Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
umbhali: UFederico Antonio Valdes Toujague
Eli nqaku kukuqhubeka kwe:
Molweni zihlobo nabahlobo!
Iqela Abathandekayo uthenge igama le-intanethi desdelinux.umlandeli kuMboneleli weeNkonzo zeIntanethi okanye ISP. Njengenxalenye yokufumana, babuza i-ISP yabo ukuba ibandakanye zonke iirekhodi ze-DNS eziyimfuneko ukuze imibuzo efanelekileyo malunga nesizinda sabo isonjululwe kwi-Intanethi.
Bacele nokuba iirekhodi ze-SRV zibandakanywe malunga XMPP kuba baceba ukufakela iseva yemiyalezo yangoko ngokusekwe Inkqubo eya kuthi ijoyine umanyano olukhoyo lweeseva zeXMMP ezifanelekileyo kwi-Intanethi.
- Eyona njongo iphambili kweli nqaku kukubonisa ukuba singazibonisa njani iirekhodi ze-SRV ezinxulumene nenkonzo yemiyalezo ekhawulezileyo yeXMPP kwifayile yendawo ye-DNS..
- Ukufakwa kwefayile ye- Ukuhlaselwa Ngonxibelelwano olunye lwenethiwekhi inokusebenzela abo bathatha isigqibo sokufaka iserver ngolu hlobo ukulawula indawo ye-DNS ethunyelweyo. Ukuba loo seva inxibelelana ne-Enterprise LAN ukongeza kwi-Intanethi, kuseto oluyimfuneko kufuneka lwenziwe kusetyenziswa iindlela ezimbini zonxibelelwano.
Isiseko seseva
Siza kufaka i-NSD enegunya le-DNS UDebian "uJessie". Le yiseva yengcambu ye "fan." Iiparameter eziphambili zeseva zezi:
Igama: ns.fan Idilesi ye-IP: 172.16.10.30 (Imeyile ikhuselwe): # # igama lenginginya ns ingcambu @ ns: ~ # igama lomncedisi -fqdn ns.fan ingcambu @ ns: ~ # ip addr show 1: yintoni: umntu 65536 qdisc noqueue state UNKNOWN group default default / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1/128 umda wokubamba esebenzayo_lft ngonaphakade ukhetha_lft ngonaphakade 2: eth0: umntu 1500 qdisc pfifo_fast state UP iqela elingagqibekanga qlen 1000 ikhonkco / ether 00: 0c: 29: dc: d7: 1b brd ff: ff: ff: ff: ff: ff inet 172.16.10.30/24 brd 172.16.10.255 ububanzi be-eth0 valid_lft ngonaphakade okhethwayo_lft ngonaphakade inet6 fe80 :: 20c: 29ff: fedc: d71b / 64 scope link valid_lft forever preferred_lft forever
Ukuhlaselwa
Ngaphambi kokuba uhambe nenkonzo kwi-WWW Village, kulungile kakhulu ukukhusela iserver kunye neenkonzo ezibonelela ngeFirewall enamandla -Router. I-Shorewall kulula ukuyilungiselela kwaye lukhetho olukhuselekileyo lokuzikhusela.
- Uqwalaselo oluchanekileyo nolugqibeleleyo lweFirewall ngumsebenzi weengcali okanye iingcali, esingeyiyo. Sinikezela kuphela ngesikhokelo soqwalaselo oluncinci kunye nokusebenza.
Sifaka iphakheji yokhuseleko kunye namaxwebhu ayo.
