diff --git a/configs/-opt-dns/db.172 b/configs/-opt-dns/db.172 index f5d9fa0..a210ff7 100644 --- a/configs/-opt-dns/db.172 +++ b/configs/-opt-dns/db.172 @@ -10,6 +10,7 @@ $TTL 604800 @ IN NS l-srv.skill39.wsr. +10.20 IN PTR l-srv.skill39.wsr. 2.50 IN PTR l-rtr-a.skill39.wsr. 2.55 IN PTR l-rtr-b.skill39.wsr. diff --git a/configs/R-SRV.sh b/configs/R-SRV.sh deleted file mode 100644 index ea54f7e..0000000 --- a/configs/R-SRV.sh +++ /dev/null @@ -1,34 +0,0 @@ -# R-SRV - -apt install bind9 - -NAMED_CONF="/etc/bind/named.conf.options" -rm $NAMED_CONF; touch $NAMED_CONF; chown -R bind:bind $NAMED_CONF -echo -e "\n// /etc/bind/named.conf.options file;\n// Configured by Maxim;\n\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n};" >> $NAMED_CONF - -nano /etc/apparmor.d/usr.sbin.named -# /opt/dns/** rw, - -DEFAULT_ZONES="/etc/bind/named.conf.default-zones" - -echo -e "\nzone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/skill39.db\";\n};\n" >> $DEFAULT_ZONES -echo -e "zone \"16.172.in-addr.arpa\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.172\";\n};\n" >> $DEFAULT_ZONES -echo -e "zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.192\";\n};\n" >> $DEFAULT_ZONES - -mkdir /opt/dns -chown -R bind:bind /opt/dns - -SKILLDB="/opt/dns/skill39.db" -rm $SKILLDB; touch $SKILLDB; chown -R bind:bind $SKILLDB -echo -e "" >> %SKILLDB - -DB172="/opt/dns/db.172" -rm $DB172; touch $DB172; chown -R bind:bind $DB172 -echo -e "" >> %DB172 - -DB192="/opt/dns/db.192" -rm $DB192; touch $DB192; chown -R bind:bind $DB192 -echo -e "" >> %DB192 - -systemctl restart apparmor.service -systemctl restart bind9 diff --git a/configs/base-config-CentOS.sh b/configs/base-config-CentOS.sh index d368fc5..7302941 100644 --- a/configs/base-config-CentOS.sh +++ b/configs/base-config-CentOS.sh @@ -21,13 +21,6 @@ echo -e "20.20.20.10\tisp" >> $HOSTS cat $HOSTS -# SSH config - -SSH_CONFIG="/etc/ssh/sshd_config" -cp $SSH_CONFIG $SSH_CONFIG.old -sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG -systemctl restart sshd.service - # YUM config cd /media/ @@ -45,10 +38,18 @@ echo -e "[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/Cent cat $REPO_FILE -# /dev/sr1 CentOS-7-x86_64-DVD-1810.iso -# /dev/sr0 Additional.iso +# /dev/sr0 CentOS-7-x86_64-DVD-1810.iso +# /dev/sr1 Additional.iso -mount /dev/sr1 /media/CentOS -mount /dev/sr0 /media/cdrom +mount /dev/sr0 /media/CentOS +mount /dev/sr1 /media/cdrom yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y +yum install zsh git -y + +# SSH config + +SSH_CONFIG="/etc/ssh/sshd_config" +cp $SSH_CONFIG $SSH_CONFIG.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG +systemctl restart sshd.service diff --git a/configs/base-config-Debian.sh b/configs/base-config-Debian.sh index 7c9f5a2..0837566 100644 --- a/configs/base-config-Debian.sh +++ b/configs/base-config-Debian.sh @@ -21,6 +21,13 @@ echo -e "10.10.10.10\tisp" >> $HOSTS cat $HOSTS + +# APT config + +apt-cdrom add +apt install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y +apt install zsh git -y + # SSH config SSH_CONFIG="/etc/ssh/sshd_config" @@ -28,7 +35,3 @@ cp $SSH_CONFIG $SSH_CONFIG.old sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG systemctl restart ssh.service -# APT config - -apt-cdrom add -apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y \ No newline at end of file diff --git a/configs/config-all.sh b/configs/config-all.sh index ead6891..ed7c595 100644 --- a/configs/config-all.sh +++ b/configs/config-all.sh @@ -21,10 +21,7 @@ cat $HOSTS # Для смены порядка чтения "DNS" -nano /etc/nsswitch.conf - -# Ответы DNS сервера должны иметь более высокий приоритет. -# В строке, которая начинается с "hosts: ", меняем местами слова files и dns. +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf SSH_CONFIG="/etc/ssh/sshd_config" cp $SSH_CONFIG $SSH_CONFIG.old @@ -103,8 +100,62 @@ firewall-cmd --reload # L-FW -# iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE +# iptables методичка +# -A - добавить правило в цепочку; +# -С - проверить все правила; +# -D - удалить правило; +# -I - вставить правило с нужным номером; +# -L - вывести все правила в текущей цепочке; +# -S - вывести все правила; +# -F - очистить все правила; +# -N - создать цепочку; +# -X - удалить цепочку; +# -P - установить действие по умолчанию. +# -s - указать ip адрес устройства-отправителя пакета; +# -d - указать ip адрес получателя; +# -i - входной сетевой интерфейс; +# -o - исходящий сетевой интерфейс; +# -j - выбрать действие, если правило подошло. + +# P: +# INPUT - Входящие паекты +# OUTPUT - Исходящие пакеты +# FORWARD - Паокеты пересылки + +# j: +# ACCEPT - разрешить прохождение пакета дальше по цепочке правил; +# DROP - удалить пакет; +# REJECT - отклонить пакет, отправителю будет отправлено сообщение, что пакет был отклонен; +# LOG - сделать запись о пакете в лог файл; +# QUEUE - отправить пакет пользовательскому приложению. +# REDIRECT - Перенаправлять на ... +# ... + +# t: +# raw - предназначена для работы с сырыми пакетами, пока они еще не прошли обработку; +# mangle - предназначена для модификации пакетов; +# nat - обеспечивает работу nat, если вы хотите использовать компьютер в качестве маршрутизатора; +# filter - основная таблица для фильтрации пакетов, используется по умолчанию. + +apt install iptables-persistent -y + +# Reset rules +iptables -F +iptables -t nat -F +iptables -t mangle -F +iptables -t filter -F + +# Default rules +iptables -A INPUT -i lo -j ACCEPT +iptables -A OUTPUT -o lo -j ACCEPT +iptables -P INPUT ACCEPT +iptables -P OUTPUT ACCEPT +iptables -P FORWARD ACCEPT + # iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10 +iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE +iptables -t nat -A PREROUTING -i ens256 -j DNAT --to-destination 172.16.20.10 + echo "AllowUsers ssh_p root ssh_c" >> /etc/ssh/sshd_config @@ -114,87 +165,62 @@ adduser ssh_p adduser ssh_c # c_hss -apt install frr +apt install frr -y -# ospfd=no => ospfd=yes -nano /etc/frr/daemons +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; -systemctl restart frr vtysh -# # # frr config -# conf t -# router ospf -# network 172.16.20.0/24 area 0 -# network 172.16.50.0/30 area 0 -# network 172.16.55.0/30 area 0 -# network 10.5.5.0/30 area 0 -# network 5.5.5.0/27 area 0 -# passive-interface ens160 -# passive-interface ens256 -# exit -# exit -# write -# exit +# frr config +conf t + ip forw + router ospf + network 172.16.20.0/24 area 0 + network 172.16.50.0/30 area 0 + network 172.16.55.0/30 area 0 + network 10.5.5.0/30 area 0 + network 5.5.5.0/27 area 0 + passive-interface ens160 + passive-interface ens256 + exit + exit +write +exit -apt install iptables-persistent -y # L-RTR-A apt install frr -# ospfd=no => ospfd=yes -nano /etc/frr/daemons +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; -systemctl restart frr vtysh -# # frr config -# conf t -# router ospf -# network 172.16.50.0/30 area 0 -# network 172.16.100.0/24 area 0 -# passive-interface esn224 -# exit -# exit -# write -# exit +# frr config +conf t + ip forw + router ospf + network 172.16.50.0/30 area 0 + network 172.16.100.0/24 area 0 + passive-interface esn224 + exit + exit +write +exit -apt install isc-dhcp-server +apt install isc-dhcp-server -y # Пишем интерфейсы nano /etc/default/isc-dhcp-server -# Выставляем ip nano /etc/dhcp/dhcpd.conf - -# # /etc/dhcp/dhcpd.conf file -# # L-RTR-A -# option domain-name "skill39.wsr"; -# option domain-name-servers 172.16.20.10; - -# default-lease-time 600; -# max-lease-time 7200; -# ddns-update-style none; - -# authoritative; - -# subnet 172.16.50.0 netmask 255.255.255.252 {} - -# subnet 172.16.100.0 netmask 255.255.255.0 { -# range 172.16.100.65 172.16.100.75; -# option routers 172.16.100.1; -# } - -# subnet 172.16.200.0 netmask 255.255.255.0 { -# range 172.16.200.65 172.16.200.75; -# option routers 172.16.200.1; -# } - -# host lclib { -# hardware ethernet 00:0C:29:1D:2C:06; -# fixed-address 172.16.200.61; -# } +# ( Файл находится в этой директории ) # Включаем isc-dhcp-server и переагружаем systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server; shutdown -r 0 @@ -203,28 +229,30 @@ systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server; shutdown -r apt install frr -# ospfd=no => ospfd=yes -nano /etc/frr/daemons +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; -systemctl restart frr vtysh -# # frr config -# conf t -# router ospf -# network 172.16.55.0/30 area 0 -# network 172.16.200.0/24 area 0 -# passive-interface