Загрузка данных

ISP
hostnamectl set-hostname isp; exec bash НАЗНАЧЕНИЕ ИМЕНИ
sed -i "s/HOSTNAME=localhost/HOSTNAME=isp/g" /etc/sysconfig/network 
----------------------------------------------------------------------
HQ-RTR
hostnamectl set-hostname hq-rtr.au-team.irpo; exec bash 
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-rtr.au-team.ipro/g" /etc/sysconfig/network
----------------------------------------------------------------------
BR-RTR
hostnamectl set-hostname br-rtr.au-team.irpo; exec bash 
sed -i "s/HOSTNAME=localhost/HOSTNAME=br-rtr.au-team.irpo/g" /etc/sysconfig/network 
----------------------------------------------------------------------
HQ-SRV
hostnamectl set-hostname hq-srv.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-srv.au-team.irpo/g" /etc/sysconfig/network 
----------------------------------------------------------------------
BR-SRV
hostnamectl set-hostname br-srv.au-team.irpo; exec bash 
sed -i "s/HOSTNAME=localhost/HOSTNAME=br-srv.au-team.irpo/g" /ec/sysconfig/network 
----------------------------------------------------------------------
HQ-CLI
hostnamectl set-hostname hq-cli.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-cli.au-team.irpo/g" /etc/sysconfig/network
----------------------------------------------------------------------
ISP
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options НАСТРОЙКА IPV4 FORWARDING
echo "BOOTPROTO=dhcp" >> /etc/net/ifaces/enp7s1/options 
mkdir /etc/net/ifaces/enp7s2
mkdir /etc/net/ifaces/enp7s3
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "TYPE=eth" > /etc/net/ifaces/enp7s3/options
echo "172.16.1.1/28" > /etc/net/ifaces/enp7s2/ip4address
echo "172.16.2.1/28" > /etc/net/ifaces/enp7s3/ipv4address
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network 
ip -c -br -4 a  
ping -c3 ya.ru
sysctl net.ipv4.ip_forward 
apt-get update 
apt-get unstall iptables
iptables -t nat -A POSTROUTING -s 172.16.1.0/28 -o enp7s1 -j MASQUERADE ДИНАМИЧЕСКАЯ СЕТЕВАЯ ТРАНСЛЯЦИЯ ПОРТОВ К HQ-RTR BR-RTR
iptables -t nat -A POSTROUTING -s 172.16.2.0/28 -o enp7s1 -J MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service 
iptables -t nat -L -n -v 
-----------------------------------------------------------------
HQ-RTR
mkdir /etc/net/ifaces/enp7s2 МАРШРУТИЗАЦИЯ МЕЖДУ VLAN
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
mkdir /etc/net/ifaces/enp7s2.100
mkdir /etc/net/ifaces/enp7s2.200
mkdir /etc/net/ifaces/enp7s2.999
cat <<EOF > /etc/net/ifaces/enp7s2.100/options 
>TYPE=vlan 
>HOST=enp7s2
>VID=100
>EOF
cat <<EOF > /etc/net/ifaces/enp7s2.200/options
>TYPE=vlan 
>HOST=enp7s2
>VID=200
>EOF
cat <<EOF > /etc/net/ifaces/enp7s2.999/options
>TYPE=vlan 
>HOST=enp7s2
>VID=999
>EOF
echo "192.168.100.1/27" > /etc/net/ifaces/enp7s2.100/ipv4address
echo "192.168.200.1/24" > /etc/net/ifaces/enp7s2.200/ipv4address
echo "192.168.99.1/29" > /etc/net/ifaces/enp7s2.999/ipv4address
systemctl restart network 
ip -c -br -4 a
ip -c -d l
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options ПОДКЛЮЧЕНИЕ К ISP
echo "172.16.1.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.1.1" > /etc/net/ifaces /enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network 
ip -c -br -4 a 
ip -c r 
ping -c3 ya.ru
-----------------------------------------------------------------
BR-RTR
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options ПОДКЛЮЧЕНИЕ К ISP
echo "172.16.2.2/28" > /etc/net/ifaces/enp7s1/ip4address
echo "default via  172.16.2.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf 
systemctl restart network 
ip -c -br -4 a 
ip -c r
ping -c3 ya.ru
ip -c -br a 
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options НАСТРОЙКА IPV4 НА ENP7S2 К ЛОК СЕТИ
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options 
echo "192.168.0.1/28" > /etc/net/ifaces/enp7s2/ipv4address
systemctl restart network 
ip -c -br a 
-----------------------------------------------------------------
HQ-SRV
echo "TYPE=eth" > /eth/net/ifaces/enp7s1/options ТЕГИРОВАННЫЙ ИНТЕРФЕЙС НА ENP7S1
mkdir /etc/net/ifaces/enp7s1.100
cat <<EOF > /etc/net/ifaces/enp7s1.100/options 
>TYPE=vlan
>HOST=enp7s1
>VID=100
>EOF
echo "192.168.100.2/27" > /etc/net/ifaces/enp7s1.100/ipv4address
echo "default via 192.168.100.1" > /etc/net/ifaces/enp7s1.100/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1.100/resolv.conf 
systemctl restart network 
ip -c -br -4 a 
cat /etc/resolv.conf
ip -c r 
-----------------------------------------------------------------
BR-SRV
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options IPV4 НА ENP7S1
echo "192.168.0.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 192.168.0.1" > /etc/net/ifaces/enp7s1/ipv4route 
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network 
ping -c3 192.168.0.1
-----------------------------------------------------------------
HQ-SRV
useradd sshuser -u 2026 УЧЕТНАЯ ЗАПИСЬ SSHUSER
passw sshuser
пароль ставим как имя допустим 
usermod -aG wheel sshuser 
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL: > /etc/sudoers.d/sshuser 
su - sshuser 
id -u
sudo -i
exit
-----------------------------------------------------------------
BR-SRV
useradd sshuser -u 2026 УЧЕТНАЯ ЗАПИСЬ SSHUSER
passw sshuser
пароль ставим как имя допустим 
usermod -aG wheel sshuser 
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL: > /etc/sudoers.d/sshuser 
su - sshuser 
id -u
sudo -i
exit
-----------------------------------------------------------------
HQ-RTR
useradd net-admin УЧЕТНАЯ ЗАПИСЬ NET_ADMIN
passwd net-admin
пароль ставим как имя допустим 
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/net_admin 
su - net_admin
sudo -i 
exit
ЕСЛИ НЕ РАБОТАЕТ !!!!!
