Помощь сисадмину

Настройка сети

📋 Таблица 1. Таблица адресации
УстройствоИнтерфейсIP-адресМаскаVLANПодсетьШлюз
ISPenp7s1DHCPDHCP-DHCPDHCP
enp7s2172.16.10.1/27-172.16.10.0/27-
enp7s3172.16.20.1/28-172.16.20.0/28-
HQ-RTRenp7s1172.16.10.2/27-172.16.1.0/27172.16.10.1
enp7s2.111192.168.111.1/27111192.168.111.0/27-
enp7s2.211192.168.211.1/28211192.168.211.0/28-
enp7s2.911192.168.99.1/29911192.168.99.0/29-
gre110.10.10.1/30-10.10.10.0/30-
BR-RTRenp7s1172.16.20.2/28-172.16.20.0/28172.16.20.1
enp7s2 (to BR-SRV)192.168.0.1/28-192.168.0.0/28-
gre110.10.10.2/30-10.10.10.0/30-
HQ-SRVenp7s1192.168.111.2/27111192.168.111.0/27192.168.111.1
BR-SRVenp7s1192.168.0.2/28-192.168.0.0/28192.168.0.1
HQ-CLIenp7s1192.168.211.2/29211192.168.211.0/29192.168.211.1
🖥️ HQ-RTR - Настройка

📝 Имя хоста

hostnamectl set-hostname HQ-RTR.au-team.irpo
exec bash

Внешний интерфейс (to ISP)

rm -rf /etc/net/ifaces/enp7s1
mkdir /etc/net/ifaces/enp7s1
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options 
echo "172.16.10.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.10.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf

👤 Пользователь net_admin (пароль P@ssw0rd)

useradd net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/net_admin

🔀 VLAN (111, 211, 911)

mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options 
mkdir /etc/net/ifaces/enp7s2.111
cat <<EOF > /etc/net/ifaces/enp7s2.111/options
TYPE=vlan
HOST=enp7s2
VID=111
EOF
mkdir /etc/net/ifaces/enp7s2.211
cat <<EOF > /etc/net/ifaces/enp7s2.211/options
TYPE=vlan
HOST=enp7s2
VID=211
EOF
mkdir /etc/net/ifaces/enp7s2.911
cat <<EOF > /etc/net/ifaces/enp7s2.911/options
TYPE=vlan
HOST=enp7s2
VID=911
EOF
echo "192.168.111.1/27" > /etc/net/ifaces/enp7s2.111/ipv4address
echo "192.168.211.1/28" > /etc/net/ifaces/enp7s2.211/ipv4address
echo "192.168.99.1/29" > /etc/net/ifaces/enp7s2.911/ipv4address
systemctl restart network 
ip -c -br a
Для отчёта 1.2: Скриншот команды ip -c -br a

GRE туннель

mkdir /etc/net/ifaces/gre1/
cat <<EOF > /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.10.2
TUNREMOTE=172.16.20.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network
ip -c -br -4 a
📸 Для отчёта 1.3: Скриншот ip -c -br -4 a (виден gre1)

🔄 OSPF (FRR)

apt-get update 
apt-get install frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr.service
vtysh
configure terminal 
router ospf
passive-interface default
network 10.10.10.0/30 area 0 
network 192.168.111.0/27 area 0 
network 192.168.211.0/28 area 0
network 192.168.99.0/29 area 0
exit
interface gre1 
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit
📸 Для отчёта 1.4: В vtysh: show ip ospf neighbor (статус FULL)

📤 Форвардинг и 🔥 NAT

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network 
apt-get install iptables
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service

🌐 DHCP сервер

apt-get install dhcp-server
sed -i "s/DHCPDARGS=/DHCPDARGS='enp7s2.211'/g" /etc/sysconfig/dhcpd
cat <<EOF > /etc/dhcp/dhcpd.conf
option domain-name "au-team.irpo";
option domain-name-servers 192.168.111.2;
default-lease-time 6000;
max-lease-time 72000;
authoritative;
subnet 192.168.211.0 netmask 255.255.255.240 {
  range 192.168.211.2 192.168.211.11;
  option routers 192.168.211.1;
}
EOF
systemctl enable --now dhcpd.service
📸 Для отчёта 1.5: systemctl status dhcpd и journalctl -eu dhcpd.service -n 20 --no-pager

🕐 Часовой пояс

timedatectl set-timezone Europe/Moscow
💾 HQ-SRV - Настройка

📝 Имя и сеть (VLAN 111)

hostnamectl set-hostname HQ-SRV.au-team.irpo
exec bash
rm -rf /etc/net/ifaces/enp7s1
mkdir /etc/net/ifaces/enp7s1
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options 
mkdir /etc/net/ifaces/enp7s1.111
cat <<EOF > /etc/net/ifaces/enp7s1.111/options
TYPE=vlan
HOST=enp7s1
VID=111
EOF
echo "192.168.111.2/27" > /etc/net/ifaces/enp7s1.111/ipv4address
echo "default via 192.168.111.1" > /etc/net/ifaces/enp7s1.111/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1.111/resolv.conf
systemctl restart network

👤 Пользователь sshuser и SSH (порт 2026)

useradd sshuser -u 2026
passwd sshuser
usermod -aG wheel sshuser 
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/sshuser
echo "Port 2026" >> /etc/openssh/sshd_config
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config
echo "MaxAuthTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/openssh/banner" >> /etc/openssh/sshd_config
echo "Authorized access only" >> /etc/openssh/banner
systemctl restart sshd.service

