Yadda ake Sanyawa da Sanya Basic OpnSense Firewall
A cikin labarin da ya gabata, an tattauna mafita ta bango da aka sani da PfSense. A farkon 2015 an yanke shawara don cokali mai yatsa na PfSense kuma an fitar da sabuwar hanyar bangon wuta mai suna OpnSense.
OpnSense ya fara rayuwa a matsayin mai sauƙin cokali mai yatsa na PfSense amma ya samo asali zuwa mafita ta bango mai zaman kanta gaba ɗaya. Wannan labarin zai rufe shigarwa da asali na asali na sabon shigarwa na OpnSense.
Kamar PfSense, OpnSense shine tushen tushen tushen Tacewar zaɓi na FreeBSD. Rarraba kyauta ne don shigarwa akan kayan aikin mutum ko kamfanin Decisio, yana siyar da kayan aikin wuta da aka riga aka tsara.
OpnSense yana da ƙananan saitin buƙatu kuma ana iya saita tsohuwar hasumiya ta gida cikin sauƙi don aiki azaman Tacewar zaɓi na OpnSense. Mafi ƙanƙantar ƙayyadaddun bayanai sune kamar haka:
- 500mhz CPU
- 1 GB na RAM
- 4GB na ajiya
- 2 katunan sadarwar cibiyar sadarwa
- 1GHz CPU
- 1 GB na RAM
- 4GB na ajiya
- 2 ko fiye PCI-e network interface cards.
Idan mai karatu yana so ya yi amfani da wasu abubuwan ci gaba na OpnSense (sabar VPN, da sauransu) yakamata a baiwa tsarin ingantaccen kayan aiki.
Ƙarin samfuran da mai amfani ke son kunnawa, ya kamata a haɗa ƙarin RAM/CPU/Drive sarari. Ana ba da shawarar cewa za a cika mafi ƙanƙanta masu zuwa idan akwai shirye-shirye don ba da damar kayan aikin gaba a cikin OpnSense.
- CPU Multi-core na zamani yana aiki aƙalla 2.0 GHz
- 4GB+ na RAM
- 10GB+ na sarari HD
- 2 ko fiye Intel PCI-e network interface cards
Shigarwa da Tsarin Wutar Wuta ta OpnSense
Ko da wane irin kayan aikin da aka zaɓa, shigar da OpnSense tsari ne mai sauƙi amma yana buƙatar mai amfani ya kula sosai ga waɗanne tashoshin sadarwa na cibiyar sadarwa za a yi amfani da su (LAN, WAN, Wireless, da sauransu).
Wani ɓangare na tsarin shigarwa zai ƙunshi faɗakarwa mai amfani don fara daidaita mu'amalar LAN da WAN. Marubucin ya ba da shawarar toshe hanyar sadarwa ta WAN kawai har sai an saita OpnSense sannan a ci gaba da gama shigarwar ta hanyar toshe hanyar sadarwa ta LAN.
Mataki na farko shine samun software na OpnSense kuma akwai wasu zaɓuɓɓuka daban-daban da ake da su dangane da na'urar da hanyar shigarwa amma wannan jagorar za ta yi amfani da 'OPNsense-18.7-OpenSSL-dvd-amd64.iso.bz2'.
An samo ISO ta amfani da umarni mai zuwa:
$ wget -c http://mirrors.nycbug.org/pub/opnsense/releases/mirror/OPNsense-18.7-OpenSSL-dvd-amd64.iso.bz2
Da zarar an sauke fayil ɗin, yana buƙatar yankewa ta amfani da kayan aikin bunzip kamar haka:
$ bunzip OPNsense-18.7-OpenSSL-dvd-amd64.iso.bz2
Da zarar an sauke mai sakawa kuma an yanke shi, ana iya kona shi zuwa CD ko kuma ana iya kwafi shi zuwa kebul na USB tare da kayan aikin 'dd' da ke cikin yawancin rabawa na Linux.
Hanya ta gaba ita ce rubuta ISO zuwa kebul na USB don taya mai sakawa. Don cika wannan, yi amfani da kayan aikin 'dd' a cikin Linux.
Da farko, sunan diski yana buƙatar kasancewa tare da 'lsblk' kodayake.
$ lsblk
Tare da sunan kebul na USB da aka ƙaddara azaman '/ dev/sdc', ana iya rubuta OpnSense ISO zuwa faifan tare da kayan aikin 'dd'.
$ sudo dd if=~/Downloads/OPNsense-18.7-OpenSSL-dvd-amd64.iso of=/dev/sdc
Lura: Umurnin da ke sama yana buƙatar tushen gata don haka yi amfani da 'sudo' ko shiga azaman tushen mai amfani don gudanar da umarnin. Haka kuma wannan umarnin zai CIRE KOWANE AKAN faifan USB. Tabbatar da adana bayanan da ake buƙata.
