Bopaki ba Squid + PAM ho CentOS 7- SMB Networks

Kakaretso ea li-series: Li-network tsa likhomphutha tsa li-SME: Selelekela

Lumelang metsoalle le metsoalle!

Sehlooho sa sengoloa se lokela hore ebe se ne se re: «MATE + NTP + Dnsmasq + Gateway Service + Apache + Squid e nang le Bopaki ba PAM ho Centos 7 - Li-network tsa SME«. Ka mabaka a utloahalang rea e khutsufatsa.

Re tsoelapele ka netefatso ho basebelisi ba lehae khomphuteng ea Linux re sebelisa PAM, 'me lekhetlong lena re tla bona hore na re ka fana ka ts'ebeletso ea Proxy joang ka Squid bakeng sa netweke e nyane ea likhomphutha, ka ho sebelisa mangolo a netefatso a bolokiloeng khomphuteng e le' ngoe moo seva ea matha Squid.

Le ha re tseba hore ke tloaelo e atileng haholo matsatsing ana, ho netefatsa litšebeletso khahlano le OpenLDAP, Red Hat's Directory Server 389, Microsoft Active Directory, jj. Re nahana hore re tlameha ho qala ka litharollo tse bonolo le tse theko e tlase, ebe re tobana le tse rarahaneng tse ling. Re lumela hore re tlameha ho tloha ho tse bonolo ho ea ho tse rarahaneng.

Index

Mothati

Ke mokhatlo o monyane - o nang le lisebelisoa tse fokolang haholo tsa lichelete- o ikemiselitseng ho ts'ehetsa ts'ebeliso ea Free Software mme o khethile lebitso la Ho tlohaLinux.Fan. Ke baithaopi ba fapaneng ba OS CentOS e hlophisitsoeng ka ofising e le 'ngoe. Ba rekile setsi sa mosebetsi - eseng seva ea litsebi - eo ba tla e nehela hore e sebetse e le "seva."

Batho ba chesehang ha ba na tsebo e pharalletseng ea ho kenya ts'ebetsong seva ea OpenLDAP kapa Samba 4 AD-DC, hape ba ke ke ba khona ho fana ka laesense ea Microsoft Active Directory. Leha ho le joalo, bakeng sa mosebetsi oa bona oa letsatsi le letsatsi, ba hloka lits'ebeletso tsa phihlello ea inthanete ka Proxy -ho potlakisa ho bala le sebaka sa ho boloka litokomane tsa bona tsa bohlokoahali le ho sebetsa e le likopi tsa backup.

Ba ntse ba sebelisa boholo ba lits'ebetso tsa Microsoft tse fumanoeng ka molao, empa ba batla ho li fetolela ho Linux-based Operating Systems, ho qala ka "Server" ea bona.

Ba boetse ba labalabela ho ba le seva ea bona ea mangolo hore ba ikemele - bonyane ho tsoa tšimolohong - ea lits'ebeletso tse joalo ka Gmail, Yahoo, HotMail, jj, ke seo ba se sebelisang hajoale.

Melao ea Firewall le Routing khahlano le marang-rang e tla e theha ho ADSL Router e konterakeng.

Ha ba na lebitso la 'nete hobane ha ba hloke ho phatlalatsa ts'ebeletso efe kapa efe marang-rang.

CentOS 7 joalo ka seva e se nang GUI

Re qala ka ho kenya seva e ncha ntle le sebopeho sa lits'oants'o, 'me khetho feela eo re e khethang nakong ea ts'ebetso ke «Lisebelisoa tsa Sesebelisoa»Joalokaha re bone lihloohong tse fetileng letotong lena.

Litlhophiso tsa pele

[root @ linuxbox ~] # katse / jj / lebitso la mots'oari 
lebokose la linux

[root @ linuxbox ~] # katse / jj / mabotho
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox

[motso @ linuxbox ~] # lebitso la mots'oari
lebokose la linux

[motso @ linuxbox ~] # lebitso la motsamaisi -f
linuxbox.fromlinux.fan

[motso @ linuxbox ~] lenane la li-ip tsa #
[motso @ linuxbox ~] # ifconfig -a
[motso @ linuxbox ~] # ls / sys / class / net /
ens32 ens34 bonang

Re tima Network Manager

[root @ linuxbox ~] # systemctl emisa NetworkManager

[root @ linuxbox ~] # systemctl thibela NetworkManager

[motso @ linuxbox ~] # systemctl boemo ba NetworkManager
● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; e holofetse; setlhophiso sa barekisi: se nolofalitsoe) E sebetsa: ha e sebetse (e shoele) Litokomane: motho: NetworkManager (8)

[motso @ linuxbox ~] # ifconfig -a

Re hlophisa marang-rang a marang-rang

Ens32 LAN segokanyimmediamentsi sa sebolokigolo amanang ho ka hare Network

[motso @ linuxbox ~] # nano / jj / sysconfig / li-network-script / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZONE = phatlalatsa

[motso @ linuxbox ~] # ifdown ens32 && ifup ens32

Ens34 WAN segokanyimmediamentsi sa sebolokigolo amanang ho Internet

[motso @ linuxbox ~] # nano / jj / sysconfig / li-network-script / ifcfg-ens34
DEVICE = ens34 ONBOOT = ee BOOTPROTO = tuli HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = ha ho IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Router ea ADSL e hokahantsoe le # interface ena le # aterese e latelang GATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
ZONE = kantle

[motso @ linuxbox ~] # ifdown ens34 && ifup ens34

Boemo ba polokelo ea polokelo

[motso @ linuxbox ~] # cd /etc/yum.repos.d/
[motso @ linuxbox ~] # mkdir ea mantlha
[motso @ linuxbox ~] # mv Centos- * ea mantlha /

[motso @ linuxbox ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[root @ linuxbox yum.repos.d] # yum hloekisa tsohle
Li-plugins tse laetsoeng: li-fastestmirror, li-langpack
[root @ linuxbox yum.repos.d] # yum ntlafatso
Li-plugins tse laetsoeng: fastestmirror, li-langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 Epel-Repo | 4.3 kB 00:00 Media-Repo | 3.6 kB 00:00 Lintlafatso-Repo | 3.4 kB 00:00 (1/9): Base-Repo / group_gz | 155 kB 00:00 (2/9): Epel-Repo / group_gz | 170 kB 00:00 (3/9): Media-Repo / group_gz | 155 kB 00:00 (4/9): Epel-Repo / updateinfo | 734 kB 00:00 (5/9): Media-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Lintlafatso-Repo / primary_db | 2.2 MB 00:00 (8/9): Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): Base-Repo / primary_db | 5.6 MB 00:01 Ho tseba liipone tse lebelo haholo Ha ho liphutheloana tse tšoaetsoeng ntlafatso

Molaetsa "Ha ho liphutheloana tse tšoaetsoeng ntlafatso»E bonts'itsoe hobane nakong ea ho kenya re phatlalalitse libaka tse ts'oanang tsa polokelo ea lehae tseo re nang le tsona.

Centos 7 le tikoloho ea desktop ea MATE

Ho sebelisa lisebelisoa tse ntle haholo tsa tsamaiso ka sebopeho se hlakileng seo CentOS / Red Hat e re fang sona, mme hobane re lula re hloloheloa GNOME2, re nkile qeto ea ho kenya MATE joalo ka tikoloho ea desktop.

