bugfix

configs/-opt-dns/db.172

@@ -2,10 +2,10 @@
 ; Configured by Maxim
 $TTL 604800
 @	IN	SOA	skill39.wsr.	root.skill39.wsr. (
-				1,			; Serial
+				1			; Serial
-				604800,		; Refresh
+				604800		; Refresh
-				86400,		; Retry
+				86400		; Retry
-				2419200,	; Expire
+				2419200	; Expire
 				604800 )	; Negative Cache TTL
 
 @	IN	NS	l-srv.skill39.wsr.

configs/-opt-dns/db.192

@@ -2,10 +2,10 @@
 ; Configured by Maxim
 $TTL 604800
 @	IN	SOA	skill39.wsr.	root.skill39.wsr. (
-				1,			; Serial
+				1			; Serial
-				604800,		; Refresh
+				604800		; Refresh
-				86400,		; Retry
+				86400		; Retry
-				2419200,	; Expire
+				2419200	; Expire
 				604800 )	; Negative Cache TTL
 
 @	IN	NS	l-srv.skill39.wsr.

configs/-opt-dns/skill39.db

@@ -2,10 +2,10 @@
 ; Configured by Maxim
 $TTL 604800
 @	IN	SOA	l-srv.skill39.wsr.	root.skill39.wsr. (
-				1,			; Serial
+				1			; Serial
-				604800,		; Refresh
+				604800		; Refresh
-				86400,		; Retry
+				86400		; Retry
-				2419200,	; Expire
+				2419200		; Expire
 				604800 )	; Negative Cache TTL
 
 @	IN	NS	l-srv.skill39.wsr.
@@ -28,3 +28,4 @@ r-srv	IN	A	192.168.20.10
 r-rtr	IN	A	192.168.10.2
 r-cli	IN	A	192.168.100.100
 www	IN	CNAME	r-fw
+

configs/config-all.sh

@@ -88,12 +88,14 @@ firewall-cmd --permanent --zone=external --add-interface=ens160
 firewall-cmd --permanent --zone=trusted --add-interface=ens192
 firewall-cmd --permanent --zone=trusted --add-interface=ens224
 firewall-cmd --permanent --zone=trusted --add-interface=gre1
+firewall-cmd --permanent --zone=external --add-port=22/tcp
+firewall-cmd --permanent --zone=external --add-port=22/udp
+firewall-cmd --permanent --zone=external --add-forward-port=port=53:proto=tcp:toport=53:toaddr=192.168.20.10
 
 firewall-cmd --reload
 
 # firewall-cmd --permanent --zone=external --add-masquerade
 # firewall-cmd --permanent --zone=trusted --add-interface=tunnel
-# firewall-cmd --permanent --zone=external --add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.20.10
 # firewall-cmd --permanent --zone=external --add-service=http
 # firewall-cmd --permanent --zone=external --add-service=https
 # firewall-cmd --permanent --zone=external --add-service=ssh
@@ -152,9 +154,9 @@ iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT
 
-# iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
 iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
-iptables -t nat -A PREROUTING -i ens256 -j DNAT --to-destination 172.16.20.10
+iptables -t nat -A PREROUTING -i ens160 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
+# iptables -t nat -A PREROUTING -i ens256 -j DNAT --to-destination 172.16.20.10
 
 
 echo "AllowUsers ssh_p root ssh_c" >> /etc/ssh/sshd_config
@@ -304,14 +306,17 @@ exit
 apt install bind9
 nano /etc/bind/named.conf.options
 
-# // /etc/bind/named.conf.options file
+// /etc/bind/named.conf.options file
-# options {
+options {
-# 	directory "/var/cache/bind";   
+	directory "/var/cache/bind";   
-# 	forwarders { 10.10.10.10; };   
+	forwarders { 10.10.10.10; }; 
-# 	dnssec-validation no;
+	dnssec-validation no;
-# 	listen-on-v6 { none; };
+	listen-on port 53 { any; };
-# 	recursion yes;
+	listen-on-v6 { none; };
-# };
+	allow-transfer { any; };
+	allow-recursion { any; };
+	recursion yes;
+};
 
 mkdir /opt/dns
 cp /etc/bind/db.local /opt/dns/skill39.db
@@ -327,24 +332,23 @@ systemctl restart apparmor.service
 
 nano /etc/bind/named.conf.default-zones
 
-# zone "skill39.wsr" {
+zone "skill39.wsr" {
-# 	type master;
+	type master;
-# 	allow-transfer { any; };
+	allow-transfer { any; };
-# 	allow-update { 172.16.50.2; };
+	allow-update { 172.16.50.2; };
-# 	recursion yes;
+	file "/opt/dns/skill39.db";
-# 	file "/opt/dns/skill39.db";
+};
-# };
+zone "16.172.in-addr.arpa" { 
-# zone "16.172.in-addr.arpa" { 
+	type master; 
-# 	type master; 
+	allow-transfer { any; };
-# 	allow-transfer { any; };
+	allow-update { 172.16.50.2; };
-# 	allow-update { 172.16.50.2; };
+	file "/opt/dns/db.172";
-# 	file "/opt/dns/db.172";
+};
-# };
+zone "168.192.in-addr.arpa" { 
-# zone "168.192.in-addr.arpa" { 
+	type master; 
-# 	type master; 
+	allow-transfer { any; }; 
-# 	allow-transfer { any; }; 
+	file "/opt/dns/db.192";
-# 	file "/opt/dns/db.192";
+};
-# };
 
