Ijeri Squid + PAM ni CentOS 7- Awọn nẹtiwọki SMB

Atọka gbogbogbo ti jara: Awọn nẹtiwọọki Kọmputa fun Awọn SME: Ifihan

Onkọwe: Federico Antonio Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico

Kaabo awọn ọrẹ ati ọrẹ!

Akọle ti nkan naa yẹ ki o ti jẹ: «MATE + NTP + Dnsmasq + Iṣẹ Ẹnubode + Apache + Squid pẹlu Ijeri PAM ni Centos 7 - Awọn Nẹtiwọọki SME«. Fun awọn idi ti o wulo a kikuru.

A tẹsiwaju pẹlu ijẹrisi si awọn olumulo agbegbe lori kọmputa Linux kan nipa lilo PAM, ati ni akoko yii a yoo rii bi a ṣe le pese iṣẹ Aṣoju pẹlu Squid fun nẹtiwọọki kekere ti awọn kọnputa, nipa lilo awọn iwe eri ijẹrisi ti o fipamọ sori kọnputa kanna nibiti olupin n ṣiṣẹ Ti ipilẹ aimọ.

Botilẹjẹpe a mọ pe o jẹ iṣe ti o wọpọ laye ode oni, lati jẹrisi awọn iṣẹ lodi si OpenLDAP, Server Hat's Server Hat 389, Microsoft Active Directory, ati bẹbẹ lọ, a ṣe akiyesi pe a gbọdọ kọkọ la awọn solusan ti o rọrun ati olowo poku, ati lẹhinna koju awọn ti o nira pupọ julọ. A gbagbọ pe a gbọdọ lọ lati rọrun si eka naa.

Atọka

Ipele

O jẹ agbari-kekere pẹlu awọn orisun inawo pupọ-igbẹhin si atilẹyin fun lilo Sọfitiwia ọfẹ ati pe o ti yan orukọ ti LatiLinux.Fan. Wọn jẹ oniruru Onitara OS CentOS ṣajọpọ ni ọfiisi kan. Wọn ra ibudo iṣẹ - kii ṣe olupin olupin - eyiti wọn yoo yà si sisẹ bi “olupin.”

Awọn ololufẹ ko ni oye ti o gbooro nipa bi wọn ṣe le ṣe olupin OpenLDAP kan tabi Samba 4 AD-DC kan, tabi wọn le fun ni aṣẹ lati fun iwe-aṣẹ Itọsọna Iroyin Microsoft kan. Sibẹsibẹ, fun iṣẹ ojoojumọ wọn wọn nilo awọn iṣẹ iraye si Intanẹẹti nipasẹ Aṣoju-lati ṣe lilọ kiri ayelujara iyara- ati aaye kan nibiti wọn le fipamọ awọn iwe iyebiye wọn julọ ati ṣiṣẹ bi awọn adakọ afẹyinti.

Wọn tun lo okeene lilo awọn ọna ṣiṣe Microsoft ti ofin gba, ṣugbọn fẹ lati yi wọn pada si Awọn ọna ṣiṣiṣẹ ti Linux, ti o bẹrẹ pẹlu “Olupin” wọn.

Wọn tun fẹ lati ni olupin meeli tiwọn lati di ominira - o kere ju lati ipilẹṣẹ - ti awọn iṣẹ bii Gmail, Yahoo, HotMail, ati bẹbẹ lọ, eyiti o jẹ eyiti wọn nlo lọwọlọwọ.

Awọn ofin ogiriina ati Awọn Ilana afisona ni iwaju Intanẹẹti yoo fi idi rẹ mulẹ ni ADSL Router ti ṣe adehun.

Wọn ko ni orukọ ijẹrisi gidi bi wọn ko ṣe nilo lati gbejade eyikeyi iṣẹ lori Intanẹẹti.

CentOS 7 bi olupin laisi GUI

A n bẹrẹ lati fifi sori ẹrọ tuntun ti olupin laisi wiwo ayaworan, ati aṣayan kan ti a yan lakoko ilana naa jẹ «Server Amayederun»Bi a ṣe rii ninu awọn nkan iṣaaju ninu jara.