[root @ linuxbox ~] # yum sehlopha sa kopo "X Window system"
[root @ linuxbox ~] # yum sehlopha se kentsoeng "MATE Desktop"

Ho netefatsa hore MATE e jara ka nepo, re etsa taelo e latelang ho console -local or remote-:

[root @ linuxbox ~] # systemctl itšehla graphical.target

mme tikoloho ea desktop e lokela ho laeloa -sehlopheng sa lehae- hantle, ho bonts'a khaled joalo ka ho kena ho graphical. Re ngola lebitso la mosebelisi oa lehae le phasewete ea lona, ​​'me re tla kenya MATE.

Ho joetsa systemd hore boemo ba boot bo sa feleng ke tikoloho e 5 - re theha sehokela se latelang sa tšoantšetso:

[motso @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

Re qala sistimi hape tsohle li sebetsa hantle.

Re kenya Time Service for Networks

[motso @ linuxbox ~] # yum kenya ntp

Nakong ea ho kenya re hlophisa hore oache ea lehae e tla hokahana le seva ea nako ea lisebelisoa sysadmin.fromlinux.fan le IP 192.168.10.1. Kahoo, re boloka faele ntp ea pele ke:

[motso @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original

Joale, re theha e ncha ka litaba tse latelang:

[root @ linuxbox ~] # nano /etc/ntp.conf # Li-server tse hlophisitsoeng nakong ea ho kenya: server 192.168.10.1 iburst # Bakeng sa tlhaiso-leseling e batsi, bona maqephe a banna a: # ntp.conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). driftfile / var / lib / ntp / drift # Lumella khokahano le mohloli oa nako, empa eseng # e lumelle mohloli hore o buisane kapa o fetole ts'ebeletso ena e thibela likhetho hore li se ke tsa khetholla notrap nopeer noquery # Lumella phihlello ea sebopeho sa Loopback thibela 127.0.0.1 thibela :: 1 # Thibela ho honyenyane ho likhomphutha marangrang a lehae. thibela 192.168.10.0 mask 255.255.255.0 khetha nomrap # Sebelisa li-server tsa sechaba tsa pool.ntp.org # Haeba u batla ho kenela morero etela # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # Broadcast server Broadclient # Broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycasterver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey many # tse ngata # 192.168.10.255 # Etsa hore li-cryptography tsa sechaba li tsebe. #crypto e kenyelletsaefefile / jj / ntp / crypto / pw # Faele ea senotlolo e nang le linotlolo le likonopo tsa senotlolo # tse sebelisoang ha ho sebetsoa ka linotlolo tsa lits'oants'o tsa lits'oants'o / etc / ntp / keys # Qaqisa likonopo tsa linotlolo tse tšepahalang. #trustkey 4 8 42 # Hlalosa senotlolo sa senotlolo seo u ka se sebelisang le ts'ebeliso ea ntpdc. #requestkey 8 # Hlalosa senotlolo sa senotlolo seo u ka se sebelisang le ts'ebeliso ea ntpq. #controlkey 8 # Etsa hore ho ngoloe lipalo tsa lipalo. #statistics clockstats cryptostats loopstats peerstats # Thibela ho hlokomela secession ho thibela ho matlafatsoa ha litlhaselo tse # ho sebelisa ntpdc monlist command, ha qobello ea # ea mantlha e sa kenyeletse folakha ea noquery. Bala CVE-2013-5211 # bakeng sa lintlha tse ling. # Tlhokomeliso: Monitor ha e na bokooa ka folakha e lekanyelitsoeng ea lithibelo. holofatsa lisebelisoa

Re lumella, ho qala le ho lekola ts'ebeletso ea NTP

[motso @ linuxbox ~] # systemctl boemo ba ntpd
● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; e holofetse; setlhophiso sa barekisi: e holofetse) E sebetsa: ha e sebetse (e shoele)

[motso @ linuxbox ~] # systemctl e thusa ntpd
E thehile symlink ho tsoa /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[motso @ linuxbox ~] # systemctl qala ntpd
[motso @ linuxbox ~] # systemctl boemo ba ntpd

[motso @ linuxbox ~] # systemctl boemo ba ntpdntpd.service - Network Nako Service
   E imetsoe: imetsoeng (/usr/lib/systemd/system/ntpd.service; e nolofalitsoe; morekisi o behiloe esale pele: o holofetse) E sebetsa: e sebetsa (e sebetsa) ho tloha ka Fri 2017-04-14 15:51:08 EDT; 1s e fetileng Tshebetso: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (code = exited, status = 0 / SUCCESS) Main PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ EA-1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp le Firewall

[root @ linuxbox ~] # firewall-cmd - libaka tse sebetsang
Link
  likarolo: ens34
setjhaba
  likarolo: ens32

[root @ linuxbox ~] # firewall-cmd -zone = sechaba -add-port = 123 / udp - e sa feleng
lebisang katlehong
[motso @ linuxbox ~] # firewall-cmd -reload
lebisang katlehong

Re nolofalletsa le ho hlophisa Dnsmasq

Joalokaha re bone sengoloeng se fetileng letotong la li-Small Business Networks, Dnsamasq e kentsoe ka boiketsetso ho CentOS 7 Infrastructure Server.

[motso @ linuxbox ~] # systemctl boemo ba dnsmasq
● dnsmasq.service - seva sa caching sa DNS. E jere: e laetsoe (/usr/lib/systemd/system/dnsmasq.service; e holofetse; setlhophiso sa barekisi: e holofetse) E sebetsa: ha e sebetse (e shoele)

[root @ linuxbox ~] # systemctl e nolofalletsa dnsmasq
E thehile symlink ho tloha /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

[motso @ linuxbox ~] # systemctl qala dnsmasq
[motso @ linuxbox ~] # systemctl boemo ba dnsmasq
● dnsmasq.service - seva sa caching sa DNS. E jere: e jere (/usr/lib/systemd/system/dnsmasq.service; e nolofalitsoe; morekisi o behiloe esale pele: o holofetse) E sebetsa: e sebetsa (e ntse e sebetsa) ho tloha ka Fri 2017-04-14 16:21:18 EDT; 4s e fetileng PID e kholo: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[motso @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

