{"id":626,"date":"2011-01-19T18:11:01","date_gmt":"2011-01-19T16:11:01","guid":{"rendered":"http:\/\/www.bilgehangunduz.com\/?p=626"},"modified":"2011-02-09T10:00:40","modified_gmt":"2011-02-09T08:00:40","slug":"labris2-labris-guvenlik-duvari-ve-nat-ayarlari","status":"publish","type":"post","link":"https:\/\/www.bilgehangunduz.com\/index.php\/2011\/01\/19\/labris2-labris-guvenlik-duvari-ve-nat-ayarlari\/","title":{"rendered":"Labris \u2014 2 \u2014 Labris G\u00fcvenlik Duvar\u0131 ve NAT ayarlar\u0131"},"content":{"rendered":"

<\/a>IP Yap\u0131land\u0131rmas\u0131:<\/strong><\/strong><\/span><\/p>\n

IP verme, y\u00f6nlendirme ve ekleme i\u015flemlerinin yap\u0131ld\u0131\u011f\u0131 mod\u00fcld\u00fcr.\u00a0LMC ile LMCS ye ba\u011fland\u0131ktan sonra, mod\u00fcl listesinde yer alan \u201cIP Y\u00f6nlendirme<\/span>\u201d mod\u00fcl\u00fcne \u00e7ift-t\u0131klay\u0131p istedi\u011fimiz ayarlar\u0131 yapa biliriz. <\/strong><\/strong><\/p>\n

Bu\u00a0sekmede, Labris \u00fczerinde yer alan t\u00fcm arabirimler liste halinde yer al\u0131r. Herhangi bir arabirimi\u00a0se\u00e7mek i\u00e7in, tablo \u00fczerinde o arabirimin \u00fczerinde farenin sol tu\u015funu t\u0131klay\u0131n. Pencerenin sa\u011f taraf\u0131nda yer alan butonlar sayesinde bir arabirim etkinle\u015ftirilip, devre d\u0131\u015f\u0131 b\u0131rak\u0131labildi\u011fi gibi, o arabirim d\u00fczenlenebilir, silinebilir ve \u00fczerinden ge\u00e7en trafik izlene bilir.\u00a0<\/strong>\u00a0<\/p>\n

\"\"<\/a><\/p>\n

<\/p>\n

\u00d6rne\u011fimizde Labris cihaz\u0131 \u00fczerindeki eth1 nolu ara y\u00fcze ADSL modemimizi ba\u011fl\u0131yoruz ve Ip Y\u00f6nlendirme ekran\u0131ndan eth1 ara y\u00fcz\u00fcne ADSL modemimiz ile ayn\u0131 network ten bo\u015fta olan bir IP\u00a0 (192.168.0.211)adresini veriyoruz ve ADSL modem \u00fczerindeki DHCP ayarlar\u0131ndan\u00a0bu IP adresinin ba\u015fkas\u0131na verilmemesi\u00a0i\u00e7inde gerekli \u00f6nlemleri al\u0131yoruz.<\/strong><\/p>\n

Daha sonra i\u00e7 network\u00fcm\u00fczle ba\u011flant\u0131 kuracak olan\u00a0ara y\u00fcz\u00fc se\u00e7iyoruz\u00a0ve \u0130\u00e7 networkten bir IP adresi\u00a0veriyoruz. E\u011fer i\u00e7 networkte de bir DHCP kullan\u0131yor isek kullanm\u0131\u015f oldu\u011fumuz IP (10.7.0.1)\u00a0i\u00e7in DHCP de gerekli ayarlar\u0131 yap\u0131yoruz.<\/strong><\/p>\n

G\u00fcvenlik Duvar\u0131\u00a0 Yap\u0131land\u0131rmas\u0131:<\/strong><\/strong><\/span><\/p>\n

Repertuar->Nesneler -> A\u011flar (Network) \u00fczerine sa\u011f t\u0131klanarak \u00e7\u0131kan men\u00fcden Yeni A\u011f Ekle se\u00e7ilmelidir. <\/strong><\/p>\n

\"\"<\/a><\/strong>Genel sekmesi kullan\u0131larak \u0130\u00e7 a\u011f tan\u0131mlan\u0131r ve ekle tu\u015funa bas\u0131l\u0131r. \u0130\u00e7 a\u011f IP Y\u00f6nlendirmede tan\u0131mlanan arabirime g\u00f6re yap\u0131lmal\u0131d\u0131r.<\/strong><\/p>\n