mkdir -p /etc/sudoers.d
chmod 755 /etc/sudoers.d
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL: > /etc/sudoers.d/sshuser должна пройти 
chmod 440 /etc/sudoers.d/net_admin
-----------------------------------------------------------------
BR-RTR
useradd net-admin УЧЕТНАЯ ЗАПИСЬ NET_ADMIN
passwd net-admin
пароль ставим как имя допустим 
usermod aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/net_admin
su - net_admin
sudo -i
exit
-----------------------------------------------------------------
HQ-SRV
echo "Port 2026" >> /etc/openssh/sshd_config НАСТРОЙКА SSH
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config 
echo "MaxAuhTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/openssh/banner" > /etc/openssh/sshd_config 
echo "Authorized access only" > /etc/openssh/banner
systemctl restart sshd.service
ssh user@127.0.0.1 -p 2026
ssh sshuser@127.0.0.1 -p 2026 
exit
-----------------------------------------------------------------
BR-SRV
echo "Port 2026" >> /etc/opessh/sshd_config НАСТРОЙКА SSH
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config
echo "MaxAuthTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/opessh/banner" >> /etc/openssh/sshd_config
echo "Authorized access only" > /etc/openssh/banner 
systemctl restart sshd.service
ssh user@127.0.0.1 -p 2026
exit 
-----------------------------------------------------------------
HQ-RTR 
mkdir /etc/net/ifaces/gre1 НАСТРОЙКА GRE
cat <<EOF > /etc/net/ifaces/gre1/options
>TYPE=iptun
>TUNTYPE=gre
>TUNLOCAL=172.16.1.2
>TUNREMOTE=172.16.2.2
>TUNOPTIONS='ttl 64'
>HOST=enp7s1
>EOF
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network 
ip -c -br -4 a 
-----------------------------------------------------------------
BR-RTR 
mkdir /etc/net/ifaces/gre1 НАСТРОЙКА GRE
cat <<EOF > /etc/net/ifaces/gre1/options
>TYPE=iptun
>TUNTYPE=gre
>TUNLOCAL=172.16.2.2
>TUNREMOTE=172.16.2.2
>TUNOPTIONS='ttl 64'
>HOST=enp7s1
>EOF
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network 
ip -c -br -4 a
ping -c3 10.10.10.1
-----------------------------------------------------------------
HQ-RTR
apt-get update && apt-get install -y frr ПАКЕТ FRR
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons  OSPF
systemctl enable --now frr.service 
vtysh
configure terminal 
route ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.100.0/27 area 0
network 192.168.200.0/24 area 0
network 192.168.99.0/29 area 0
exit 
interface gre1
no ip ospf passive
ip ospf authentication message-digest 
ip ospf message-digest-key 1 md5 P@ssw0rd
end
wr mem
exit
-----------------------------------------------------------------
BR-RTR
apt-get update && apt-get install -y frr ПАКЕТ FRR
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons   OSPF
systemctl enable --now frr.service 
vtysh
configure terminal 
route ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.0.0/28 area 0
exit 
interface gre1
no ip ospf passive
ip ospf authentication message-digest 
ip ospf message-digest-key 1 md5 P@ssw0rd
end
wr mem
exit
vtysh
show ip ospf neighbor
show ip ospf interface
-----------------------------------------------------------------
HQ-RTR
sed -i "s/net.ipv4.ip_forward = 0/net/ipv4.ip_forward = 1/g" /etc/sysctl.conf НАСТРОЙКА FORWARDING NAT
systemctl restart network 
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service 
sysctl net.ip4.ip_forward ЧИНИМ FORWARDING (МОГ СЛЕТЕТЬ)
vtysh
-----------------------------------------------------------------
HQ-SRV
ping -c3 77.88.8.8 ДОСТУП В ИНЕТ ПРОВЕРКА
ping -c3 ya.ru
-----------------------------------------------------------------