Awọn eto ibẹrẹ

[root @ linuxbox ~] # ologbo / ati be be lo / orukọ olupin 
apoti Linux

[root @ linuxbox ~] # ologbo / ati be be lo / awọn ogun
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox

[gbongbo @ linuxbox ~] # orukọ olupin
apoti Linux

[gbongbo @ linuxbox ~] # orukọ olupin -f
linuxbox.fromlinux.fan

[gbongbo @ linuxbox ~] # ip addr list
[gbongbo @ linuxbox ~] # ifconfig -a
[gbongbo @ Linux_ ~] # ls / sys / kilasi / net /
ens32 ens34 wò

A mu Oluṣakoso Nẹtiwọọki mu

[root @ linuxbox ~] # systemctl da NetworkManager duro

[root @ linuxbox ~] # systemctl mu NetworkManager ṣiṣẹ

[root @ linuxbox ~] ipo # systemctl NetworkManager
● NetworkManager.service - Oluṣakoso Nẹtiwọọki Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/NetworkManager.service; alaabo; titojajajaja tẹlẹ: mu ṣiṣẹ) Ti n ṣiṣẹ: aisise (okú) Awọn iwe aṣẹ: eniyan: NetworkManager (8)

[gbongbo @ linuxbox ~] # ifconfig -a

A tunto awọn atọkun nẹtiwọọki

Ni wiwo Ens32 LAN ti sopọ si Nẹtiwọọki Inu

[root @ linuxbox ~] # nano / ati be be / sysconfig / awọn iwe afọwọkọ nẹtiwọọki / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
AYA = gbangba

[root @ linuxbox ~] # ifdown ens32 && ifup ens32

Ni wiwo Ens34 WAN ti sopọ si Intanẹẹti

[root @ linuxbox ~] # nano / ati be be / sysconfig / awọn iwe afọwọkọ nẹtiwọọki / ifcfg-ens34
ẸRỌ = ens34 ONBOOT = bẹẹni BOOTPROTO = aimi HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = ko si IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Olulana ADSL ti sopọ si # wiwo yii pẹlu # adirẹsi atẹle. IP GATEWAY = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
AYA = ita

[root @ linuxbox ~] # ifdown ens34 && ifup ens34

Iṣeto ni awọn ibi ipamọ

[root @ linuxbox ~] # cd /etc/yum.repos.d/
[root @ linuxbox ~] # atilẹba mkdir
[root @ linuxbox ~] # mv Centos- * atilẹba /

[root @ linuxbox ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[root @ linuxbox yum.repos.d] # yum nu gbogbo
Awọn afikun ti a kojọpọ: fastestmirror, langpacks Awọn ibi ipamọ afọmọ: Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Awọn imudojuiwọn-Repo Ninu ohun gbogbo N nu akojọ atokọ ti awọn digi to yara julọ
[root @ linuxbox yum.repos.d] imudojuiwọn # yum
Awọn afikun ti a kojọpọ: fastestmirror, langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 Epel-Repo | 4.3 kB 00:00 Media-Repo | 3.6 kB 00:00 Awọn imudojuiwọn-Repo | 3.4 kB 00:00 (1/9): Ipilẹ-Repo / group_gz | 155 kB 00:00 (2/9): Epel-Repo / ẹgbẹ_gz | 170 kB 00:00 (3/9): Media-Repo / ẹgbẹ_gz | 155 kB 00:00 (4/9): Epel-Repo / updateinfo | 734 kB 00:00 (5/9): Media-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Awọn imudojuiwọn-Repo / primary_db | 2.2 MB 00:00 (8/9): Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): Ipilẹ-Repo / primary_db | 5.6 MB 00:01 Ṣiṣe ipinnu awọn digi ti o yara julo Ko si awọn idii ti a samisi fun imudojuiwọn

Ifiranṣẹ naa "Ko si awọn idii ti o samisi fun imudojuiwọn»Ti han nitori lakoko fifi sori ẹrọ a kede awọn ibi ipamọ agbegbe kanna ti a ni ni wa.