Da zarar dd ya gama rubutawa zuwa kebul na USB, sanya kafofin watsa labarai a cikin kwamfutar da za a saita azaman OpnSense Tacewar zaɓi. Boot waccan kwamfutar zuwa waccan kafofin watsa labarai kuma za a gabatar da allon mai zuwa.
Don ci gaba zuwa mai sakawa, kawai danna maɓallin 'Shigar'. Wannan zai kunna OpnSense cikin yanayin Live amma akwai mai amfani na musamman don shigar da OpnSense zuwa kafofin watsa labarai na gida maimakon.
Lokacin da tsarin ya tashi zuwa shigar da sauri yi amfani da sunan mai amfani na 'installer' tare da kalmar sirri na 'opnsense'.
Kafofin watsa labarai na shigarwa za su shiga kuma su ƙaddamar da ainihin mai sakawa na OpnSense. HANKALI: Ci gaba da waɗannan matakan zai haifar da goge duk bayanan da ke kan rumbun kwamfutarka a cikin tsarin! Ci gaba da taka tsantsan ko fita mai sakawa.
Buga maɓallin 'Shigar' zai fara aikin shigarwa. Mataki na farko shine zabar taswirar maɓalli. Mai sakawa zai iya gano taswirar maɓalli da ta dace ta tsohuwa. Yi nazarin taswirar maɓalli da aka zaɓa kuma gyara kamar yadda ake buƙata.
Allon na gaba zai samar da wasu zaɓuɓɓuka don shigarwa. Idan mai amfani yana son yin ci-gaba rarrabuwa ko shigo da tsari daga wani akwatin OpnSense, ana iya cika wannan a wannan matakin. Wannan jagorar yana ɗaukar sabon shigarwa kuma zai zaɓi zaɓin 'Shigarwar Shigarwa'.
Allon mai zuwa zai nuna na'urorin ajiya da aka sani don shigarwa.
Da zarar an zaɓi na'urar ajiya, mai amfani zai buƙaci yanke shawarar wane tsarin rarrabawa mai sakawa (MBR ko GPT/EFI) ke amfani da shi.
Yawancin tsarin zamani na zamani za su goyi bayan GPT/EFI amma idan mai amfani yana sake yin nufin tsohuwar kwamfuta, MBR na iya zama zaɓi ɗaya da ake goyan baya. Duba cikin saitunan BIOS na tsarin don ganin ko yana goyan bayan EFI/GPT.
Da zarar an zaɓi tsarin rarrabawa, mai sakawa zai fara matakan shigarwa. Tsarin ba ya ɗaukar lokaci mai tsawo musamman kuma zai sa mai amfani don samun bayanai lokaci-lokaci kamar kalmar sirri ta tushen mai amfani.
Da zarar mai amfani ya saita kalmar sirri ta tushen mai amfani, shigarwa zai cika kuma tsarin zai buƙaci sake farawa don saita shigarwa. Lokacin da tsarin ya sake yin aiki, ya kamata ta atomatik ta shiga cikin shigar OpnSense (tabbatar cire matsakaicin shigarwa yayin da injin ya sake farawa).
Lokacin da tsarin ya sake kunnawa, zai tsaya a hanzarin shiga na'ura mai kwakwalwa kuma yana jira mai amfani ya shiga.
Yanzu idan mai amfani yana mai da hankali yayin shigarwa za su iya lura cewa za su iya riga sun tsara hanyoyin sadarwa yayin shigarwa. Duk da haka bari mu ɗauka don wannan labarin cewa ba a sanya musanyawa a lokacin shigarwa ba.
Bayan shiga tare da tushen mai amfani da kalmar sirri da aka saita yayin shigarwa, ana iya lura cewa OpnSense ya yi amfani da ɗaya daga cikin katunan sadarwar cibiyar sadarwa (NIC) akan wannan injin. A cikin hoton da ke ƙasa ana kiranta \LAN (em0).
OpnSense zai tsoho zuwa madaidaitan hanyar sadarwa na LAN \192.168.1.1/24 da buga shiga.
Wannan zai ba da damar sake sanya NICs akan tsarin. Yi la'akari a cikin hoto na gaba cewa akwai hanyoyin sadarwa guda biyu: 'em0' da 'em1'.
Mayen daidaitawa zai ba da izini don haɗaɗɗun saiti tare da VLANs kuma amma a yanzu, wannan jagorar tana ɗaukar ainihin saitin hanyar sadarwa guda biyu; (watau bangaren WAN/ISP da gefen LAN).
Shigar da 'N' don kar a saita kowane VLANs a wannan lokacin. Don wannan saitin musamman, ƙirar WAN shine 'em0' kuma ƙirar LAN shine 'em1' kamar yadda aka gani a ƙasa.
