T?O M?I M?T MI?N (DOMAIN) TRONG WS03 |
Post Reply |
Author | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DBF
Colonel Joined: 23 January 2008 Status: Offline Points: 286 |
Post Options
Thanks(0)
Posted: 10 May 2008 at 11:35 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Edited by AdminGroup - 10 May 2008 at 11:36 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sponsored Links | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DBF
Colonel Joined: 23 January 2008 Status: Offline Points: 286 |
Post Options
Thanks(0)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Th? thu?t n�y r?t ti?n l?i cho nh?ng ai mu?n remote desktop v? m�y t�nh t?i nh� v� qua m?t firewall. Port m?c d?nh c?a Remote Desktop l� 3389, d? d?i port Remote Desktop b?n l�m nhu sau: Bu?c 1: V�o Start\Run g� l?nh RegEdit Bu?c 2: Theo du?ng d?n sau HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Sau d� b?m chu?t ph?i ch?n Modify. Bu?c 4: Chuy?n Hexadecimal th�nh Decimal v� nh?p v�o gi� tr? port m� b?n mu?n d�ng, thu?ng th� c�c firewall t?i m?t s? co quan ch? cho ph�p 80 (http). Bu?c 5: Sau khi s?a l?i port b?n restart m�y t�nh. Nhu v?y m�y d�ng vai tr� Server d� l?ng nghe tr�n port m?i. Bu?c 6: M�y client mu?n Remote v�o m�y Server th� c?n ph?i ch?nh d?nh th�m port m?i, v� d? 192.168.1.4:80 V�o cmd => netstat d? ki?m tra l?i port d� m? Luu � n?u b?n mu?n Remote Desktop qua Internet th� c?n ph?i NAT router tru?c nh� |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DBF
Colonel Joined: 23 January 2008 Status: Offline Points: 286 |
Post Options
Thanks(0)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
C?u h�nh IP trong Windows b?ng command line
- Xem thi?t l?p TCP/IP: - xu?t c?u h�nh ra file text: - Nh?p c?u h�nh t? file txt: - C?u h�nh: - N?p c?u h�nh d?ng: - C?u h�nh DNS: - C?u h�nh DNS t? d?ng: - C?u h�nh WINS: vd1: vd2: vd3: |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Poster
Guest Joined: 23 January 2008 Status: Offline Points: 378 |
Post Options
Thanks(0)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
C ?u h�nh d?a ch? m?ng IP b?ng c�u l?nh MS-DOSTh�ng th u?ng d? c?u h�nh v� d?t d?a ch? IP cho c�c m�y trong m?ng b?n ch? c?n c?uh�nh trong Network Connections v� thi ?t l?p d?a ch? IP trong giao th?c TCP/IP b?nggiao di ?n Windows. Nay ch�ng t�i gi?i thi?u th�m m?t phuong ph�p c?u h�nh d?a ch?IP s ? d?ng c�u l?nh Command line d�i khi c�ch n�y s? du?c d�ng trong c�c tru?ngh ?p c?n thi?t�? c?u h�nh d?a ch? IP, DNS, WIN b?ng command line. C�c b?n th?c hi?n c�c bu?c sau:V�o c ?a s? command prompt ( Run--> g� cmd d?i v?i Windows 2000,Xp,2003 ho?c g�command d?i v?i Windwos 98, Me) g� l?nh:netsh interface IP <--Set IP Address-- > set address name= ``Local Area Connection`` source=dhcp set address local static vidu: set address name= ``Local Area Connection`` source=dhcp set address local static 192.168.1.2 255.255.255.0 <--Set Preferred DNS Server -- > set dns name= ``Local Area Connection`` source=dhcp set DNS Local Area Connection`` static vidu: set dns name= ``Local Area Connection`` source=dhcp set DNS ``Local Area Connection`` static 192.168.1.1 <--Set WINS address-- > set wins name= ``Local Area Connection`` source=dhcp set wins Local Area Connection`` static vidu: set wins name= ``Local Area Connection`` source=dhcp set wins ``Local Area Connection`` static 192.168.1.1 <--De thoat khoi chuong trinh--- > Exit Ngo�i c�c c ?u h�nh co b?n tr�n b?n c� th? tham kh?o th�m c�c t�nh nang sau (B?ngti ?ng Anh)Commands inherited from the netsh context: .. - Goes up one context level. abort - Discards changes made while in offline mode. add - Adds a configuration entry to a list of entries. alias - Adds an alias. bridge - Changes to the `netsh bridge' context. bye - Exits the program. commit - Commits changes made while in offline mode. delete - Deletes a configuration entry from a list of entries. diag - Changes to the `netsh diag' context. exit - Exits the program. interface - Changes to the `netsh interface' context. offline - Sets the current mode to offline. online - Sets the current mode to online. popd - Pops a context from the stack. pushd - Pushes current context on stack. quit - Exits the program. ras - Changes to the `netsh ras' context. routing - Changes to the `netsh routing' context. set - Updates configuration settings. show - Displays information. unalias - Deletes an alias. wins - Changes to the `netsh wins' context. Commands inherited from the netsh interface context: add - Adds a configuration entry to a table. delete - Deletes a configuration entry from a table. ip - Changes to the `netsh interface ip' context. reset - Resets information. set - Sets configuration information. show - Displays information. Commands in this context: ? - Displays a list of commands. add - Adds a configuration entry to a table. delete - Deletes a configuration entry from a table. dump - Displays a configuration script. help - Displays a list of commands. reset - Resets TCP/IP and related components to a clean state. set - Sets configuration information. show - Displays information. Khi b ?n g?p c�c c�u l?nh kh� m� c?n thi?t s? tr? gi�p vui l�ng g� d?u h?i (?) ho?c g� (?/)c�c c�u l ?nh c?n thi?t s? du?c hi?n n�n v� b?n c� th? l�m theo c�c tr? gi�p d� |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Poster
Guest Joined: 23 January 2008 Status: Offline Points: 378 |
Post Options
Thanks(0)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
