Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa
Author: Federico Antonio Valdes Toujague
Wannan labarin shine ci gaba na:
Barka dai abokai da abokai!
Ƙungiya Masu kwazo sayi sunan yankin intanet desdelinux.fan zuwa ga mai ba da sabis na Intanet ɗinku ko ISP. A matsayin wani ɓangare na wannan sayen, sun nemi ISP ɗin su da su haɗa da duk bayanan DNS ɗin da ake buƙata don tambayoyin da suka dace game da yankin da za a warware su daga Intanet.
Sun kuma nemi a haɗa bayanan SRV game da XMPP saboda suna shirin girka uwar garken aika sakon gaggawa a kan hakan Wadatarwa hakan zai shiga tarayyar data kasance ta masu amfani da sabobin XMMP akan Intanet.
- Babban ma'anar wannan labarin shine don nuna yadda zamu iya yin tunatar da rikodin SRV masu alaƙa da sabis ɗin Saƙo na Nan take mai dacewa da XMPP a cikin fayil ɗin yankin DNS..
- Shigarwa na Shagon bango Tare da hanyar sadarwar yanar gizo guda ɗaya, zata iya yiwa waɗanda suka yanke shawarar shigar da sabar kamar wannan don sarrafa wakilcin DNS Zone. Idan wannan sabar ta haɗu da LAN na Ciniki ban da Intanet, dole ne a sanya saitunan da suka dace don amfani da hanyoyin sadarwa biyu.
Tashar sabar
Zamu girka sabar DNS mai amfani NSD akan Debian "Jessie". Wannan shi ne tushen sabar yankin "fan". Babban sigogin sabar sune:
Suna: ns.fan Adireshin IP: 172.16.10.30 tushen @ ns: ~ # sunan mai gida ns tushen @ ns: ~ # sunan mai masauki --fqdn ns.fan tushen @ ns: ~ # ip addr show 1: menene: mtu 65536 qdisc noqueue jihar UNKNOWN kungiyar tsoho mahada / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 ikon yin amfani da mahada lo valid_lft har abada fifita_lft har abada inet6 :: 1/128 ikon watsa shiri host_lft har abada fifikon_lft har abada 2: eth0: mtu 1500 qdisc pfifo_fast jihar UP kungiyar tsoho qlen 1000 mahada / ether 00: 0c: 29: dc: d7: 1b brd ff: ff: ff: ff: ff: ff inet 172.16.10.30/24 brd 172.16.10.255 ikon yinsa a duniya eth0 inganci_lft har abada fifita_lft har abada inet6 fe80 :: 20c: 29ff: fedc: d71b / 64 mahaɗan mahada valid_lft har abada fifikon_lft har abada
Shagon bango
Kafin barin aiki tare da WWW Village, yana da kyau sosai don kare uwar garken da ayyukan da yake bayarwa ta hanyar Firewall mai ƙarfi - Router. Shorewall yana da ɗan sauƙin daidaitawa kuma zaɓi ne mai aminci don kariya.
- Ingantaccen daidaitaccen Firewall shine aikin masani ko masana, wanda bamuyi ba. Muna ba da jagora kawai don ƙarancin daidaitaccen aiki.
Mun shigar da kunshin shinge da takardunsa.
