🖥️ HQ-RTR - Настройка
📝 Имя хоста
hostnamectl set-hostname HQ-RTR.au-team.irpo exec bash
Внешний интерфейс (to ISP)
rm -rf /etc/net/ifaces/enp7s1 mkdir /etc/net/ifaces/enp7s1 echo "TYPE=eth" > /etc/net/ifaces/enp7s1/options echo "172.16.10.2/28" > /etc/net/ifaces/enp7s1/ipv4address echo "default via 172.16.10.1" > /etc/net/ifaces/enp7s1/ipv4route echo "nameserver 77.88.8.8" > /etc/net/ifaces/enp7s1/resolv.conf
👤 Пользователь net_admin (пароль P@ssw0rd)
useradd net_admin passwd net_admin usermod -aG wheel net_admin echo "net_admin ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/net_admin
🔀 VLAN (111, 211, 911)
mkdir /etc/net/ifaces/enp7s2 echo "TYPE=eth" > /etc/net/ifaces/enp7s2/options mkdir /etc/net/ifaces/enp7s2.111 cat <<EOF > /etc/net/ifaces/enp7s2.111/options TYPE=vlan HOST=enp7s2 VID=111 EOF mkdir /etc/net/ifaces/enp7s2.211 cat <<EOF > /etc/net/ifaces/enp7s2.211/options TYPE=vlan HOST=enp7s2 VID=211 EOF mkdir /etc/net/ifaces/enp7s2.911 cat <<EOF > /etc/net/ifaces/enp7s2.911/options TYPE=vlan HOST=enp7s2 VID=911 EOF echo "192.168.111.1/27" > /etc/net/ifaces/enp7s2.111/ipv4address echo "192.168.211.1/28" > /etc/net/ifaces/enp7s2.211/ipv4address echo "192.168.99.1/29" > /etc/net/ifaces/enp7s2.911/ipv4address systemctl restart network ip -c -br a
Для отчёта 1.2: Скриншот команды
ip -c -br aGRE туннель
mkdir /etc/net/ifaces/gre1/ cat <<EOF > /etc/net/ifaces/gre1/options TYPE=iptun TUNTYPE=gre TUNLOCAL=172.16.10.2 TUNREMOTE=172.16.20.2 TUNOPTIONS='ttl 64' HOST=enp7s1 EOF echo "10.10.10.1/30" > /etc/net/ifaces/gre1/ipv4address systemctl restart network ip -c -br -4 a
📸 Для отчёта 1.3: Скриншот
ip -c -br -4 a (виден gre1)🔄 OSPF (FRR)
apt-get update apt-get install frr sed -i "s/ospfd=no/ospfd=yes/g" /etc/frr/daemons systemctl enable --now frr.service vtysh configure terminal router ospf passive-interface default network 10.10.10.0/30 area 0 network 192.168.111.0/27 area 0 network 192.168.211.0/28 area 0 network 192.168.99.0/29 area 0 exit interface gre1 no ip ospf passive ip ospf authentication message-digest ip ospf message-digest-key 1 md5 P@ssw0rd end write memory exit
📸 Для отчёта 1.4: В vtysh:
show ip ospf neighbor (статус FULL)📤 Форвардинг и 🔥 NAT
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/net/sysctl.conf systemctl restart network apt-get install iptables iptables -t nat -A POSTROUTING -o enp7s1 -j MASQUERADE iptables-save >> /etc/sysconfig/iptables systemctl enable --now iptables.service
🌐 DHCP сервер
apt-get install dhcp-server
sed -i "s/DHCPDARGS=/DHCPDARGS='enp7s2.211'/g" /etc/sysconfig/dhcpd
cat <<EOF > /etc/dhcp/dhcpd.conf
option domain-name "au-team.irpo";
option domain-name-servers 192.168.111.2;
default-lease-time 6000;
max-lease-time 72000;
authoritative;
subnet 192.168.211.0 netmask 255.255.255.240 {
range 192.168.211.2 192.168.211.11;
option routers 192.168.211.1;
}
EOF
systemctl enable --now dhcpd.service📸 Для отчёта 1.5:
systemctl status dhcpd и journalctl -eu dhcpd.service -n 20 --no-pager🕐 Часовой пояс
timedatectl set-timezone Europe/Moscow