diff --git a/configs/-opt-dns/db.172 b/configs/-opt-dns/db.172 new file mode 100644 index 0000000..f5d9fa0 --- /dev/null +++ b/configs/-opt-dns/db.172 @@ -0,0 +1,19 @@ +; /opt/dns/db.172 file +; Configured by Maxim +$TTL 604800 +@ IN SOA skill39.wsr. root.skill39.wsr. ( + 1, ; Serial + 604800, ; Refresh + 86400, ; Retry + 2419200, ; Expire + 604800 ) ; Negative Cache TTL + +@ IN NS l-srv.skill39.wsr. + +2.50 IN PTR l-rtr-a.skill39.wsr. +2.55 IN PTR l-rtr-b.skill39.wsr. + +; L-FW +1.20 IN PTR l-fw.skill39.wsr. +1.50 IN PTR l-fw.skill39.wsr. +1.55 IN PTR l-fw.skill39.wsr. diff --git a/configs/-opt-dns/db.192 b/configs/-opt-dns/db.192 new file mode 100644 index 0000000..b6b5659 --- /dev/null +++ b/configs/-opt-dns/db.192 @@ -0,0 +1,19 @@ +; /opt/dns/db.192 file +; Configured by Maxim +$TTL 604800 +@ IN SOA skill39.wsr. root.skill39.wsr. ( + 1, ; Serial + 604800, ; Refresh + 86400, ; Retry + 2419200, ; Expire + 604800 ) ; Negative Cache TTL + +@ IN NS l-srv.skill39.wsr. + +10.20 IN PTR r-srv.skill39.wsr. +2.10 IN PTR r-rtr.skill39.wsr. +100.100 IN PTR r-cli.skill39.wsr. + +; R-FW +1.10 IN PTR r-fw.skill39.wsr. +1.20 IN PTR r-fw.skill39.wsr. \ No newline at end of file diff --git a/configs/-opt-dns/skill39.db b/configs/-opt-dns/skill39.db new file mode 100644 index 0000000..46cccae --- /dev/null +++ b/configs/-opt-dns/skill39.db @@ -0,0 +1,30 @@ +; /opt/dns/skill39.db file +; Configured by Maxim +$TTL 604800 +@ IN SOA l-srv.skill39.wsr. root.skill39.wsr. ( + 1, ; Serial + 604800, ; Refresh + 86400, ; Retry + 2419200, ; Expire + 604800 ) ; Negative Cache TTL + +@ IN NS l-srv.skill39.wsr. + +; LEFT +l-fw IN A 10.10.10.1 + IN A 172.16.20.1 + IN A 172.16.50.1 + IN A 172.16.55.1 +l-srv IN A 172.16.20.10 +l-rtr-a IN A 172.16.50.2 +l-rtr-b IN A 172.16.55.2 +server IN CNAME l-srv + +; RIGHT +r-fw IN A 20.20.20.100 + IN A 192.168.10.1 + IN A 192.168.20.1 +r-srv IN A 192.168.20.10 +r-rtr IN A 192.168.10.2 +r-cli IN A 192.168.100.100 +www IN CNAME r-fw diff --git a/configs/R-SRV.sh b/configs/R-SRV.sh new file mode 100644 index 0000000..ea54f7e --- /dev/null +++ b/configs/R-SRV.sh @@ -0,0 +1,34 @@ +# R-SRV + +apt install bind9 + +NAMED_CONF="/etc/bind/named.conf.options" +rm $NAMED_CONF; touch $NAMED_CONF; chown -R bind:bind $NAMED_CONF +echo -e "\n// /etc/bind/named.conf.options file;\n// Configured by Maxim;\n\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n};" >> $NAMED_CONF + +nano /etc/apparmor.d/usr.sbin.named +# /opt/dns/** rw, + +DEFAULT_ZONES="/etc/bind/named.conf.default-zones" + +echo -e "\nzone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/skill39.db\";\n};\n" >> $DEFAULT_ZONES +echo -e "zone \"16.172.in-addr.arpa\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.172\";\n};\n" >> $DEFAULT_ZONES +echo -e "zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.192\";\n};\n" >> $DEFAULT_ZONES + +mkdir /opt/dns +chown -R bind:bind /opt/dns + +SKILLDB="/opt/dns/skill39.db" +rm $SKILLDB; touch $SKILLDB; chown -R bind:bind $SKILLDB +echo -e "" >> %SKILLDB + +DB172="/opt/dns/db.172" +rm $DB172; touch $DB172; chown -R bind:bind $DB172 +echo -e "" >> %DB172 + +DB192="/opt/dns/db.192" +rm $DB192; touch $DB192; chown -R bind:bind $DB192 +echo -e "" >> %DB192 + +systemctl restart apparmor.service +systemctl restart bind9 diff --git a/configs/base-config-CentOS.sh b/configs/base-config-CentOS.sh index 3a3d2bb..d368fc5 100644 --- a/configs/base-config-CentOS.sh +++ b/configs/base-config-CentOS.sh @@ -17,7 +17,7 @@ HOSTS="/etc/hosts"; rm $HOSTS; touch $HOSTS echo -e "# ${HOSTS} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n\n" >> $HOSTS echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $HOSTS echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $HOSTS -echo -e "20.20.20.10\tisp" >> $HOST +echo -e "20.20.20.10\tisp" >> $HOSTS cat $HOSTS @@ -51,4 +51,4 @@ cat $REPO_FILE mount /dev/sr1 /media/CentOS mount /dev/sr0 /media/cdrom -yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils openssh -y +yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y diff --git a/configs/config-all.sh b/configs/config-all.sh index fae237b..ead6891 100644 --- a/configs/config-all.sh +++ b/configs/config-all.sh @@ -2,7 +2,9 @@ # VMWare не может вставить русские буквы, так что исключайте их при копировании # !!!!! -# Пакеты -> ip -> тунель -> дхцп -> -> -> +# План работы +# hostnames -> hosts -> apt/yum -> ip -> gre -> frr -> dhcp -> dhcp-relay -> +# -> primary DNS -> DDNS -> secondary DNS # File version: 2.0 CONFIG_FILE_VERSION="2.0" @@ -31,7 +33,7 @@ systemctl restart ssh.service # Эта настройка для FW и RTR -echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf; shutdown -r 0 # Настройка debian @@ -80,6 +82,7 @@ yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils c # firewall вырубить на всех, кроме R-FW systemctl stop firewalld && systemctl disable firewalld +# systemctl start firewalld && systemctl enable firewalld # R-FW @@ -91,7 +94,6 @@ firewall-cmd --permanent --zone=trusted --add-interface=gre1 firewall-cmd --reload -# firewall-cmd --permanent --zone=external --add-interface=ens256 # firewall-cmd --permanent --zone=external --add-masquerade # firewall-cmd --permanent --zone=trusted --add-interface=tunnel # firewall-cmd --permanent --zone=external --add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.20.10 @@ -120,7 +122,7 @@ nano /etc/frr/daemons systemctl restart frr vtysh -# # frr config +# # # frr config # conf t # router ospf # network 172.16.20.0/24 area 0 @@ -128,13 +130,15 @@ vtysh # network 172.16.55.0/30 area 0 # network 10.5.5.0/30 area 0 # network 5.5.5.0/27 area 0 -# passive-interface ens160 +# passive-interface ens160 # passive-interface ens256 # exit # exit # write # exit +apt install iptables-persistent -y + # L-RTR-A apt install frr @@ -217,3 +221,104 @@ vtysh # exit apt install isc-dhcp-relay + +# R-FW + +yum install /media/cdrom/lib* /media/cdrom/frr*; + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; + +vtysh + +# frr config +conf t + ip forwarding + router ospf + network 192.168.20.0/24 area 0 + network 192.168.10.0/30 area 0 + network 10.5.5.0/30 area 0 + network 5.5.5.0/27 area 0 + passive-interface ens160 + passive-interface ens224 + exit + exit +write +exit + +# R-RTR + +yum install /media/cdrom/lib* /media/cdrom/frr*; + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; + +vtysh + +# frr config +conf t + ip forwarding + router ospf + network 192.168.10.0/30 area 0 + network 192.168.100.0/24 area 0 + passive-interface ens192 + exit + exit +write +exit + +# R-SRV + +apt install bind9 +nano /etc/bind/named.conf.options + +# // /etc/bind/named.conf.options file +# options { +# directory "/var/cache/bind"; +# forwarders { 10.10.10.10; }; +# dnssec-validation no; +# listen-on-v6 { none; }; +# }; + +mkdir /opt/dns +cp /etc/bind/db.local /opt/dns/skill39.db +cp /etc/bind/db.127 /opt/dns/db.172 +cp /etc/bind/db.127 /opt/dns/db.192 +chown -R bind:bind /opt/dns + +nano /etc/apparmor.d/usr.sbin.named + +# /opt/dns/** rw, + +systemctl restart apparmor.service + +nano /etc/bind/named.conf.default-zones + +# zone "skill39.wsr" { +# type master; +# allow-transfer { any; }; +# file "/opt/dns/skill39.db"; +# }; +# zone "16.172.in-addr.arpa" { +# type master; +# allow-transfer { any; }; +# file "/opt/dns/db.172"; +# }; +# zone "168.192.in-addr.arpa" { +# type master; +# allow-transfer { any; }; +# file "/opt/dns/db.192"; +# }; + +nano /opt/dns/skill39.db +# ( Файл находится в этой директории ) + +nano /opt/dns/db.172 +# ( Файл находится в этой директории ) + +nano /opt/dns/db.192 +# ( Файл находится в этой директории ) \ No newline at end of file diff --git a/topologi.jpg b/topologi.jpg new file mode 100644 index 0000000..93f9806 Binary files /dev/null and b/topologi.jpg differ diff --git a/топология.jpg b/топология.jpg deleted file mode 100644 index e7984f8..0000000 Binary files a/топология.jpg and /dev/null differ