Pastein: HQ-SRV vim /etc/net/ifaces/enp7s1/options (OPT) BOOTPROTO=static (OPT) SYSTEMD_BOOTPROTO=static mkdir /etc/net/ifaces/enp7s1.100 vim /etc/net/ifaces/enp7s1.100/options (OPT) TYPE=vlan (OPT)

Загрузка данных
HQ-SRV
 vim /etc/net/ifaces/enp7s1/options
(OPT) BOOTPROTO=static
(OPT) SYSTEMD_BOOTPROTO=static
 mkdir /etc/net/ifaces/enp7s1.100
 vim /etc/net/ifaces/enp7s1.100/options
(OPT) TYPE=vlan
(OPT) HOST=enp7s1
(OPT) VID=100
(OPT) BOOTPROTO=static
echo "192.168.100.2/26" > /etc/net/ifaces/enp7s1.100/ipv4address
echo "default via 192.168.100.1" > /etc/net/ifaces/enp7s1.100/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1.100/resolv.conf
systemctl restart network
ip -c a show enp7s1.100
ip -c -d link show enp7s1.100
ip -c r
cat /etc/resolv.conf
----------------------------------------------------------------------------------------------------
BR-SRV
vim /etc/net/ifaces/enp7s1/options
(OPT) BOOTPROTO=static
(OPT) SYSTEMD_BOOTPROTO=static
echo "192.168.200.2/27" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 192.168.200.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
cat /etc/resolv.conf
----------------------------------------------------------------------------------------------------
BR-RTR
ip -c a
mkdir /etc/net/ifaces/enp7s2
vim /etc/net/ifaces/enp7s2/options
(OPT) TYPE=eth
(OPT) BOOTPROTO=static
echo "192.168.200.1/27" > /etc/net/ifaces/enp7s2/ipv4address
systemctl restart network
ip -c a
----------------------------------------------------------------------------------------------------
ISP
ip -c a
cat /etc/net/ifaces/enp7s1/options
(SET) BOOTPROTO=dhcp
(SET) TYPE=eth
systemctl restart network
ip -c a show enp7s1
ping -c3 ya.ru
mkdir /etc/net/ifaces/enp7s2
mkdir /etc/net/ifaces/enp7s3
ls /etc/net/ifaces
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s2/options
cp /etc/net/ifaces/enp7s2/options /etc/net/ifaces/enp7s3/options
echo "172.16.4.1/28" > /etc/net/ifaces/enp7s2/ipv4address
echo "172.16.5.1/28" > /etc/net/ifaces/enp7s3/ipv4address

apt-get update && apt-get install -y iptables tzdata
vim /etc/net/sysctl.conf
net.ipv4.ip_forward = 1
systemctl restart network
ip -c -br -4 a
sysctl -a | grep "ip_forward"
apt-get update
apt-get install iptables
iptables –t nat –A POSTROUTING –o enp7s1 –j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables
----------------------------------------------------------------------------------------------------
HQ-RTR
ip -c a
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s1/options
echo "172.16.4.14/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.4.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
ping -c3 ya.ru OR 77.88.8.8

	  !OSPF!
vim /etc/net/sysctl.conf
net.ipv4.ip_forward = 0 ---> 1

apt-get update && apt-get install -y frr
vim /etc/frr/daemons
ospfd=yes
systemctl enable --now frr
vtysh
conf t
router ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.100.0/26 area 0
network 192.168.100.64/28 area 0
network 192.168.100.80/29 area 0
exit
int gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
exit
exit
write memory
systemctl restart network
----------------------------------------------------------------------------------------------------
BR-RTR
ip -c a
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s1/options
echo "172.16.5.14/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.5.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
ping -c3 ya.ru OR 77.88.8.8

