Managing Routing and
Remote Access
Chapter 7
Advance Computer Network Lecture Sorn Pisey
Understanding Routing
Routing គឺជាដំណ ើរការផ្តល់ណោយណៅផ្លូវដដល ត្រឹមត្រូវសំរាប់បញ្ជូន Dataណៅកាន់ Destination របស់វា។ដដលការបញ្ជូនណ ោះណត្បើរយោះណេល ណលឿននិងណៅដល់ទីតំងឆាប់រហ័ស។ ណហើយការបញ្ជូនណៅ Data មានPacketsមាន IP Address ណហើយការដដលមានណៅ IP address ភ្ជជប់ណៅជាមួយវានិងណហើយ ដដលោចណយើង Rout រកណៅ Destination របស់វាបាន។How Routing works
An Internetwork is just a network of networks. ការទំ ក់ទំនងគ្នារវាង Source និង Destination គឺវា បានណ្វើការគ ត្បដវងណោយណ្វើការRoute ណៅ Message ជាមួយCost។ណហើយប ាប់មកវានិងចាប់ ណផ្តើមគ ណទៀររហូរដល់ Destination ណហើយក៍ បញ្ជូន Packet មកដរមតង។ កាុងចំនុចណនោះណយើងនិង ដឹងថាណរើRouting System វា ណត្បើណៅ Metric Information គ យ៉ាងដូចណមត ច? សំរាប់ណ្វើការបញ្ជូនណៅ Packets.
How Routing works (con)
មុនណេលបញ្ជូនណៅ Packets ។រាល់ Packetsទំង អស់គឺបានភ្ជជប់ជាមួយណៅ Source Address និង Destination Address. ណហើយរាល់ Device ទំងអស់វាោចCheckណមើលថា ណរើវាមកេីកដនលងណានិងណៅកដនលងណា។ណហើយ ត្បសិនណបើ Packets ណ ោះជារបស់វាណ ោះវានិង ចាប់យក។ ការបញ្ជូនណៅ Packets ណៅណលើLink គឺវាណោយ ណៅណេលណវលាសំរាប់ណ្វើការបញ្ជូន។Routing Tables
Routing Table គឺជា Database ដដលវាណត្បើសំរាប់ ផ្ាុកណៅ Route information។វាដូចជាដផ្នទីសំរាប់ រកផ្លូវសំរាប់បញ្ជូនPackets រវាង Networksនិង Networks។
ណៅកាុង Routing Table គឺវាមានផ្ាុកណៅេរ៍មាដូច
ជា៖
The network address of the remote host or network The netmask associated with the entry
The forwarding address The network interface
Routing in Windows Server 2008
RRAS(Routing and Remote Access) គឺវាោចដំណនើរ ការ
multiprotocol Router ឬ RRAS ជា Routing Engine ដដល ោចដំណនើរការ Multiple Network Protocols និង Multiple routing methods ណៅណលើ Multiple NICs.
RRAS provides some specific features of interest
Dynamic routing using RIPv1 and RIPv2 Packet filtering
Installing RRAS
The first thing we need to do is launch Server
The role we are looking for is ‘Network
Policy and Access Services’. Check it and
Configuring IP Routing
Now that we have completed the steps for RRAS role,
we are going to create virtual networks for our Hyper-V images. We do this by first launching the Hyper-Hyper-V manager and clicking on the Virtual Network Manager. You should see the dialog box shown below:
Creating and Managing Interfaces
In my environment, I have created two virtual
networks: LAN and WIFI. I tie ‘LAN’ to my Local Area Connection associated with my internal network card and ‘WIFI’ to the Local Area Connection associated with my wireless connection. I will walk you through these steps in the following illustrations:
Now that we have created our two new network
connections, we are going to bridge ‘LAN’ to the internal network card (Broadcom NetXtreme 57xx
Gigabit). To do this, select both networks connections, right click, and select ‘Bridge Connections’.
Bridging these two connections creates a new ‘Network Bridge’.
Select the properties and follow along the images below, ensuring that you set the IPs as indicated. This will make it easier for you to complete the other tutorials in this series. If you select a different IP, make a note as you go through the series so that you do not forget to change it on the walk-throughs.
We will now uncheck the ‘Internet Protocol
Version 6′ connection. This causes errors that gets reported in the Roles summary.
We will now complete the RRAS configuration.
Navigate to the Server Manager and drill down the roles. You will find that Routing and Remote Access has a red indicator. Follow the illustrations below to complete the configuration.
This should complete the configuration of
RRAS. From here we will start building out our server components that will be required to get the SharePoint 2010 farm up and running. To see the table of contents for this series, click
Configuring TCP/IP Packet Filters
One of the most useful features in RRAS is its
ability to selectively filter TCP/IP packets in both directions.
Filters are usually used to block out undesirable
traffic.
In general, the idea is to keep out packets that
your machines doesn’t need to see.
You can construct filters that allow traffic into or
deny traffic out of your network based on rules that specify source and destination addresses and ports
The basic idea behind packet filtering is simple:
You specify filter rules.
Incoming packets are measured against those rules.
There are two types of filter rule:
Accept all packets except those prohibited by a rule. Drop all packets except those permitted by a rule.
Filters are associated with a particular
interface; the filters assigned to one interface are totally independent of those on all other interfaces. Inbound and outbound filters are likewise separate.
The following are some examples of filters:
Block all packets to a web server except those on
TCP ports 80 and 443
Block all outgoing packets on the ports used by the
MSN and AOL instant messaging tools.
Filters on a PPTP or L2TP server can screen out
You create and remove filters by using the Input
Packet Filters and Output Packet Filters buttons on the General tab of the Local Area Network Properties dialog box. The mechanics of working with incoming and outbound filters are identical; just remember the following guidelines
You create inbound filters to screen traffic coming to the
interface.
You create outbound filters to screen traffic going back out
through that interface
To create a filter, find the interface on which you want the filter and then open its Properties dialog box. Click the appropriate packet filter button
Configuring VPN Packet Filters
Packet filters provide a useful security
mechanism for blocking unwanted traffic on particular machines. It’s a good idea to use packet filters to keep non-VPN traffic out of your VPN servers. The rules for doing this are fairly straightforward, as you will see in the following sections.
PPTP Packet Filters
You need at least two filters to adequately
screen out non-PPTP traffic:
The first filter allows traffic with a protocol ID of
47—the Generic Routing Encapsulation (GRE)
protocol—to pass to the destination address of the PPTP interface.
The second filter allows inbound traffic bound for
TCP port 1723 (the PPTP port) to come to the PPTP interface.
Configuring PPTP Packet Filters
1. Open the Routing And Remote Access
snap-in by selecting Start Administrative Tools Routing And Remote Access. Expand the server and IPv4 nodes to expose the General node of the server on which you’re working. Select the General node.
2. Right-click the Local Area Connection
interface, and choose Properties
3. In the General tab of the interface’s
Properties dialog box, click the Inbound Filters button. The Inbound Filters dialog box
4. Click the New button, and the Add IP Filter
dialog box appears.
The Inbound Filters dialog box reappears, listing the new filter
you created in step 5. Add another new filter using the same IP address and subnet mask, but this time specify Other in the Protocol field and fill in a protocol number of 47.
In the Inbound Filters dialog box, click the
Drop All Packets Except Those That Meet The Criteria Below radio button, and click the OK button.