🌐 DNSmasq

apt-get install dnsmasq
cat <<EOF > /etc/dnsmasq.conf
no-hosts
server=77.88.8.8
cache-size=1000
all-servers
no-negcache
interface=*
host-record=hq-rtr.au-team.irpo,192.168.111.1
host-record=hq-rtr.au-team.irpo,192.168.211.1
host-record=hq-rtr.au-team.irpo,192.168.99.1
host-record=hq-srv.au-team.irpo,192.168.111.2
host-record=hq-cli.au-team.irpo,192.168.211.2
address=/br-rtr.au-team.irpo/192.168.0.1
address=/br-srv.au-team.irpo/192.168.0.2
address=/docker.au-team.irpo/172.16.10.1
address=/web.au-team.irpo/172.16.20.1
EOF
systemctl enable --now dnsmasq.service
timedatectl set-timezone Europe/Moscow
💻 HQ-CLI - Настройка

📝 Имя хоста

hostnamectl set-hostname HQ-CLI.au-team.irpo
exec bash

🔍 Проверка DNS (скриншоты для отчёта)

host hq-rtr.au-team.irpo
host hq-srv.au-team.irpo
host hq-cli.au-team.irpo
host ya.ru

🕐 Часовой пояс

timedatectl set-timezone Europe/Moscow
🌐 ISP - Настройка

📝 Имя и порты

hostnamectl set-hostname ISP
exec bash
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options 
echo "172.16.10.1/28" > /etc/net/ifaces/enp7s2/ipv4address
mkdir /etc/net/ifaces/enp7s3
echo "TYPE=eth" > /etc/net/ifaces/enp7s3/options
echo "172.16.20.1/28" > /etc/net/ifaces/enp7s3/ipv4address

📤 Форвардинг и NAT

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network
apt-get update && apt-get install iptables
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service
timedatectl set-timezone Europe/Moscow
🏢 BR-RTR - Настройка

📝 Имя и порты

hostnamectl set-hostname BR-RTR.au-team.irpo
exec bash
rm -rf /etc/net/ifaces/enp7s1
mkdir /etc/net/ifaces/enp7s1
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options 
echo "172.16.20.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 172.16.20.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
mkdir /etc/net/ifaces/enp7s2
echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options 
echo "192.168.0.1/28" > /etc/net/ifaces/enp7s2/ipv4address
systemctl restart network

GRE туннель

mkdir /etc/net/ifaces/gre1/
cat <<EOF > /etc/net/ifaces/gre1/options
TYPE=iptun
TUNTYPE=gre
TUNLOCAL=172.16.20.2
TUNREMOTE=172.16.10.2
TUNOPTIONS='ttl 64'
HOST=enp7s1
EOF
echo "10.10.10.2/30" > /etc/net/ifaces/gre1/ipv4address
systemctl restart network

🔄 OSPF

apt-get update && apt-get install frr
sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons
systemctl enable --now frr.service
vtysh
configure terminal 
router ospf
passive-interface default
network 10.10.10.0/30 area 0 
network 192.168.0.0/28 area 0 
exit
interface gre1 
no ip ospf passive
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
end
write memory
exit

👤 Пользователь и NAT

useradd net_admin
passwd net_admin
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/net_admin
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf
systemctl restart network 
apt-get install iptables
iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE
iptables-save >> /etc/sysconfig/iptables
systemctl enable --now iptables.service
timedatectl set-timezone Europe/Moscow
📡 BR-SRV - Настройка

📝 Имя, сеть и SSH

hostnamectl set-hostname BR-SRV.au-team.irpo
exec bash
rm -rf /etc/net/ifaces/enp7s1
mkdir /etc/net/ifaces/enp7s1
echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options 
echo "192.168.0.2/28" > /etc/net/ifaces/enp7s1/ipv4address
echo "default via 192.168.0.1" > /etc/net/ifaces/enp7s1/ipv4route
echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
systemctl restart network 
useradd sshuser -u 2026
passwd sshuser
usermod -aG wheel sshuser 
echo "sshuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/sshuser
echo "Port 2026" >> /etc/openssh/sshd_config
echo "AllowUsers sshuser" >> /etc/openssh/sshd_config
echo "MaxAuthTries 2" >> /etc/openssh/sshd_config
echo "Banner /etc/openssh/banner" >> /etc/openssh/sshd_config
echo "Authorized access only" >> /etc/openssh/banner
systemctl restart sshd.service
timedatectl set-timezone Europe/Moscow
Команды для скриншотов в отчёт

1.2 VLAN

# На HQ-RTR:
ip -c -br a
ip -c r
ping -c 4 192.168.111.2

1.3 GRE туннель

# На HQ-RTR:
ip -c -br a | grep gre
ping -c 4 10.10.10.2
# На BR-RTR:
ping -c 4 10.10.10.1

1.4 OSPF

# На HQ-RTR и BR-RTR (в vtysh):
vtysh
show ip ospf neighbor
show ip route ospf
exit

1.5 DHCP

# На HQ-RTR:
systemctl status dhcpd
journalctl -eu dhcpd.service -n 20 --no-pager
# На HQ-CLI:
ip -c -br a