tushen @ ns: ~ # iyawa nuna shorewall
Kunshinwa: shorewall Sabo: ee Yanayi: ba'a sanya shi ba
Saka: 4.6.4.3-2
tushen @ ns: ~ # ƙwarewa shigar da shinge a cikin shinge-doc
Takardun
Zaka sami wadatattun takardu a cikin manyan fayiloli:
- / usr / share / doc / shorewall
- / usr / share / doc / shorewall / misalai
- / usr / share / doc / shorewall-doc / html
Mun saita don haɗin kebul
tushen @ ns: ~ # cp / usr / share / doc / shorewall / misalai / ɗaya-dubawa / musaya \ / sauransu / shorewall / tushen @ ns: ~ # Nano / sauransu / shorewall / musaya #ZONE INTERFACE ZABI net eth0 tcpflags, logmartians, nosmurfs, sourceroute = 0
Muna bayyana bangarorin Firewall
tushen @ ns: ~ # cp / usr / share / doc / shorewall / misalai / one-interface / zone \ / sauransu / shorewall / tushen @ ns: ~ # Nano / sauransu / shorewall / zones ZAMAN ZAMANIN YANZU A CIKIN # ZABON ZABE fw firewall net ipv4
Tsoffin manufofi don samun damar Tacewar zaɓi
tushen @ ns: ~ # cp / usr / share / doc / shorewall / misalai / ɗaya-kerawa / siyasa \
/ sauransu / shorewall /
tushen @ ns: ~ # Nano / sauransu / shorewall / manufofin
#SOURCE DEST POLICY LOG LEVEL LIMIT: BURST $ FW net ACCEPT
net duk bayanan DROP
# SIYASAR NAN TA KAMATA TA ZAMA LAST all all RAYE info
Dokoki don samun dama ga bango
tushen @ ns: ~ # cp / usr / share / doc / shorewall / misalai / ɗaya-dubawa / dokoki \
/ sauransu / shorewall /
tushen @ ns: ~ # Nano / sauransu / shorewall / dokoki
#ACTION SOURCE DEST PROTO DEST SOURCE ASALIN Rate USER / MARK CON $ # PORT PORT (S) DEST LIMIT GROUP? SASHE DUK? KASASHEN KASASHEN KASASHE? fakitoci a cikin asusun mara inganci Invalid (DROP) net $ FW tcp # Drop Ping daga "mara kyau" net yankin .. kuma ka hana log ɗinka ambaliyar ruwa .. # Yi watsi da Ping daga yankin mara kyau "mara kyau". # Hana ambaliyar tsarin log (/ var / log / syslog) Ping (DROP) net $ FW # Bada izinin duk ICMP zirga-zirga DAGA Firewall Zuwa net net # Bada izinin duk ICMP zirga-zirga DAGA Firewall Zuwa yankin net. Yarda da $ FW net icmp
# Dokokin mallaka # Samun dama ta hanyar SSH daga kwamfutoci biyu
SSH / ACCEPT net: 172.16.10.1,172.16.10.10 $ FW tcp 22
# Bada izinin zirga-zirga a tashoshin jiragen ruwa 53 / tcp da 53 / udp
Yarda da net $ FW tcp 53
Yarda da net $ FW udp 53
Muna bincika tsarin aiwatar da fayilolin sanyi
tushen @ ns: ~ # shorewall cak
Dubawa ... Tsarin aiki / sauransu / shinge / params ... Gudanarwa /etc/shorewall/shorewall.conf ... Loading Module ... Dubawa / sauransu / matattarar kaya / yankuna ... Dubawa / sauransu / shorewall / musaya .. Tabbatar da Runduna a Yankuna ... Gano Fayilolin Aiki ... Dubawa / sauransu / shorewall / manufofi ... dingara Dokokin Anti-smurf Duba TCP Flags na tace ... Duba Tattalin Arzikin Kern ... Duba Martian Shiga ... Dubawa Yarda da Hanyar Tattalin Arziki ... Duba MAC Tacewa - Mataki na 1 ... Dubawa / sauransu / shorewall / dokoki ... Dubawa / sauransu / shorewall / conntrack ... Duba Tacewar MAC - Kashi na 2 ... Aiwatar da Manufofin .. Duba / usr/share/shorewall/action.Drop don sarkar Drop ... Dubawa /usr/share/shorewall/action.Broadcast don sarkar Watsawa ... An tabbatar da daidaiton Shorewall
tushen @ ns: ~ # Nano / sauransu / tsoho / shorewall
# hana farawa tare da daidaitaccen tsari # saita masu canji masu zuwa zuwa 1 domin bawa Shorewall damar farawa
farawa =1
------
tushen @ ns: ~ # farawa shorewall farawa
tushen @ ns: ~ # sake farawa sabis
tushen @ ns: ~ matsayin matsayi na shorewall
Rew shorewall.service - LSB: Sanya katangar a lokacin taya Loaded: loda (/etc/init.d/shorewall) Mai aiki: yana aiki (ya fita) tun Rana 2017-04-30 16:02:24 EDT; 31min da suka gabata Tsarin aiki: 2707 ExecStop = / etc / init.d / shorewall stop (lambar = fita, status = 0 / SUCCESS) Tsarin aiki: 2777 ExecStart = / etc / init.d / shorewall fara (lambar = fita, matsayi = 0 / NASARA)
Yana da matukar ilimi don karanta fitowar umarnin iptables -L musamman dangane da manufofin da aka saba na INPUT, GABA, OUTPUT, da kuma wadanda ya ki - Karyata Firewall don karewa daga hare-haren waje. Aƙalla, yana zuwa Intanit tare da ɗan kariya, dama? 😉
tushen @ ns: ~ # iptables -L
N.S.D.
