l-*.sh

2026-05-20 00:20:15 +00:00 · 2022-04-20 21:45:29 +03:00
parent c0a40fa982
commit d5423b8f4d
11 changed files with 357 additions and 138 deletions
@@ -10,6 +10,7 @@ $TTL 604800
@	IN	NS	l-srv.skill39.wsr.
 10.20	IN	PTR	l-srv.skill39.wsr.
 2.50	IN	PTR	l-rtr-a.skill39.wsr.
 2.55	IN	PTR	l-rtr-b.skill39.wsr.
@@ -1,34 +0,0 @@
 # R-SRV
 apt install bind9
 NAMED_CONF="/etc/bind/named.conf.options"
 rm $NAMED_CONF; touch $NAMED_CONF; chown -R bind:bind $NAMED_CONF
 echo -e "\n// /etc/bind/named.conf.options file;\n// Configured by Maxim;\n\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n};" >> $NAMED_CONF
 nano /etc/apparmor.d/usr.sbin.named
 # /opt/dns/** rw,
 DEFAULT_ZONES="/etc/bind/named.conf.default-zones"
 echo -e "\nzone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/skill39.db\";\n};\n" >> $DEFAULT_ZONES
 echo -e "zone \"16.172.in-addr.arpa\" {\n\ttype master;\n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.172\";\n};\n" >> $DEFAULT_ZONES
 echo -e "zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; };\n\tfile \"/opt/dns/db.192\";\n};\n" >> $DEFAULT_ZONES
 mkdir /opt/dns
 chown -R bind:bind /opt/dns
 SKILLDB="/opt/dns/skill39.db"
 rm $SKILLDB; touch $SKILLDB; chown -R bind:bind $SKILLDB
 echo -e "" >> %SKILLDB
 DB172="/opt/dns/db.172"
 rm $DB172; touch $DB172; chown -R bind:bind $DB172
 echo -e "" >> %DB172
 DB192="/opt/dns/db.192"
 rm $DB192; touch $DB192; chown -R bind:bind $DB192
 echo -e "" >> %DB192
 systemctl restart apparmor.service
 systemctl restart bind9
@@ -21,13 +21,6 @@ echo -e "20.20.20.10\tisp" >> $HOSTS
 cat $HOSTS
 # SSH config
 SSH_CONFIG="/etc/ssh/sshd_config"
 cp $SSH_CONFIG $SSH_CONFIG.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
 systemctl restart sshd.service
 # YUM config
 cd /media/
@@ -45,10 +38,18 @@ echo -e "[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/Cent
 cat $REPO_FILE
-# /dev/sr1 CentOS-7-x86_64-DVD-1810.iso
+# /dev/sr0 CentOS-7-x86_64-DVD-1810.iso
-# /dev/sr0 Additional.iso
+# /dev/sr1 Additional.iso
-mount /dev/sr1 /media/CentOS
+mount /dev/sr0 /media/CentOS
-mount /dev/sr0 /media/cdrom
+mount /dev/sr1 /media/cdrom
 yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
 yum install zsh git -y
 # SSH config
 SSH_CONFIG="/etc/ssh/sshd_config"
 cp $SSH_CONFIG $SSH_CONFIG.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
 systemctl restart sshd.service
@@ -21,6 +21,13 @@ echo -e "10.10.10.10\tisp" >> $HOSTS
 cat $HOSTS
 # APT config
 apt-cdrom add
 apt install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
 apt install zsh git -y
 # SSH config
 SSH_CONFIG="/etc/ssh/sshd_config"
@@ -28,7 +35,3 @@ cp $SSH_CONFIG $SSH_CONFIG.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
 systemctl restart ssh.service
 # APT config
 apt-cdrom add
 apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
@@ -21,10 +21,7 @@ cat $HOSTS
 # Для смены порядка чтения "DNS"
-nano /etc/nsswitch.conf
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
 # Ответы DNS сервера должны иметь более высокий приоритет.
 # В строке, которая начинается с "hosts: ", меняем местами слова files и dns.
 SSH_CONFIG="/etc/ssh/sshd_config"
