Загрузка данных

Задание 1 — Настройка hostname и базовой сети

ISP

hostnamectl set-hostname isp; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=isp/g" /etc/sysconfig/network
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "BOOTPROTO=dhcp" >> /etc/net/ifaces/enp7s1/options
mkdir /etc/net/ifaces/enp7s2
mkdir /etc/net/ifaces/enp7s3
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "TYPE=eth" > /etc/net/ifaces/enp7s3/options
echo "172.16.1.1/28" > /etc/net/ifaces/enp7s2/ipv4address
echo "172.16.2.1/28" > /etc/net/ifaces/enp7s3/ipv4address
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network
ip -c -br -4 a
ping -c3 ya.ru
sysctl net.ipv4.ip_forward

HQ-RTR

hostnamectl set-hostname hq-rtr.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-rtr.au-team.irpo/g" /etc/sysconfig/network
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "172.16.1.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.1.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c -br -4 a
ip -c r
ping -c3 ya.ru

BR-RTR

hostnamectl set-hostname br-rtr.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=br-rtr.au-team.irpo/g" /etc/sysconfig/network
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "172.16.2.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.2.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ip -c -br -4 a
ip -c r
ping -c3 ya.ru

HQ-SRV

hostnamectl set-hostname hq-srv.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-srv.au-team.irpo/g" /etc/sysconfig/network

BR-SRV

hostnamectl set-hostname br-srv.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=br-srv.au-team.irpo/g" /etc/sysconfig/network

HQ-CLI

hostnamectl set-hostname hq-cli.au-team.irpo; exec bash
sed -i "s/HOSTNAME=localhost/HOSTNAME=hq-cli.au-team.irpo/g" /etc/sysconfig/network

Задание 2 — Настройка NAT, маршрутизации и VLAN

ISP — NAT

apt-get update
apt-get dist-upgrade
apt-get install iptables
iptables -t nat -A POSTROUTING -s 172.16.1.0/28 -o enp7s1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.2.0/28 -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service
iptables -t nat -L -n -v

BR-RTR — локальная сеть

ip -c -br a
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
echo "192.168.0.1/28" > /etc/net/ifaces/enp7s2/ipv4address
systemctl restart network
ip -c -br a

BR-SRV

echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
echo "192.168.0.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 192.168.0.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network
ping -c3 192.168.0.1

HQ-RTR — VLAN

mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options
mkdir /etc/net/ifaces/enp7s2.100
mkdir /etc/net/ifaces/enp7s2.200
mkdir /etc/net/ifaces/enp7s2.999
cat <<EOF > /etc/net/ifaces/enp7s2.100/options
TYPE=vlan
HOST=enp7s2
VID=100
EOF
cat <<EOF > /etc/net/ifaces/enp7s2.200/options
TYPE=vlan
HOST=enp7s2
VID=200
EOF
cat <<EOF > /etc/net/ifaces/enp7s2.999/options
TYPE=vlan
HOST=enp7s2
VID=999
EOF
echo "192.168.100.1/27" > /etc/net/ifaces/enp7s2.100/ipv4address
echo "192.168.200.1/24" > /etc/net/ifaces/enp7s2.200/ipv4address
echo "192.168.99.1/29" > /etc/net/ifaces/enp7s2.999/ipv4address
systemctl restart network
ip -c -br -4 a
ip -c -d l

HQ-SRV — VLAN 100

echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options
mkdir /etc/net/ifaces/enp7s1.100
cat <<EOF > /etc/net/ifaces/enp7s1.100/options
TYPE=vlan
HOST=enp7s1
VID=100
EOF
echo "192.168.100.2/27" > /etc/net/ifaces/enp7s1.100/ipv4address
echo "default via 192.168.100.1" > /etc/net/ifaces/enp7s1.100/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1.100/resolv.conf
systemctl restart network
ip -c -br -4 a
cat /etc/resolv.conf
ip -c r

Задание 3 — Создание пользователей

HQ-SRV — sshuser

useradd sshuser -u 2026
passwd sshuser
usermod -aG wheel sshuser
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/sshuser
su - sshuser
id -u
sudo -i
exit

BR-SRV — sshuser

useradd sshuser -u 2026
passwd sshuser
usermod -aG wheel sshuser
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/sshuser
su - sshuser
id -u
sudo -i
exit

HQ-RTR — net_admin

useradd net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/net_admin
su - net_admin
sudo -i
exit

BR-RTR — net_admin

useradd net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/net_admin
su - net_admin
sudo -i
exit
Дополнительно (если не работает sudo)
mkdir -p /etc/sudoers.d
chmod 755 /etc/sudoers.d
chmod 440 /etc/sudoers.d/net_admin