\"\"<\/a><\/strong><\/p>\n

Daha sonra Labris\u2019in kontrol arabirimi d\u0131\u015f\u0131ndaki t\u00fcm arabirimleri tek tek tan\u0131mlanmal\u0131d\u0131r \u00f6rnek olarak i\u00e7 a\u011f arabirimi i\u00e7in bir host nesnesi olu\u015fturulur. Bunun i\u00e7in Repertuar (Repository)->Nesneler(Objects) ->Makineler (Hosts)->Yeni Makine Ekle t\u0131klan\u0131r. \u00c7\u0131kan sekmeden i\u00e7 arabirim tan\u0131mlan\u0131r (arabirim ismi ve IP si) ekle tu\u015funa bas\u0131l\u0131r. Bu i\u015flem di\u011fer arabirimler i\u00e7inde tekrarlan\u0131r.<\/strong><\/p>\n

\"\"<\/a><\/strong><\/p>\n

A\u011f nesneleri tan\u0131mland\u0131ktan sonra G\u00fcvenlik Duvar\u0131ndan kullan\u0131lacak servisler ve Labris\u2019in arabirimleri i\u00e7in izin verilir ve di\u011fer t\u00fcm trafik engellenir. Bunun i\u00e7in Genel Politika (Global Policy) \u00fczerinde kural olu\u015fturulmas\u0131 gerekmektedir. Kural olu\u015fturmak i\u00e7in Repertuar (Repository) -> G\u00fcvenlik Duvar\u0131 (Firewall) -> [Firewall \u0130smi]->global-policy t\u0131klan\u0131r. Sa\u011f b\u00f6l\u00fcmde \u00e7\u0131kan tablo \u00fczerine sa\u011f t\u0131klayarak Kural ekle se\u00e7ilmelidir.<\/strong><\/p>\n

<\/strong>\u00a0\"\"<\/a><\/strong><\/p>\n

Bu durumda \u00f6ntan\u0131ml\u0131 olarak t\u00fcm kaynaklardan gelen ve t\u00fcm hedeflere giden paketleri engelleyen \u00f6ntan\u0131ml\u0131 bir kural gelecektir. \u00d6ncelikle Labris\u2019in arabirimlerine izin verilmesi gerekmektedir. Bunun i\u00e7in olu\u015fturulan kural\u0131n kaynak k\u0131sm\u0131na daha \u00f6nceden olu\u015fturdu\u011fumuz arabirim nesneleri(Host) s\u00fcr\u00fcklenerek b\u0131rak\u0131l\u0131r. Hedef any olarak kalmal\u0131 i\u015flem alan\u0131 ise sa\u011f t\u0131klanarak Accept olarak ayarlanmal\u0131d\u0131r. Bir sonraki kural\u0131 eklemek i\u00e7in kural tablosuna sa\u011f t\u0131klan\u0131r ve En Sona Kural Ekle se\u00e7ene\u011fi ile yeni kural olu\u015fturulur.<\/strong><\/p>\n

<\/strong>\u00a0\"\"<\/a><\/p>\n

Daha sonra i\u00e7 a\u011fdan gelen trafi\u011fe izin vermek i\u00e7in yeni bir kural olu\u015fturulmal\u0131 ve \u00f6nceden tan\u0131mlanan IC_AG nesnesi s\u00fcr\u00fcklenerek yarat\u0131lan kural\u0131n Kaynak alan\u0131na b\u0131rak\u0131lmal\u0131d\u0131r. Ayn\u0131 i\u015flem Hedef alan\u0131 i\u00e7inde tekrarlanmal\u0131d\u0131r. Son olarak \u0130\u015flem alan\u0131na sa\u011f t\u0131klanarak Accept se\u00e7ene\u011fi se\u00e7ilmelidir.<\/strong><\/p>\n

\"\"<\/a><\/p>\n

\u0130\u00e7 a\u011fdan DNS ve DHCP ye izin vermek i\u00e7in Kaynak alan\u0131na IC_AG nesnesi s\u00fcr\u00fcklenip b\u0131rak\u0131l\u0131r. Servis alan\u0131na Services->Group->Standard alt\u0131ndan DHCP ve DNS eklenir. \u0130\u015flem alan\u0131 Accept olarak ayarlan\u0131r.<\/strong><\/p>\n

\"\"<\/a><\/p>\n

Son olarak en alta di\u011fer t\u00fcm trafi\u011fi engellemek i\u00e7in kural olu\u015fturulur(\u00d6n tan\u0131ml\u0131 kural) <\/strong>Kural tablosunun son durumu a\u015fa\u011f\u0131daki gibidir.<\/strong><\/p>\n