tushen @ ns: ~ # gwanin nuna nsd
Kunshin: nsd Sabo: ee Yanayi: an girka Shigar da kansa: a'a
Saka: 4.1.0-3
tushen @ ns: ~ # ƙwarewa shigar nsd
tushen @ ns: ~ # ls / usr / share / doc / nsd /
bayar da gudummawar canzawa.Debian.gz NSD-DIFFFILE SHARUDDAN.gz misalai changelog.gz NSD-FOR-BIND-USERS.gz TODO.gz bambancin hakkin mallaka.pdf.gz README.gz GYARA KYAUTATA NSD-DATABASE RELNOTES.gz
tushen @ ns: ~ # nano /etc/nsd/nsd.conf
# NSD fayil ɗin daidaitawa don Debian. # Duba shafin mutum na nsd.conf (5).
# Duba /usr/share/doc/nsd/examples/nsd.conf don sharhi
# fayil ɗin daidaitawar tunani
# Layi na gaba ya haɗa da ƙarin fayilolin daidaitawa daga kundin adireshin # /etc/nsd/nsd.conf.d. # GARGADI: Yanayin duniya baiyi aiki ba tukuna ... # hada da: "/etc/nsd/nsd.conf.d/*.conf" saba: logfile: "/var/log/nsd.log" ip-address : 172.16.10.30 # saurara kan haɗin IPv4 do-ip4: ee # saurara kan haɗin IPv6 do-ip6: babu # tashar jiragen ruwa don amsa tambayoyin akan. tsoho shine 53. tashar jiragen ruwa: 53 sunan mai amfani: nsd # A cikin shiyyoyi, samarda-xfr zaɓi shine don # axfr cak yankin: suna: fan zonefile: /etc/nsd/fan.zone zone: suna: desdelinux.fan
zonefile: /etc/nsd/desdelinux.fan.zone tanadar-xfr: 172.16.10.250 yankin NOKEY: suna: 10.16.172.in-adr.arpa
zonefile: /etc/nsd/10.16.172.arpa.zone samar-xfr: 172.16.10.250 NOKEY zone: suna: swl.fan zonefile: /etc/nsd/swl.fan.zone zone: name: debian.fan zonefile: /etc/nsd/debian.fan.zone zone: suna: centos.fan zonefile: /etc/nsd/centos.fan.zone zone: suna: freebsd.fan zonefile: /etc/nsd/freebsd.fan.zone
tushen @ ns: ~ # nsd-checkconf /etc/nsd/nsd.conf
tushen @ ns: ~ #
Muna ƙirƙirar fayilolin Zones
Tushen Yankin «fan.»An saita a ƙasa shine DON GWAJI KAWAI kuma bazai ɗauki misali ba. Mu ba Masu Gudanar da Sabis bane na Sunan Estate. 😉
tushen @ ns: ~ # nano /etc/nsd/fan.zone
$ ASALIN fan. $ TTL 3H @ IN SOA ns.fan. saiwa.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa; @ IN NS ns.fan. @ A CIKIN 172.16.10.30; ns A CIKIN 172.16.10.30
tushen @ ns: ~# nano /etc/nsd/desdelinux.fan.zone
$ASALIN desdelinux.fan. $TTL 3H @ A SOA nos.desdelinux.fan. tushen.desdelinux.fan. ( 1 ; serial 1D ; sabunta 1H ; sake gwadawa 1W ; ƙare 3H ) ; mafi ƙarancin ko; Mara kyau lokacin caching don rayuwa; @ IN NS.desdelinux.fan. @ IN MX 10 imel.desdelinux.fan. @ IN TXT "v=spf1 a:mail.desdelinux.fan -all" ; ; Yi rijista don warware tambayoyin tono desdelinux.fan @ IN A 172.16.10.10 ; ns IN A 172.16.10.30 mail IN CNAME desdelinux.fan. hira IN CNAME desdelinux.fan. www IN CNAME desdelinux.fan. ; ; Rubutun SRV masu alaƙa da XMPP
_xmpp-uwar garke._tcp IN SRV 0 0 desdelinux.fan.