Centos 7 pẹlu ayika tabili tabili MATE

Lati lo awọn irinṣẹ iṣakoso ti o dara pupọ pẹlu wiwo ayaworan ti CentOS / Red Hat fun wa, ati nitori a nigbagbogbo padanu GNOME2, a pinnu lati fi MATE sii bi ayika tabili tabili kan.

[gbongbo @ linuxbox ~] # yum ṣafikun "Eto Window X"
[gbongbo @ linuxbox ~] # yum ṣafikun "Ojú-iṣẹ MATE"

Lati ṣayẹwo pe MATE kojọpọ daradara, a ṣe pipaṣẹ wọnyi ni itọnisọna -olu tabi latọna jijin-:

[root @ linuxbox ~] # systemctl ya sọtọ graphical.target

ati pe ayika tabili yẹ ki o rù -lori ẹgbẹ agbegbe- laisiyonu, fifihan awọn lightdm bi wiwọle ayaworan. A tẹ orukọ olumulo ti agbegbe ati ọrọ igbaniwọle rẹ, ati pe a yoo tẹ MATE.

Lati sọ fun eto eto pe ipele bata aiyipada jẹ agbegbe 5 -awọn agbegbe- a ṣẹda ọna asopọ aami atẹle:

[root @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

A tun atunbere eto naa ati pe ohun gbogbo n ṣiṣẹ daradara.

A fi Iṣẹ Iṣẹ Aago fun Awọn nẹtiwọọki sii

[root @ linuxbox ~] # yum fi ntp sii

Lakoko fifi sori ẹrọ a tunto pe aago agbegbe yoo muuṣiṣẹpọ pẹlu olupin akoko ti ẹrọ sysadmin.fromlinux.fan pẹlu IP 192.168.10.1. Nitorinaa, a fi faili naa pamọ ntp.conf atilẹba nipasẹ:

[root @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original

Bayi, a ṣẹda tuntun kan pẹlu akoonu atẹle:

[root @ linuxbox ~] # nano /etc/ntp.conf # Awọn olupin ti tunto lakoko fifi sori ẹrọ: olupin 192.168.10.1 iburst # Fun alaye diẹ sii, wo awọn oju-iwe eniyan ti: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). driftfile / var / lib / ntp / fiseete # Gba amuṣiṣẹpọ laaye pẹlu orisun akoko, ṣugbọn kii ṣe # gba orisun laaye lati kan si tabi yipada iṣẹ yii ni ihamọ aiyipada nomodify notrap nopeer noquery # Gba gbogbo iraye si wiwo Loopback ni ihamọ 127.0.0.1 ni ihamọ :: 1 # Ni ihamọ kekere diẹ si awọn kọnputa lori nẹtiwọọki agbegbe. ni ihamọ 192.168.10.0 boju 255.255.255.0 nomodify notrap # Lo awọn olupin gbangba ti iṣẹ akanṣe pool.ntp.org # Ti o ba fẹ darapọ mọ ibẹwo iṣẹ naa # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # olupin olupin igbohunsafefe alabara # onibara igbohunsafefe # igbohunsafefe 224.0.1.1 autokey # olupin multicast #multicastclient 224.0.1.1 # alabara multicast #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254cast auto. 192.168.10.255 # Muu ṣiṣẹ cryptography ti gbogbo eniyan. #crypto includefile / etc / ntp / crypto / pw # Faili bọtini ti o ni awọn bọtini ati awọn idanimọ bọtini # ti a lo nigbati o n ṣiṣẹ pẹlu awọn bọtini cryptography bọtini isedogba / ati be be lo / ntp / awọn bọtini # Pato awọn idanimọ bọtini igbẹkẹle naa. #trustedkey 4 8 42 # Sọ pato idanimọ bọtini lati lo pẹlu iwulo ntpdc. #requestkey 8 # Sọ pato idanimọ bọtini lati lo pẹlu iwulo ntpq. #controlkey 8 # Jeki kikọ awọn iforukọsilẹ awọn iṣiro. #statistics clockstats cryptostats loopstats peerstats # Muu atẹle ipinya lati yago fun titobi ti # ku nipa lilo pipaṣẹ monlist ntpdc, nigbati aiyipada # ihamọ ko pẹlu asia ọsan. Ka CVE-2013-5211 # fun awọn alaye diẹ sii. # Akiyesi: Atẹle naa ko ni alaabo pẹlu asia ihamọ ihamọ. mu atẹle