ingcambu @ ns: ~ # aptitude show shorewall
Iphakheji: umhlana omtsha: ewe Imeko: ayifakwanga
Inguqulelo: 4.6.4.3-2
ingcambu @ ns: ~ # aptitude install shorewall shorewall-doc
Uxwebhu
Uya kufumana amaxwebhu amaninzi kwiifolda:
- / usr / isabelo / i-doc / shorewall
- / usr / share / doc / shorewall / imizekelo
- / usr / isabelo / i-doc / shorewall-doc / html
Silungiselela ujongano lwenethiwekhi
(Imeyile ikhuselwe): ~ # cp / usr / share / doc / shorewall / imizekelo / ujongano olunye / ujongano \ / njl / shorewall / ingcambu @ ns: ~ # nano / njl / shorewall / ujongano #ZONE INTERFACE OPTIONS net eth0 tcpflags, logmartians, nosmurfs, sourceroute = 0
Sibhengeza imimandla ye-firewall
(Imeyile ikhuselwe): ~ # cp / usr / share / doc / shorewall / imizekelo / ujongano olunye / imimandla / njl / shorewall / ingcambu @ ns: ~ # nano / etc / shorewall / zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4
Imigaqo-nkqubo emiselweyo yokufikelela kwi-firewall
(Imeyile ikhuselwe): ~ # cp / usr / share / doc / shorewall / imizekelo / ujongano olunye / umgaqo-nkqubo
/ njl / shorewall /
ingcambu @ ns: ~ # nano / etc / shorewall / policy
#SOURCE DEST UMGAQO-NKQUBO WENKQUBO YOKUGQIBELA: BURST $ FW net Yamkela
net zonke iinkcukacha ze-DROP
# UMGAQO-NKQUBO OLANDELAYO KUFUNEKA UGQIBELELE lonke ulwazi Lokwala
Imigaqo yokufikelela kwi-firewall
(Imeyile ikhuselwe): ~ # cp / usr / share / doc / shorewall / imizekelo / ujongano olunye / imigaqo
/ njl / shorewall /
ingcambu @ ns: ~ # nano / etc / shorewall / rules
#I-SOURCE SESTCE DEST PROTO DEST SOURCE UMTHETHO WOKUSETYENZISWA KOMSEBENZI / AMANQAKU CON # $ IZIBUKO (S) IQELA LOMDA WOKUGQIBELA? ICANDELO LONKE? ICANDELO LIMISELWE? ICANDELO LINXULUMENE? Iipakethi zikwimeko engavumelekanga (DROP) net $ FW tcp # Drop Ping from the "bad" inethi zone .. kwaye uthintele ilog yakho ukuba ingakhukuliseki .. # Lahla iPing kwindawo "embi" yomnatha. # Thintela isikhukula senkqubo yenkqubo (/ var / log / syslog) Ping (DROP) net $ FW # Vumela yonke i-ICMP traffic ukusuka kwi-firewall ukuya kwindawo yomnatha # Vumela zonke i-ICMP traffic ukusuka kwi-firewall ukuya kummandla inethi. Yamkela i-icmp net
# Imithetho yakho # Ukufikelela ngeSSH kwiikhompyuter ezimbini
I-SSH / YAMKELA umnatha: 172.16.10.1,172.16.10.10 $ FW tcp 22
# Vumela ukugcwala kumazibuko angama-53 / tcp kunye nama-53 / udp
YAMKELA umnatha $ FW tcp 53
YAMKELA umnatha $ FW udp 53
Sijonga i-syntax yeefayile zoqwalaselo
(Imeyile ikhuselwe): ~ # shorewall check
Kukhangelwa ... kuyenziwa / njl / shorewall / params ... Kuqhubekeka / njl / shorewall / shorewall.conf ... Kulayishwa iimodyuli ... Ukujonga / njl / shorewall / imimandla ... Ukujonga / njl / shorewall / ujongano .. Ukuchongwa kweMikhosi kwiZowuni ... Ukufumana iiFayile zeNtshukumo ... Ukujonga / njl / shorewall / umgaqo-nkqubo ... Ukongeza iMithetho yokuNqanda iscurf Ukujonga ukuhluza iiFlegi zeTCP ... Ukujonga ukuCoca indlela yeKernel ... Yamkela ukuHanjiswa koMthombo ... Ukujonga ukufakwa kwe-MAC-Isigaba soku-1 ... Ukujonga / njlnjl / shorewall / imigaqo ... Ukujonga / njlnjl / shorewall / conntrack ... Ukujonga ukufakwa kwe-MAC-Isigaba sesi-2. Ukukhangela /usr/share/shorewall/action.Ukuncitshiswa kwetyathanga ... Jonga / usr/share/shorewall/action.Ukusasazwa kwetyathanga losasazo ...
