Добавить в корзинуПозвонить
Найти в Дзене
умныйайтишник

умныйайтишник

17
10 мин
===ISP=== nmtui -set system hostname: ISP edit a connection: HQ-ISP IPv4: manual addresses 1.1.1.1/24 IPv6: manual addresses: 1110:a::1/64 edit a connection: BR-ISP IPv4: manual addresses 2.2.2.2/24 IPv6: manual addresses: 2220:b::1/64 edit a connection: CLI IPv4: manual addresses 10.100.0.1/24 IPv6: manual addresses: 10:100:c::1/64 перезагрузить sudo nano /etc/sysctl.conf Раскомментировать параметр «net.ipv4.ip_forward» и «net.ipv6.conf.all.forwarding» ctrl+x > Y > enter sysctl -p reboot ===HQ-R=== -set system hostname: HQ-R edit a connection: HQ-ISP IPv4: manual addresses 1.1.1.100/24 gateway 1.1.1.1 IPv6: manual addresses 1110:a::100/64 gateway 1110:a::1 edit a connection: HQ IPv4: manual addresses 192.168.0.1/24 IPv6: manual addresses: 192:168:d::1/122 перезагрузить sudo nano /etc/sysctl.conf Раскомментировать параметр «net.ipv4.ip_forward» и «net.ipv6.conf.all.forwarding» ctrl+x > Y > enter sysctl -p reboot ===BR-R=== -set system hostname: BR-R edit a connection: BR-IS

===ISP===

nmtui

-set system hostname: ISP

edit a connection: HQ-ISP

IPv4: manual

addresses 1.1.1.1/24

IPv6: manual

addresses: 1110:a::1/64

edit a connection: BR-ISP

IPv4: manual

addresses 2.2.2.2/24

IPv6: manual

addresses: 2220:b::1/64

edit a connection: CLI

IPv4: manual

addresses 10.100.0.1/24

IPv6: manual

addresses: 10:100:c::1/64

перезагрузить

sudo

nano /etc/sysctl.conf

Раскомментировать параметр «net.ipv4.ip_forward» и «net.ipv6.conf.all.forwarding»

ctrl+x > Y > enter

sysctl -p

reboot

===HQ-R===

-set system hostname: HQ-R

edit a connection: HQ-ISP

IPv4: manual

addresses 1.1.1.100/24

gateway 1.1.1.1

IPv6: manual

addresses 1110:a::100/64

gateway 1110:a::1

edit a connection: HQ

IPv4: manual

addresses 192.168.0.1/24

IPv6: manual

addresses: 192:168:d::1/122

перезагрузить

sudo

nano /etc/sysctl.conf

Раскомментировать параметр «net.ipv4.ip_forward» и «net.ipv6.conf.all.forwarding»

ctrl+x > Y > enter

sysctl -p

reboot

===BR-R===

-set system hostname: BR-R

edit a connection: BR-ISP

IPv4: manual

addresses 2.2.2.100/24

gateway 2.2.2.1

IPv6: manual

addresses: 2220:b::100/64

gateway 2220:b::1

edit a connection: BR

IPv4: manual

addresses 172.16.0.33.28

IPv6: manual

addresses: 172:16:e::1/124

перезагрузить

sudo

nano /etc/sysctl.conf

Раскомментировать параметр «net.ipv4.ip_forward» и «net.ipv6.conf.all.forwarding»