[motso @ linuxbox ~] # nano /etc/dnsmasq.conf
# ----------------------------------------------------- ------------------ # DIKGETHO TSA KAKARETSO # ---------------------------- - -------------------------------------- domain-hlokahala # Se ke oa fetisa mabitso ntle le domain part bogus-priv # Se ke oa fetisa liaterese sebakeng se sa sebetsoang atolosa-mabotho # Eketsa domain ho interface interface = ens32 # Interface LAN-odara e tiileng # Order eo u botsang file ea /etc/resolv.conf file conf-dir = / etc /dnsmasq.d domain = desdelinux.fan # Lebitso la lebitso la lebitso = / time.windows.com / 192.168.10.5 # E romela khetho e se nang letho ea boleng ba WPAD. E hlokahala ho # Windos 7 le hamorao bareki ho itšoara hantle. ;-) dhcp-option = 252, "\ n" # Faele moo re tla phatlalatsa LITLHAKU tse tla "thibeloa" addn-hosts = / etc / banner_add_hosts local = / desdelinux.fan / # ------- --- ------------------------------------------------------- --- ------- # REGISTROSCNAMEMXTXT # ------------------- --- --------------------------- # Mofuta ona oa ngoliso o hloka ho kena # ho file ea / etc / hosts # mohlala: 192.168.10.5 .10 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX RECORDS # E khutlisa rekoto ea MX e nang le lebitso "desdelinux.fan" e etselitsoeng # bakeng sa poso.desdelinux khomphutha. fan le tse tlang pele ho 10 mx-host = desdelinux.fan, mail.desdelinux.fan, 1 # Sebaka sa mantlha sa ho fihla bakeng sa lirekoto tsa MX tse entsoeng # ho sebelisoa khetho ea localmx e tla ba: mx-target = mail.desdelinux.fan # E khutlisa rekoto ea MX e supang sepheo sa mx bakeng sa mechini eohle ea # ea lehae localmx # TXT lirekoto. Hape re ka phatlalatsa rekoto ea SPF txt-record = desdelinux.fan, "v = spf4 a -all" txt-record = desdelinux.fan, "FromLinux, Blog ea hau e inehetseng ho Free Software" # -------- - ------------------- - -------- # RANGE LE SEBELETSO # ------------------------------------ --- ---------------------- = 1h dhcp-lease-max = 29 # Boholo ba liaterese tsa ho hira # ka mokhoa o ikhethileng ke 192.168.10.30,192.168.10.250,8 # IPV222 range # dhcp-range = 150 ::, ra-only # Likhetho tsa RANGE # OPTIONS dhcp-option = 6 # NETMASK dhcp-option = 1234 # ROUTER GATEWAY dhcp-option = 1,255.255.255.0 # DNS Servers dhcp-option = 3,192.168.10.5, desdelinux.fan # DNS Lebitso la Lebitso dhcp-option = 6,192.168.10.5, 15 # kgetho ip-fetisetse ON dhcp-option = 19,1 # BROADCAST dhcp-option = 28,192.168.10.255 # NTP dhcp-e matla # Authoritative DHCP ho subnet # -------------- --------------- ----------------------------------- # Haeba o batla ho boloka ho / var / log / melaetsa ho log ea lipotso # uncomment mola o ka tlase # ------------------------------------------- --------------------------
Lipotso tse # tsa log
# BOFELO ba faele /etc/dnsmasq.conf # ------------------------------------------- ----------------------------

Re theha faele / joalo-joalo / banner_add_hosts

[motso @ linuxbox ~] # nano / jj / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Liaterese tsa IP tse sa fetoheng

[root @ linuxbox ~] # nano / jj / mabotho
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox 192.168.10.1 sysadmin.fromlinux.fan sysadmin

Re hlophisa faele /etc/resolv.conf - rarolla

[motso @ linuxbox ~] # nano /etc/resolv.conf
batla desdelinux.fan nameserver 127.0.0.1 # Bakeng sa lipotso tsa DNS tsa kantle kapa tse seng tsa domain desdelinux.fan # local = / desdelinux.fan / nameserver 8.8.8.8

Re sheba syntax ea faele dnsmasq.conf, re qala le ho sheba maemo a ts'ebeletso

[root @ linuxbox ~] # dnsmasq - tlhahlobo
dnsmasq: tlhahlobo ea syntax e lokile.
[root @ linuxbox ~] # systemctl qala hape dnsmasq
[motso @ linuxbox ~] # systemctl boemo ba dnsmasq

Dnsmasq le Firewall

[root @ linuxbox ~] # firewall-cmd - libaka tse sebetsang
Link
  likarolo: ens34
setjhaba
  likarolo: ens32

Tšebeletso domain name o Lebitso la Lebitso Server (dns). Protocol swipe «IP le taetsitshireletso«

[root @ linuxbox ~] # firewall-cmd -zone = sechaba -add-port = 53 / tcp - e sa feleng
lebisang katlehong
[root @ linuxbox ~] # firewall-cmd -zone = sechaba -add-port = 53 / udp - e sa feleng
lebisang katlehong

Dnsmasq lipotso ho li-server tsa kantle tsa DNS

[root @ linuxbox ~] # firewall-cmd -zone = kantle --add-port = 53 / tcp - e sa feleng
lebisang katlehong
[root @ linuxbox ~] # firewall-cmd -zone = kantle --add-port = 53 / udp - e sa feleng
lebisang katlehong

Tšebeletso bootps o Sesebelisoa sa BOOTP (dhcp). Protocol ippc «Inthanete ea Pluribus Packet Core«

[root @ linuxbox ~] # firewall-cmd -zone = sechaba -add-port = 67 / tcp - e sa feleng
lebisang katlehong
[root @ linuxbox ~] # firewall-cmd -zone = sechaba -add-port = 67 / udp - e sa feleng
lebisang katlehong

[motso @ linuxbox ~] # firewall-cmd -reload
lebisang katlehong

[root @ linuxbox ~] # firewall-cmd --info-zone sechaba sa sechaba (se sebetsang)
  sepheo: default icmp-block-inversion: ha ho na li-interface: ens32 mehloli: lits'ebeletso: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: no forward-port: sourceports: icmp -Lithibelo: melao e ruileng:

[root @ linuxbox ~] # firewall-cmd --info-zone external kantle (e sebetsang)
  sepheo: default icmp-block-inversion: ha ho na li-interface: ens34 mehloli: lits'ebeletso: li-port tsa dns: 53 / udp 53 / tcp protocols: masquerade: yes forward-port: sourceports: icmp-blocks: parameter-problem redirect router-advertising router- kopo ea mohloli-tima melao e metle:

Haeba re batla ho sebelisa sebopeho sa graphical ho hlophisa Firewall ho CentOS 7, re sheba lenaneong le akaretsang - e tla its'etleha holima tikoloho ea komporo eo submenu e hlahang ho eona - ts'ebeliso ea "Firewall", rea e phetha le kamora ho kena ho mosebelisi phasewete motso, Re tla fihlella sebopeho sa lenaneo joalo. Ka MATE e hlaha lenaneng «Sistimi »->" Tsamaiso "->" Firewall ".

Re khetha sebaka sa «setjhaba»Mme re fana ka tumello ho Litšebeletso tseo re batlang ho li phatlalatsa ho LAN, tseo ho fihlela joale li leng dhcp, dns, ntp le ssh. Kamora ho khetha lits'ebeletso, ho netefatsa hore tsohle li sebetsa ka nepo, re tlameha ho etsa liphetoho ho Runtime to Permanent. Ho etsa sena re ea ho khetho ea menyu ebe re khetha khetho «Nako ea ho matha ho ea ho ile".

Hamorao re khetha Sebaka «Link»Mme re lekola hore Likou tse hlokahalang ho buisana le inthanete li bulehile. U SE KE UA hatisa lits'ebeletso sebakeng sena ntle le haeba re tseba hantle seo re se etsang!.

Ha re lebale ho etsa liphetoho ka ho sa feleng ka khetho «Nako ea ho matha ho ea ho ile»'Me u laole modemona hape FirewallD, nako le nako ha re sebelisa sesebelisoa sena se matla sa litšoantšo.