\"\"<\/a><\/p>\n

Bu a\u015famadan sonra kur tu\u015funa bas\u0131l\u0131r kaydet ve politikay\u0131 kur tu\u015flar\u0131na bas\u0131larak politika aktif hale getirilir. Art\u0131k cihaz sadece izin verilen servisleri kabul edecek bunlar\u0131n d\u0131\u015f\u0131ndaki trafik engellenecektir.<\/strong><\/p>\n

NAT\u00a0 Yap\u0131land\u0131rmas\u0131:<\/span><\/strong><\/p>\n

\u00d6ncelikle networkdeki di\u011fer bilgisayarlar\u0131n Labris Cihaz\u0131n\u0131n d\u0131\u015f arabirimi \u00fczerinden internete \u00e7\u0131kabilmesi i\u00e7in Dinamik Adres D\u00f6n\u00fc\u015f\u00fcm\u00fcn\u00fcn etkinle\u015ftirilmesi gerekmektedir. Bunun i\u00e7in G\u00fcvenlik Duvar\u0131 -> Firewall->[Firewall_ismi]->[D\u0131\u015f arabirim] yolu izlenir. Arabirim\u2019in ayarlar sekmesi t\u0131klan\u0131r ve Dinamik Adres D\u00f6n\u00fc\u015f\u00fcm\u00fc se\u00e7ene\u011fi aktif hale getirilir<\/strong><\/p>\n

\"\"<\/a><\/p>\n

Daha sonra nat-policy b\u00f6l\u00fcm\u00fcne t\u0131klan\u0131r. \u00c7\u0131kan tablo \u00fczerine sa\u011f t\u0131klanarak kural ekle se\u00e7ilir.<\/strong><\/p>\n

\"\"<\/a><\/strong><\/p>\n

T\u00fcm http trafi\u011finin Labris web filtre \u00fczerinden ge\u00e7mesi i\u00e7in i\u00e7 a\u011f arabiriminden gelen paketlerin Labris Webfiltre\u2019ye y\u00f6nlendirilmesi gerekmektedir.Bunun i\u00e7in NAT kural\u0131n\u0131n kaynak k\u0131sm\u0131na olu\u015fturulan IC_AG nesnesi eklenir. Esas servis olarak Services->TCP->Standart->http eklenir, de\u011fi\u015fen hedef olarak Repository->Objects->Hosts->ic eklenir ve son olarak De\u011fi\u015fen servis alan\u0131na Services->TCP->Standart->Labris Webfilter eklenir. Kur, kaydet ve politika olu\u015ftur tu\u015flar\u0131na basarak politika kal\u0131c\u0131 hale getirilir.<\/strong><\/p>\n

\"\"<\/a><\/p>\n

Yap\u0131lan ayarlar sonucu i\u00e7 networkdeki t\u00fcm http trafi\u011fi Labris Webfiltre \u00fczerinden internete \u00e7\u0131kacak di\u011fer t\u00fcm servisler engellenecektir.
\n<\/strong>
\nKaynak: Labris kullan\u0131m k\u0131lavuzlar\u0131 <\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

IP Yap\u0131land\u0131rmas\u0131: IP verme, y\u00f6nlendirme ve ekleme i\u015flemlerinin yap\u0131ld\u0131\u011f\u0131 mod\u00fcld\u00fcr.\u00a0LMC ile LMCS ye ba\u011fland\u0131ktan sonra, mod\u00fcl listesinde yer alan \u201cIP Y\u00f6nlendirme\u201d mod\u00fcl\u00fcne \u00e7ift-t\u0131klay\u0131p istedi\u011fimiz ayarlar\u0131 yapa biliriz. Bu\u00a0sekmede, Labris \u00fczerinde yer alan t\u00fcm arabirimler liste halinde yer al\u0131r. Herhangi bir arabirimi\u00a0se\u00e7mek i\u00e7in, tablo \u00fczerinde o arabirimin \u00fczerinde farenin sol tu\u015funu t\u0131klay\u0131n. Pencerenin sa\u011f taraf\u0131nda yer […]<\/p>\n","protected":false},"author":657,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,11],"tags":[73],"_links":{"self":[{"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/posts\/626"}],"collection":[{"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/users\/657"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/comments?post=626"}],"version-history":[{"count":20,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/posts\/626\/revisions"}],"predecessor-version":[{"id":734,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/posts\/626\/revisions\/734"}],"wp:attachment":[{"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/media?parent=626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/categories?post=626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bilgehangunduz.com\/index.php\/wp-json\/wp\/v2\/tags?post=626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}