_xmpp-abokin ciniki._tcp IN SRV 0 0 desdelinux.fan.
_jabber._tcp IN SRV 0 0 5269 desdelinux.fan.
tushen @ ns: ~ # nano /etc/nsd/10.16.172.arpa.zone
$ ASALIN 10.16.172.in-addr.arpa.
$TTL 3H @ A SOA nos.desdelinux.fan. tushen.desdelinux.fan. ( 1 ; serial 1D ; sabunta 1H ; sake gwadawa 1W ; ƙare 3H ) ; mafi ƙarancin ko; Mara kyau lokacin caching don rayuwa; @ IN NS.desdelinux.fan. ; 30 IN PTR no.desdelinux.fan. 10 a cikin PTR desdelinux.fan.
tushen@ns:~# nsd-checkzone desdelinux.fan /etc/nsd/desdelinux.fan.zone
zone desdelinux.fan yayi kyau
tushen @ ns: ~ # nsd-dubazone 10.16.172.in-addr.arpa /etc/nsd/10.16.172.arpa.zone
zone 10.16.172.in-addr.arpa yana da kyau # A kan Debian, NSD ta dakatar da shigarwar ta tsohuwa
tushen @ ns: ~ # systemctl sake kunnawa nsd
tushen @ ns: ~ # systemctl halin nsd
D nsd.service - Sunan Server Daemon An ɗora Kwatancen: An ɗora (/lib/systemd/system/nsd.service; kunna) Mai aiki: yana aiki (yana gudana) Tun Rana 2017-04-30 09:42:19 EDT; 21min ago Babban PID: 1230 (nsd) CGroup: /system.slice/nsd.service ├─1230 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf ├─1235 / usr / sbin / nsd - d -c /etc/nsd/nsd.conf └─1249 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf
Duba daga sab.fan uwar garken kansa
tushen@ns:~# mai masaukin baki desdelinux.fan desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. tushen@ns:~#hostmail.desdelinux.fan email.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. tushen@ns:~#hostchat.desdelinux.fan hira.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. tushen@ns:~#host www.desdelinux.fan www.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. tushen@ns:~# mai watsa shiri ns.desdelinux.fan ns.desdelinux.fan yana da adireshin 172.16.10.30 tushen @ ns: ~ # mai masaukin baki 172.16.10.30 30.10.16.172.in-addr.arpa sunan yankin ns.desdelinux.fan. tushen @ ns: ~ # mai masaukin baki 172.16.10.10 10.10.16.172.in-addr.arpa mai nuna sunan yankin desdelinux.fan. tushen @ ns: ~ # mai watsa shiri ns.fan ns.fan yana da adireshi 172.16.10.30
Binciken ƙuduri na suna daga Intanet
- Cikakken tambayoyin DNS basu da yawa, saboda daidaitaccen aiki na Resolution Name Resolution zai dogara ne sosai akan aikin aiki na hanyar sadarwa daidai.