Tabbatar da canje-canjen zuwa musaya ta hanyar buga 'Y' a cikin hanzari. Wannan zai sa OpnSense ya sake loda yawancin ayyukansa don nuna sauye-sauyen aikin haɗin gwiwa.
Da zarar an gama, haɗa kwamfuta tare da mai binciken gidan yanar gizo zuwa ɓangaren LAN. Ƙaddamarwar LAN tana da sabar DHCP da ke saurare akan mahalli don abokan ciniki don haka kwamfutar za ta sami damar samun mahimman bayanan adireshin don haɗawa zuwa shafin daidaitawa na OpnSense.
Da zarar kwamfutar ta haɗe zuwa hanyar sadarwa ta LAN, buɗe mai binciken gidan yanar gizon kuma kewaya zuwa url mai zuwa: http://192.168.1.1.
Don shiga cikin na'ura mai kwakwalwa ta yanar gizo; yi amfani da sunan mai amfani 'tushen' da kalmar sirri da aka saita yayin aikin shigarwa. Da zarar an shiga, za a kammala ɓangaren ƙarshe na shigarwa.
Ana amfani da matakin farko na mai sakawa don kawai tattara ƙarin bayanai kamar sunan mai masauki, sunan yanki, da sabar DNS. Yawancin masu amfani za su iya barin zaɓin 'Override DNS' da aka zaɓa.
Wannan zai ba da damar OpnSense Tacewar zaɓi don samun bayanan DNS daga ISP akan WAN interface.
Allon na gaba zai faɗakar da sabar NTP. Idan mai amfani ba shi da nasu tsarin NTP, OpnSense zai samar da tsayayyen saitin wuraren waha na sabar NTP.
Allon na gaba shine saitin dubawar WAN. Yawancin ISP don masu amfani da gida za su yi amfani da DHCP don samarwa abokan cinikinsu bayanan saitin hanyar sadarwa masu mahimmanci. Kawai barin Zaɓin Nau'in azaman 'DHCP' zai umurci OpnSense don ƙoƙarin tattara saitin gefen WAN daga ISP.
Gungura ƙasa zuwa kasan allon daidaitawar WAN don ci gaba. *** Lura *** a kasan wannan allon akwai ƙa'idodi guda biyu na tsoho don toshe kewayon cibiyar sadarwa waɗanda gabaɗaya bai kamata a ga suna shigowa cikin ƙirar WAN ba. Ana ba da shawarar barin waɗannan da aka bincika sai dai idan akwai wani sanannen dalili don ƙyale waɗannan cibiyoyin sadarwa ta hanyar haɗin WAN!
Allon na gaba shine allon daidaitawar LAN. Yawancin masu amfani za su iya barin abubuwan da ba su dace ba kawai. Yi la'akari da cewa akwai kewayon cibiyar sadarwa na musamman waɗanda ya kamata a yi amfani da su a nan, waɗanda aka fi sani da RFC 1918. Tabbatar cewa barin tsoho ko zaɓi kewayon hanyar sadarwa daga cikin kewayon RFC1918 don guje wa rikice-rikice/matsaloli!
Allon ƙarshe a cikin shigarwa zai tambayi idan mai amfani zai so sabunta tushen kalmar sirri. Wannan na zaɓi ne amma idan ba a ƙirƙiri kalmar sirri mai ƙarfi ba yayin shigarwa, yanzu zai zama lokaci mai kyau don gyara batun!
Da zarar an wuce zaɓin canza kalmar sirri, OpnSense zai nemi mai amfani ya sake loda saitunan sanyi. Kawai danna maɓallin 'Sake saukewa' kuma ba OpnSense daƙiƙa don sabunta saitin da shafin na yanzu.
Lokacin da aka gama komai, OpnSense zai maraba da mai amfani. Don komawa kan babban dashboard, kawai danna 'Dashboard' a kusurwar hagu na sama na taga mai binciken gidan yanar gizo.
A wannan lokacin za a kai mai amfani zuwa babban dashboard kuma zai iya ci gaba da girka/tsaya kowane fa'idar OpnSense mai amfani ko ayyuka! Marubucin ya ba da shawarar dubawa da haɓaka tsarin idan akwai haɓakawa. Kawai danna maɓallin 'Danna don Duba Sabuntawa' akan babban dashboard.
Sannan a allo na gaba, ‘Check for Updates’ za a iya amfani da su don ganin jerin abubuwan da aka sabunta ko kuma za a iya amfani da ‘Update Now’ don kawai a yi amfani da duk wani sabuntawa da ake samu.
A wannan lokacin ainihin shigarwa na OpnSense yakamata ya kasance yana aiki kuma a sabunta shi sosai! A cikin labaran da ke gaba, za a rufe haɗin haɗin haɗin gwiwa da haɗin kai tsakanin VLAN don nuna ƙarin ƙarfin ci gaba na OpnSense!