ingcambu @ ns: ~ # nano / etc / default / shorewall
# thintela ukuqala ngokuseta okungagqibekanga # cwangcisa oku kulandelayo ku-1 ukuze uvumele uShorewall ukuba aqale
ukuqalisa =1
------
ingcambu @ ns: ~ # inkonzo shorewall start
ingcambu @ ns: ~ # inkonzo sho shoallall restart
ingcambu @ ns: ~ # inkonzo sho shoallall status
● shorewall.service - LSB: Qwalasela i-firewall ngexesha lokulayisha lilayishiwe: lilayishiwe (/etc/init.d/shorewall) Iyasebenza: iyasebenza (iphumile) ukusukela ngeLanga 2017-04-30 16:02:24 EDT; Inkqubo engama-31 edluleyo: 2707 ExecStop = / etc / init.d / shorewall stop (code = exited, status = 0 / SUCCESS) Inkqubo: 2777 ExecStart = / etc / init.d / shorewall start (code = exited, status = 0 / IMPUMELELO)
Kufundisa kakhulu ukufunda ngononophelo iziphumo zomyalelo iiptables -L ngakumbi ngokubhekisele kwimigaqo-nkqubo emiselweyo ye-INPUT, PHAMBILI, ISIPHUMO, kunye naleyo iyalayo ngafuni i-Firewall yokukhusela kuhlaselo lwangaphandle. Ubuncinci, iya kwi-Intanethi ngokhuseleko oluncinci, akunjalo? 😉
ingcambu @ ns: ~ # iptables -L
I-NSD
ingcambu @ ns: ~ # ubuchule bokubonisa nsd
Iphakheji: nsd Entsha: ewe Imeko: ifakwe ifakwe ngokuzenzekelayo: hayi
Inguqulelo: 4.1.0-3
ingcambu @ ns: ~ # ukufaneleka ukufaka nsd
ingcambu @ ns: ~ # ls / usr / share / doc / nsd /
contrib changelog.Debian.gz NSD-DIFFFILE REQUIREMENTS.gz imizekelo changelog.gz NSD-FOR-BIND-USERS.gz TODO.gz copyright copyright.pdf.gz README.gz UKUPHUHLISWA KWEZIKREDITI ZE-NSD-DATABASE RELNOTES.gz
ingcambu @ ns: ~ # nano /etc/nsd/nsd.conf
# Ifayile yoqwalaselo ye-NSD yeDebian. # Jonga i-nsd.conf (5) iphepha lomntu.
# Bona /usr/share/doc/nsd/examples/nsd.conf yokuphawula
# ireferensi yoqwalaselo lwefayile.
# Lo mgca ulandelayo ubandakanya iifayile zoqwalaselo ezongezelelweyo ezivela kulawulo lwe- # /etc/nsd/nsd.conf.d. # ISILUMKISO: Isimbo sehlabathi asisebenzi okwangoku ... # zibandakanya: "/etc/nsd/nsd.conf.d/*.conf" server: logfile: "/var/log/nsd.log" ip-address : 172.16.10.30 # mamela kuqhagamshelo lwe-IPv4 do-ip4: ewe # mamela kuqhagamshelo lwe-IPv6 do-ip6: akukho # zibuko lokuphendula imibuzo. okungagqibekanga ngu-53. izibuko: igama lomsebenzisi elingama-53: nsd # Kwiindawo, ukubonelela-xfr ukhetho ku # axfr ukujonga indawo: igama: fan zonefile: /etc/nsd/fan.zone zone: name: desdelinux.umlandeli
ifayile yendawo: /etc/nsd/desdelinux.fan.zone provide-xfr: 172.16.10.250 NOKEY zone: igama: 10.16.172.in- kongeza.arpa
indawo yefayile: /etc/nsd/10.16.172.arpa.zone ukubonelela-xfr: 172.16.10.250 Indawo ye-NOKEY: igama: swl.fan zonefile: /etc/nsd/swl.fan.zone zone: name: debian.fan zonefile: /etc/nsd/debian.fan.zone zone: name: centos.fan zonefile: /etc/nsd/centos.fan.zone zone: name: freebsd.fan zonefile: /etc/nsd/freebsd.fan.zone
ingcambu @ ns: ~ # nsd-checkconf /etc/nsd/nsd.conf
ingcambu @ ns: ~ #
Senza iifayile zeZowuni
Indawo yengcambu «umlandeli.»Okumiselweyo apha ngezantsi KUVAVANYO KUPHELA kwaye akufuneki kuthathwe njengomzekelo. Asingabo abalawuli beeServer zeGama leDomain. 😉
ingcambu @ ns: ~ # nano /etc/nsd/fan.zone
$ UMDLALI fan. $ TTL 3H @ KWI-SOA ns.fan. ingcambu.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H) ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila; @ IN NS ns.fan. @ KWI-172.16.10.30; ns KWI-172.16.10.30
ingcambu @ ns: ~# nano /etc/nsd/desdelinux.indawo.yabalandeli
$ORIGIN desdelinux.umlandeli. $TTL 3H @ IN SOA nos.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. ( 1 ; uthotho 1D ; hlaziya 1H ; zama kwakhona 1W ; iphelelwa 3H); ubuncinane okanye ; Ixesha le-caching elibi lokuphila; @ KWI-NS ns.desdelinux.umlandeli. @ IN MX 10 email.desdelinux.umlandeli. @ KWI-TXT "v=spf1 a:imeyile.desdelinux.fan -konke" ; Bhalisa ukusombulula imibuzo yokwemba desdelinux.umlandeli @ IN A 172.16.10.10 ; ns IN A 172.16.10.30 iposi IN CNAME desdelinux.umlandeli. ncokola IN CNAME desdelinux.umlandeli. www IN CNAME desdelinux.umlandeli. ; ; Iirekhodi ze-SRV ezinxulumene ne-XMPP
_xmpp-server._tcp IN SRV 0 0 5269 desdelinux.umlandeli.
_xmpp-client._tcp IN SRV 0 0 5222 desdelinux.umlandeli.
_jabber._tcp KWI-SRV 0 0 5269 desdelinux.umlandeli.
ingcambu @ ns: ~ # nano /etc/nsd/10.16.172.arpa.zone
$ YOKUQALA 10.16.172.in-addr.arpa.
$TTL 3H @ IN SOA nos.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. ( 1 ; uthotho 1D ; hlaziya 1H ; zama kwakhona 1W ; iphelelwa 3H); ubuncinane okanye ; Ixesha le-caching elibi lokuphila; @ KWI-NS ns.desdelinux.umlandeli. ; 30 IN PTR iinombolo.desdelinux.umlandeli. 10 KWI-PTR desdelinux.umlandeli.
ingcambu @ ns:~# nsd-checkzone desdelinux.umlandeli /etc/nsd/desdelinux.indawo.yabalandeli
izowuni desdelinux.umlandeli ulungile
ingcambu @ ns: ~ # nsd-checkzone 10.16.172.in-addr.arpa /etc/nsd/10.16.172.arpa.zone
indawo ye-10.16.172.in-addr.arpa ilungile # Kwi-Debian, i-NSD iyayeka ukufakwa kwayo okwenziwe ngokungagqibekanga
ingcambu @ ns: ~ # systemctl qala kwakhona nsd
ingcambu @ ns: ~ # systemctl ubume nsd
● nsd.service-Name Server Daemon Loaded: loaded (/lib/systemd/system/nsd.service; yenziwe) Iyasebenza: iyasebenza (isebenza) ukusukela ngeLanga 2017-04-30 09:42:19 EDT; I-21min eyadlulayo iPID ephambili: 1230 (nsd) CGroup: /system.slice/nsd.service ├─1230 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf ├─1235 / usr / sbin / nsd - d -c /etc/nsd/nsd.conf -1249 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf
Ukukhangela kwiseva ye-ns.fan uqobo
ingcambu@ns:~#umamkeli desdelinux.umlandeli desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. ingcambu @ ns:~#i-hostmail.desdelinux.umlandeli imeyiledesdelinux.umlandeli sisibizo se desdelinux.umlandeli. desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. ingcambu @ ns:~#incoko yehostele.desdelinux.umlandeli incoko.desdelinux.umlandeli sisibizo se desdelinux.umlandeli. desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. ingcambu @ ns:~#host www.desdelinux.umlandeli www.desdelinux.umlandeli sisibizo se desdelinux.umlandeli. desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. ingcambu@ns:~# umamkeli ns.desdelinux.umlandeli thina.desdelinux.fan inedilesi 172.16.10.30 ingcambu @ ns: ~ # umgcini 172.16.10.30 30.10.16.172.in-addr.arpa igama lesizinda sesalathisi ns.desdelinux.umlandeli. ingcambu @ ns: ~ # umgcini 172.16.10.10 10.10.16.172.in-addr.arpa isalathisi segama lesizinda desdelinux.umlandeli. ingcambu @ ns: ~ # umphathi ns.fan ns.fan ineedilesi 172.16.10.30
Ukusonjululwa kwamagama kujongwa kwi-Intanethi
- Imibuzo eneenkcukacha ze-DNS ayinakuze ibe ninzi kakhulu, kuba ukusebenza ngokuchanekileyo kwesigqibo segama lendawo kuya kuxhomekeka kumgangatho omkhulu ekusebenzeni ngokuchanekileyo kwenethiwekhi.
Ukwenza imibuzo ye-DNS endiyiqhagamshele kwiswitshi sam - guqula test, ilaptop ene-IP 172.16.10.250 kunye nesango 172.16.10.1Idilesi ye-IP ehambelana nendawo endisebenza kuyo sysadmin.desdelinux.umlandeli njengoko yaziwa kumanqaku angaphambili.
isandra @ laptop: ~ $ sudo ip addr show 1: yintoni: umntu 16436 qdisc noqueue state UNKNOWN link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1: 8 inet 6/1 scope host lo inet128 :: 2/0 scope host valid_lft ngonaphakade ukhetha_lft ngonaphakade 1500: eth1000: umntu 00 qdisc pfifo_fast state UP qlen 17 ikhonkco / ether 42: 8: 85: 54e: 172.16.10.250: 24 brd ff: ff: ff: ff: ff: ff inet 172.16.10.255/0 brd 6 ububanzi be-eth80 inet217 fe42: : 8: 8554ff: fe64e: 3/0 umda wokudibanisa ikhonkco esebenzayo_lft ngonaphakade ukhetha_lft ngonaphakade 1500: wlan1000: umntu 00 qdisc noop state PHANTSI qlen 1 ikhonkco / ether 0: 88d: e09: 5: 4: d0 brd ff: ff: ff: ff: ff: ff 1500: pan0: umntu 67 qdisc noop state PHANTSI ikhonkco / ether de: 52b: 69: XNUMX: XNUMX: ad brd ff: ff: ff: ff: ff: ff isandra @ laptop: ~ $ sudo indlela -n Itafile yendlela ye-Kernel ye-IP Indawo ekuyiwa kuyo iSango leGenmask Iiflegi zeMetri yokusetyenziswa kwe-Iface 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 0 eth0 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0 Isandra @ laptop: ~ $ ikati /etc/resolv.conf nameserver 172.16.10.30 sandra@laptop:~$host desdelinux.umlandeli desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. Isandra @ laptop:~$i-hostmail.desdelinux.umlandeli imeyiledesdelinux.umlandeli sisibizo se desdelinux.umlandeli. desdelinux.fan inedilesi 172.16.10.10 desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. Isandra @ laptop:~$ umamkeli ns.desdelinux.umlandeli thina.desdelinux.fan inedilesi 172.16.10.30 isandra @ laptop: ~ $ umkhosi 172.16.10.30 30.10.16.172.in-addr.arpa igama lesizinda sesalathisi ns.desdelinux.umlandeli. Isandra @ laptop: ~ $ umkhosi 172.16.10.10 10.10.16.172.in-addr.arpa isalathisi segama lesizinda desdelinux.umlandeli. sandra@laptop:~$ umamkeli -t SRV _xmpp-server._tcp.desdelinux.umlandeli _xmpp-server._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5269 desdelinux.umlandeli. Isandra @ laptop:~$ umamkeli -t SRV _xmpp-client._tcp.desdelinux.umlandeli _xmpp-client._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5222 desdelinux.umlandeli. Isandra @ laptop:~$ umamkeli -t SRV _jabber._tcp.desdelinux.umlandeli _jabber._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5269 desdelinux.umlandeli. isandra @ laptop: ~ $ host -a fan. Ukuzama "fan" ;; - >> INTLOKO << - i-opcode: UMBUZO, ubume: NOERROR, id: 57542 ;; iiflegi: qr aa rd; UMBUZO: 1, IMPENDULO: 3, ICANDELO LOLAWULO: 0, OLONGEZELELWEYO: 1 ;; ICANDELO LOMBUZO: fan. NGAYiphi na ;; IMPENDULO ICANDELO: fan. I-10800 KWI-SOA ns.fan. ingcambu.fan. 1 86400 3600 604800 10800 fan. I-10800 kwi-NS ns.fan. fan. 10800 KWI-172.16.10.30 ;; ICANDELO OLONGEZIWEYO: ns.fan. 10800 KWI-172.16.10.30 Ifunyenwe i-byte ezili-111 ukusuka kwi-172.16.10.30 # 53 kwi-0 ms
- Sizimisele ngabom idilesi 172.16.10.250 Kwi-Laptop, ukujonga YONKE into ngombuzo we-DNS AXFR, kuba iiZones zilungiselelwe ukuvumela -ngaphandle kwegama eligqithisiweyo- olu hlobo lombuzo kule IP.
sandra@laptop:~$ dig desdelinux.umlandeli axfr
; <<>> DiG 9.9.5-9 + deb8u6-Debian <<>> desdelinux.umlandeli axfr ;; iinketho zehlabathi: +cmd
desdelinux.umlandeli. 10800 IN SOA iinombolo.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. 1 86400 3600 604800 10800
desdelinux.umlandeli. 10800 IN NS iinombolo.desdelinux.umlandeli.
desdelinux.umlandeli. 10800 IN MX 10 email.desdelinux.umlandeli.
desdelinux.umlandeli. 10800 KWI-TXT "v=spf1 a:imeyile.desdelinux.umlandeli-zonke"
desdelinux.umlandeli. 10800 IN A 172.16.10.10 _jabber._tcp.desdelinux.umlandeli. 10800 KWI-SRV 0 0 5269 desdelinux.umlandeli. _xmpp-umxhasi._tcp.desdelinux.umlandeli. 10800 KWI-SRV 0 0 5222 desdelinux.umlandeli. _xmpp-server._tcp.desdelinux.umlandeli. 10800 KWI-SRV 0 0 5269 desdelinux.umlandeli. ncokola.desdelinux.umlandeli. 10800 KWICNAME desdelinux.umlandeli. imeyile.desdelinux.umlandeli. 10800 KWICNAME desdelinux.umlandeli. ns.desdelinux.umlandeli. 10800 IN A 172.16.10.30 www.desdelinux.umlandeli. 10800 KWICNAME desdelinux.umlandeli.
desdelinux.umlandeli. 10800 IN SOA iinombolo.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; ixesha lombuzo: 0 msec ;; INKONZO: 172.16.10.30#53(172.16.10.30);; NINI: Sun Apr 30 10:37:10 EDT 2017 ;; XFR ubukhulu: 13 iirekhodi (imiyalezo 1, bytes 428)
isandra @ laptop: ~ $ dig 10.16.172.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> 10.16.172.in-addr.arpa axfr ;; iinketho zehlabathi: +cmd 10.16.172.in-addr.arpa. 10800 IN SOA iinombolo.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. 1 86400 3600 604800 10800 10.16.172.in-addr.arpa. 10800 IN NS iinombolo.desdelinux.umlandeli. 10.10.16.172.in-addr.arpa. 10800 KWI-PTR desdelinux.umlandeli. 30.10.16.172.in-addr.arpa. 10800 IN PTR iinombolo.desdelinux.umlandeli. 10.16.172.in-addr.arpa. 10800 IN SOA iinombolo.desdelinux.umlandeli. ingcambu.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; ixesha lombuzo: 0 msec ;; INKONZO: 172.16.10.30#53(172.16.10.30);; NINI: Sun Apr 30 10:37:27 EDT 2017 ;; XFR ubukhulu: 5 iirekhodi (imiyalezo 1, bytes 193)
Isandra @ laptop:~$ ping ns.desdelinux.umlandeli
PING iinombolo.desdelinux.umlandeli (172.16.10.30) 56(84) iibhayithi zedatha.
Imibuzo eyimfuneko ye-DNS iphendulwe ngokuchanekileyo. Sijonga ukuba iShorewall isebenza ngokuchanekileyo kwaye ayamkeli ping ukusuka kwiikhompyuter ezixhumeke kwi-Intanethi.
Isishwankathelo
- Sibonile ukuba siyifaka njani kwaye siyilungiselela njani-kunye nezinto ezisisiseko kunye nezona zincinci- iseva egunyazisiweyo ye-DNS esekwe kwi-NSD. Siqinisekisa ukuba i-syntax yeefayile zommandla iyafana kakhulu ne-BIND. Kwi-Intanethi kukho uncwadi olulungileyo nolugqibeleleyo kwi-NSD.
- Sadibana nenjongo yokubonisa isibhengezo seerekhodi ze-SRV ezinxulumene ne-XMPP.
- Sincedisa kufakelo kunye noqwalaselo oluncinci lwe-firewall esekwe eSrewsall.
Ukuhanjiswa okulandelayo
Prosody IM kunye nabasebenzisi bendawo.
Molo ekuseni zihlobo zoluntu lwe-linux isifundo esihle kakhulu ndizamile ukufaka i-dns kodwa ibanga ukuba lo myalelo awufumaneki ukuba kukho enye indlela yokubulela ngolwazi
Umbuzo?…. Ngaba awuzukusebenzisa i-SAMBA njengomlawuli wedomeyini kuthungelwano lwe-SME?
fracielarevalo: Qaphela ukuba inqaku lisekwe ekufakweni kwe-NSD kwinkqubo yokusebenza ye-Debian "uJessie", hayi kwi-CentOS.
UAlberto: Kuya kufuneka uhambe usuka kwizinto ezilula uye kwezixhakaxhaka. Emva kwexesha siza kubona iSamba 4 njenge-AD-DC, Oko kukuthi, uLawulo oluSebenzayo- uMlawuli weDomain. Umonde. Ndikucebisa ukuba ufunde inqaku elidlulileyo, ngakumbi umhlathi othi: Ngaba indlela yokuqinisekisa ekuzalweni kwe-ARPANET, i-Intanethi, kunye nezinye iiNethiwekhi zeNdawo yeWide okanye iiNethwekhi zeNgingqi esekwe kwi-LDAP, kwiNkonzo yeZikhombisi, okanye kwiMicrosoft LSASS, okanye kuVavanyo oluSebenzayo, okanye eKerberos? khankanya ezimbalwa.
Khumbula ukuba onke amanqaku ayadibana kwaye aluthotho. Andiqondi iluncedo konke konke ukuqala enye indlela ejikeleze, oko kukuthi, ukusuka kulawulo olusebenzayo kwaye ubuyele kwi-PAM. Njengoko uza kubona, iintlobo ezininzi zokungqinisisa ziphela nge-PAM kwidesktop yakho yeLinux. Izisombululo ezilula ezinje ngale siyigubungelayo nge-PAM kufanelekile ukuba zibhalwe. Ukuba injongo iyaqondwa, kufuneka ifundwe kwaye ifundwe.
Ndibulisile kwaye ndiyabulela kakhulu kuni nobabini ngokuthetha.
Elinye inqaku elibalaseleyo lombhali, njengesiqhelo kuhlala kukho into entsha kwaye iluncedo kakhulu kuthi abo bazicingela "njengee-sysadmins".
Nanga amanqaku am:
1- Ukusetyenziswa kwe-NSD endaweni YOKUBOPHA njengeseva ye-DNS egunyazisiweyo.
2- Faka kwifayile yendawo ye-DNS iirekhodi ze-SRV ezinxulumene nenkonzo yeMiyalezo yangoku ehambelana neXMPP
I-3- Sebenzisa iSwallwall Firewall ngonxibelelwano lwenethiwekhi.
Esi sithuba sisebenza "njengesiseko" kum (njengoko etshilo ngokuthozamileyo kwaye ngumnqweno wombhali kulo lonke uthotho lwe-SME) ukuba kwixesha elizayo ndibona isidingo sokuphumeza isisombululo esifanayo.
Iqela labathandi kwakhona liyasinceda ukuba sonyuse ulwazi lwethu kwindawo yenethiwekhi yee-SMEs. Ndiyabulela kakhulu ngegalelo elilungileyo, uluntu, mna kwaye ndicinga ukuba lininzi inani le-sysadmin enkosi ngegalelo elibaluleke kangaka ... Kwixesha elidlulileyo bendinobunye ubudlelwane kunye ne-shorewall, kodwa jonga kwimeko efanelekileyo Uyenzile into inzima kakhulu, olu luhlu lothungelwano lwee-SME nguvulindlela kumaxwebhu kwiindawo ezahlukeneyo ekufuneka zenziwe yi-sysadmin, ukuqonda ukuba uninzi lwamaxwebhu malunga noku ikwindawo yesiNgesi ...
Sukuma, Siyavuyisana kwaye siqhubeke !!!
ILagarto: Enkosi kakhulu ngengcaciso yakho nangombulelo. Ndizama ukunika kuthotho ubuncinci besiseko esifunwa yiSysadmin. Ewe, ukuzifundela kunye nomdla womntu ngamnye kwisihloko ngasinye esixoxwe ngaso kuya kuxhomekeka kwinqanaba.
Siyaqhubeka phambili !!!
Molo kuluntu lwe-linx;). Ndimtsha kwiOS.opte po ushiya iifestile kwixa elidlulileyo kwaye ndinomdla wokufunda kangangoko ndinako..inqaku elungileyo ..
Enkosi Ghost ngokujoyina uLuntu kunye nokuphawula