini aṣẹ. Wiwo ni oju-ile ọkunrin ni o yẹ ki o fun ọ ni ọpọlọpọ lati rii, ṣugbọn iṣẹ-ṣiṣe akọkọ ti a yoo ṣe ni ṣayẹwo lori awọn faili iṣeto wa.
$ sudo shorewall check
Shorewall yoo tẹjade ayẹwo ti gbogbo awọn faili iṣeto rẹ, ati awọn aṣayan ti o wa ninu wọn. Ijade yoo dabi nkan bi eleyi.
Determining Hosts in Zones... Locating Actions Files... Checking /usr/share/shorewall/action.Drop for chain Drop... Checking /usr/share/shorewall/action.Broadcast for chain Broadcast... Checking /usr/shrae/shorewall/action.Invalid for chain Invalid... Checking /usr/share/shorewall/action.NotSyn for chain NotSyn.. Checking /usr/share/shorewall/action.Reject for chain Reject... Checking /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Checking TCP Flags filtering... Checking Kernel Route Filtering... Checking Martian Logging... Checking Accept Source Routing... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall/rules... Checking /usr/share/shorewall/action.Invalid for chain %Invalid... Checking MAC Filtration -- Phase 2... Applying Policies... Checking /etc/shorewall/routestopped... Shorewall configuration verified
Laini idan ti a n wa ni eyi ti o wa ni isalẹ ti o ka:\"A ṣafidi iṣeto Shorewall". Ti o ba gba awọn aṣiṣe eyikeyi, o ṣee ṣe julọ nitori awọn modulu ti o padanu ninu iṣeto ekuro rẹ.
Emi yoo fi han ọ bi o ṣe le yanju meji ninu awọn aṣiṣe ti o wọpọ julọ, ṣugbọn o jẹ ki o tun fun ekuro rẹ pẹlu gbogbo awọn modulu pataki ti o ba gbero lori lilo ẹrọ rẹ bi ogiriina kan.
Aṣiṣe akọkọ, ati wọpọ julọ, ni aṣiṣe nipa NAT.
Processing /etc/shorewall/shorewall.conf... Loading Modules... Checking /etc/shorewall/zones... Checking /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Actions Files... Checking /usr/share/shorewall/action.Drop for chain Drop... Checking /usr/share/shorewall/action.Broadcast for chain Broadcast... Checking /usr/shrae/shorewall/action.Invalid for chain Invalid... Checking /usr/share/shorewall/action.NotSyn for chain NotSyn.. Checking /usr/share/shorewall/action.Reject for chain Reject... Checking /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Checking TCP Flags filtering... Checking Kernel Route Filtering... Checking Martian Logging... Checking Accept Source Routing... Checking /etc/shorewall/masq... ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15)
Ti o ba n rii nkan ti o jọra eyi, awọn aye ni pe Kernel lọwọlọwọ rẹ ko ṣajọ pẹlu atilẹyin fun NAT. Eyi jẹ wọpọ pẹlu awọn Kernels ti ita-jade ninu apoti. Jọwọ ka ikẹkọ mi lori\"Bii a ṣe le ṣajọ Kernel Debian kan” lati jẹ ki o bẹrẹ.
Aṣiṣe miiran ti o wọpọ ti a ṣe nipasẹ ayẹwo ni aṣiṣe nipa awọn iptables ati gedu.
[email :/etc/shorewall# shorewall check Checking... Processing /etc/shorewall/params... Processing /etc/shorewall/shorewall.conf Loading Modules.. ERROR: Log level INFO requires LOG Target in your kernel and iptables
Eyi tun jẹ nkan ti o le ṣajọ sinu Kernel tuntun, ṣugbọn atunṣe yara wa fun rẹ, ti o ba fẹ lo ULOG. ULOG jẹ ilana gedu oriṣiriṣi lati syslog. O rọrun lati lo.
Lati ṣeto eyi, o ni lati yipada gbogbo apeere ti\"info" si\"ULOG" ni gbogbo awọn faili iṣeto rẹ ni/ati be be lo/shorewall. Atẹle atẹle le ṣe iyẹn fun ọ.
$ cd /etc/shorewall $ sudo sed –i ‘s/info/ULOG/g’ *
Lẹhin eyini, satunkọ faili /etc/shorewall/shorewall.conf ki o ṣeto ila naa.
LOGFILE=
Si ibiti iwọ yoo fẹ ki iwe-akọọlẹ rẹ wa ni fipamọ. Mi wa ni /var/log/shorewall.log.
LOGFILE=/var/log/shorewall.log
Ṣiṣe “sudo shorewall check” yẹ ki o fun ọ ni iwe owo ilera ti o mọ.
Ni wiwo ila laini aṣẹ ti Shorewall wa pẹlu ọpọlọpọ awọn ikan-ikan ọwọ fun awọn alakoso eto. Ọkan pipaṣẹ ti a lo nigbagbogbo, paapaa nigbati a ba n ṣe ọpọlọpọ awọn ayipada si ogiriina, ni lati fipamọ ipo iṣeto lọwọlọwọ ki o le yira pada ti awọn iloluran eyikeyi ba wa. Iṣeduro fun eyi jẹ rọrun.
$ sudo shorewall save <filename>
Yiyi sẹhin jẹ rọrun bi:
$ sudo shorewall restore <filename>
Shorewall tun le bẹrẹ ati tunto lati lo itọsọna iṣeto miiran. O le ṣọkasi eyi ni aṣẹ ibẹrẹ, ṣugbọn iwọ yoo fẹ lati ṣayẹwo akọkọ.
$ sudo shorewall check <config-directory>
Ti o ba fẹ lati gbiyanju iṣeto naa nikan, ati pe ti o ba n ṣiṣẹ, bẹrẹ rẹ, o le ṣafihan aṣayan igbiyanju naa.
$ sudo shorewall try <config-directory> [ ]
Shorewall jẹ ọkan ninu ọpọlọpọ awọn solusan ogiri ogiri ti o lagbara ti o wa lori awọn eto Linux. Laibikita kini opin iwoye nẹtiwọọki ti o rii ara rẹ lori, ọpọlọpọ rii i lati rọrun ati iwulo.
Eyi jẹ ṣugbọn ibẹrẹ kekere, ati ọkan ti o le gba ọ ni ọna rẹ laisi lilọ si darale sinu awọn imọran nẹtiwọọki. Gẹgẹbi igbagbogbo, jọwọ ṣe iwadi ki o wo oju-iwe eniyan ati awọn orisun miiran. Atokọ ifiweranṣẹ Shorewall jẹ aye ti o ni ẹru, ati pe o wa ni imudojuiwọn ati itọju daradara.