 nano /opt/dns/skill39.db
 # ( Файл находится в этой директории )
@@ -368,3 +372,32 @@ yum install bind
 
 mkdir /opt/dns
 chown named:named /opt/dns
+
+
+# R-SRV
+
+yum install bind 
+
+nano /etc/bind/named.conf.default-zones
+
+mkdir /opt/dns; chown -R named:named /opt/dns
+touch /opt/dns/skill39.db; chown -R named:named /opt/dns/skill39.db
+touch /opt/dns/db.172; chown -R named:named /opt/dns/db.172
+touch /opt/dns/db.192; chown -R named:named /opt/dns/db.192
+
+zone "skill39.wsr" {
+	type slave;
+	masters { 172.16.20.10; };
+	file "/opt/dns/skill39.db";
+};
+zone "16.172.in-addr.arpa" { 
+	type slave; 
+	masters { 172.16.20.10; };
+	file "/opt/dns/db.172";
+};
+zone "168.192.in-addr.arpa" { 
+	type slave; 
+	masters { 172.16.20.10; };
+	file "/opt/dns/db.192";
+};
+

configs/l-/l-fw.sh

@@ -8,6 +8,7 @@ echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw
 echo -e "10.10.10.10\tisp" >> $H
 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -F
+iptables -t nat -F
 apt-cdrom add
 
 apt install frr iptables-persistent tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y

configs/l-/l-srv.sh

@@ -10,7 +10,7 @@ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -F 
 apt-cdrom add
 
-apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils dnsutils -y
 
 sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
 SSHC="/etc/ssh/sshd_config"
@@ -18,10 +18,35 @@ cp $SSHC $SSHC.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
 
 nmcli con del id ens192
-nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.20.10/24 gw4 172.16.20.1
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.20.10/24" gw4 172.16.20.1
 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con up ens192 ifname ens192
 
+NMCO="/etc/bind/named.conf.options"
+rm $NMCO; touch $NMCO; chown -R bind:bind $NMCO
+echo -e "// /etc/bind/named.conf.options file\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n\trecursion yes;\n};"  >> $NMCO
+
+mkdir /opt/dns
+cp /etc/bind/db.local /opt/dns/skill39.db
+cp /etc/bind/db.127 /opt/dns/db.172
+cp /etc/bind/db.127 /opt/dns/db.192
+chown -R bind:bind /opt/dns
+sed -ie "s/^}$/\n\n  # skill39 zones\n  \/opt\/dns\/** rw,\n}/" /etc/apparmor.d/usr.sbin.named
+
+echo -e "
+zone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tallow-update { 172.16.50.2; };\n\tfile \"/opt/dns/skill39.db\";\n};
+zone \"16.172.in-addr.arpa\" { \n\ttype master; \n\tallow-transfer { any; };\n\tallow-update { 172.16.50.2; };\n\tfile \"/opt/dns/db.172\";};
+zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; }; \n\tfile \"/opt/dns/db.192\";\n};" >> /etc/bind/named.conf.default-zones
+
+nano /opt/dns/skill39.db
+# ( -opt-dns )
+
+nano /opt/dns/db.172
+# ( -opt-dns )
+
+nano /opt/dns/db.192
+# ( -opt-dns )
+
 systemctl disable chronyd ; systemctl stop chronyd
 shutdown -r 0
 

configs/r-/out-cli.sh

@@ -0,0 +1,36 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "OUT-CLI" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS; mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+nmcli con del id ens32
+nmcli con add con-name ens32 ifname ens32 autoconnect yes type ethernet ip4 "20.20.20.5/24" gw4 20.20.20.5
+nmcli con mod ens32 +ipv4.dns 10.10.10.1 +ipv4.dns 20.20.20.100 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens32 ifname ens32
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

configs/r-/r-cli.sh

@@ -27,7 +27,6 @@ sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswit
 SSHC="/etc/ssh/sshd_config"
 cp $SSHC $SSHC.old
 sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
-
 nmcli con del id ens32
 nmcli con add con-name ens32 ifname ens32 autoconnect yes type ethernet ip4 192.168.100.100/24 gw4 192.168.100.1
 nmcli con mod ens32 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"

configs/r-/r-fw.sh

@@ -35,7 +35,7 @@ nmcli con del id gre1
 
 nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "192.168.10.1/30"
 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
-nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "192.168.20.1/30"
+nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "192.168.20.1/24"
 nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
 nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "20.20.20.100/24" gw4 20.20.20.10
 nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"