A jẹki, bẹrẹ ati ṣayẹwo iṣẹ NTP

[gbongbo @ linuxbox ~] ipo # systemctl ntpd
Ntpd.service - Iṣẹ Aago Nẹtiwọọki Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/ntpd.service; alaabo; tito tẹlẹ ataja: alaabo) Ti n ṣiṣẹ: aisise (okú)

[root @ linuxbox ~] # systemctl jeki ntpd
Ti ṣẹda symlink lati /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[root @ linuxbox ~] # systemctl bẹrẹ ntpd
[gbongbo @ linuxbox ~] ipo # systemctl ntpd

[gbongbo @ linuxbox ~] ipo # systemctl ntpdntpd.service - Iṣẹ Aago Nẹtiwọọki
   Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/ntpd.service; mu ṣiṣẹ; tito tẹlẹ ataja: alaabo) Ti n ṣiṣẹ: nṣiṣe lọwọ (nṣiṣẹ) lati Ọjọ Ẹti 2017-04-14 15:51:08 EDT; Ilana 1s sẹhin: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ Awọn aṣayan (koodu = jade, ipo = 0 / SUCCESS) PID akọkọ: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp ati Ogiriina

[root @ linuxbox ~] # ogiriina-cmd - gbin-awọn agbegbe ti nṣiṣe lọwọ
ita
  awọn wiwo: ens34
àkọsílẹ
  awọn wiwo: ens32

[root @ linuxbox ~] # ogiriina-cmd --zone = gbangba --add-ibudo = 123 / udp --manu
aseyori
[root @ linuxbox ~] # ogiriina-cmd - ṣe igbasilẹ
aseyori

A mu ṣiṣẹ ati tunto Dnsmasq naa

Gẹgẹbi a ti rii ninu nkan ti tẹlẹ ninu jara Awọn nẹtiwọọki Iṣowo Kekere, Dnsamasq ti fi sori ẹrọ nipasẹ aiyipada lori Server Infrastructure CentOS 7 kan.

[gbongbo @ linuxbox ~] # systemctl ipo dnsmasq
Ns dnsmasq.service - olupin caching DNS. Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/dnsmasq.service; alaabo; tito tẹlẹ ataja: alaabo) Ti n ṣiṣẹ: aisise (okú)

[root @ linuxbox ~] # systemctl jeki dnsmasq
Ti ṣẹda symlink lati /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

[root @ linuxbox ~] # systemctl bẹrẹ dnsmasq
[gbongbo @ linuxbox ~] # systemctl ipo dnsmasq
Ns dnsmasq.service - olupin caching DNS. Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/dnsmasq.service; mu ṣiṣẹ; tito tẹlẹ ataja: alaabo) Ti n ṣiṣẹ: nṣiṣe lọwọ (nṣiṣẹ) lati Ọjọ Ẹti 2017-04-14 16:21:18 EDT; 4s sẹyin PID akọkọ: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[root @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

