Pastein: HQ-SRV vim /etc/net/ifaces/enp7s1/options BOOTPROTO=static SYSTEMD_BOOTPROTO=static mkdir /etc/net/ifaces/enp7s1.100 vim /etc/net/ifaces/enp7s1.100/options TYPE=vlan HOST=enp7s1 VID=100 BO

Загрузка данных
HQ-SRV
 vim /etc/net/ifaces/enp7s1/options
BOOTPROTO=static
SYSTEMD_BOOTPROTO=static
 mkdir /etc/net/ifaces/enp7s1.100
 vim /etc/net/ifaces/enp7s1.100/options
TYPE=vlan
HOST=enp7s1
VID=100
BOOTPROTO=static
echo "192.168.100.2/26" > /etc/net/ifaces/enp7s1.100/ipv4address
echo "default via 192.168.100.1" > /etc/net/ifaces/enp7s1.100/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1.100/resolv.conf
systemctl restart network
ip -c a show enp7s1.100
ip -c -d link show enp7s1.100
ip -c r
cat /etc/resolv.conf
----------------------------------------------------------------------------------------------------
BR-SRV
vim /etc/net/ifaces/enp7s1/options
BOOTPROTO=static
SYSTEMD_BOOTPROTO=static
echo "192.168.200.2/27" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 192.168.200.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
cat /etc/resolv.conf
----------------------------------------------------------------------------------------------------
BR-RTR
ip -c a
mkdir /etc/net/ifaces/enp7s2
vim /etc/net/ifaces/enp7s2/options
TYPE=eth
BOOTPROTO=static
echo "192.168.200.1/27" > /etc/net/ifaces/enp7s2/ipv4address
systemctl restart network
ip -c a
----------------------------------------------------------------------------------------------------
ISP
ip -c a
cat /etc/net/ifaces/enp7s1/options
BOOTPROTO=dhcp
TYPE=eth
systemctl restart network
ip -c a show enp7s1
ping -c3 ya.ru
mkdir /etc/net/ifaces/enp7s2
mkdir /etc/net/ifaces/enp7s3
ls /etc/net/ifaces
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s2/options
cp /etc/net/ifaces/enp7s2/options /etc/net/ifaces/enp7s3/options
echo "172.16.4.1/28" > /etc/net/ifaces/enp7s2/ipv4address
echo "172.16.5.1/28" > /etc/net/ifaces/enp7s3/ipv4address
vim /etc/net/sysctl.conf
net.ipv4.ip_forward = 1
systemctl restart network
ip -c -br -4 a
sysctl -a | grep "ip_forward"
apt-get update
apt-get install iptables
iptables –t nat –A POSTROUTING –o enp7s1 –j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables
----------------------------------------------------------------------------------------------------
HQ-RTR
ip -c a
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s1/options
echo "172.16.4.14/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.4.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
cat /etc/resolv.conf
ping -c3 ya.ru OR 77.88.8.8
----------------------------------------------------------------------------------------------------
BR-RTR
ip -c a
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s1/options
echo "172.16.5.14/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.5.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c a show enp7s1
ip -c r
cat /etc/resolv.conf
ping -c3 ya.ru OR 77.88.8.8
----------------------------------------------------------------------------------------------------
HQ-SRV & BR-SRV
useradd sshuser –u 1010
id sshuser
passwd sshuser
usermod -aG wheel sshuser
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
exit
sshuser:password        sudo su -
----------------------------------------------------------------------------------------------------
BR-RTR & HQ-RTR
useradd net_admin
id net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
exit
net_admin:password        sudo -i
----------------------------------------------------------------------------------------------------
HQ-RTR
apt-get update && apt-get install -y openvswitch
ip -c a
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "BOOTPROTO=static" >> /etc/net/ifaces/enp7s2/options
mkdir /etc/net/ifaces/vlan100
mkdir /etc/net/ifaces/vlan200
mkdir /etc/net/ifaces/vlan999
vim /etc/net/ifaces/vlan100/options
TYPE=vlan
VID=100
HOST=enp7s2
BOOTPROTO=static
vim /etc/net/ifaces/vlan200/options
TYPE=vlan
VID=200
HOST=enp7s2
BOOTPROTO=static
vim /etc/net/ifaces/vlan999/options
TYPE=vlan
VID=999
HOST=enp7s2
BOOTPROTO=static
echo "192.168.100.1/26" > /etc/net/ifaces/vlan100/ipv4address
echo "192.168.100.65/28" > /etc/net/ifaces/vlan200/ipv4address
echo "192.168.100.81/29" > /etc/net/ifaces/vlan999/ipv4address
mkdir /etc/net/ifaces/HQ-SW
echo "TYPE=ovsbr " > /etc/net/ifaces/HQ-SW/options
systemctl enable --now openvswitch
systemctl restart network
modprobe 8021q
echo "8021q" | tee -a /etc/modules
systemctl restart network
ip -c -br -4 a
ovs-vsctl show
lsmod | grep "8021q"
sysctl -a | grep "ip_forward"
sed -i "s/OVS_REMOVE=yes/OVS_REMOVE=no/g" /etc/net/ifaces/default/options
systemctl restart network
ovs-vsctl add-prot HQ-SW enp7s2 trunk=100,200,999
ovs-vsctl show
----------------------------------------------------------------------------------------------------
HQ-SRV & BR-SRV
ip -c -br -4 a
ip -c r
ping -c3 192.168.100.1
vim /etc/openssh/sshd_config
PORT 2024
#Logging
AllowUsers sshuser
MaxAuthTries 2
#no default banner path
Banner /etc/openssh/banner
echo "Authorized access only" > /etc/openssh/banner
systemctl restart sshd
ssh -p 2024 sshuser@localhost                          
exit
ssh -p 2024 sshuser@localhost
exit
----------------------------------------------------------------------------------------------------
HQ-RTR
mkdir /etc/net/ifaces/gre1
vim /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.4.14
TUNREMOTE=172.16.5.14
TUNOPTIONS='ttl 64'
HOST=enp7s1
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
modprobe gre
echo "gre" | tee -a /etc/modules
ip -c a show gre1
lsmod | grep 'gre'
ip -c -br -4 a
ping -c3 10.10.10.2
----------------------------------------------------------------------------------------------------
BR-RTR
mkdir /etc/net/ifaces/gre1
vim /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.5.14
TUNREMOTE=172.16.4.14
TUNOPTIONS='ttl 64'
HOST=enp7s1
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
modprobe gre
echo "gre" | tee -a /etc/modules
ip -c a show gre1
lsmod | grep 'gre'
ip -c -br -4 a
ping -c3 10.10.10.1
Больше возможностей при регистрации:
