Difference between revisions of "2011-39-Migrering af Linux"
From Teknologisk videncenter
m (→Config) |
m (→On FW) |
||
| Line 147: | Line 147: | ||
== DNS == | == DNS == | ||
| − | ====== On FW ====== | + | ====== On FW ====== |
| − | Install Bind: | + | Install Bind: |
| + | <br> | ||
| + | Configure Named (/etc/named.conf) | ||
| − | + | <source lang="bash">// | |
| + | // named.conf | ||
| + | // | ||
| + | // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS | ||
| + | // server as a caching only nameserver (as a localhost DNS resolver only). | ||
| + | // | ||
| + | // See /usr/share/doc/bind*/sample/ for example named configuration files. | ||
| + | // | ||
| + | options { | ||
| + | listen-on port 53 { 192.168.1.1; }; | ||
| + | directory "/var/named"; | ||
| + | dump-file "/var/named/data/cache_dump.db"; | ||
| + | statistics-file "/var/named/data/named_stats.txt"; | ||
| + | memstatistics-file "/var/named/data/named_mem_stats.txt"; | ||
| + | allow-query { localhost; }; | ||
| + | recursion yes; | ||
| + | dnssec-enable yes; | ||
| + | dnssec-validation yes; | ||
| + | dnssec-lookaside auto; | ||
| + | |||
| + | /* Path to ISC DLV key */ | ||
| + | bindkeys-file "/etc/named.iscdlv.key"; | ||
| + | |||
| + | managed-keys-directory "/var/named/dynamic"; | ||
| + | }; | ||
| + | |||
| + | logging { | ||
| + | channel default_debug { | ||
| + | file "data/named.run"; | ||
| + | severity dynamic; | ||
| + | }; | ||
| + | }; | ||
| + | |||
| + | zone "." IN { | ||
| + | type hint; | ||
| + | file "named.ca"; | ||
| + | }; | ||
| + | |||
| + | include "/etc/named.rfc1912.zones"; | ||
| + | include "/etc/named.root.key"; | ||
| + | |||
| + | zone "utoft.local" { | ||
| + | type master; | ||
| + | notify no; | ||
| + | allow-query { any; }; | ||
| + | file "/etc/utoft-local.zone"; | ||
| + | };</source><br> | ||
Create Zone: | Create Zone: | ||
Revision as of 09:46, 27 September 2011
Contents
Opgaver
Mandag 26-9-2011
- Opdater serverene
- Tilføj extra netkort
- statisk dhcp
- sæt dhcp server op
- ip tables - NAT
Tirsdag 27-9-2011
On fw
- dns server
- dns Records min 2
on web
- mediawiki
- 2nd system f.eks wordpress
- nfs server
On Client
- mount Nfs share
Config
DHCP
On FW
in /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see dhcpd.conf(5) man page
#
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
# The range of IP addresses the server
# will issue to DHCP enabled PC clients
# booting up on the network
range 192.168.1.100 192.168.1.199;
# Set the amount of time in seconds that
# a client may keep the IP address
default-lease-time 86400;
max-lease-time 86400;
# Set the default gateway to be used by
# the PC clients
option routers 192.168.1.1;
# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces
option ip-forwarding off;
# Set the broadcast address and subnet mask
# to be used by the DHCP clients
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
# Set the NTP server to be used by the
# DHCP clients
option ntp-servers 192.168.1.1;
# Set the DNS server to be used by the
# DHCP clients
option domain-name-servers 192.168.1.1;
# If you specify a WINS server for your Windows clients,
# you need to include the following option in the dhcpd.conf file:
option netbios-name-servers 192.168.1.1;
# You can also assign specific IP addresses based on the clients'
# ethernet MAC address as follows (Host's name is "laser-printer":
#host laser-printer {
# hardware ethernet 08:00:2b:4c:59:23;
# fixed-address 192.168.1.222;
#}
}
#
# List an unused interface here
#
#subnet 192.168.2.0 netmask 255.255.255.0 {
#}
Exec. Restart dhcpd service
service dhcpd restart
On Webserver & Client
Exec. Renew IP
dhclient -r
dhclient
IPTABLES
NAT
On FW
Execute: edit /init.d/nat.sh write
#!/bin/bash
### chkconfig ###
### BEGIN INIT INFO
# Provides: nat.sh
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Short-Description: Startup script containing iptables rules
### END INIT INFO
#Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#Variabels
INTERNAL_PORT="eth2"
EXTERNAL_PORT="eth1"
/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL_PORT -j MASQUERADE
/sbin/iptables -A FORWARD -i $EXTERNAL_PORT -o $INTERNAL_PORT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTERNAL_PORT -o $EXTERNAL_PORT -j ACCEPT
Exec. Add nat.sh to startup script
chkconfig --add nat.sh
DNS
On FW
Install Bind:
Configure Named (/etc/named.conf)
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.1.1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "utoft.local" {
type master;
notify no;
allow-query { any; };
file "/etc/utoft-local.zone";
};
Create Zone:
$TTL 3600
utoft.local. IN SOA ns1.utoft.local. hostmaster.utoft.local. (
2011092701 ; serial#
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum, seconds
IN NS ns1.example.local.
localhost IN A 127.0.0.1
fw IN A 172.16.4.119
fedoraweb IN A 192.168.1.10
ns1 IN CNAME fw
www IN CNAME fedoraweb
wiki IN CNAME www