[root @ linuxbox ~] # nano /etc/dnsmasq.conf
# --------------------------------------------------------- ------------------ # Awọn aṣayan GENERAL # ---------------------------- -------------------------------------- agbegbe-nilo # Maṣe ṣe awọn orukọ laisi apakan ìkápá naa bogus-priv # Mase ṣe awọn adirẹsi ni aaye ti ko gbooro sii faagun-awọn ogun # Ṣafikun ibugbe ni adaṣe ni wiwo alejo = ens32 # Interface LAN ti o muna-aṣẹ # Bere fun eyiti o le beere faili /etc/resolv.conf conf-dir = / abbl. /dnsmasq.d domain = desdelinux.fan # Adirẹsi orukọ ase = / time.windows.com / 192.168.10.5 # Rán aṣayan ofo kan ti iye WPAD. Beere fun # Windos 7 ati awọn alabara nigbamii lati huwa daradara. ;-) dhcp-option = 252, "\ n" # Faili nibi ti a yoo sọ awọn HOSTS ti yoo "gbesele" addn-host = / etc / banner_add_hosts local = / desdelinux.fan / # ---------- —————————————————— ------- # REGISTROSCNAMEMXTXT # ----------------------------------------- --------------------------- # Iru iforukọsilẹ yii nilo titẹsi # ninu faili / ati be be lo / awọn ogun # apeere: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX RECORDS # Pada igbasilẹ MX kan pẹlu orukọ "desdelinux.fan" ti a pinnu # fun kọnputa mail.desdelinux. afẹfẹ ati fifẹ 10 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # Ibi-aiyipada aiyipada fun awọn igbasilẹ MX ti a ṣẹda # nipa lilo aṣayan agbegbe ni yoo jẹ: mx-target = mail.desdelinux.fan # Pada igbasilẹ MX kan ti o tọka si mx-fojusi fun GBOGBO # awọn ero agbegbe agbegbe localmx # TXT igbasilẹ. A tun le sọ igbasilẹ SPF kan txt-record = desdelinux.fan, "v = spf1 a -all" txt-record = desdelinux.fan, "DesdeLinux, Blog rẹ ti yasọtọ si Software ọfẹ" # --------- —————————————————— -------- # RANGE AND USPTIONS # ----------------------------------------- ---------------------------- # IPv4 ibiti ati akoko yiyalo # 1 si 29 wa fun Awọn olupin ati awọn iwulo dhcp miiran -range = 192.168.10.30,192.168.10.250,8h dhcp-lease-max = 222 # Nọmba ti o pọju awọn adirẹsi lati yalo # nipasẹ aiyipada jẹ 150 # IPV6 ibiti # dhcp-range = 1234 ::, ra-nikan # Awọn aṣayan fun RANGE # OPTIONS dhcp-option = 1,255.255.255.0 # NETMASK dhcp-option = 3,192.168.10.5 # ROUTER GATEWAY dhcp-option = 6,192.168.10.5 # Awọn olupin DNS dhcp-aṣayan = 15, desdelinux.fan # DNS Domain Name dhcp-option = 19,1 , 28,192.168.10.255 # aṣayan ip-firanṣẹ siwaju ON dhcp-aṣayan = 42,192.168.10.5 # BROADCAST dhcp-option = XNUMX # NTP dhcp-aṣẹ # DHCP Alaṣẹ lori subnet # -------------- -------------------- --------------------------------------- # Ti o ba fẹ fipamọ ni / var / log / messages awọn log ti awọn awọn ibeere # uncomment laini ti o wa ni isalẹ # -------------------------------------- -----------------------------
# awọn ibeere-wọle
# OPIN ti faili /etc/dnsmasq.conf # -------------------------------------- -----------------------------

A ṣẹda faili naa / ati be be lo / banner_add_hosts

[root @ linuxbox ~] # nano / ati be be lo / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Awọn adirẹsi IP ti o wa titi

[root @ linuxbox ~] # nano / ati be be lo / awọn ogun
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox 192.168.10.1 sysadmin.fromlinux.fan sysadmin

A tunto faili /etc/resolv.conf - yanju

[root @ linuxbox ~] # nano /etc/resolv.conf
wa desdelinux.fan olupin orukọ 127.0.0.1 # Fun ita tabi ti kii ṣe ibugbe awọn ibeere DNS desdelinux.fan # agbegbe = / desdelinux.fan / nameserver 8.8.8.8

A ṣayẹwo sintasi faili dnsmasq.conf, a bẹrẹ ati ṣayẹwo ipo iṣẹ naa

[root @ linuxbox ~] # dnsmasq - idanwo
dnsmasq: sintasi ṣayẹwo O dara.
[root @ linuxbox ~] # systemctl tun bẹrẹ dnsmasq
[gbongbo @ linuxbox ~] # systemctl ipo dnsmasq