Задание 4 — Настройка SSH

HQ-SRV

echo "Port 2026" >> /etc/openssh/sshd_config
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config
echo "MaxAuthTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/openssh/banner" >> /etc/openssh/sshd_config
echo "Authorized access only" > /etc/openssh/banner
systemctl restart sshd.service
ssh user@127.0.0.1 -p 2026
ssh sshuser@127.0.0.1 -p 2026
exit

BR-SRV

echo "Port 2026" >> /etc/openssh/sshd_config
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config
echo "MaxAuthTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/openssh/banner" >> /etc/openssh/sshd_config
echo "Authorized access only" > /etc/openssh/banner
systemctl restart sshd.service
ssh user@127.0.0.1 -p 2026
exit

Задание 5 — Настройка GRE и OSPF (FRR)

HQ-RTR — GRE

mkdir /etc/net/ifaces/gre1
cat <<EOF > /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.1.2
TUNREMOTE=172.16.2.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
ip -c -br -4 a

BR-RTR — GRE

mkdir /etc/net/ifaces/gre1
cat <<EOF > /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.2.2
TUNREMOTE=172.16.2.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
ip -c -br -4 a
ping -c3 10.10.10.1

HQ-RTR — FRR/OSPF

apt-get update && apt-get install -y frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr.service
vtysh
configure terminal
router ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.100.0/27 area 0
network 192.168.200.0/24 area 0
network 192.168.99.0/29 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit

BR-RTR — FRR/OSPF

apt-get update && apt-get install -y frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr.service
vtysh
configure terminal
router ospf
passive-interface default
network 10.10.10.0/30 area 0
network 192.168.0.0/28 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit
vtysh
show ip ospf neighbor
show ip ospf interface

Задание 6 — Forwarding, NAT, DHCP, DNS, проверки

HQ-RTR — Forwarding и NAT

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
systemctl restart network
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service
sysctl net.ipv4.ip_forward
vtysh

BR-RTR — Forwarding и NAT

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
systemctl restart network
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service
sysctl net.ipv4.ip_forward
vtysh
exit

Проверка доступа в интернет

ping -c3 77.88.8.8 (HQ-SRV)
ping -c3 ya.ru (HQ-SRV)
ping -c3 77.88.8.8 (BR-SRV)
ping -c3 ya.ru (BR-SRV)

HQ-RTR — DHCP

apt-get update && apt-get install -y dhcp-server
sed -i "s/DHCPDARGS=/DHCPDARGS='enp7s2.200'/g" /etc/sysconfig/dhcpd
cat <<EOF > /etc/dhcp/dhcpd.conf
option domain-name "au-team.irpo";
option domain-name-servers 192.168.100.2;
default-lease-time 6000;
max-lease-time 72000;
authoritative;
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.2 192.168.200.254;
option routers 192.168.200.1;
}
EOF
systemctl enable --now dhcpd.service

HQ-CLI — DHCP

mkdir -p /etc/net/ifaces/enp7s1.200
mcedit /etc/net/ifaces/enp7s1.200/options (добавить: TYPE=vlan, BOOTPROTO=dhcp, HOST=enp7s1, VID=200, DISABLED=no)
systemctl restart network
ip a show enp7s1.200
ip a
ip -c -br -4 a
ip -c r
ping -c3 77.88.8.8
ping -c3 192.168.100.2

HQ-SRV — DNS (dnsmasq)

apt-get update && apt-get install -y dnsmasq
cat <<EOF > /etc/dnsmasq.conf
no-hosts
server=77.88.8.8
cache-size=1000
all-servers
no-negcache
interface=*
host-record=hq-rtr.au-team.irpo,192.168.100.1
host-record=hq-rtr.au-team.irpo,192.168.200.1
host-record=hq-rtr.au-team.irpo,192.168.99.1
host-record=hq-srv.au-team.irpo,192.168.100.2
host-record=hq-cli.au-team.irpo,192.168.200.2
address=/br-rtr.au-team.irpo/192.168.0.1
address=/br-srv.au-team.irpo/192.168.0.2
address=/docker.au-team.irpo/172.16.1.1
address=/web.au-team.irpo/172.16.2.1
EOF
systemctl enable --now dnsmasq.service

HQ-CLI — проверка DNS

host hq-rtr.au-team.irpo
host hq-srv.au-team.irpo
host hq-cli.au-team.irpo
host br-rtr.au-team.irpo
host br-srv.au-team.irpo
host docker.au-team.irpo
host web.au-team.irpo
host 192.168.99.1
host 192.168.100.1
host 192.168.200.1
host 192.168.100.2
host 192.168.200.2
host ya.ru

HQ-SRV — часовой пояс

timedatectl set-timezone Asia/Yekaterinburg
timedatectl