NTP le Dnsmasq ho tsoa ho moreki oa Windows 7

Khokahano le NTP

Link

Aterese ea IP e hiriloeng

Microsoft Windows [Mofuta oa 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Litokelo tsohle li sirelelitsoe. C: \ Users \ buzz> ipconfig / all Windows IP Configuration Host Lebitso. . . . . . . . . . . . : SUPA
   Suffix ea mantlha ea Dns. . . . . . . :
   Mofuta oa Node. . . . . . . . . . . . : Tsela ea Hybrid IP e nolofalitsoe. . . . . . . . : Ha ho projeke ea WINS e nolofalitsoeng. . . . . . . . : Ha ho Lethathamo la Patlo ea Suffix ea DNS. . . . . . : desdelinux.fan Ethernet adaptara Sebaka sa Sebaka sa Sebaka sa Khokahano: Khokahano e ikhethileng ea DNS. : desdelinux.fan Tlhaloso. . . . . . . . . . . : Intel (R) PRO / 1000 MT Network Connection Aterese ea Sebaka. . . . . . . . . : 00-0C-29-D6-14-36 DHCP e nolofalitsoe. . . . . . . . . . . : Ee Autoconfiguration Enabled. . . . : Mme ho jwalo
   Aterese ea IPv4. . . . . . . . . . . : 192.168.10.115 (E khethiloeng)
   Subnet Mask. . . . . . . . . . . : 255.255.255.0 Khiro e Fumanehile. . . . . . . . . . : Labohlano la la 14 Mmesa, 2017 5:12:53 PM Ho hira ho fela. . . . . . . . . . : Moqebelo oa la 15 Mmesa, 2017 1:12:53 AM Tsela e ikhethileng. . . . . . . . . : 192.168.10.1 Server ea DHCP. . . . . . . . . . . : 192.168.10.5 Li-server tsa DNS. . . . . . . . . . . : 192.168.10.5 NetBIOS ka Tcpip. . . . . . . . : Adapter ea Tunnel e nolofalitsoeng Khokahano ea Sebaka sa Lehae * 9: Media State. . . . . . . . . . . : Phatlalatso e ikhethileng ea "Media Suffix" e amanang le media. : Tlhaloso. . . . . . . . . . . : Adapter ea Tunnel ea Microsoft Teredo Aterese. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP E nolofalitsoe. . . . . . . . . . . : Ha ho nolofatso ea Autoconization e nolofalitsoeng. . . . : Yes adapter ea Tunnel isatap.fromlinux.fan: Media State. . . . . . . . . . . : Phatlalatso e ikhethileng ea "Media Suffix" e amanang le media : desdelinux.fan Tlhaloso. . . . . . . . . . . : Sesebelisoa sa Microsoft ISATAP # 2 Aterese ea Sebaka. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP E nolofalitsoe. . . . . . . . . . . : Ha ho nolofatso ea Autoconization e nolofalitsoeng. . . . : E C: \ Basebelisi \ buzz>

Keletso

Ntho ea bohlokoa ho bareki ba Windows ke "Primary Dns Suffix" kapa "Main suffix suffix". Ha o sa sebelise Microsoft Domain Controller, sistimi e sebetsang ha e e fe boleng bofe kapa bofe. Haeba re tobane le nyeoe e ts'oanang le e hlalositsoeng qalong ea sengoloa mme re batla ho phatlalatsa boleng boo ka ho hlaka, re tlameha ho tsoelapele ho latela se bonts'itsoeng setšoantšong se latelang, amohela liphetoho le ho qala moreki bocha.

 

Haeba re ka matha hape CMD -> ipconfig / tsohle re tla fumana tse latelang:

Microsoft Windows [Mofuta oa 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Litokelo tsohle li sirelelitsoe. C: \ Users \ buzz> ipconfig / all Windows IP Configuration Host Lebitso. . . . . . . . . . . . : SUPA
   Suffix ea mantlha ea Dns. . . . . . . : desdelinux.fan
   Mofuta oa Node. . . . . . . . . . . . : Tsela ea Hybrid IP e nolofalitsoe. . . . . . . . : Ha ho projeke ea WINS e nolofalitsoeng. . . . . . . . : Ha ho Lethathamo la Patlo ea Suffix ea DNS. . . . . . : desdelinux.fan

Litekanyetso tse ling kaofela li lula li sa fetohe

Liteko tsa DNS

buzz @ sysadmin: ~ $ amohela spynet.microsoft.com
spynet.microsoft.com e na le aterese ea 127.0.0.1 Host spynet.microsoft.com ha e fumanehe: 5 (REFUSED) spynet.microsoft.com mail e sebetsoa ka 1 mail.fromlinux.fan.

buzz @ sysadmin: ~ $ host linuxbox
linuxbox.desdelinux.fan e na le aterese 192.168.10.5 linuxbox.desdelinux.fan poso e sebetsoa ke 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ amohela sysadmin
sysadmin.desdelinux.fan e na le aterese 192.168.10.1 sysadmin.desdelinux.fan poso e sebetsoa ka 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ amohela mangolo
mail.desdelinux.fan ke lebitso la linuxbox.desdelinux.fan. linuxbox.desdelinux.fan e na le aterese 192.168.10.5 linuxbox.desdelinux.fan poso e sebetsoa ka 1 mail.desdelinux.fan.

Re kenya -bakeng sa liteko feela- Sesebelisoa sa Authoritative DNS sa NSD ho sysadmin.fromlinux.fan, 'Me re kenyelletsa aterese ea IP 172.16.10.1 sebakeng sa polokeho /etc/resolv.conf ea sehlopha linuxbox.fromlinux.fan, Ho netefatsa hore Dnsmasq e ne e etsa tšebetso ea eona ea Forwarder ka nepo. Li-sandboxes ho seva ea NSD li ratang.org y hanetsa.org. Li-IP tsohle li iqapetsoe kapa li tsoa marang-rang a ikemetseng.

Haeba re tima sebopeho sa WAN en34 ho sebedisa taelo ifdown en34, Dnsmasq e ke ke ea khona ho botsa li-server tsa kantle tsa DNS.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ moamoheli -t mx toujague.org
Host toujague.org ha e fumanoe: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ moamoheli pizzapie.favt.org
Pizzapie.favt.org ha e fumanehe: 3 (NXDOMAIN)

Ha re lumelle sebopeho sa ens34 mme re hlahlobe hape:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ moamoheli pizzapie.favt.org
pizzapie.favt.org ke lebitso la paisano.favt.org. paisano.favt.org e na le aterese 172.16.10.4

[buzz @ linuxbox ~] $ moamoheli pizzapie.toujague.org
Pizzas.toujague.org ha e fumanehe: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ moamoheli poblacion.toujague.org
poblacion.toujague.org e na le aterese 169.18.10.18

[buzz @ linuxbox ~] $ moamoheli -t NS favt.org
favt.org lebitso la seva ns1.favt.org. favt.org lebitso la seva ns2.favt.org.

[buzz @ linuxbox ~] $ moamoheli -t NS toujague.org
toujague.org lebitso la seva server ns1.toujague.org. toujague.org lebitso la seva server ns2.toujague.org.

[buzz @ linuxbox ~] $ moamoheli -t MX toujague.org
Lengolo la toujague.org le sebetsoa ka lengolo-tsoibila la 10.toujague.org.