 cp $SSH_CONFIG $SSH_CONFIG.old
@@ -103,8 +100,62 @@ firewall-cmd --reload
 # L-FW
-# iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
+# iptables методичка
 # -A - добавить правило в цепочку;
 # -С - проверить все правила;
 # -D - удалить правило;
 # -I - вставить правило с нужным номером;
 # -L - вывести все правила в текущей цепочке;
 # -S - вывести все правила;
 # -F - очистить все правила;
 # -N - создать цепочку;
 # -X - удалить цепочку;
 # -P - установить действие по умолчанию.
 # -s - указать ip адрес устройства-отправителя пакета;
 # -d - указать ip адрес получателя;
 # -i - входной сетевой интерфейс;
 # -o - исходящий сетевой интерфейс;
 # -j - выбрать действие, если правило подошло.
 # P:
 # INPUT - Входящие паекты
 # OUTPUT - Исходящие пакеты
 # FORWARD - Паокеты пересылки
 # j:
 # ACCEPT - разрешить прохождение пакета дальше по цепочке правил;
 # DROP - удалить пакет;
 # REJECT - отклонить пакет, отправителю будет отправлено сообщение, что пакет был отклонен;
 # LOG - сделать запись о пакете в лог файл;
 # QUEUE - отправить пакет пользовательскому приложению.
 # REDIRECT - Перенаправлять на ...
 # ...
 # t:
 # raw - предназначена для работы с сырыми пакетами, пока они еще не прошли обработку;
 # mangle - предназначена для модификации пакетов;
 # nat - обеспечивает работу nat, если вы хотите использовать компьютер в качестве маршрутизатора;
 # filter - основная таблица для фильтрации пакетов, используется по умолчанию.
 apt install iptables-persistent -y 
 # Reset rules
 iptables -F 
 iptables -t nat -F
 iptables -t mangle -F
 iptables -t filter -F
 # Default rules
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT
 # iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
 iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
 iptables -t nat -A PREROUTING -i ens256 -j DNAT --to-destination 172.16.20.10
 echo "AllowUsers ssh_p root ssh_c" >> /etc/ssh/sshd_config
@@ -114,87 +165,62 @@ adduser ssh_p
 adduser ssh_c
 # c_hss
-apt install frr
+apt install frr -y
-# ospfd=no => ospfd=yes
+systemctl stop frr; systemctl disable frr;
-nano /etc/frr/daemons
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 systemctl restart frr
 vtysh
-# # # frr config
+# frr config
-# conf t  
+conf t 
-# 	router ospf    
+	ip forw
-# 		network 172.16.20.0/24 area 0    
+	router ospf    
-# 		network 172.16.50.0/30 area 0    
+		network 172.16.20.0/24 area 0    
-# 		network 172.16.55.0/30 area 0    
+		network 172.16.50.0/30 area 0    
-# 		network 10.5.5.0/30 area 0    
+		network 172.16.55.0/30 area 0    
-# 		network 5.5.5.0/27 area 0    
+		network 10.5.5.0/30 area 0    
-# 		passive-interface ens160
+		network 5.5.5.0/27 area 0    
-# 		passive-interface ens256
+		passive-interface ens160
-# 		exit
+		passive-interface ens256
-# 	exit
+		exit
-# write
+	exit
-# exit
+write
 exit
 apt install iptables-persistent -y 
 # L-RTR-A
 apt install frr
-# ospfd=no => ospfd=yes
+systemctl stop frr; systemctl disable frr;
-nano /etc/frr/daemons
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 systemctl restart frr
 vtysh
-# # frr config
+# frr config
-# conf t  
+conf t 
-# 	router ospf    
+	ip forw
-# 		network 172.16.50.0/30 area 0
+	router ospf    
-# 		network 172.16.100.0/24 area 0
+		network 172.16.50.0/30 area 0
-# 		passive-interface esn224
+		network 172.16.100.0/24 area 0
-# 		exit
+		passive-interface esn224
-# 	exit
+		exit
-# write
+	exit
-# exit
+write
 exit
-apt install isc-dhcp-server
+apt install isc-dhcp-server -y
 # Пишем интерфейсы
 nano /etc/default/isc-dhcp-server
 # Выставляем ip
 nano /etc/dhcp/dhcpd.conf
-
+# ( Файл находится в этой директории )
 # # /etc/dhcp/dhcpd.conf file
 # # L-RTR-A
 # option domain-name "skill39.wsr";
 # option domain-name-servers 172.16.20.10;
 # default-lease-time 600;
 # max-lease-time 7200;
 # ddns-update-style none;
 # authoritative;
 # subnet 172.16.50.0 netmask 255.255.255.252 {}
 # subnet 172.16.100.0 netmask 255.255.255.0 { 
 # 	range 172.16.100.65 172.16.100.75; 
 # 	option routers 172.16.100.1;
 # }
 # subnet 172.16.200.0 netmask 255.255.255.0 { 
 # 	range 172.16.200.65 172.16.200.75; 
 # 	option routers 172.16.200.1;
 # }
 # host lclib { 
 # 	hardware ethernet 00:0C:29:1D:2C:06;  
 # 	fixed-address 172.16.200.61;
 # }
 # Включаем isc-dhcp-server и переагружаем
 systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server; shutdown -r 0