Dnsmasq ati Ogiriina

[root @ linuxbox ~] # ogiriina-cmd - gbin-awọn agbegbe ti nṣiṣe lọwọ
ita
  awọn wiwo: ens34
àkọsílẹ
  awọn wiwo: ens32

Iṣẹ domain o Server Name Server (dns). Ilana ra «IP pẹlu Ìsekóòdù«

[gbongbo @ linuxbox ~] # ogiriina-cmd --zone = gbangba --add-ibudo = 53 / tcp --permanent
aseyori
[root @ linuxbox ~] # ogiriina-cmd --zone = gbangba --add-ibudo = 53 / udp --manu
aseyori

Awọn ibeere Dnsmasq si awọn olupin DNS ita

[gbongbo @ linuxbox ~] # ogiriina-cmd --zone = ita --add-ibudo = 53 / tcp --permanent
aseyori
[root @ linuxbox ~] # ogiriina-cmd --zone = ita --add-ibudo = 53 / udp - deede
aseyori

Iṣẹ awọn bata bata o Olupin BOOTP (dhcp). Ilana ippc «Ayelujara Pluribus Packet Core«

[gbongbo @ linuxbox ~] # ogiriina-cmd --zone = gbangba --add-ibudo = 67 / tcp --permanent
aseyori
[root @ linuxbox ~] # ogiriina-cmd --zone = gbangba --add-ibudo = 67 / udp --manu
aseyori

[root @ linuxbox ~] # ogiriina-cmd - ṣe igbasilẹ
aseyori

[root @ linuxbox ~] # ogiriina-cmd - gbangba gbangba agbegbe-alaye (ti nṣiṣe lọwọ)
  ibi-afẹde: aiyipada icmp-block-inversion: ko si awọn atọkun: awọn orisun ens32: awọn iṣẹ: dhcp dns ntp ssh awọn ibudo: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp Ilana: masquerade: ko si awọn ebute oko oju-omi ṣiwaju: awọn orisun omiran: icmp -Blocks: awọn ofin ọlọrọ:

[gbongbo @ linuxbox ~] # ogiriina-cmd - ita gbangba alaye-agbegbe ita gbangba (nṣiṣe lọwọ)
  ibi-afẹde: aiyipada icmp-block-inversion: ko si awọn atọkun: awọn orisun ens34: awọn iṣẹ: awọn ibudo dns: 53 / udp 53 / tcp protocols: masquerade: bẹẹni awọn ebute oko iwaju: awọn orisun omi: awọn ohun amorindun icmp: ipilẹṣẹ-iṣoro olulana olupolowo-ipolowo olulana- ibeere orisun-pa awọn ofin ọlọrọ:

Ti a ba fẹ lo iwoye ayaworan kan lati tunto Ogiriina ni CentOS 7, a wo inu akojọ gbogbogbo - yoo dale lori agbegbe tabili tabili eyiti submenu ti o han - ohun elo naa “Firewall”, a ṣiṣẹ ati lẹhin titẹ ọrọ igbaniwọle olumulo naa root, a yoo wọle si wiwo eto bi iru. Ninu MATE o han ninu akojọ aṣayan «Eto »->" Isakoso "->" Ogiriina ".

A yan Agbegbe «àkọsílẹ»Ati pe a fun laṣẹ fun Awọn iṣẹ ti a fẹ lati tẹjade lori LAN, eyiti o wa titi di isisiyi dhcp, dns, ntp ati ssh. Lẹhin yiyan awọn iṣẹ naa, ni idaniloju pe ohun gbogbo n ṣiṣẹ ni deede, a gbọdọ ṣe awọn ayipada ni asiko asiko si Yẹ. Lati ṣe eyi a lọ si akojọ aṣayan Awọn aṣayan ki o yan aṣayan «Ṣiṣe akoko lati yẹ".

Nigbamii a yan Agbegbe «ita»Ati pe a ṣayẹwo pe Awọn Ibudo pataki lati ṣe ibaraẹnisọrọ pẹlu Intanẹẹti ṣii. MAA ṢE gbe awọn Iṣẹ jade ni Agbegbe yii ayafi ti a ba mọ ohun ti a nṣe daradara!.