Ha re boneng ho tsoa ho sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ katse /etc/resolv.conf 
batla ho tsoa linux.fan nameserver 192.168.10.5

xeon @ sysadmin: ~ $ amohela mail.toujague.org
mail.toujague.org e na le aterese 169.18.10.19

Dnsmasq e sebetsa joalo ka Tsamaiso ka nepo.

Squid

Bukeng ka sebopeho sa PDF «Tlhophiso ea Linux Server»La 25 Phupu 2016, ke Mongoli Joel Barrios Duenas (lefifi@gmail.com - http://www.alcancelibre.org/), sengoloa seo ke buileng ka sona lihloohong tse fetileng, ho na le khaolo e felletseng e nehetsoeng ho Likhetho tsa phetolo ea mantlha ea squid.

Ka lebaka la bohlokoa ba Webosaete - Ts'ebeletso ea Proxy, re hlahisa Selelekela se entsoeng ka squid bukeng e boletsoeng pejana:

105.1. Selelekela.

105.1.1. Seva sa Boipheliso (Proxy) ke eng?

Lentsoe lena ka Senyesemane "Proksi" e na le moelelo o akaretsang haholo ka nako e ts'oanang, leha
ka mehla e nkuoa e le ntho e tšoanang le mohopolo oa "Mokena-lipakeng". Hangata e fetoleloa, ka kutloisiso e thata, joalo ka moemeli o matlafatsoa (ya nang le matla hodima emong).

Un Mokena-lipakeng Server E hlalosoa e le komporo kapa sesebelisoa se fanang ka ts'ebeletso ea marang-rang e nang le ho lumella bareki ho etsa likhokahano tse sa tobang tsa marang-rang le lits'ebeletso tse ling tsa marang-rang. Nakong ea ts'ebetso tse latelang li etsahala:

  • Moreki o hokela ho Seva ea proxy.
  • Moreki o kopa khokahano, faele, kapa sesebelisoa se seng se fumanehang ho sebatli se fapaneng.
  • Se-intermediary Server e fana ka sesebelisoa ka ho hokela ho seva e boletsoeng
    kapa ho e sebeletsa ka polokelo.
  • Maemong a mang Mokena-lipakeng Server e ka fetola kopo ea moreki kapa file ea
    karabelo ea seva ka merero e fapaneng.

ea Lits'ebeletso tsa Proxy ka kakaretso li etsoa hore li sebetse ka nako e le ngoe joalo ka lebota la mollo le sebetsang ho Boemo ba marang-rang, e sebetsa joalo ka sefahla sa pakete, joalo ka ha ho le joalo li-iptables kapa e sebetsang ho Nete ​​ea Kopo, ho laola litšebeletso tse fapaneng, joalo ka ha ho le joalo Sekoahelo sa TCP. Ho latela moelelo oa taba, lebota la mollo le boetse le tsejoa e le BPD o Btaelo Pho potoloha Device kapa feela filtara ea pakete.

Ts'ebeliso e tloaelehileng ea Lits'ebeletso tsa Proxy e tla sebetsa e le pokello ea litaba tsa marang-rang (haholo-holo HTTP), e fa haufi le bareki lethathamo la maqephe le lifaele tse fumanehang ka netweke ho li-server tse hole tsa HTTP, ho lumella bareki ba netweke ea lehae ho li fihlella ka potlako le ho feta tšepahala.

Ha kopo e amoheloa bakeng sa sesebelisoa sa marang-rang se boletsoeng ho URL (Usebopeho Rmohlodi Locator) ea Mokena-lipakeng Server batla sephetho sa URL ka hare ho cache. Haeba e fumaneha, Mokena-lipakeng Server O araba moreki ka ho fana ka litaba tse kopiloeng hang hang. Haeba litaba tse kopiloeng li le sieo ka har'a cache, file ea Mokena-lipakeng Server e tla e lata ho seva e hole, e e ise ho moreki ea e kopileng le ho boloka kopi ea eona. Litaba tse ka cache li tlosoa ka algorithm ea ho felloa ke matla ho latela lilemo, boholo le nalane ea likarabo tsa likopo (hits) (mehlala: LRU, LFUDA y GDSF).

Proxy Servers for Network content (Web Proxies) le eona e ka sebetsa joalo ka li-filtara tsa litaba tse fanoeng, ho sebelisoa melaoana ea thibelo ho latela likhakanyo tse khahlisang..

Mofuta oa squid oo re tla o kenya ke 3.5.20-2.el7_3.2 ho tloha polokelong diapdeite.

Kopo

[root @ linuxbox ~] # yum kenya squid

[motso @ linuxbox ~] # ls / jj / squid /
cachemgr.conf phoso ea leqephe.css.default  squid.conf
cachemgr.conf.default mime.conf              squid.conf.default
maqephe.css mime.conf.default

[root @ linuxbox ~] # systemctl e nolofalletsa squid

Bohlokoa

  • Morero oa mantlha oa sengoloa sena ke ho lumella basebelisi ba lehae ho hokahana le Squid ho tsoa likhomphutha tse ling tse hokahantsoeng le LAN. Ntle le moo, kenya tšebetso ea mantlha ea seva eo lits'ebeletso tse ling li tla eketsoa ho eona. Ha se sengoloa se nehetsoeng squid joalo.
  • Ho fumana mohopolo oa likhetho tsa squid, bala / usr/share/doc/squid-3.5.20/squid.conf.documented file, e nang le mela e 7915.

SELinux le Squid

[motso @ linuxbox ~] # getsebool -a | squrep ea grep
squid_connect_any -> ka squid_use_tproxy -> e felisitsoe

[root @ linuxbox ~] # setsebool -P squid_connect_any = ho

phetolo

[motso @ linuxbox ~] # nano /etc/squid/squid.conf
# LAN acl localnet src 192.168.10.0/24 acl SSL_ports port 443 21
Acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # likepe tse sa ngolisoang acl Safe_ports port 280 # http-mgmt acl Safe_port port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT mokhoa CONNECT # Re hana lipotso bakeng sa likou tse sa sireletsehang http_access deni! Safe_ports # Re hana mokhoa oa CONNECT oa likou tse sa sireletsehang SSL_ports # Phihlello ea mookameli oa Cache feela ho tsoa ho localhost http_access lumella mohoebi oa localhost http_access hana mookameli # Re khothaletsa ka tieo ba latelang ho se ts'oanelehe ho sireletsa lits'ebetso tsa # web tse se nang molato tse sebetsang ho seva sa projeke tse nahanang hore ke eena feela # ea ka fumanang lits'ebeletso ho "localhost" ke mosebelisi oa lehae http_access hana ho_localhost # # INSERT MELAO EA HAO (S) MONA HO LUMELLA HO FUMANA HO BATHO BA HAO # tumello ea PAM
auth_param basic program / usr / lib64 / squid / basic_pam_auth
auth_param bana ba mantlha 5 auth_param basic realm from linux.fan auth_param basic credentialsttl 2 hours auth_param basic kesiensitive off # Acl netefatso ea hlokahala ho fihlella proxy_auth proxy_auth REQUIRED # Re lumella phihlello ho basebelisi ba netefalitsoeng # ka PAM http_access hana! Baithaopi # Ho fihlella libaka tsa FTP acl ftp proto FTP http_access lumella ftp http_access lumella localnet http_access lumella localhost # Re hana phihlello efe kapa efe ea proxy http_access e hana tsohle # Squid ka tloaelo li mamela koung 3128 http_port 3128 # Re tlohela "coredumps" bukeng ea polokelo ea polokelo ea polokelo ea polokelo ea polokelo ea polokelo ea polokelo ea polokelo ea lihlahisoa tsa polokelo ea matsoho ea pele coredump_dir / var / spool / squid # # Eketsa efe kapa efe ea hau e khathollang_pattern tse kentsoeng kaholimo ho tsena. # refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache memory memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 maximum_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgr buzz@desdelindux_fanux.