@@ -203,28 +229,30 @@ systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server; shutdown -r
 apt install frr
-# ospfd=no => ospfd=yes
+systemctl stop frr; systemctl disable frr;
-nano /etc/frr/daemons
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 systemctl restart frr
 vtysh
-# # frr config
+# frr config
-# conf t  
+conf t 
-# 	router ospf    
+	ip forw
-# 		network 172.16.55.0/30 area 0    
+	router ospf    
-# 		network 172.16.200.0/24 area 0
+		network 172.16.55.0/30 area 0    
-# 		passive-interface ens224
+		network 172.16.200.0/24 area 0
-# 		exit
+		passive-interface ens224
-# 	exit
+		exit
-# write
+	exit
-# exit
+write
 exit
 apt install isc-dhcp-relay
 # R-FW
-yum install /media/cdrom/lib* /media/cdrom/frr*; 
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
 systemctl stop frr; systemctl disable frr;
 sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
@@ -250,7 +278,7 @@ exit
 # R-RTR
-yum install /media/cdrom/lib* /media/cdrom/frr*; 
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
 systemctl stop frr; systemctl disable frr;
 sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
@@ -271,7 +299,7 @@ conf t
 write
 exit
-# R-SRV
+# L-SRV
 apt install bind9
 nano /etc/bind/named.conf.options
@@ -282,6 +310,7 @@ nano /etc/bind/named.conf.options
 # 	forwarders { 10.10.10.10; };   
 # 	dnssec-validation no;
 # 	listen-on-v6 { none; };
 # 	recursion yes;
 # };
 mkdir /opt/dns
@@ -301,11 +330,14 @@ nano /etc/bind/named.conf.default-zones
 # zone "skill39.wsr" {
 # 	type master;
 # 	allow-transfer { any; };
 # 	allow-update { 172.16.50.2; };
 # 	recursion yes;
 # 	file "/opt/dns/skill39.db";
 # };
 # zone "16.172.in-addr.arpa" { 
 # 	type master; 
 # 	allow-transfer { any; };
 # 	allow-update { 172.16.50.2; };
 # 	file "/opt/dns/db.172";
 # };
 # zone "168.192.in-addr.arpa" { 
@@ -322,3 +354,17 @@ nano /opt/dns/db.172
 nano /opt/dns/db.192
 # ( Файл находится в этой директории )
 systemctl restart bind9
 # R-SRV
 # Disable SELinux
 setenforce 0
 sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
 getenforce
 yum install bind
 mkdir /opt/dns
 chown named:named /opt/dns
@@ -0,0 +1,31 @@
 # /etc/dhcp/dhcpd.conf file
 # L-RTR-A
 default-lease-time 600;
 max-lease-time 7200;
 ddns-update-style interim;
 update-static-leases on;
 zone skill39.wsr. {  
 	primary 172.16.20.10;
 }
 zone 16.172.in-addr.arpa. {  
 	primary 172.16.20.10;
 }
 authoritative;
 option domain-name "skill39.wsr";
 option domain-name-servers 172.16.20.10, 192.168.20.10;
 subnet 172.16.50.0 netmask 255.255.255.252 {}
 subnet 172.16.100.0 netmask 255.255.255.0 { 
 	range 172.16.100.65 172.16.100.75; 
 	option routers 172.16.100.1;
 }
 subnet 172.16.200.0 netmask 255.255.255.0 { 
 	range 172.16.200.65 172.16.200.75; 
 	option routers 172.16.200.1;
 }
 host lclib { 
 	hardware ethernet 00:0C:29:1D:2C:06;  
 	fixed-address 172.16.200.61;
 }
@@ -0,0 +1,66 @@
 HS="/etc/hostsname"
 rm $HS; touch $HS
 echo "L-FW" >> $HS
 H="/etc/hosts"; rm $H; touch $H
 echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
 echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
 echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
 echo -e "10.10.10.10\tisp" >> $H
 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -F
 apt-cdrom add
 apt install frr iptables-persistent tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y
 sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
 SSHC="/etc/ssh/sshd_config"
 cp $SSHC $SSHC.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
 echo "AllowUsers ssh_p root ssh_c" >> $SSHC
 iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
 iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
 systemctl start NetworkManager
 nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.50.1/30"
 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens192 ifname ens192
 nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "172.16.55.1/30"
 nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens224 ifname ens224
 nmcli con add con-name ens256 ifname ens256 autoconnect yes type ethernet ip4 "172.16.20.1/24"
 nmcli con mod ens256 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens256 ifname ens256
 nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "10.10.10.1/24" gw4 10.10.10.10
 nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens160 ifname ens160
 nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 20.20.20.100 local 10.10.10.1
 nmcli con mod gre1 ipv4.method manual +ipv4.addresses 10.5.5.1
 nmcli con up gre1 ifname gre1
 systemctl stop frr; systemctl disable frr;
 sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 vtysh
 conf t 
 	ip forw
 	router ospf    
 		network 172.16.20.0/24 area 0    
 		network 172.16.50.0/30 area 0    
 		network 172.16.55.0/30 area 0    
 		network 10.5.5.0/30 area 0    
 		network 5.5.5.0/27 area 0    
 		passive-interface ens160
 		passive-interface ens256
 		exit
 	exit
 write
 exit
 useradd ssh_p -p p_hss
 useradd ssh_c -p c_hss
 shutdown -r 0
@@ -0,0 +1,54 @@
 HS="/etc/hostsname"
 rm $HS; touch $HS
 echo "L-RTR-A" >> $HS
 H="/etc/hosts"; rm $H; touch $H
 echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
 echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
 echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
 echo -e "10.10.10.10\tisp" >> $H
 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -F 
 apt-cdrom add
 apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y
 sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
 SSHC="/etc/ssh/sshd_config"
 cp $SSHC $SSHC.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
 systemctl start NetworkManager
 nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.50.2/30 gw4 172.16.50.1
 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens192 ifname ens192
 nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.100.1/24 
 nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens224 ifname ens224
 systemctl stop frr; systemctl disable frr;
 sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 vtysh
 conf t 
 	ip forw
 	router ospf    
 		network 172.16.50.0/30 area 0
 		network 172.16.100.0/24 area 0
 		passive-interface esn224
 		exit
 	exit
 write
 exit
 apt install isc-dhcp-server -y
 sed -ie "s/INTERFACESv4=\"\"/INTERFACESv4=\"ens192 ens224\"/" /etc/default/isc-dhcp-server
 DHC="/etc/dhcp/dhcpd.conf"
 rm $DHC; touch $DHC
 echo -e "# /etc/dhcp/dhcpd.conf file\n# L-RTR-A\ndefault-lease-time 600;\nmax-lease-time 7200;\n\nddns-update-style interim;\nupdate-static-leases on;\nzone skill39.wsr. { primary 172.16.20.10; }\nzone 16.172.in-addr.arpa. { primary 172.16.20.10; }\nauthoritative;\n\noption domain-name \"skill39.wsr\";\noption domain-name-servers 172.16.20.10, 192.168.20.10;\n\nsubnet 172.16.50.0 netmask 255.255.255.252 {}\nsubnet 172.16.100.0 netmask 255.255.255.0 {\n\trange 172.16.100.65 172.16.100.75;\n\toption routers 172.16.100.1;\n}\nsubnet 172.16.200.0 netmask 255.255.255.0 {\n\trange 172.16.200.65 172.16.200.75;\n\toption routers 172.16.200.1;\n}\nhost lclib {\n\thardware ethernet 00:0C:29:1D:2C:06;\n\tfixed-address 172.16.200.61;\n}\n" >> $DHC
 systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server
 shutdown -r 0
@@ -0,0 +1,51 @@
 HS="/etc/hostsname"
 rm $HS; touch $HS
 echo "L-RTR-B" >> $HS
 H="/etc/hosts"; rm $H; touch $H
 echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
 echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
 echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
 echo -e "10.10.10.10\tisp" >> $H
 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -F 
 apt-cdrom add
 apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y
 sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
 SSHC="/etc/ssh/sshd_config"
 cp $SSHC $SSHC.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
 systemctl start NetworkManager
 nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.55.2/30 gw4 172.16.55.1
 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens192 ifname ens192
 nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.200.1/24 
 nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens224 ifname ens224
 systemctl stop frr; systemctl disable frr;
 sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
 sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
 systemctl start frr; systemctl enable frr;
 vtysh
 conf t 
 	ip forw
 	router ospf    
 		network 172.16.55.0/30 area 0    
 		network 172.16.200.0/24 area 0
 		passive-interface ens224
 		exit
 	exit
 write
 exit
 apt install isc-dhcp-relay -y
 # 172.16.50.2
 # ens192 ens224
 shutdown -r 0