2011-39-Migrering af Linux

From Teknologisk videncenter
Revision as of 09:46, 27 September 2011 by Utte (talk | contribs) (On FW)
Jump to: navigation, search

Opgaver

Mandag 26-9-2011

  1. Opdater serverene
  2. Tilføj extra netkort
  3. statisk dhcp
  4. sæt dhcp server op
  5. ip tables - NAT

Tirsdag 27-9-2011

On fw

  1. dns server
  2. dns Records min 2

on web

  1. mediawiki
  2. 2nd system f.eks wordpress
  3. nfs server

On Client

  1. mount Nfs share

Config

DHCP

On FW

in /etc/dhcp/dhcpd.conf

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see dhcpd.conf(5) man page
#
ddns-update-style interim;
ignore client-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {

   # The range of IP addresses the server
   # will issue to DHCP enabled PC clients
   # booting up on the network

   range 192.168.1.100 192.168.1.199;

   # Set the amount of time in seconds that
   # a client may keep the IP address

  default-lease-time 86400;
  max-lease-time 86400;

   # Set the default gateway to be used by
   # the PC clients

   option routers 192.168.1.1;
   # Don't forward DHCP requests from this
   # NIC interface to any other NIC
   # interfaces

   option ip-forwarding off;

   # Set the broadcast address and subnet mask
   # to be used by the DHCP clients

  option broadcast-address 192.168.1.255;
  option subnet-mask 255.255.255.0;

   # Set the NTP server to be used by the
   # DHCP clients

  option ntp-servers 192.168.1.1;

   # Set the DNS server to be used by the
   # DHCP clients

  option domain-name-servers 192.168.1.1;

   # If you specify a WINS server for your Windows clients,
   # you need to include the following option in the dhcpd.conf file:

  option netbios-name-servers 192.168.1.1;

   # You can also assign specific IP addresses based on the clients'
   # ethernet MAC address as follows (Host's name is "laser-printer":

  #host laser-printer {
   #   hardware ethernet 08:00:2b:4c:59:23;
   #  fixed-address 192.168.1.222;
   #}
}
#
# List an unused interface here
#
#subnet 192.168.2.0 netmask 255.255.255.0 {
#}

Exec. Restart dhcpd service

service dhcpd restart
On Webserver & Client

Exec. Renew IP

dhclient -r
dhclient

IPTABLES

NAT

On FW

Execute: edit /init.d/nat.sh write

#!/bin/bash

### chkconfig ###
### BEGIN INIT INFO
# Provides: nat.sh
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Short-Description: Startup script containing iptables rules
### END INIT INFO

#Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#Variabels
INTERNAL_PORT="eth2"

EXTERNAL_PORT="eth1"

/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL_PORT -j MASQUERADE
/sbin/iptables -A FORWARD -i $EXTERNAL_PORT -o $INTERNAL_PORT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTERNAL_PORT -o $EXTERNAL_PORT -j ACCEPT

Exec. Add nat.sh to startup script

chkconfig --add nat.sh

DNS

On FW

Install Bind:


Configure Named (/etc/named.conf)

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 192.168.1.1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "utoft.local" {
        type master;
        notify no;
        allow-query { any; };
        file "/etc/utoft-local.zone";
};

Create Zone:

$TTL 3600
utoft.local.    IN      SOA     ns1.utoft.local.        hostmaster.utoft.local. (
                       2011092701      ; serial#
                       3600            ; refresh, seconds
                       3600            ; retry, seconds
                       3600            ; expire, seconds
                       3600 )          ; minimum, seconds

                IN      NS      ns1.example.local.

localhost       IN      A       127.0.0.1
fw              IN      A       172.16.4.119
fedoraweb       IN      A       192.168.1.10
ns1             IN      CNAME   fw
www             IN      CNAME   fedoraweb
wiki            IN      CNAME   www