Re sheba poleloana ea faele /etc/squid/squid.conf

[motso @ linuxbox ~] # squid -k parse
2017/04/16 15: 45: 10 | Qalo: Ho qala meralo ea netefatso ...
 2017/04/16 15: 45: 10 | Qala: Scheme ea Bopaki ba Bopaki ba 'nete' 2017/04/16 15: 45: 10 | Qalo: Scheme ea Bopaki ba Bopaki ba 'Nete' 2017/04/16 15: 45: 10 | Qalo: Morero oa Bopaki ba Bopaki ba 'nete' 2017/04/16 15: 45: 10 | Qalo: Morero oa Bopaki ba Bopaki ba 'Ntlha' 2017/04/16 15: 45: 10 | Qalo: Bopaki bo netefalitsoeng.
 2017/04/16 15: 45: 10 | Feshene ea phetolo ea ts'ebetso: /etc/squid/squid.conf (botebo 0) 2017/04/16 15: 45: 10 | E ntse e sebetsana: acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | E ntse e sebetsa: acl SSL_ports port 443 21 2017/04/16 15: 45: 10 | E ntse e sebetsana: Acl Safe_ports port 80 # http 2017/04/16 15: 45: 10 | E sebetsana: Acl Safe_ports port 21 # ftp 2017/04/16 15: 45: 10 | E ntse e sebetsa: Acl Safe_ports port 443 # https 2017/04/16 15: 45: 10 | Tlhahlobo: Acl Safe_ports port 70 # gopher 2017/04/16 15: 45: 10 | E ntse e sebetsana: Acl Safe_ports port 210 # wais 2017/04/16 15: 45: 10 | E ntse e sebetsa: Acl Safe_ports port 1025-65535 # likoung tse sa ngolisoang 2017/04/16 15: 45: 10 | E ntse e sebetsa: Acl Safe_ports port 280 # http-mgmt 2017/04/16 15: 45: 10 | E ntse e sebetsana: Acl Safe_ports port 488 # gss-http 2017/04/16 15: 45: 10 | E ntse e sebetsana: Acl Safe_ports port 591 # filemaker 2017/04/16 15: 45: 10 | E ntse e sebetsana: Acl Safe_ports port 777 # multiling http 2017/04/16 15: 45: 10 | Ho sebetsana: mokhoa oa acl CONNECT CONNECT 2017/04/16 15: 45: 10 | E ntse e sebetsana: http_access deni! Safe_ports 2017/04/16 15: 45: 10 | E ntse e sebetsana: http_access e hana CONNECT! SSL_ports 2017/04/16 15: 45: 10 | E ntse e sebetsana: http_access lumella mookameli oa localhost 2017/04/16 15: 45: 10 | Ts'ebetso: http_access hana mookameli 2017/04/16 15: 45: 10 | E ntse e sebetsana: http_access hana ho_localhost 2017/04/16 15: 45: 10 | E ntse e sebetsana: auth_param basic program / usr / lib64 / squid / basic_pam_auth 2017/04/16 15: 45: 10 | Ho sebetsana: auth_param bana ba mantlha 5 2017/04/16 15: 45: 10 | Ts'ebetso: sebaka sa motheo sa auth_param ho tsoa linux.fan 2017/04/16 15: 45: 10 | E ntse e sebetsa: auth_param basic credentialsttl lihora tse 2 2017/04/16 15: 45: 10 | E ntse e sebetsana: auth_param linyeoe tsa mantlha tse sa utloeng bohloko ka 2017/04/16 15: 45: 10 | Ts'ebetso: acl Ba chesehelang proxy_auth BA HLOKA 2017/04/16 15: 45: 10 | E ntse e sebetsana: Baithaopi 2017/04/16 15: 45: 10 | E ntse e sebetsana: acl ftp proto FTP 2017/04/16 15: 45: 10 | E ntse e sebetsana: http_access lumella ftp 2017/04/16 15: 45: 10 | Tlhahlobo: http_access e lumella localnet 2017/04/16 15: 45: 10 | Tlhahlobo: http_access e lumella localhost 2017/04/16 15: 45: 10 | Tlhahlobo: http_access e hana tsohle 2017/04/16 15: 45: 10 | E ntse e sebetsa: http_port 3128 2017/04/16 15: 45: 10 | E ntse e sebetsana: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | E ntse e sebetsana: refresh_pattern ^ ftp: 1440 20% 10080 2017/04/16 15: 45: 10 | E ntse e sebetsana: refresh_pattern ^ gopher: 1440 0% 1440 2017/04/16 15: 45: 10 | E ntse e sebetsana: refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 2017/04/16 15: 45: 10 | Tlhahlobo: refresh_pattern. 

Re fetola tumello ho / usr / lib64 / squid / basic_pam_auth

[motso @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

Re theha sesebelisoa sa cache

# Feela haeba ... [root @ linuxbox ~] # service squid stop
E fetisetsa ho / bin / systemctl stop squid.service

[motso @ linuxbox ~] # squid -z
[motso @ linuxbox ~] # 2017/04/16 15:48:28 kid1 | Beha Directory ea Hajoale ho / var / spool / squid 2017/04/16 15:48:28 kid1 | Ho theha lits'oants'o tsa li-swap tse lahlehileng 2017/04/16 15:48:28 kid1 | / var / spool / squid e teng 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ho etsa li-directory ho / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ho etsa li-directory ho / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ho etsa li-directory ho / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ho etsa li-directory ho / var / spool / squid / 0F

Hona joale, haeba ho nka nakoana ho khutlisa taelo ea taelo - e neng e sa khutlisoe ho nna - tobetsa Enter.

[root @ linuxbox ~] # squid service e qala
[root @ linuxbox ~] # tšebeletso ea squid e qala bocha
[motso @ linuxbox ~] boemo ba squid ba #
E fetisetsa ho / bin / systemctl status squid.service ● tšebeletso ea squid - projeke ea caching e laetsoeng: imetsoeng (/usr/lib/systemd/system/squid.service; e holofetse; setlhophiso sa barekisi: e holofetse) E sebetsa: e sebetsa (e ntse e sebetsa) ho tloha ka dom 2017-04-16 15:57:27 EDT; 1s e fetileng Tshebetso: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Tshebetso: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (khoutu Tsamaiso: 0 ExecStartPre = / usr / libexec / squid / cache_swap.sh (code = exited, status = 2868 / SUCCESS) Main PID: 0 (squid) CGroup: /system.slice/squid .service └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 2876 16:15:57 linuxbox systemd [27]: Ho qala proxy ea caching ea squid ... Apr 1 16:15:57 linuxbox systemd [27]: Moemeli oa "cache" o qalileng La 1 16:15:57 linuxbox squid [27]: Squid Parent: e tla qala bana ba 2876 ka la 1 16:15:57 linuxbox squid [27]: Squid Parent: (squid-2876) process 1 ... ed Apr 2878 16 : 15: 57 linuxbox squid [27]: Squid Parent: (squid-2876) process 1 ... 2878 Tlhahiso: Litsela tse ling li ile tsa tlosoa, tsa sebelisoa -l ho bontša ka botlalo

[root @ linuxbox ~] # katse / var / log / melaetsa | squrep ea grep

Litokiso tsa firewall

Re tlameha hape ho bula sebakeng sa «Link"likoung 80HTTP y 443 HTTPS kahoo Squid e khona ho buisana le inthanete.