ctrl+x > Y > enter

sysctl -p

reboot

===Виртуальная машина HQ-SRV===

win > settings > system > About > rename PC > HQ-SRV > restart later

control panel > network and internet > enternet > properties > edit IPv4

IP address 192.168.0.60

Subnet mask 255.255.255.192

Default gateway 192.168.0.1

control panel > network and internet > enternet > properties > edit IPv6

IP address 192:168:d::6

Subnet mask 122

Default gateway 192:168:d::1

reboot

===Виртуальная машина BR-SRV===

win > settings > system > About > rename PC > BR-SRV > restart later

control panel > network and internet > enternet > properties > edit IPv4

IP address 172.16.0.42

Subnet mask 255.255.255.240

Default gateway 172.16.0.33

control panel > network and internet > enternet > properties > edit IPv6

IP address 172:16:e::a

Subnet mask 124

Default gateway 172:16:d::1

reboot

===Виртуальная машина CLI===

Имя: root

Пароль: P@ssw0rd

Правый верхний угол > edit connection > wired connection > шестерня > 

IPv4 settings > addition MANUAL > Add 10.100.0.100 255.255.255.0 10.100.0.1

IPv6 settings > addition MANUAL > add 10:100:c::10 64 10:100:c::1

___открываем terminal___

sudo

hostnamectl set-hostname CLI

reboot

=== Виртуальная машина HQ-R ===

sudo

nmtui

edit a connection HQ ISP

Routing > Edit > IPv4 0.0.0.0/0 1.1.1.1 100

Routing > Edit > IPv6 ::/0 1110:a::1 100

reboot

=== Виртуальная машина BR-R ===

sudo

nmtui

edit a connection BR-ISP

Routing > edit > IPv4 0.0.0.0/0 2.2.2.1 100

Routing > edit > IPv6 ::/0 2220:b::1 100

reboot

=== Виртуальная машина HQ-R ===

sudo

nmtui

edit connection HQ > Add > IP tunnel

parent ens34

Local IP 1.1.1.100

Remote IP 2.2.2.100

IPv4 > manual > addresses 172.28.14.251/24

IPv6 > manual > addresses 172:28:14::a/64

reboot

=== Виртуальная машина BR-R ===

sudo

nmtui

edit connection BR-ISP > Add > IP tunnel

parent ens34

Local IP 2.2.2.100 

Remote IP 1.1.1.100

IPv4 > manual > addresses 172.28.14.252/24

IPv6 > manual > addresses 172:28:14::b/64

reboot

=== Виртуальная машина HQ-R ===

sudo

nmcli connection modify GRE-1 ip-tunnel.ttl 64

=== Виртуальная машина BR-R ===

sudo

nmcli connection modify GRE-1 ip-tunnel.ttl 64

=== Виртуальная машина ISP ===

iptables

iptables -A FORWARD -i ens+34,36,37 -o ens38 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i ens38 -o ens+34,36,37 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A POSTROUTING -o ens38 -j MASQUERADE

ip6tables -A FORWARD -i ens+34,36,37 -o ens38 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -A FORWARD -i ens38 -o ens+34,36,37 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -t nat -A POSTROUTING -o ens38 -j MASQUERADE

apt install iptables-persistent -y

После установки служба сама предложит сохранить уже сделанные изменения. Сохраняем правила IPv4 и IPv6

=== Виртуальная машина HQ-R ===

iptables -A FORWARD -i ens36 -o ens34 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i ens34 -o ens36 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A POSTROUTING -o ens34 -j MASQUERADE

ip6tables -A FORWARD -i ens36 -o ens34 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -A FORWARD -i ens34 -o ens36 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -t nat -A POSTROUTING -o ens34 -j MASQUERADE

apt install iptables-persistent -y

После установки служба сама предложит сохранить уже сделанные изменения. Сохраняем правила IPv4 и IPv6

=== Виртуальная машина BR-R ===

iptables -A FORWARD -i ens36 -o ens34 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i ens34 -o ens36 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A POSTROUTING -o ens34 -j MASQUERADE

ip6tables -A FORWARD -i ens36 -o ens34 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -A FORWARD -i ens34 -o ens36 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ip6tables -t nat -A POSTROUTING -o ens34 -j MASQUERADE

apt install iptables-persistent -y

После установки служба сама предложит сохранить уже сделанные изменения. Сохраняем правила IPv4 и IPv6

=== Виртуальная машина HQ-R ===

sudo 

apt install frr -y

nano /etc/frr/daemons

Раскомментировать "ospfd=yes","ospf6d=yes"

ctrl+x > y > enter

systemctl restart frr

systemctl enable - -now frr

vtysh

conf t

router ospf

network 192.168.0.0/26 area 0

network 172.28.14.0/24 area 0

exit 

do wr

ospf6

ospf6 router-id 1.1.1.100

ex

int grel

ipv6 ospf6 area 0

ex

int ens36

ipv6 ospf6 area 0

exit

do wr

exit

reboot

=== Виртуальная машина BR-R ===

apt install frr -y

nano /etc/frr/daemons

Раскомментировать "ospfd=yes","ospf6d=yes"