Maṣe gbagbe lati ṣe Awọn ayipada Yẹ nipasẹ aṣayan «Ṣiṣe akoko lati yẹ»Ati tun gbe eṣu naa pada FirewallD, Ni gbogbo igba ti a ba lo irinṣẹ ayaworan ti o lagbara yii.

NTP ati Dnsmasq lati ọdọ alabara Windows 7 kan

Amuṣiṣẹpọ pẹlu NTP

ita

Adirẹsi IP ti o ya

Microsoft Windows [Ẹya 6.1.7601] Aṣẹ-aṣẹ (c) 2009 Microsoft Corporation. Gbogbo awọn Ẹtọ wa ni ipamọ. C: \ Awọn olumulo \ buzz> ipconfig / gbogbo Windows IP iṣeto ni Orukọ Ogun. . . . . . . . . . . . : MEJE
   Akọkọ Dns Suffix. . . . . . . :
   Iru Node. . . . . . . . . . . . : Ibaramu IP Afisona Igbaalaaye. . . . . . . . : Ko si WINS aṣoju Igbaalaaye. . . . . . . . : Ko si Akojọ Ṣawari DNS Suffix. . . . . . : desdelinux.fan Ethernet ohun ti nmu badọgba Asopọ Agbegbe Agbegbe: Asopọ-pato DNS Suffix. : desdelinux.fan Apejuwe. . . . . . . . . . . : Intel (R) PRO / 1000 MT Isopọ Asopọ Nẹtiwọọki Ti ara. . . . . . . . . : 00-0C-29-D6-14-36 Igbaalaaye DHCP. . . . . . . . . . . : Bẹẹni Idojukọ Aifọwọyi Ṣiṣe. . . . : Ati pe o jẹ
   Adirẹsi IPv4. . . . . . . . . . . : 192.168.10.115 (Ti o fẹ)
   Iboju Subnet. . . . . . . . . . . : 255.255.255.0 Ti Gba Ọya. . . . . . . . . . : Ọjọ Ẹtì, Ọjọ Kẹrin 14, 2017 5:12:53 PM Yiyalo pari. . . . . . . . . . : Ọjọ Satidee, Oṣu Kẹrin Ọjọ 15, 2017 1: 12: 53 AM Ẹnu-ọna Aiyipada. . . . . . . . . : 192.168.10.1 DHCP Olupin. . . . . . . . . . . : 192.168.10.5 Awọn olupin DNS. . . . . . . . . . . : 192.168.10.5 NetBIOS lori Tcpip. . . . . . . . : Ohun ti nmu badọgba Eefin Igbaalaaye Asopọ Agbegbe Agbegbe * 9: Ipinle Media. . . . . . . . . . . : Media ti ge asopọ Asopọ-kan pato DNS Suffix. : Apejuwe. . . . . . . . . . . Adirẹsi Adaṣe Microsoft Adapter Tunneling Tunneling. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Igbaalaaye. . . . . . . . . . . : Ko si Idojukọ Aifọwọyi. . . . : Bẹẹni ohun ti nmu badọgba Eefin isatap.fromlinux.fan: Ipinle Media. . . . . . . . . . . : Media ti ge asopọ Asopọ-kan pato DNS Suffix. : desdelinux.fan Apejuwe. . . . . . . . . . . : Microsoft ISATAP Adapter # 2 Adirẹsi Ti ara. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Igbaalaaye. . . . . . . . . . . : Ko si Idojukọ Aifọwọyi. . . . : Bẹẹni C: \ Awọn olumulo \ buzz>

sample

Iye pataki ninu awọn alabara Windows ni “Suffix Primary Dns” tabi “Sufix asopọ akọkọ”. Nigbati o ko ba lo Adarí Aṣẹ Microsoft kan, ẹrọ iṣiṣẹ ko fi eyikeyi iye si. Ti a ba nkọju si ọran bii eyi ti a ṣalaye ni ibẹrẹ nkan naa ati pe a fẹ lati sọ iye yẹn ni gbangba, a gbọdọ tẹsiwaju ni ibamu si ohun ti o han ni aworan atẹle, gba awọn ayipada ki o tun bẹrẹ alabara naa.