BR-RTR 
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf НАСТРОЙКА FORWARDING NAT
systemctl restart network
iptables -t nat -A POSTRTOUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service 
sysctl net.ipv4.ip_forward ЧИНИМ FORWARDING (МОГ СЛЕТЕТЬ)
vtysh
exit
-----------------------------------------------------------------
BR-SRV
ping -c3 77.88.8.8 ДОСТУП В ИНЕТ ПРОВЕРКА
ping -c3 ya.ru
-----------------------------------------------------------------
HQ-RTR
apt-get update && apt-get install -y dhcp-server УСТАНОВКА DHCP
sed -i "s/DHCPDARGS=/DHCPDARGS='enp7s2.200'/g" /etc/sysconfig/dhcpd НАСТРОЙКА DHCP
cat <<EOF > /etc/dhcp/dhcpd.conf
option domain-name "au-team.irpo";
option domain-name-servers 192.168.100.2;
default-lease-time 6000;
max-lease-time 72000;
authoritative;
subnet 192.168.200.0 netmask 255.255.255.0 {
   range 192.168.200.2 192.168.200.254;
   option routers 192.168.200.1;
}
EOF
systemctl enable --now dhcpd.service 
-----------------------------------------------------------------
HQ-CLI
mkdir -p /etc/net/ifaces/enp7s1.200 СОЗДАНИЕ КАТАЛОГА
mcedit /etc/net/ifaces/enp7s1.200/options ОТРЕДАКТИРОВАТЬ ФАЙЛ OPTIONS
TYPE=vlan В ФАЙЛЕ ПИШЕМ:
BOOTPROTO=dhcp
HOST=enp7s1
VID=200
DISABLED=no СОХРАНЯЕМ F2, ESC ВЫБИРАЕМ YES, ENTER
systemctl restart network 
ip a show enp7s1.200
ip a ПРОВЕРКА ПОЛУЧИЛ ЛИ АЙПИ 
ip -c -br -4 a 
ip -c r 
ping -c3 77.88.8.8
ping -c3 192.168.100.2
-----------------------------------------------------------------
HQ-SRV 
apt-get update && apt-get install -y dnsmasq УСТАНОВКА DNS
cat <<EOF > /etc/dnsmasq.conf НАСТРОЙКА DNS
no-hosts
server=77.88.8.8
cache-size=1000
all-servers
no-negcache
interface=*
host-record=hq-rtr.au-team.irpo,192.168.100.1
host-record=hq-rtr.au-team.irpo,192.168.200.1
host-record=hq-rtr.au-team.irpo,192.168.99.1
host-record=hq-srv.au-team.irpo,192.168.100.2
host-record=hq-cli.au-team.irpo,192.168.200.2
address=/br-rtr.au-team.irpo/192.168.0.1
address=/br-srv.au-team.irpo/192.168.0.2
address=/docker.au-team.irpo/172.16.1.1
address=/web.au-team.irpo/172.16.2.1
EOF
systemctl enable --now dnsmasq.service
-----------------------------------------------------------------
HQ-CLI ВСЯ ПРОВЕРКА
host hq-rtra.au-team.irpo
hq-rtra.au-team.irpo has address 192.168.99.1
hq-rtra.au-team.irpo has address 192.168.200.1
hq-rtra.au-team.irpo has address 192.168.100.1
host hq-srv.au-team.irpo
hq-srv.au-team.irpo has address 192.168.100.2
host hq-cli.au-team.irpo
hq-cli.au-team.irpo has address 192.168.200.2
host br-rtra.au-team.irpo
br-rtra.au-team.irpo has address 192.168.0.1
host br-srv.au-team.irpo
br-srv.au-team.irpo has address 192.168.0.2
host docker.au-team.irpo
docker.au-team.irpo has address 172.16.1.1
host web.au-team.irpo
web.au-team.irpo has address 172.16.2.1
host 192.168.99.1
1.99.168.192.in-addr.arpa domain name pointer hq-rtra.au-team.irpo.
host 192.168.100.1
1.100.168.192.in-addr.arpa domain name pointer hq-rtra.au-team.irpo.
host 192.168.200.1
1.200.168.192.in-addr.arpa domain name pointer hq-rtra.au-team.irpo.
host 192.168.100.2
2.100.168.192.in-addr.arpa domain name pointer hq-srv.au-team.irpo.
host 192.168.200.2
2.200.168.192.in-addr.arpa domain name pointer hq-cli.au-team.irpo.
host ya.ru
ya.ru has address 77.88.44.242
ya.ru has address 77.88.55.242
ya.ru has address 5.255.255.242
ya.ru has IPv6 address 2a02:6b8::2:242
ya.ru mail is handled by 10 mx.yandex.ru.
-----------------------------------------------------------------
HQ-SRV НАСТРОЙКА ЗОН ВРЕМЯ !
timedatectl set-timezone Asia/Yekaterinburg
timedatectl