[root @ linuxbox ~] # firewall-cmd -zone = kantle --add-port = 80 / tcp - e sa feleng
lebisang katlehong
[root @ linuxbox ~] # firewall-cmd -zone = kantle --add-port = 443 / tcp - e sa feleng
lebisang katlehong
[motso @ linuxbox ~] # firewall-cmd -reload
lebisang katlehong
[root @ linuxbox ~] # firewall-cmd --info-zone kantle
sepheo sa kantle (se sebetsang): icmp-block-inversion ea kamehla: ha ho na li-interface: mehloli ea ens34: lits'ebeletso: likoung tsa dns: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  liprothokhole: masquerade: e likepe tsa pele: li-sourceports: li-icmp-block: parameter-bothata bo tataisang router-papatso ea ho kopa mohloli-thima melao e metle:
  • Ha ho botsoa ho ea ts'ebelisong ea litšoantšo «Litlhophiso tsa Firewall»Mme o shebe hore likou tsa 443 tcp, 80 tcp, 53 tcp, le 53 udp li bulehetse sebaka seo«Link«, Le hore HA RE ETSE ts'ebeletso efe kapa efe bakeng sa hae.

Tlhokomeliso ho basic_pam_auth helper program

Haeba re sheba bukana ea sesebelisoa sena ka motho basic_pam_auth Re tla bala hore mongoli ka boeena o etsa tlhahiso e matla ea hore lenaneo le fallisetsoe bukaneng moo basebelisi ba tloaelehileng ba se nang tumello e lekaneng ea ho fihlella sesebelisoa.

Ka lehlakoreng le leng, hoa tsebahala hore ka leano lena la tumello, mangolo a netefatso a tsamaea ka mongolo o hlakileng mme ha ho bolokehe bakeng sa libaka tse mabifi, bala marang-rang a bulehileng.

Jeff Yestrumskas nehela sengoloa «How-to: Ho theha proxy ea websaete e sireletsehileng u sebelisa SSL encryption, Squid Caching Proxy le PAM netefatso»Ho taba ea ts'ireletso e ntseng e eketseha ka morero ona oa netefatso hore o tle o sebelisoe marangrang a bulehileng a bora.

Re kenya httpd

E le mokhoa oa ho lekola ts'ebetso ea Squid - mme ka mokhoa o ts'oanang le oa Dnsmasq- re tla kenya ts'ebeletso httpd -Apache web server- e sa hlokeng ho etsoa. Faeleng e amanang le Dnsmasq / joalo-joalo / banner_add_hosts Re phatlalatsa libaka tseo re batlang ho li thibeloa, 'me re li fa aterese e tšoanang ea IP eo ba nang le eona lebokose la linux. Kahoo, haeba re kopa ho fihlella efe kapa efe ea libaka tsena tsa marang-rang, leqephe la lehae la httpd.

[root @ linuxbox ~] # yum kenya httpd [root @ linuxbox ~] # systemctl e nolofalletsa httpd
E thehile symlink ho tloha /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[motso @ linuxbox ~] # systemctl qala httpd

[motso @ linuxbox ~] # systemctl boemo ba httpd
● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; e nolofalitsoe; morekisi o behiloe esale pele: o holofetse) E sebetsa: e sebetsa (e ntse e sebetsa) ho tloha ka Sun 2017-04-16 16:41: 35 EDT; 5s ago Docs: man: httpd (8) man: apachectl (8) Main PID: 2275 (httpd) Boemo: "Ho sebetsana le likopo ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND / usr / sbin / httpd -DFOREGROUND Apr 2280 16:16:41 linuxbox systemd [35]: Ho qala Apache HTTP Server ... Apr 1 16:16:41 linuxbox systemd [35]: E qalile Apache HTTP Server.

SELinux le Apache

Apache e na le maano a 'maloa ao u lokelang ho a hlophisa ka har'a maemo a SELinux.

[motso @ linuxbox ~] # getsebool -a | grep httpd
httpd_anon_write -> theoha httpd_builtin_scripting -> ka httpd_can_check_spam -> theoha httpd_can_connect_ftp -> theoha httpd_can_connect_ldap -> theoha httpd_can_connect_mythtv -> theoha httpd_can_connect off_zabbix -> theoha httpd_can_connect_zabbix_workb_workb_workd_connect_workbconnect off_workbwork_ httpd_can_network_memcache -> theoha httpd_can_network_relay -> theoha httpd_can_sendmail -> theoha httpd_dbus_avahi -> theoha httpd_dbus_sssd -> theoha httpd_dontaudit_search_dirs -> theoha httpd_enable_cgi -> httpd_enable_offmirs -> httpd_enable_enable offpd_server_offmirs -> httpd_enablem offpd_server_enable_cgi -> offhpd_enablem theoha httpd_graceful_shutdown -> ka httpd_manage_ipa -> theoha httpd_mod_auth_ntlm_winbind -> theoha httpd_mod_auth_pam -> theoha httpd_read_user_content -> theoha httpd_run_ipa -> theoha httpd_run_preupgrade -> theoha httpd_runcobshift offlimerfift_runco_stick> tima httpd_runco ​​offlimift offlimift_runco_stick> tima httpd_ssi_exec -> tima httpd_sys_script_anon_write -> tima httpd_tmp_exec -> tima httpd_tty_comm - > tima httpd_unified -> tima httpd_use_cifs -> tima httpd_use_fusefs -> tima httpd_use_gpg -> tima httpd_use_nfs -> tima httpd_use_openstack -> tima httpd_use_sasl -> tima httpd_verify_dns -> tima

Re tla hlophisa tse latelang feela:

Romella lengolo-tsoibila ka Apache

motso @ linuxbox ~] # setsebool -P httpd_can_sendmail 1

Lumella Apache ho bala se ka hare ho li-directory tsa malapa tsa basebelisi ba lehae

motso @ linuxbox ~] # setsebool -P httpd_read_user_content 1

Lumella ho tsamaisa ka FTP kapa FTPS sesebelisoa sefe kapa sefe se laoloang ke
Apache kapa lumella Apache hore e sebetse e le seva sa FTP se mamelang likopo ka sekepe sa FTP

[motso @ linuxbox ~] # setsebool -P httpd_enable_ftp_server 1

Bakeng sa tlhaiso-leseling e batsi, ka kopo bala Tlhophiso ea Linux Server.

Re lekola Bopaki

E sala feela ho bula sebatli setsing sa mosebetsi le ntlha, mohlala, ho http://windowsupdate.com. Re tla netefatsa hore kopo e fetiselitsoe ka nepo ho leqephe la lehae la Apache ka linuxbox. Ebile, lebitso lefe kapa lefe la sebaka sa marang-rang le phatlalalitsoeng faeleng / joalo-joalo / banner_add_hosts o tla fetisetsoa ho leqephe le le leng.