B�I TH?C H�NH CHUONG 2 : TH?C H�NH K�CH HO?T IPV6 TR�N H�H WINDOW, LINUX. C?U H�NH K?T N?I Hi?n nay, h?u h?t c�c h? di?u h�nh d?u h? tr? th? t?c IPv6: window, linux, BSD, Solaris, HP-UX. Trong b�i th?c h�nh n�y, ch�ng ta s? ti?n h�nh m?t s? c?u h�nh v� k?t n?i co b?n trong c�c m�y t�nh s? d?ng h? di?u h�nh window 2003, linux. Th?c h�nh M?c ti�u: K�ch ho?t th? t?c TCP/IPv6 tr�n H�H window, linux. Th?c hi?n m?t s? thao t�c c?u h�nh k?t n?i.Chu?n b?: M?ng th?c h�nh du?c thi?t l?p nhu h�nh v? sau. Bao g?m m?t m�y t�nh c�i H�H Window 2003 server, m?t m�y t�nh c�i H�H Linux Enterprise 3.0Linux`Window 2003 serverIPv4: 203.119.9.15IPv6: 2001:dc9::1IPv4: 203.119.9.16IPv6: 2001:dc9::2 H�nh 1: M� h�nh m?ng th?c h�nh b�i 1 T�m t?t: - K�ch ho?t IPv6 protocol tr�n m�y t�nh window 2003, linux, router Cisco - Quan s�t m?t s? th�ng tin c?u h�nh. - Th?c t?p m?t s? l?nh: G�n d?a ch? b?ng tay, ki?m tra k?t n?i b?ng d?a ch? IPv6, xo� d?a ch? C�c bu?c th?c hi?n: M?i l?nh giao ti?p du?c th?c hi?n trong c?a s? l?nh : Ch?n Run, g� CMD v� nh?n Enter.ipconfig K?t qu?: ch? c� nh?ng th�ng tin li�n quan IPv4 hi?n l�n. netsh interface ipv6 install Ch� �: G� c? d�ng l?nh trong c?a s? cmd. L?nh n�y s? ti?n h�nh c�i d?t IPv6 protocol tr�n H�H window 2003 server. Th? t?c IPv6 tr�n H�H du?c k�ch ho?t c�ng v?i m?t s? c?u h�nh m?c d?nh. Ch�ng ta s? ti?n h�nh quan s�t th�ng tin c?u h�nh, ghi l?i v� xem m?t s? th�ng tin m?c d?nh b?ng c�c l?nh sau: ipconfig (/all) K?t qu?: Quan s�t th?y th�ng tin v? d?a ch? IPv6. Ghi l?i d?a ch? IPv6 xu?t ra m�n h�nh: �?a ch? b?t d?u b?i ti?n t? FE80 l� d?a ch? link-local d� du?c t? d?ng c?u h�nh t? d?a ch? MAC c?a card m?ng. Ch�ng ta s? t�m hi?u c�ch th?c t? d?ng t?o d?a ch? n�y trong ph?n sau. Th?c hi?n c�c l?nh sau: netsh> interface ipv6> show interface # Hi?n th? nh?ng giao di?n t?o n�n b?i IPv6 protocol show interface "Local Area Connection" # Hi?n th? th�ng tin c?a giao di?n v?t l� show interface "6to4 Pseudo-Interface" # Hi?n th? th�ng tin c?a giao di?n ?o d�nh cho 6to4 tunnel show routes # Hi?n th? tuy?n du?c t?o m?c d?nh. Khi IPv6 protocol du?c k�ch ho?t, H�H window s? t? d?ng t?o nhi?u giao di?n, trong d� c� nh?ng giao di?n th?c v?t l� (Local Area Connection) c?a card m?ng, c� nh?ng giao di?n ?o, v� d? "6to4 Pseudo-Interface" l� giao di?n ?o du?c window t? d?ng c?u h�nh cho c�ng ngh? tunnel 6to4 n?u card m?ng c?a m�y c� g?n s?n m?t d?a ch? IPv4 to�n c?u. M?i giao di?n n�y du?c d?nh danh b?ng m?t s? index duy nh?t. Ngu?i s? d?ng c� th? d�ng l?nh t?o th�m nh?ng giao di?n kh�c. Ghi l?i m?t s? th�ng tin c?u h�nh sau: Prefix Idx Gateway/Interface G�n d?a ch? IPv6 to�n c?u cho giao di?n card m?ng netsh>interface ipv6> add address "Local Area Connection" 2001:dc9::1 ipconfig "Local Area Connection"ipconfig /all B?n s? quan s�t th?y tr�n giao di?n v?t l�, c� th�ng tin v? d?a ch? IPv6 b?n v?a g?n b?ng tay. �?nh danh giao di?n c?a d?a ch? IPv6 c� th? t? d?ng t?o t? d?a ch? MAC ho?c nh?n d�y s? ng?u nhi�n. Khi k�ch ho?t IPv6 protocol tr�n H�H Window, c�ch th?c t?o d?a ch? t? d?ng b?ng c�ch nh?n d�y s? ng?u nhi�n l�m d?nh danh giao di?n du?c m?c d?nh k�ch ho?t. N?u mu?n t?t ch?c nang n�y, ta s? d?ng l?nh sau: netsh>interface ipv6> set