	  !OSPF!
vim /etc/net/sysctl.conf
net.ipv4.ip_forward = 0 ---> 1

apt-get update && apt-get install -y frr
vim /etc/frr/daemons
ospfd=yes
systemctl enable --now frr
vtysh
conf t
router ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.200.0/27 area 0
exit
int gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
exit
exit
write memory
systemctl restart network
----------------------------------------------------------------------------------------------------
HQ-SRV & BR-SRV
useradd sshuser –u 1010
id sshuser
passwd sshuser
usermod -aG wheel sshuser
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
exit
sshuser:password
sudo su -
----------------------------------------------------------------------------------------------------
BR-RTR & HQ-RTR
useradd net_admin
id net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
exit
net_admin:password
sudo -i
----------------------------------------------------------------------------------------------------
HQ-RTR
apt-get update && apt-get install -y openvswitch
ip -c a
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s2/options
mkdir /etc/net/ifaces/vlan100
mkdir /etc/net/ifaces/vlan200
mkdir /etc/net/ifaces/vlan999
vim /etc/net/ifaces/vlan100/options
echo "TYPE=vlan" > /etc/net/ifaces/vlan100/options
echo "VID=100" >> /etc/net/ifaces/vlan100/options
echo "HOST=enp7s2" >> /etc/net/ifaces/vlan100/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/vlan100/options
vim /etc/net/ifaces/vlan200/options
echo "TYPE=vlan" > /etc/net/ifaces/vlan200/options
echo "VID=200" >> /etc/net/ifaces/vlan200/options
echo "HOST=enp7s2" >> /etc/net/ifaces/vlan200/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/vlan200/options
vim /etc/net/ifaces/vlan999/options
echo "TYPE=vlan" > /etc/net/ifaces/vlan200/options
echo "VID=999" >> /etc/net/ifaces/vlan200/options
echo "HOST=enp7s2" >> /etc/net/ifaces/vlan200/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/vlan200/options
echo "192.168.100.1/26" > /etc/net/ifaces/vlan100/ipv4address
echo "192.168.100.65/28" > /etc/net/ifaces/vlan200/ipv4address
echo "192.168.100.81/29" > /etc/net/ifaces/vlan999/ipv4address
------------------------------------------------------------------------------------
HQ-SRV & BR-SRV
ip -c -br -4 a
ip -c r
ping -c3 192.168.100.1
vim /etc/openssh/sshd_config
PORT 2024
#Logging
AllowUsers sshuser
MaxAuthTries 2
#no default banner path
Banner /etc/openssh/banner
echo "Authorized access only" > /etc/openssh/banner
systemctl restart sshd
ssh -p 2024 sshuser@localhost                          
exit
ssh -p 2024 sshuser@localhost
exit
----------------------------------------------------------------------------------------------------
HQ-RTR
mkdir /etc/net/ifaces/gre1
vim /etc/net/ifaces/gre1/options
(OPT) TYPE=iptun
(OPT) TUNTYPE=gre
(OPT) TUNLOCAL=172.16.4.14
(OPT) TUNREMOTE=172.16.5.14
(OPT) TUNOPTIONS='ttl 64'
(OPT) HOST=enp7s1
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
modprobe gre
echo "gre" | tee -a /etc/modules
ip -c a show gre1
lsmod | grep 'gre'
ip -c -br -4 a
ping -c3 10.10.10.2
----------------------------------------------------------------------------------------------------
BR-RTR
mkdir /etc/net/ifaces/gre1
vim /etc/net/ifaces/gre1/options
(OPT) TYPE=iptun
(OPT) TUNTYPE=gre
(OPT) TUNLOCAL=172.16.5.14
(OPT) TUNREMOTE=172.16.4.14
(OPT) TUNOPTIONS='ttl 64'
(OPT) HOST=enp7s1
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
modprobe gre
echo "gre" | tee -a /etc/modules
ip -c a show gre1
lsmod | grep 'gre'
ip -c -br -4 a
ping -c3 10.10.10.1
Больше возможностей при регистрации:
