configs; /opt/dns/*

configs/-opt-dns/db.172

@@ -0,0 +1,19 @@
+; /opt/dns/db.172 file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	skill39.wsr.	root.skill39.wsr. (
+				1,			; Serial
+				604800,		; Refresh
+				86400,		; Retry
+				2419200,	; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+2.50	IN	PTR	l-rtr-a.skill39.wsr.
+2.55	IN	PTR	l-rtr-b.skill39.wsr.
+
+; L-FW 
+1.20	IN	PTR	l-fw.skill39.wsr.
+1.50	IN	PTR	l-fw.skill39.wsr.
+1.55	IN	PTR	l-fw.skill39.wsr.

configs/-opt-dns/db.192

@@ -0,0 +1,19 @@
+; /opt/dns/db.192 file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	skill39.wsr.	root.skill39.wsr. (
+				1,			; Serial
+				604800,		; Refresh
+				86400,		; Retry
+				2419200,	; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+10.20	IN	PTR	r-srv.skill39.wsr.
+2.10	IN 	PTR	r-rtr.skill39.wsr.
+100.100	IN	PTR	r-cli.skill39.wsr.
+
+; R-FW
+1.10	IN	PTR	r-fw.skill39.wsr.
+1.20	IN	PTR	r-fw.skill39.wsr.

configs/-opt-dns/skill39.db

@@ -0,0 +1,30 @@
+; /opt/dns/skill39.db file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	l-srv.skill39.wsr.	root.skill39.wsr. (
+				1,			; Serial
+				604800,		; Refresh
+				86400,		; Retry
+				2419200,	; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+; LEFT
+l-fw	IN	A	10.10.10.1
+		IN	A	172.16.20.1
+		IN	A	172.16.50.1
+		IN	A	172.16.55.1
+l-srv	IN	A	172.16.20.10
+l-rtr-a	IN	A	172.16.50.2
+l-rtr-b	IN	A	172.16.55.2
+server	IN	CNAME	l-srv
+
+; RIGHT
+r-fw	IN	A	20.20.20.100
+		IN	A	192.168.10.1
+		IN	A	192.168.20.1
+r-srv	IN	A	192.168.20.10
+r-rtr	IN	A	192.168.10.2
+r-cli	IN	A	192.168.100.100
+www	IN	CNAME	r-fw

configs/R-SRV.sh

@@ -0,0 +1,34 @@
+# R-SRV
+
+apt install bind9
+
+NAMED_CONF="/etc/bind/named.conf.options"
+rm $NAMED_CONF; touch $NAMED_CONF; chown -R bind:bind $NAMED_CONF
+echo -e "\n// /etc/bind/named.conf.options file;\n// Configured by Maxim;\n\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n};" >> $NAMED_CONF
+
+nano /etc/apparmor.d/usr.sbin.named
+# /opt/dns/** rw,
+
+DEFAULT_ZONES="/etc/bind/named.conf.default-zones"
+
+echo -e "\nzone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/skill39.db\";\n};\n" >> $DEFAULT_ZONES
+echo -e "zone \"16.172.in-addr.arpa\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.172\";\n};\n" >> $DEFAULT_ZONES
+echo -e "zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.192\";\n};\n" >> $DEFAULT_ZONES
+
+mkdir /opt/dns
+chown -R bind:bind /opt/dns
+
+SKILLDB="/opt/dns/skill39.db"
+rm $SKILLDB; touch $SKILLDB; chown -R bind:bind $SKILLDB
+echo -e "" >> %SKILLDB
+
+DB172="/opt/dns/db.172"
+rm $DB172; touch $DB172; chown -R bind:bind $DB172
+echo -e "" >> %DB172
+
+DB192="/opt/dns/db.192"
+rm $DB192; touch $DB192; chown -R bind:bind $DB192
+echo -e "" >> %DB192
+
+systemctl restart apparmor.service
+systemctl restart bind9

configs/base-config-CentOS.sh

@@ -17,7 +17,7 @@ HOSTS="/etc/hosts"; rm $HOSTS; touch $HOSTS
 echo -e "# ${HOSTS} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n\n" >> $HOSTS
 echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $HOSTS
 echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $HOSTS 
-echo -e "20.20.20.10\tisp" >> $HOST
+echo -e "20.20.20.10\tisp" >> $HOSTS
 
 cat $HOSTS
 
@@ -51,4 +51,4 @@ cat $REPO_FILE
 mount /dev/sr1 /media/CentOS
 mount /dev/sr0 /media/cdrom
 
-yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils openssh -y
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y

configs/config-all.sh

@@ -2,7 +2,9 @@
 # VMWare не может вставить русские буквы, так что исключайте их при копировании
 # !!!!!
 
-# Пакеты -> ip -> тунель -> дхцп -> -> -> 
+# План работы
+# hostnames -> hosts -> apt/yum -> ip -> gre -> frr -> dhcp -> dhcp-relay ->
+# -> primary DNS -> DDNS -> secondary DNS  
 
 # File version: 2.0
 CONFIG_FILE_VERSION="2.0"
@@ -31,7 +33,7 @@ systemctl restart ssh.service
 
 # Эта настройка для FW и RTR 
 
-echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf; shutdown -r 0
 
 # Настройка debian 
 
@@ -80,6 +82,7 @@ yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils c
 # firewall вырубить на всех, кроме R-FW
 
 systemctl stop firewalld && systemctl disable firewalld
+# systemctl start firewalld && systemctl enable firewalld
 
 # R-FW
 
@@ -91,7 +94,6 @@ firewall-cmd --permanent --zone=trusted --add-interface=gre1
 
 firewall-cmd --reload
 
-# firewall-cmd --permanent --zone=external --add-interface=ens256
 # firewall-cmd --permanent --zone=external --add-masquerade
 # firewall-cmd --permanent --zone=trusted --add-interface=tunnel
 # firewall-cmd --permanent --zone=external --add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.20.10
@@ -120,7 +122,7 @@ nano /etc/frr/daemons
 systemctl restart frr
 vtysh
 
-# # frr config
+# # # frr config
 # conf t  
 # 	router ospf    
 # 		network 172.16.20.0/24 area 0    
@@ -128,13 +130,15 @@ vtysh
 # 		network 172.16.55.0/30 area 0    
 # 		network 10.5.5.0/30 area 0    
 # 		network 5.5.5.0/27 area 0    
-# 		passive-interface ens160    
+# 		passive-interface ens160
 # 		passive-interface ens256
 # 		exit
 # 	exit
 # write
 # exit
 
+apt install iptables-persistent -y 
+
 # L-RTR-A
 
 apt install frr
@@ -217,3 +221,104 @@ vtysh
 # exit
 
 apt install isc-dhcp-relay
+
+# R-FW
+
+yum install /media/cdrom/lib* /media/cdrom/frr*; 
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t
+	ip forwarding
+	router ospf
+		network 192.168.20.0/24 area 0    
+		network 192.168.10.0/30 area 0    
+		network 10.5.5.0/30 area 0    
+		network 5.5.5.0/27 area 0
+		passive-interface ens160
+		passive-interface ens224
+		exit
+	exit
+write
+exit
+
+# R-RTR
+
+yum install /media/cdrom/lib* /media/cdrom/frr*; 
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t
+	ip forwarding
+	router ospf
+		network 192.168.10.0/30 area 0
+		network 192.168.100.0/24 area 0
+		passive-interface ens192
+		exit
+	exit
+write
+exit
+
+# R-SRV
+
+apt install bind9
+nano /etc/bind/named.conf.options
+
+# // /etc/bind/named.conf.options file
+# options {
+# 	directory "/var/cache/bind";   
+# 	forwarders { 10.10.10.10; };   
+# 	dnssec-validation no;   
+# 	listen-on-v6 { none; };
+# };
+
+mkdir /opt/dns
+cp /etc/bind/db.local /opt/dns/skill39.db
+cp /etc/bind/db.127 /opt/dns/db.172
+cp /etc/bind/db.127 /opt/dns/db.192
+chown -R bind:bind /opt/dns
+
+nano /etc/apparmor.d/usr.sbin.named
+
+# /opt/dns/** rw,
+
+systemctl restart apparmor.service
+
+nano /etc/bind/named.conf.default-zones
+
+# zone "skill39.wsr" { 
+# 	type master; 
+# 	allow-transfer { any; }; 
+# 	file "/opt/dns/skill39.db";
+# };
+# zone "16.172.in-addr.arpa" { 
+# 	type master; 
+# 	allow-transfer { any; }; 
+# 	file "/opt/dns/db.172";
+# };
+# zone "168.192.in-addr.arpa" { 
+# 	type master; 
+# 	allow-transfer { any; }; 
+# 	file "/opt/dns/db.192";
+# };
+
+nano /opt/dns/skill39.db
+# ( Файл находится в этой директории )
+
+nano /opt/dns/db.172
+# ( Файл находится в этой директории )
+
+nano /opt/dns/db.192
+# ( Файл находится в этой директории )