privacy state=disabled store=persistent Khi chua t?t ch?c nang tr�n, n?u l�c n�y trong m?ng LAN c� router qu?ng b� th�ng tin prefix, m�y t�nh window c?a b?n s? d?ng th?i c� ba d?a ch? IPv6: - �?a ch? IPv6 g?n b?ng tay - �?a ch? IPv6 t? d?ng t?o t? prefix qu?ng b� c?a router v� d?a ch? MAC - �?a ch? IPv6 t? prefix v� 64 b�t d?nh danh giao di?n ng?u nhi�n, thay d?i theo kho?ng th?i gian nh?t d?nh. ifconfig K?t qu?: ch? c� nh?ng th�ng tin li�n quan IPv4 hi?n l�n. modprobe ipv6 lsmod | grep -w 'ipv6' && echo "load thanh cong modul thuc thi ipv6" N?u k?t qu? l?nh xu?t ra d�ng ch? "load thanh cong modul thuc thi ipv6", t?c module th?c thi IPv6 d� du?c load l�n th�nh c�ng. ifconfig B?n s? quan s�t th?y th�ng tin v? d?a ch? IPv6 link-local d� t? d?ng du?c t?o ra. H�H linux kh�ng t? d?ng t?o giao di?n ?o cho tunnel 6to4 nhu window. Ghi l?i d?a ch? IPv6 link-local tr�n giao di?n card m?ng: Th?c hi?n c�c l?nh: ifconfig eth0 # Hi?n th? th�ng tin v? giao di?n eth0ip -6 route show dev eth0 # Hi?n th? th�ng tin v? c�c route t?o ra cho giao di?n eth0ip -6 neigh show dev eth0 # Hi?n th? th�ng tin v? c�c node IPv6 l�n c?nifconfig eth0 inet6 add 2001:dc9::2/64 ifconfig ifconfig eth0 Tr�n m�y t�nh c�i H�H Linux, b?t ri�ng m?t c?a s? l?nh v� s? d?ng tcpdump d? theo d�i giao ti?p gi?a hai m�y: tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
Ping6 -t d?a_ch?_link-local_c?a_m�y-window%index_c?a_giao_di?n-v?t_l�Ping6 -t d?a_ch?_link-local_c?a_m�y-linux%index_c?a_giao_di?n-v?t_l�Ch� �: Khi ping d?a ch? link-local, ph?i x�c d?nh ch? m?c c?a giao di?n. Trong H�H Window, ch? m?c du?c x�c d?nh b?ng c�ch d?t sau d?u % ping6 -I eth0 d?a_ch?_link-local_c?a_m�y-linuxping6 -I eth0 d?a_ch?_link-local_c?a_m�y-windowCh� �: Khi ping d?a ch? link-local, ph?i x�c d?nh giao di?n (b?ng c? -I). Ping6 -t 2001:dc9::1 Ping6 -t 2001:dc9::2 Ping6 2001:dc9::2 Ping6 2001:dc9::1 B?ng c?a s? quan s�t trao d?i gi?a hai m�y t�nh "tcpdump", b?n c� th? quan s�t th?y trao d?i th�ng tin gi?a hai m�y t�nh. Xo� d?a ch? d� g�n b?ng tay: netsh>interface ipv6> delete address "Local Area Connection" 2001:dc9::1G? b? IPv6 protocol uninstall Xo� d?a ch? d� g�n b?ng tay: ifconfig eth0 inet6 del 2001:dc9::2
Modul th?c thi IPv6 protocol tr�n H�H Linux kh�ng du?c t? d?ng load l�n khi m�y t�nh kh?i d?ng. �?a ch? IPv6 d� g?n b?ng tay s? b? x�a di sau khi m�y linux kh?i d?ng l?i. �? load modul th?c thi IPv6 khi kh?i d?ng l?i m�y v� d?a ch? IPv6 d� g?n b?ng tay kh�ng b? x�a di m?i khi kh?i d?ng l?i m�y, ch�ng ta c?n tr?c ti?p th�m th�ng tin v�o c�c file c?u h�nh m?ng nhu sau: Ki?m tra thu vi?n script IPv6 t?n t?i: Ki?m tra c� t?n t?i file /etc/sysconfig/network-scripts/network-functions-ipv6Ho?c test b?ng l?nh: test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo "C� thu vien IPv6 script" S?a d?i file c?u h�nh m?ng D�ng vi th�m d�ng " NETWORKING_IPV6=yes" v�o file /etc/sysconfig/network.
S?a d?i file c?u h�nh giao di?n D�ng vi s?a d?i file /etc/sysconfig/network-scripts/ifcfg-eth0, th�m nh?ng d�ng th�ng tin sau v�o file: IPV6INIT=yes IPV6ADDR= <d?a_ch?_IPv6> |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
administrator
Admin ad Joined: 14 October 2005 Status: Offline Points: 512 |
Post Options
Thanks(0)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I�ve always had a liking for homes built of brick. Besides having a kind of �Lord of the Manor� appeal, they also look solidly built compared to many of today�s wood-framed plastic-siding homes. Brick also gives an added sense of security since, who�s going to smash through a brick wall to break into your house? But then I wonder, wouldn�t your home be even more secure if all the rooms had brick walls and not just the exterior wall of your house? After all, drywall is so fragile you can punch through it if you get really angry (and don�t mind a bit of pain) so it seems like a good idea to make the internal walls brick also. That way if someone breaks into your house they still have to break into each individual room to find the safe where you keep your jewels. Many corporate networks are just like this today�instead of relying only on a firewall at the perimeter (outside wall) of the network, there are firewalls installed on individual clients and servers (rooms) also to act as another layer of defense against attack. And on networks that run Windows XP on the clients and Windows Server 2003 on the servers, there�s a ready candidate for which host-based firewall to use: Windows Firewall. After all, it�s free! Unfortunately having firewalls on clients and servers means extra management work as well, but Group Policy can handle that as far as Windows Firewall is concerned (another great reason for deploying Windows Firewall on hosts instead of third-party firewalls from other vendors). Still, there are times when you want to check or modify the configuration of Windows Firewall on some hosts because of problems of some sort, and the command-line tool Netsh.exe is just the thing to do this with. Get It WorkingLet�s say Bob sets up a Windows Server 2003 SP1 machine as a web and file server for internal use in his company. Knowing that the Windows Firewall/Internet Connection Sharing service is disabled by default, he opens the Services console under Administrative Tools and changes the Startup Type for this service to Automatic and then starts the service. So far, so good, but if he had tried opening the Windows Firewall utility from Control Panel he would have been presented with a message asking him whether he wanted to start this service and pointing out that he should reboot his server afterwards to make sure Windows Firewall recognizes that the server is listening for inbound traffic from file and web clients. Anyway, Bob now wants to enable and configure Windows Firewall on the server but is suddenly called away on an emergency. He sends a quick email to his assistant Mary using his BlackBerry saying �Enable firewall on server so clients can access it�get it working� and walks out the door. Unfortunately his assistant is working from home today but Bob remembered to enable Remote Desktop on the new server, so Mary starts Remote Desktop Connection on her Windows XP SP2 computer and the console of the remote server is displayed. Now what? Mary could open Control Panel on the remote machine and enable Windows Firewall, but what exceptions does she need to configure on it? Bob was obviously in a hurry when he said �so clients can access it� but what clients? And it�s obviously important because he wants it done today. Rather than hunt around the Services console looking for additional services that Bob might have enabled on the machine, Mary decides to open a command prompt on the remote machine and pursue a different tack. She starts by typing the following command:
She then examines the contents of the netstat.txt file that opens in Notepad:
Right away it looks to her from this file that the server has the HTTP service installed on it since the machine is listening on TCP port 80. Better check though and make sure this service is actually the one using this port. How does she do this? First she notes the process ID (PID) number associated with these ports which is 1664. Then She types the following commands at the command prompt:
She then examines the contents of the svclist.txt file, which look like this:
She examines this file looking for the the PID noted previously and finds this line:
This line confirms to her that Bob installed IIS on the server and configured it to run as a web server. Now Mary has to enable Windows Firewall on the machine and create an exception for HTTP clients to access it. Since she�s already at the command-line on the remote machine, she decides to do this using the Netsh command. First, she views the configuration of Windows Firewall on the server:
From this command output she confirms that Windows Firewall is currently disabled and needs to be enabled. To do this, Mary types the following command:
Now she adds a port exception for the HTTP service:
To test this, she temporarily minimizes her Remote Desktop Connection window and opens Internet Explorer and types http://172.16.11.182 in the address bar, and here�s what she gets in response (Figure 1):
That sounds like Bob! Always playing the �heavy� as far as his role as administrator is concerned. Now let�s see what else is running on the server. Mary goes back to the netstat.txt file shown previously and finds the following lines of interest:
This is a sure giveaway that the server is configured as a file server with shared folders on it for these two ports (and two others listed below) are used by Server Message Block (SMB) protocol (Microsoft�s file sharing protocol) as follows:
In other words, the first three ports are for SMB over NBT (NETBIOS over TCP/IP) and the last one (new in Windows 2000 and later) is for SMB directly over TCP/IP. So to access the remote server as a file server, exceptions have to be created for these four ports in Windows Firewall. To do this, Mary types the following commands in the command prompt window open on the remote machine�s desktop:
What�s cool about this approach is that if she opens Windows Firewall from Control Panel on the remote machine�s desktop, it displays the File and Printer Sharing exception as enabled (Figure 2):
Mary should then be able to display the shared folders on the remote server simply by clicking Start, then Run and typing \\172.16.11.182 and clicking OK. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You can vote in polls in this forum |