Don yin tambayoyin DNS na haɗe da sauyawa - canza gwaji, kwamfutar tafi-da-gidanka tare da IP 172.16.10.250 da kuma ƙofa 172.16.10.1, Adireshin IP wanda ya dace da tashar aiki na sysadmin.desdelinux.fan kamar yadda aka sani daga labaran da suka gabata.
sandra @ laptop: ~ $ sudo ip addr show 1: menene: mtu 16436 qdisc noqueue jihar UNKNOWN mahada / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 mai shiga 127.0.0.1/8 mai masaukin baki mai masaukin baki in in6 har abada fifiko_lft har abada 1: eth128: mtu 2 qdisc pfifo_fast jihar UP qlen 0 mahada / ether 1500: 1000: 00: 17e: 42: 8 brd ff: ff: ff: ff: ff: ff inet 85/54 brd 172.16.10.250 ƙimar duniya baki ɗaya eth24 inet172.16.10.255 fe0: : 6: 80ff: fe217e: 42/8 mahaɗan mahada valid_lft madawwama_lft har abada 8554: wlan64: mtu 3 qdisc noop jihar DOWN qlen 0 mahada / ether 1500: 1000d: e00: 1: 0: d88 brd ff: ff: ff: ff: ff: ff 09: pan5: mtu 4 qdisc noop jihar KASHE mahada / ether de: 0b: 1500: 0: 67: ad brd ff: ff: ff: ff: ff: ff sandra @ laptop: ~ $ sudo hanya -n Tebur mai sarrafawa na Kernel IP inationofar Hanya Gatemas Genmask Flags Metric Ref Yi amfani da Iface 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 0 eth0 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 sandra @ kwamfutar tafi-da-gidanka: ~ $ cat /etc/resolv.conf nameserver 172.16.10.30 sandra@laptop:~$host desdelinux.fan desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka: ~$hostmail.desdelinux.fan email.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka:~$ mai masaukin baki ns.desdelinux.fan ns.desdelinux.fan yana da adireshin 172.16.10.30 sandra @ kwamfutar tafi-da-gidanka: ~ $ mai masaukin baki 172.16.10.30 30.10.16.172.in-addr.arpa sunan yankin ns.desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka: ~ $ mai masaukin baki 172.16.10.10 10.10.16.172.in-addr.arpa mai nuna sunan yankin desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka: ~$ mai masaukin baki -t SRV _xmpp-server._tcp.desdelinux.fan _xmpp-uwar garke._tcp.desdelinux.fan yana da rikodin SRV 0 0 5269 desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka: ~$ mai masaukin baki -t SRV _xmpp-abokin ciniki._tcp.desdelinux.fan _xmpp-abokin ciniki._tcp.desdelinux.fan yana da rikodin SRV 0 0 5222 desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka:~$ mai masaukin baki -t SRV _jabber._tcp.desdelinux.fan _jabber._tcp.desdelinux.fan yana da rikodin SRV 0 0 5269 desdelinux.fan. sandra @ kwamfutar tafi-da-gidanka: ~ $ host -a fan. Gwadawa "fan" ;; - >> SHUGABA << - opcode: QUERY, status: NOERROR, id: 57542 ;; tutoci: qr aa rd; TAMBAYA: 1, AMSA: 3, HUKUNCI: 0, DARIN: 1 ;; SASHE NA TAMBAYA :; fan. A KOWANE ;; SASAN AMSA: fan. 10800 A cikin SOA ns.fan. saiwa.fan. 1 86400 3600 604800 10800 fan. 10800 A cikin NS ns.fan. fan 10800 A CIKIN 172.16.10.30 ;; SARIN SASHE: ns.fan. 10800 A Cikin 172.16.10.30 An Samu bytes 111 daga 172.16.10.30 # 53 a cikin 0 ms
- Mun shirya adireshin da gangan 172.16.10.250 A kan kwamfutar tafi-da-gidanka, don bincika KOWANE abu ta hanyar tambayar AXFR na DNS, tun da an tsara Zones don ba da izinin-ba tare da wata kalmar sirri ba - irin wannan tambayar daga wannan IP.
sandra@laptop:~$ tono desdelinux.fan axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> desdelinux.fan axfr;; Zaɓuɓɓukan duniya: +cmd
desdelinux.fan. 10800 IN SOA no.desdelinux.fan. tushen.desdelinux.fan. 1 86400 3600 604800 10800
desdelinux.fan. 10800 IN Ns.desdelinux.fan.
desdelinux.fan. 10800 IN MX 10 imel.desdelinux.fan.
desdelinux.fan. 10800 IN TXT "v=spf1 a:mail.desdelinux.fan - duk"
desdelinux.fan. 10800 IN A 172.16.10.10 _jabber._tcp.desdelinux.fan. 10800 IN SRV 0 0 5269 desdelinux.fan. _xmpp-abokin ciniki._tcp.desdelinux.fan. 10800 IN SRV 0 0 5222 desdelinux.fan. _xmpp-uwar garke._tcp.desdelinux.fan. 10800 IN SRV 0 0 5269 desdelinux.fan. hira.desdelinux.fan. 10800 IN CNAME desdelinux.fan. imel.desdelinux.fan. 10800 IN CNAME desdelinux.fan. ns.desdelinux.fan. 10800 A 172.16.10.30 www.desdelinux.fan. 10800 IN CNAME desdelinux.fan.
desdelinux.fan. 10800 IN SOA no.desdelinux.fan. tushen.desdelinux.fan. 1 86400 3600 604800 10800;; Lokacin tambaya: 0 msec;; SERVER: 172.16.10.30#53(172.16.10.30) ;; LOKACI: Lahadi 30 ga Afrilu 10:37:10 EDT 2017;; Girman XFR: rikodin 13 (saƙonni 1, bytes 428)
sandra @ laptop: ~ $ digo 10.16.172.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> 10.16.172.in-addr.arpa axfr ;; Zaɓuɓɓukan duniya: +cmd 10.16.172.in-addr.arpa. 10800 IN SOA no.desdelinux.fan. tushen.desdelinux.fan. 1 86400 3600 604800 10800 10.16.172.in-addr.arpa. 10800 IN Ns.desdelinux.fan. 10.10.16.172.in-addr.arpa. 10800 IN PTR desdelinux.fan. 30.10.16.172.in-addr.arpa. 10800 IN PTR no.desdelinux.fan. 10.16.172.in-addr.arpa. 10800 IN SOA no.desdelinux.fan. tushen.desdelinux.fan. 1 86400 3600 604800 10800;; Lokacin tambaya: 0 msec;; SERVER: 172.16.10.30#53(172.16.10.30) ;; LOKACI: Lahadi 30 ga Afrilu 10:37:27 EDT 2017;; Girman XFR: rikodin 5 (saƙonni 1, bytes 193)
sandra @ kwamfutar tafi-da-gidanka:~$ ping ns.desdelinux.fan
Farashin PING.desdelinux.fan (172.16.10.30) 56 (84) bytes na bayanai.
An amsa tambayoyin DNS ɗin da suka dace. Mun kuma bincika cewa Shorewall yana aiki daidai kuma ba ya karɓa ping daga kwamfutocin da ke Intanet.
Tsaya
- Mun ga yadda ake girkawa da saitawa - tare da mahimman zaɓuɓɓuka - mafi ƙarancin zaɓuɓɓuka - uwar garken DNS mai iko bisa ga NSD. Mun tabbatar da cewa rubutun kalmomin yankin suna kama da na BIND. A Intanet akwai adabi mai kyau da cikakke akan NSD.
- Mun haɗu da manufar nuna sanarwar rikodin SRV da ke da alaƙa da XMPP.
- Muna taimakawa cikin girke-girke da ƙaramin tsari na Tacewar zaɓi mai tushe ta Shorewall.
Isarwa na gaba
IM Prosody da masu amfani na gari.
Barka da safiya abokai na ƙungiyar Linux mai matukar kyau koyawa Na yi ƙoƙarin shigar dns amma yana da'awar cewa ba a samo wannan oda ba idan akwai wata madadin don godiya ga bayanin
Tambaya?…. Shin, ba za ku yi amfani da SAMBA a matsayin mai kula da yankin don hanyoyin sadarwar SME ba?
fracielarevalo: Lura cewa labarin ya dogara ne akan girka NSD akan tsarin Debian "Jessie", ba akan CentOS ba.
Alberto: Dole ne ku tafi daga sauki zuwa hadaddun. Daga baya zamu ga Samba 4 azaman AD-DC, ma'ana, Active Directory - Controler Domain. Hakuri. Ina ba ku shawara ku karanta labarin da ya gabata, musamman sakin layi da ke cewa: Shin tsarin tabbatarwa lokacin haihuwar ARPANET, Intanit, da sauran hanyoyin sadarwar Wide na farko ko hanyoyin sadarwar Yanki bisa LDAP, Directory Service, ko Microsoft LSASS, ko Active Directory, ko Kerberos? ambaci kaɗan.
Ka tuna cewa duk labaran suna da alaƙa kuma wannan jerin ne. Bana jin yana da amfani ko kaɗan don fara wata hanya ta daban, ma'ana, daga Littafin aiki don komawa PAM. Kamar yadda zaku gani, nau'ikan tabbatarwa da yawa sun ƙare a PAM akan tebur ɗin Linux ɗinku. Sauƙaƙan mafita kamar wanda muke rufe shi da PAM ya cancanci a rubuta shi. Idan an fahimci manufar, ya kamata a karanta su kuma a yi karatun su.
Gaisuwa da godiya duka biyun da kuka yi tsokaci.
Wani babban labarin da marubucin yayi, kamar yadda aka saba koyaushe akwai sabon abu kuma mai fa'ida sosai ga waɗanda muke tsammanin mu "sysadmins" ne.
Ga bayanin kula na:
1- Amfani da NSD maimakon INulla da shi azaman uwar garken DNS.
2- Saka a cikin fayil ɗin yankin DNS na SRV bayanan da suka danganci sabis ɗin Saƙo na Nan take wanda ya dace da XMPP.
3- Yin amfani da Firewall na Shorewall tare da hanyar sadarwa.
Wannan sakon ya zama 'tushe' a wurina (kamar yadda ya faɗa da tawali'u kuma shi ne burin marubucin a duk cikin jerin SME) idan a nan gaba na ga buƙatar aiwatar da irin wannan maganin.
Ungiyar masu sha'awar ta sake taimaka mana haɓaka iliminmu a cikin fannin hanyoyin sadarwa don SMEs. Na gode sosai da irin wannan kyakkyawar gudummawar, al'umma, ni kaina kuma ina tsammanin adadi mai yawa na sysadmin na gode da irin wannan gudummawa mai tamani ... A baya ina da wasu alaƙa da bakin shayi, amma na shiga cikin harka ta aiki yadda nake yi kayi matukar wahala, wannan jerin cibiyoyin sadarwar na SMEs majagaba ne a cikin takardu a fannoni daban daban da sysadmin yakamata yayi, fahimtar cewa yawancin takaddun a wannan batun yana cikin harshen Ingilishi na duniya ...
Kada ka tsaya, taya murna sai mu ci gaba !!!
Lagarto: Na gode sosai da tsokacinka da kuma godiya. Nayi kokarin bada jerin abubuwan da Sysadmin ke bukata. Tabbas, karatun kai da kuma sha'awar kowane ɗayan akan kowane batutuwan da aka tattauna zasu dogara ne ga digiri.
Mun cigaba gaba !!!
Barka da zuwa jama'a na linzami;). Ni sabo ne ga OS.opte po barin tagogin da suka gabata kuma ina da sha'awar koyo gwargwadon yadda zan iya..sai labari mai kyau .. gaisuwa mafi kyau
Godiya ga Fatalwa don shiga cikin Al'umma da kuma yin tsokaci