ens224 -# exit -# exit -# write -# exit +# frr config +conf t + ip forw + router ospf + network 172.16.55.0/30 area 0 + network 172.16.200.0/24 area 0 + passive-interface ens224 + exit + exit +write +exit apt install isc-dhcp-relay # R-FW -yum install /media/cdrom/lib* /media/cdrom/frr*; +yum install /media/cdrom/lib* /media/cdrom/frr* -y systemctl stop frr; systemctl disable frr; sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; @@ -250,7 +278,7 @@ exit # R-RTR -yum install /media/cdrom/lib* /media/cdrom/frr*; +yum install /media/cdrom/lib* /media/cdrom/frr* -y systemctl stop frr; systemctl disable frr; sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; @@ -271,7 +299,7 @@ conf t write exit -# R-SRV +# L-SRV apt install bind9 nano /etc/bind/named.conf.options @@ -280,8 +308,9 @@ nano /etc/bind/named.conf.options # options { # directory "/var/cache/bind"; # forwarders { 10.10.10.10; }; -# dnssec-validation no; +# dnssec-validation no; # listen-on-v6 { none; }; +# recursion yes; # }; mkdir /opt/dns @@ -298,14 +327,17 @@ systemctl restart apparmor.service nano /etc/bind/named.conf.default-zones -# zone "skill39.wsr" { -# type master; -# allow-transfer { any; }; +# zone "skill39.wsr" { +# type master; +# allow-transfer { any; }; +# allow-update { 172.16.50.2; }; +# recursion yes; # file "/opt/dns/skill39.db"; # }; # zone "16.172.in-addr.arpa" { # type master; -# allow-transfer { any; }; +# allow-transfer { any; }; +# allow-update { 172.16.50.2; }; # file "/opt/dns/db.172"; # }; # zone "168.192.in-addr.arpa" { @@ -321,4 +353,18 @@ nano /opt/dns/db.172 # ( Файл находится в этой директории ) nano /opt/dns/db.192 -# ( Файл находится в этой директории ) \ No newline at end of file +# ( Файл находится в этой директории ) + +systemctl restart bind9 + +# R-SRV + +# Disable SELinux +setenforce 0 +sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; +getenforce + +yum install bind + +mkdir /opt/dns +chown named:named /opt/dns diff --git a/configs/l-/dhcpd.conf b/configs/l-/dhcpd.conf new file mode 100644 index 0000000..942e1ab --- /dev/null +++ b/configs/l-/dhcpd.conf @@ -0,0 +1,31 @@ +# /etc/dhcp/dhcpd.conf file +# L-RTR-A +default-lease-time 600; +max-lease-time 7200; + +ddns-update-style interim; +update-static-leases on; +zone skill39.wsr. { + primary 172.16.20.10; +} +zone 16.172.in-addr.arpa. { + primary 172.16.20.10; +} +authoritative; + +option domain-name "skill39.wsr"; +option domain-name-servers 172.16.20.10, 192.168.20.10; + +subnet 172.16.50.0 netmask 255.255.255.252 {} +subnet 172.16.100.0 netmask 255.255.255.0 { + range 172.16.100.65 172.16.100.75; + option routers 172.16.100.1; +} +subnet 172.16.200.0 netmask 255.255.255.0 { + range 172.16.200.65 172.16.200.75; + option routers 172.16.200.1; +} +host lclib { + hardware ethernet 00:0C:29:1D:2C:06; + fixed-address 172.16.200.61; +} \ No newline at end of file diff --git a/configs/l-/l-fw.sh b/configs/l-/l-fw.sh new file mode 100644 index 0000000..88d349f --- /dev/null +++ b/configs/l-/l-fw.sh @@ -0,0 +1,66 @@ +HS="/etc/hostsname" +rm $HS; touch $HS +echo "L-FW" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "10.10.10.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +iptables -F +apt-cdrom add + +apt install frr iptables-persistent tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y + +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf +SSHC="/etc/ssh/sshd_config" +cp $SSHC $SSHC.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC +echo "AllowUsers ssh_p root ssh_c" >> $SSHC +iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE +iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10 + +systemctl start NetworkManager + +nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.50.1/30" +nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens192 ifname ens192 +nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "172.16.55.1/30" +nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens224 ifname ens224 +nmcli con add con-name ens256 ifname ens256 autoconnect yes type ethernet ip4 "172.16.20.1/24" +nmcli con mod ens256 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens256 ifname ens256 +nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "10.10.10.1/24" gw4 10.10.10.10 +nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens160 ifname ens160 +nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 20.20.20.100 local 10.10.10.1 +nmcli con mod gre1 ipv4.method manual +ipv4.addresses 10.5.5.1 +nmcli con up gre1 ifname gre1 + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; +vtysh + +conf t + ip forw + router ospf + network 172.16.20.0/24 area 0 + network 172.16.50.0/30 area 0 + network 172.16.55.0/30 area 0 + network 10.5.5.0/30 area 0 + network 5.5.5.0/27 area 0 + passive-interface ens160 + passive-interface ens256 + exit + exit +write +exit + +useradd ssh_p -p p_hss +useradd ssh_c -p c_hss + +shutdown -r 0 + diff --git a/configs/l-/l-rtr-a.sh b/configs/l-/l-rtr-a.sh new file mode 100644 index 0000000..b8f5234 --- /dev/null +++ b/configs/l-/l-rtr-a.sh @@ -0,0 +1,54 @@ +HS="/etc/hostsname" +rm $HS; touch $HS +echo "L-RTR-A" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "10.10.10.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +iptables -F +apt-cdrom add + +apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y + +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf +SSHC="/etc/ssh/sshd_config" +cp $SSHC $SSHC.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC + +systemctl start NetworkManager +nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.50.2/30 gw4 172.16.50.1 +nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens192 ifname ens192 +nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.100.1/24 +nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens224 ifname ens224 + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; +vtysh + +conf t + ip forw + router ospf + network 172.16.50.0/30 area 0 + network 172.16.100.0/24 area 0 + passive-interface esn224 + exit + exit +write +exit + +apt install isc-dhcp-server -y + +sed -ie "s/INTERFACESv4=\"\"/INTERFACESv4=\"ens192 ens224\"/" /etc/default/isc-dhcp-server +DHC="/etc/dhcp/dhcpd.conf" +rm $DHC; touch $DHC +echo -e "# /etc/dhcp/dhcpd.conf file\n# L-RTR-A\ndefault-lease-time 600;\nmax-lease-time 7200;\n\nddns-update-style interim;\nupdate-static-leases on;\nzone skill39.wsr. { primary 172.16.20.10; }\nzone 16.172.in-addr.arpa. { primary 172.16.20.10; }\nauthoritative;\n\noption domain-name \"skill39.wsr\";\noption domain-name-servers 172.16.20.10, 192.168.20.10;\n\nsubnet 172.16.50.0 netmask 255.255.255.252 {}\nsubnet 172.16.100.0 netmask 255.255.255.0 {\n\trange 172.16.100.65 172.16.100.75;\n\toption routers 172.16.100.1;\n}\nsubnet 172.16.200.0 netmask 255.255.255.0 {\n\trange 172.16.200.65 172.16.200.75;\n\toption routers 172.16.200.1;\n}\nhost lclib {\n\thardware ethernet 00:0C:29:1D:2C:06;\n\tfixed-address 172.16.200.61;\n}\n" >> $DHC +systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server + +shutdown -r 0 + diff --git a/configs/l-/l-rtr-b.sh b/configs/l-/l-rtr-b.sh new file mode 100644 index 0000000..343671b --- /dev/null +++ b/configs/l-/l-rtr-b.sh @@ -0,0 +1,51 @@ +HS="/etc/hostsname" +rm $HS; touch $HS +echo "L-RTR-B" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "10.10.10.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +iptables -F +apt-cdrom add + +apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y + +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf +SSHC="/etc/ssh/sshd_config" +cp $SSHC $SSHC.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC + +systemctl start NetworkManager +nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.55.2/30 gw4 172.16.55.1 +nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens192 ifname ens192 +nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.200.1/24 +nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con up ens224 ifname ens224 + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; +vtysh + +conf t + ip forw + router ospf + network 172.16.55.0/30 area 0 + network 172.16.200.0/24 area 0 + passive-interface ens224 + exit + exit +write +exit + +apt install isc-dhcp-relay -y + +# 172.16.50.2 +# ens192 ens224 + +shutdown -r 0 + diff --git a/configs/l-/l-srv.sh b/configs/l-/l-srv.sh new file mode 100644 index 0000000..e69de29 diff --git a/topologi.jpg b/topologi.jpg index 93f9806..17fc618 100644 Binary files a/topologi.jpg and b/topologi.jpg differ