ctrl+x > y > enter

systemctl restart frr

systemctl enable - -now frr

vtysh

conf t

ospf

network 172.16.0.32/28 area 0

network 172.28.14.0/24 area 0

exit

do wr

router ospf6

ospf6 router-id 2.2.2.100

exit

int grel

ipv6 ospf6 area 0

exit

ens36

ipv6 ospf6 area 0 

exit

do wr

reboot

=== Виртуальная машина HQ-SRV ===

панель управления > система и безопасность > виндовс дефендер >advanced settings> inbound rules > new rule >custom > all programms > ICMPv4 > any IP adress > allow the connections > domain/private/public > Name: ICMPv4 

new rule >custom > all programms > ICMPv6 > any IP adress > allow the connections > domain/private/public > Name: ICMPv6

=== Виртуальная машина BR-SRV ===

панель управления > система и безопасность > виндовс дефендер >advanced settings> inbound rules > new rule >custom > all programms > ICMPv4 > any IP adress > allow the connections > domain/private/public > Name: ICMPv4 

new rule >custom > all programms > ICMPv6 > any IP adress > allow the connections > domain/private/public > Name: ICMPv6

=== Настройка DHCPv4 – HQ-R ===

apt install isc-dhcp-server -y

nano /etc/default/isc-dhcp-server

Прописываем " INTERFACESv4="ens36 ", " INTERFACESv6="ens36 "

CTRL+X > Y > enter

nano /etc/dhcp/dhcpd.conf

authoritative;

default-lease-time 600;

max-lease-time 7200;

ignore client-updates;

ddns-update-style interim;

use-host-decl-names on;

subnet 192.168.0.0 netmask 255.255.255.192 {

 range 192.168.0.11 192.168.0.61;

 option routers 192.168.0.1;

 host hq-srv {

  hardware ethernet !!INPUT MAC!!;

  fixed-address 192.168.0.60;

 }

}

CTRL+X > Y > enter

На HQ-SRV > панель управления > сеть > Enthernet > details > смотрим physical address

Нa HQ-R nano /etc/dhcp/dhcpd.conf > дописываем hardware ethernet !!Physical address!!

CTRL+X > Y > enter

=== Настройка DHCPv6 – HQ-R ===

nano /etc/dhcp/dhcpd6.conf

ctrl+k

authoritative;

default-lease-time 600;

max-lease-time 7200;

ignore-client-updates;

ddns-update-style interim;

use-host-decl-names on;

allow leasequery;

subnet6 192:168:d::/122 {

 option dhcp6.preference 255;

 range6 192:168:d::2 192:168:d::3e;

 host hq-srv {

       host-identifier option dhcp6.client-id "!!CLIENT-ID!!";

       fixed-address6 192:168:d::6;

       fixed-prefix6 192:168:d::/122;

 }

ctrl+X > Y > etner

=== Получение CLIENT-ID – HQ-SRV ===

нужно закоментировать #host-identifier option dhcp6.client-id "!!CLIENT-ID!!";

ctrl+X > Y > etner

systemctl restart isc-dhcp-server

=== Сброс настроек IPv4 - HQ-SRV ===

Панель управления > сеть > сброс настроек IPv4, IPv6

командная строка > ipconfig /release > ipconfig /renew > перезагрузка 

=== Настройка CLIENT-ID – HQ-SRV ===

systemctl status isc-dhcp-server | grep "Reply NA"

Копируем CLIENT ID 

nano /etc/dhcp/dhcpd6.conf

authoritative;

default-lease-time 600;

max-lease-time 7200;

ignore-client-updates;

ddns-update-style interim;

use-host-decl-names on;

allow leasequery;

subnet6 192:168:d::/122 {

 option dhcp6.preference 255;

 range6 192:168:d::2 192:168:d::3e;

 host hq-srv {

       host-identifier option dhcp6.client-id "!!CLIENT-ID!!";

       fixed-address6 192:168:d::6;

       fixed-prefix6 192:168:d::/122;

 }

ctrl+x > Y > enter

=== Настройка RADVD – HQ-R ===

apt install radvd -y

nano /etc/radvd.conf

interface ens36

{

  AdvSendAdvert on;

  AdvManagedFlag on;

  AdvOtherConfigFlag on;

  prefix 192:168:d::/122 {

    AdvRouterAddr on;

