pyth0n3 Posted April 17, 2012 Report Share Posted April 17, 2012 Avem urmatotul network +++++++++++ (blade) + Router + 192.168.123.111 +++++++++++ **************** | *--------------* | *- ZONE1 -* | *--------------* | *- Solaris 10-* |______________ *--------------* |192.168.123.0 *- SPARC 64 -* | (Subnet1) *- Router -* | *--------------* | **************** 192.168.123.110 | (BLADE) | --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|______________________________________ | | | | -------------- ---------- ------------- --------------- - Debian - - Fedora - - FreeBSD - - Centos - -------------- ---------- ------------- --------------- 192.168.123.100 DHCP 192.168.123.107 192.168.123.105Vom izola serverul Centos 192.168.1123.105 intrun subnet separat in asa fel incat sa nu poata fi accesat de catrecelelalte servere din Subnet1.Eventual ii vom lasa liber accessul SSH doar de pe reteaua externa (Internet)1.Vom crea un router in serverul (Blade 192.168.123.110) cu un nou subnet 10.0.0.0Vom crea urmatorul subnet2 clasa A:Network class AIP Adrddress 10.0.0.1Subnet Mask 255.255.255.252Broadcast 10.0.0.3Host range 10.0.0.1 (Router),10.0.0.2 Host Centos (redman)Setari Blade solaris 10 (Router)Vom aloca o interfata fizica pentru subnet2Show interface[blade]# dladm show-dev | sort -n | awk '{ print $1,$2,$3,$7,$8 }'bge0 link: up duplex: fullbge1 link: up duplex: fullqfe4 link: down duplex: unknownqfe5 link: down duplex: unknownqfe6 link: down duplex: unknownqfe7 link: up duplex: full Avem 3 interfete de retea momentan care sunt up bge0 link: up duplex: fullbge1 link: up duplex: fullqfe7 link: up duplex: fullVom folosi urmatoarele qfe7 -> interfata externa conectata direct la internetbge1 -> interfata interna in care vom crea un subnet Vom seta ipforwarding si routing in sistemùrouteadm -u -e ipv4-forwardingrouteadm -u -e ipv4-routingVom seta ipfiltersvcadm -v enable svc:/network/pfil:defaultsvcadm -v enable svc:/network/ipfilter:defaultsvcadm -v enable svc:/system/rmtmpfiles:defaultVom adauga interfetele in fisierul de configurare a firewall-uluiecho "bge -1 0 pfil" >> /etc/ipf/pfil.apecho "qfe -1 0 pfil" >> /etc/ipf/pfil.apPentru a verifica daca ip forwarding si routing a fost setat corect[blade]# routeadm | head Configuration Current Current Option Configuration System State--------------------------------------------------------------- IPv4 routing enabled enabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default"[blade]# Configurarea interfetei pt subnet ifconfig bge1 10.0.0.1 netmask 255.255.255.252 broadcast 10.0.0.3 && ifconfig bge1 plumb upecho 10.0.0.1 > /etc/hostname.bge1echo "10.0.0.0 255.255.255.252" >> /etc/netmasks[blade]# ifconfig bge1bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.0.0.1 netmask fffffffc broadcast 10.0.0.3 ether x:xx:xx:xx:xx:xx [blade]# INIT restartinit 6Configurarea serverului redman (Centos)Vom configura interfata de retea a serverului ifconfig eth2 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3route add default gw 10.0.0.1 eth2 ifconfig eth2 up[root@redman ~]# ifconfig eth2eth2 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:10.0.0.2 Bcast:10.0.0.3 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:418 errors:0 dropped:0 overruns:0 frame:0 TX packets:236 errors:1 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:36660 (35.8 KiB) TX bytes:22175 (21.6 KiB)[root@redman ~]# Note:Setarile in centos nu vor fi valabile la reboot Pentru a face acest lucru va trebui creata o directiva /etc/sysconfig/network-scripts ceea ce eu nu o voi face deoarece nu am nevoie de setari statice.Vom crea o regula in Router (BLADE Solaris 10) pentru a permite ssh catre redman (centos) Aici vom face un port forwarding:echo 'rdr qfe7 192.168.123.111 port 4444 -> 10.0.0.2 port 22' >> /etc/ipf/ipnat.confipnat -C -f /etc/ipf/ipnat.confPentru a verifica regulile NAT[blade]# ipnat -lList of active MAP/Redirect filters:rdr qfe7 192.168.123.111/32 port 4444 -> 10.0.0.2 port 22 tcpList of active sessions:[blade]# Intrun final vom avea urmatorul rezultat ########## #internet# #####.#### . ----------------.---------- - SSH PKI redman port 4444- ----------------.---------- . . +++++++++.+ (blade) + Router.+ 192.168.123.111 +++++++++.+ **************** | . *--------------* | . *- ZONE1 -* (redman) | ................................. (Netmask) 10.0.0.2 _______________ * Solaris 10 -* . 255.255.255.252 ------------ |192.168.123.0 *--------------*__ NAT __________________- Centos - | (Subnet1) *- SPARC 64 -* . 10.0.0.1 ------------ | *- Router/FW -* . (subnet2) | | *--------------* . ----------- | **************** . - SSH PKI - | 192.168.123.110 . - port 22 - | (BLADE) . -----.----- | ............................ --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|____________________________ | | | -------------- ---------- ------------ - Debian - - Fedora - - FreeBSD - -------------- ---------- ------------ 192.168.123.100 DHCP 192.168.123.107 Quote Link to comment Share on other sites More sharing options...