Difference between revisions of "Trillex install and config of servers"
m |
|||
(7 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
− | + | ||
= Installation and Configuration of Ubuntu Server = | = Installation and Configuration of Ubuntu Server = | ||
A little project: | A little project: | ||
Line 37: | Line 37: | ||
This will get you into a superuser bash. | This will get you into a superuser bash. | ||
+ | |||
+ | If you prefer to do this from a remote terminal, you'd first have to install ssh server on the server. | ||
+ | |||
+ | sudo apt-get install ssh | ||
+ | |||
+ | It does not need any configurations and you can connect right away after install. | ||
== Installing and Configuring DNS == | == Installing and Configuring DNS == | ||
Line 170: | Line 176: | ||
It works! | It works! | ||
+ | |||
+ | == Installing and Configuring a DHCP Server == | ||
+ | |||
+ | sudo apt-get install dhcp3-server | ||
+ | |||
+ | To make it only listen to one ethernet, you will have to edit '''/etc/default/dhcp3-server''' to specify. It's pretty straightforward: | ||
+ | |||
+ | INTERFACES="eth1" | ||
+ | |||
+ | or any other number, depending on your hardware setup. | ||
+ | |||
+ | Then to configure it, you will have to edit '''/etc/dhcp3/dhcpd.conf'''. It is already preconfigured to some extend but you will need to uncomment certain things first. This is essentially what I changed: | ||
+ | |||
+ | # Sample /etc/dhcpd.conf | ||
+ | # (add your comments here) | ||
+ | default-lease-time 600; | ||
+ | max-lease-time 7200; | ||
+ | option subnet-mask 255.255.255.0; | ||
+ | option broadcast-address 192.168.166.255; | ||
+ | option routers 192.168.166.1; | ||
+ | option domain-name-servers 192.168.166.1; | ||
+ | option domain-name "trillex.dk"; | ||
+ | subnet 192.168.166.0 netmask 255.255.255.0 { | ||
+ | range 192.168.1.10 192.168.1.254; | ||
+ | } | ||
+ | |||
+ | == Configuring NAT (Sharing Internet) == | ||
+ | For this, we do not need to install anything new. Everything is right there but is currently disabled. First, edit '''/etc/sysctl.conf'''. Find this: | ||
+ | |||
+ | #net.ipv4.ip_forward=1 | ||
+ | |||
+ | Uncomment it by removing the #. Now forwarding is enabled in the system kernel. | ||
+ | |||
+ | Now write: | ||
+ | |||
+ | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
+ | |||
+ | What this does is make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE. Then write: | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
+ | |||
+ | This will enable it without a reboot. | ||
+ | |||
+ | Just to be sure, save it. | ||
+ | |||
+ | iptables-save > /etc/iptables.rules | ||
+ | |||
+ | Now that it’s saved we need to load the iptables.rules on starting the network: | ||
+ | |||
+ | vi /etc/network/interfaces | ||
+ | |||
+ | # The extended interfaces | ||
+ | auto eth0 | ||
+ | iface eth0 inet dhcp | ||
+ | pre-up iptables-restore < /etc/iptables.rules | ||
+ | post-down iptables-restore < /etc/iptables.rules | ||
+ | |||
+ | Test it out on your other client. | ||
+ | [[Category:Linux]][[Category:H2]][[Category:Project]] |
Latest revision as of 10:42, 25 December 2009
Contents
Installation and Configuration of Ubuntu Server
A little project:
Essentially we are going to need to try and incorporate all our skills to set up a network that makes use of both Windows Server 200X as well as linux and various clients.
I will here describe how I set up the Ubuntu Server, so it will work with the services I've chosen for it.
These includes:
DNS
DHCP
Router (Sharing internet and generally acts as a router)
Firewall
Later on I will add support for Active Directory, so it will work with the Windows Server in the topology later on. Since the Ubuntu server will be the server out to the grand world, I will start with it. Also, a good idea is ALWAYS to start with DNS.
I'm editing everything with VIM - but a standard Ubuntu version only gets a very small version of it, so I will start out with:
sudo apt-get install vim
I have not installed any packages upon installation, so everything will be fresh.
Just for the fun of it, I'm going to make use of the latest stable build from the Ubuntu developers. This can be done by typing:
sudo do-release-upgrade -d
Remember, this is an experimental build so do not make use of it if you got a solid system already going.
The upgrade should update all installed packages, but just to be sure, do a:
sudo apt-get update sudo apt-get upgrade
Also, make sure that you do sudo for most configuration files. They are read-only for normal users for security reasons. If you get tired of doing this, you can just do a
sudo bash
This will get you into a superuser bash.
If you prefer to do this from a remote terminal, you'd first have to install ssh server on the server.
sudo apt-get install ssh
It does not need any configurations and you can connect right away after install.
Installing and Configuring DNS
If you have ever touched a Windows Server, you will know that everything is hell, unless you start out with installing DNS. So talking from bad experience, I would say that it is most important to get this installed and set up first.
Install it:
sudo apt-get install bind9
After installation, it will start the service. It should also add itself to start up, so you do not have to start it upon every boot up.
Domain Name
I will only write what I write in the files needed.
To add a domain as well as a reverse IP, edit the file /etc/bind/named.conf.local
sudo vi /etc/bind/named.conf.local
I entered:
zone "trillex.dk" { type master; file "/etc/bind/zones/trillex.dk.db"; }; zone "166.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/rev.166.168.192.in-addr.arpa"; };
I will make use of 192.168.166.X/24 later on, but I add it in here so I do not have to trace back, if things don't work.
DNS Forwarder
In certain networks, especially the one here at Mercantec, we will need a DNS forwarder, so the DNS knows where to send out unknown destined packages.
To find this, you can just type:
cat /etc/resolv.conf
The needed information is after nameserver. Now edit the file /etc/bind/named.conf.options and uncomment the forwarders and replace the IP. It should look like this:
forwarders { 172.16.4.77; };
Creating the Files
As you linked to some none existing files, it'd probably be a good idea to create them.
sudo mkdir /etc/bind/zones sudo vi /etc/bind/zones/trillex.dk.db # Remember to :wq to create the file sudo vi /etc/bind/zones/rev.166.168.192.in-addr.arpa
Zone file
Edit /etc/bind/zones/trillex.dk.db
Toss this in:
// replace example.com with your domain name. do not forget the . after the domain name! // Also, replace ns1 with the name of your DNS server trillex.dk. IN SOA trillex.dk. trillex.dk. ( // Do not modify the following lines! 2006081401 28800 3600 604800 38400 ) // Replace the following line as necessary: // ns1 = DNS Server name // mta = mail server name // example.com = domain name trillex.dk. IN NS trillex.dk. trillex.dk. IN MX 10 trillex.dk. // Replace the IP address with the right IP addresses. www IN A 192.168.166.1 mta IN A 192.168.166.1 ns1 IN A 192.168.166.1
Remember this file for further on, if you put services over to other servers.
Now edit /etc/bind/zones/rev.166.168.192.in-addr.arpa
Toss this in:
//replace example.com with yoour domain name, ns1 with your DNS server name. // The number before IN PTR example.com is the machine address of the DNS server. in my case, it's 1, as my IP address is 192.168.0.1. @ IN SOA trillex.dk. trillex.dk. ( 2006081401; 28800; 604800; 604800; 86400 ) IN NS trillex.dk. 1 IN PTR trillex.dk.
NS = Nameserver. Remember this.
Finishing
Restart the service:
sudo /etc/init.d/bind9 restart
Remember to put your nameserver into /etc/resolv.conf
Try to see if it works.
dig trillex.dk
It does not. Why? I know why, but that is the next step.
Setting up Second Interface
The reason I cannot see or use my own domain, is because the IP I've used, does not exist. Yet!
So we need to make it start up and work. This is done through the /etc/network/interfaces file.
sudo vi /etc/network/interfaces
At the buttom, enter this:
# The secondary network interface auto eth1 iface eth1 inet static address 192.168.166.1 netmask 255.255.255.0
Reboot the server, just to check that everything works out.
Now try and type
dig trillex.dk
It works!
Installing and Configuring a DHCP Server
sudo apt-get install dhcp3-server
To make it only listen to one ethernet, you will have to edit /etc/default/dhcp3-server to specify. It's pretty straightforward:
INTERFACES="eth1"
or any other number, depending on your hardware setup.
Then to configure it, you will have to edit /etc/dhcp3/dhcpd.conf. It is already preconfigured to some extend but you will need to uncomment certain things first. This is essentially what I changed:
# Sample /etc/dhcpd.conf # (add your comments here) default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.166.255; option routers 192.168.166.1; option domain-name-servers 192.168.166.1; option domain-name "trillex.dk"; subnet 192.168.166.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.254; }
Configuring NAT (Sharing Internet)
For this, we do not need to install anything new. Everything is right there but is currently disabled. First, edit /etc/sysctl.conf. Find this:
#net.ipv4.ip_forward=1
Uncomment it by removing the #. Now forwarding is enabled in the system kernel.
Now write:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
What this does is make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE. Then write:
echo 1 > /proc/sys/net/ipv4/ip_forward
This will enable it without a reboot.
Just to be sure, save it.
iptables-save > /etc/iptables.rules
Now that it’s saved we need to load the iptables.rules on starting the network:
vi /etc/network/interfaces
# The extended interfaces auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules post-down iptables-restore < /etc/iptables.rules
Test it out on your other client.