  };

};

ctrl+x > y > enter

systemctl restart radvd && systemctl restart isc-dhcp-server

перезагрузить HQ-SRV

=== Виртуальная машина CLI ===

Терминал > 

useradd -m -s /bin/bash admin

passwd admin

p@ssw0rd

=== Виртуальная машина HQ-SRV ===

settings > accounts > other users > add someone > new user >

user name: admin

full name: admin

description: admin

password: p@ssw0rd

user cannot change password

=== Виртуальная машина HQ-R ===

useradd -m -s /bin/bash admin

passwd admin

password: p@ssw0rd

useradd -m -s /bin/bash network-admin

passwd network-admin

password: p@ssw0rd

=== Виртуальная машина BR-R ===

useradd -m -s /bin/bash branch-admin

passwd branch-admin

password: p@ssw0rd

useradd -m -s /bin/bash network-admin

passwd network-admin

password: p@ssw0rd

=== Виртуальная машина BR-SRV ===

settings > accounts > other users > add someone > new user >

user name: branch-admin

full name: branch-admin

description: branch-admin

password: p@ssw0rd

user cannot change password

settings > accounts > other users > add someone > new user >

user name: network-admin

full name: network-admin

description: network-admin

password: p@ssw0rd

user cannot change password

=== Виртуальная машина ISP ===

apt install iperf3 -y

no

iperf3 -s -f M

=== Виртуальная машина HQ-R ===

apt install iperf3 -y

no

iperf3 -c 1.1.1.1 -f M

=== Виртуальная машина HQ-R ===

mkdir -p /opt/backup

nano /opt/backup/backup.sh

#!/bin/bash

dirs="/home /etc"

out="/opt/backup"

day=$(date +%A-%F)

hostname=$(hostname -s)

archive="$hostname-$day.tgz"

echo "### Directory backup has been started ###"

echo "### Creating backup archive ###"

tar czf $out/$archive $dirs

echo "### Backup successfully completed ###"

date +%A-%F-%T

ls -lh $out

ctrl+x > y > enter

chmod +x /opt/backup/backup.sh

bash /opt/backup/backup.sh

=== Виртуальная машина BR-R ===

#!/bin/bash

dirs="/home /etc"

out="/opt/backup"

day=$(date +%A-%F)

hostname=$(hostname -s)

archive="$hostname-$day.tgz"

echo "### Directory backup has been started ###"

echo "### Creating backup archive ###"

tar czf $out/$archive $dirs

echo "### Backup successfully completed ###"

date +%A-%F-%T

ls -lh $out

ctrl+x > y > enter

chmod +x /opt/backup/backup.sh

bash /opt/backup/backup.sh

=== Настройка пакета OpenSSH === HQ-SRV

powershell > Get-WindowsCapability - online | ? name - like 'OpenSSH.Ser*'

> Set-Service -Name sshd -StartupType 'Automatic'

> Start-Service sshd

control panel > system and security > windows defender firewall > advanced settings > new rule >port > TCP , port 2222 > allow the connections > domain/private/public > name SSH

powershell > Start-Process notepad C:\ProgramData\ssh\sshd_config

Редактируем

port 2222

PermitRootLogin yes

PasswortAuthentication yes

PermitEmptyPassword no

Сохраняем файл

powershell > Restart-Service sshd

ssh Administrator@192.168.0.60 -p 2222

=== Виртуальная машина HQ-R ===

iptables -t nat -A PREROUTING --dst 1.1.1.100 -p tcp --dport 22 -j DNAT --to-destination 192.168.0.60:2222

ip6tables -t nat -A PREROUTING --dst 1110:a::100 -p tcp --dport 22 -j DNAT --to-destination 192:168:d::6:2222

dpkg-reconfigure iptables-persistent 

yes

yes

=== Виртуальная машина BR-SRV ===

консоль > ssh 1.1.1.100 > p@ssw0rd

=== Виртуальная машина CLI ===

консоль > ssh administrator@1.1.1.100

=== Виртуальная машина HQ-SRV ===

control panel > system and security > windows defender firewall > advanced settings > new rule > custom > all programs > TCP port 2222 > указываем айпи для блокировки 10.100.0.100, 10:100:c::100 > block the connection > domain/private/public > name BlockCLI-SSH