Litšoantšo tse qetellong ea sengoloa lia paka.

Tsamaiso ea Basebelisi

Re e etsa re sebelisa sesebelisoa se hlakileng «Tsamaiso ea mosebelisi»Eo re e fihlelang ka har'a menyu Sisteme -> Tsamaiso -> Tsamaiso ea mosebelisi. Nako le nako ha re eketsa mosebelisi e mocha, folda ea eona ea etsoa / lapeng / mosebelisi ka bohona.

 

Backups

Bareki ba Linux

O hloka feela sebatli se tloaelehileng sa faele mme o bontshe hore o batla ho hokela, ka mohlala: ssh: // buzz @ linuxbox / home / buzz mme kamora ho kenya phasewete, bukana e tla bontšoa lapeng ea mosebelisi Buzz.

Bareki ba Windows

Ho bareki ba Windows, re sebelisa sesebelisoa WinSCP. Ha re se re e kentse, re e sebelisa ka tsela e latelang:

 

 

E bonolo, na?

Kakaretso

Re bone hore ho a khonahala ho sebelisa PAM ho netefatsa lits'ebeletso marang-rang a manyane le tikolohong e laoloang e ikarotseng matsohong a hackers. Sena se bakoa haholo ke hore mangolo a netefatso a tsamaea ka mongolo o hlakileng mme ka hona ha se leano la netefatso le ka sebelisoang marang-rang a bulehileng joalo ka boema-fofane, marang-rang a Wi-Fi, jj. Leha ho le joalo, ke mokhoa o bonolo oa tumello, o bonolo ho o sebelisa le ho o hlophisa.

Ho batlisitsoe mehloli

Mofuta oa PDF

Khoasolla mofuta oa PDF mona.

Ho fihlela sengoloeng se latelang!


Litaba tsa sengoloa sena li latela melao-motheo ea rona ea melao ea boitšoaro ea bongoli. Ho tlaleha phoso tlanya mona.

Maikutlo a 9, siea ea hau

Siea maikutlo a hau

aterese ya hao ya imeile ke ke ho phatlalatswa.

*

*

  1. E ikarabella bakeng sa data: Miguel Ángel Gatón
  2. Morero oa data: Laola SPAM, tsamaiso ea maikutlo.
  3. Molao: Tumello ea hau
  4. Puisano ea data: Lintlha li ke ke tsa tsebisoa batho ba boraro ntle le ka tlamo ea molao.
  5. Polokelo ea data: Database e hapiloeng ke Occentus Networks (EU)
  6. Litokelo: Nako efe kapa efe o ka fokotsa, oa hlaphoheloa mme oa hlakola tlhaiso-leseling ea hau.

  1.   NauTiluS a re

    Mosebetsi o moholo o folisitsoe Monghali Fico. Ke leboha ho arolelana tsebo ea hau.

  2.   mokholutsoane a re

    Kea tseba hore ho thata hakae ho kopanya sengoloa se nang le lintlha tse ngata joalo, ka liteko tse hlakileng tse hlakileng mme ka holim'a tsohle ka mehopolo le maano a lumellanang le maemo. Ke mpa ke rola katiba ea ka lebenyane lena la menehelo, ke leboha haholo Fico ka mosebetsi o motle hakana.

    Ha ke so ka ke kopanya squid le pam netefatso empa ke ea hole kamoo nka khonang ho etsa tloaelo ena ho laboratori ea ka ... Go haka le ho tsoela pele !!

  3.   federico a re

    NaTiluS: Ke leboha haholo ka maikutlo le tekolo ea hau.
    Lizard: Le uena, ke leboha haholo ka maikutlo le tekolo ea hau.

    Nako le boiteko bo nehetsoeng ho etsa lingoloa tse kang ena li putsoa feela ka ho bala le ho fana ka maikutlo ho tsoa ho ba etelang sechaba sa FromLinux. Ke tšepa hore e tla u thusa mosebetsing oa hau oa letsatsi le letsatsi.
    Re ntse re tsoela pele!

  4.   E sa tsejoe a re

    Monehelo o hlollang oa moahi !!!! Ke balile sengoloa ka seng sa hau mme nka re esita le motho ea se nang tsebo e tsoetseng pele ho Free Software (joalo ka nna) a ka latela sengoloa sena se setle ka mohato. Ka litumeliso !!!!

  5.   IWO a re

    Ke leboha Fico ka sengoloa sena se seng se seholo; Joalokaha eka ha ea lekana ka lipapatso tsohle tse seng li phatlalalitsoe, ho sena re na le ts'ebeletso eo pele e neng e sa koaheloa ke PYMES Series mme e bohlokoa haholo: "SQUID" kapa Proxy ea LAN. Ha ho letho leo ho rona lelapa la ba nahanang hore re "sysadmins" le nang le lisebelisoa tse ling tse ntle tsa ho ithuta le ho tebisa tsebo ea rona.

  6.   federico a re

    Kea le leboha ka maikutlo a lona kaofela. Sengoloa se latelang se tla sebetsana le seva sa puisano sa Prosody ka netefatso khahlano le lintlha tsa lehae (PAM) ka Cyrus-SASL, mme ts'ebeletso eo e tla kenngwa tšebetsong ho seva sona seo.

  7.   KenPachiRo17 a re

    Ka nako e ntle monna oa naha !!!! Tlatsetso e kholo esita le bakeng sa ba tšoanang le nna ba se nang tsebo e kholo ka Free Software ba rata ho ithuta ka lingoliloeng tse ntle joaloka ena. Ke ntse ke latela menehelo ea hau mme ke kopa ho tseba hore na ke sehlooho sefe seo u ka nkhothaletsa ho qala letotong lena la li-SME Networks, kaha esale ke bala ka mokhoa o sa laoleheng mme ke nahana hore e na le litaba tsa bohlokoa tse ngata tseo ke sa li hlokeng. dintlha ka botlalo. Ntle ho moo, litumeliso mme e se eka tsebo e arolelanoeng hammoho le Software e ka lula e lokolohile !!

    1.    federico a re

      Lumela monna oa heso !!!. Ke khothaletsa hore o qale qalong, hore leha ho ka bonahala e le tsela e telele, ke tsela e khuts'oane ho feta hore e se ke ea lahleha. Lenaneng -e sa ntlafatsoeng le lingoloa tse peli tsa ho qetela- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, re thehile tatellano ea ho bala e khothalelitsoeng, e qalang ka mokhoa oa ho etsa my Sebaka sa mosebetsi, e ntse e tsoela pele ka lipehelo tse 'maloa tse nehetsoeng molemong oa taba Khokahano, latela ka enfelopo e 'maloa TLAMA, Isc-Dhcp-Server, le Dnsmasq, joalo-joalo ho fihlela re fihla karolong ea ts'ebetsong ea ts'ebeletso bakeng sa marang-rang a SME, e leng moo re leng hona joale. Ke tšepa hore e tla u thusa.

      1.    KenPachiRo17 a re

        Ho tla ba joalo !!!! Hang-hang ke qala ka letoto la lihlooho ho tloha qalong 'me ke lebeletse lihlooho tse ncha. Ka litumeliso !!!!

bool('nete)