 

Ti a ba tun ṣiṣe CMD -> ipconfig / gbogbo a yoo gba awọn atẹle:

Microsoft Windows [Ẹya 6.1.7601] Aṣẹ-aṣẹ (c) 2009 Microsoft Corporation. Gbogbo awọn Ẹtọ wa ni ipamọ. C: \ Awọn olumulo \ buzz> ipconfig / gbogbo Windows IP iṣeto ni Orukọ Ogun. . . . . . . . . . . . : MEJE
   Akọkọ Dns Suffix. . . . . . . : desdelinux.fan
   Iru Node. . . . . . . . . . . . : Ibaramu IP Afisona Igbaalaaye. . . . . . . . : Ko si WINS aṣoju Igbaalaaye. . . . . . . . : Ko si Akojọ Ṣawari DNS Suffix. . . . . . : desdelinux.fan

Awọn iyoku iye ko wa ni iyipada

Awọn sọwedowo DNS

buzz @ sysadmin: ~ $ gbalejo spynet.microsoft.com
spynet.microsoft.com ni adirẹsi 127.0.0.1 Host spynet.microsoft.com ti a ko rii: 5 (RẸ TI) spynet.microsoft.com meeli ni ọwọ nipasẹ 1 mail.fromlinux.fan.

buzz @ sysadmin: ~ $ gbalejo linuxbox
linuxbox.desdelinux.fan ni adirẹsi 192.168.10.5 linuxbox.desdelinux.fan meeli ti wa ni abojuto nipasẹ 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ gbalejo sysadmin
sysadmin.desdelinux.fan ni adirẹsi 192.168.10.1 meeli sysadmin.desdelinux.fan jẹ ọwọ nipasẹ 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ gbalejo meeli
mail.desdelinux.fan jẹ inagijẹ fun linuxbox.desdelinux.fan. linuxbox.desdelinux.fan ni adirẹsi 192.168.10.5 linuxbox.desdelinux.fan meeli ti wa ni abojuto nipasẹ 1 mail.desdelinux.fan.

A fi sori ẹrọ -fun idanwo nikan- olupin DNS Aṣẹ NSD ninu sysadmin.fromlinux.fan, ati pe a pẹlu adiresi IP naa 172.16.10.1 ni ile ifi nkan pamosi /etc/resolv.conf ti egbe linuxbox.fromlinux.fan, lati rii daju pe Dnsmasq n ṣe iṣẹ Olutọju rẹ ni deede. Awọn apoti Sandbox lori olupin NSD ni favt.org y toujague.org. Gbogbo awọn IP jẹ itanjẹ tabi lati awọn nẹtiwọọki ikọkọ.

Ti a ba mu wiwo WAN kuro 34 lilo pipaṣẹ 34, Dnsmasq kii yoo ni anfani lati beere awọn olupin DNS ita.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ host -t mx toujague.org
Ko gba ri gbalejo toujague.org: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ ogun pizzapie.favt.org
Alejo pizzapie.favt.org ko rii: 3 (NXDOMAIN)

Jẹ ki a mu wiwo ens34 ṣiṣẹ ki o ṣayẹwo lẹẹkansi:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ ogun pizzapie.favt.org
pizzapie.favt.org jẹ inagijẹ fun paisano.favt.org. paisano.favt.org ni adirẹsi 172.16.10.4

[buzz @ linuxbox ~] $ ogun pizzapie.toujague.org
Ko gbalejo pizzas.toujague.org ti gbalejo: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ gbalejo poblacion.toujague.org
poblacion.toujague.org ni adirẹsi 169.18.10.18

[buzz @ linuxbox ~] $ ogun -t NS favt.org
olupin orukọ favt.org ns1.favt.org. olupin orukọ favt.org ns2.favt.org.

[buzz @ linuxbox ~] $ ogun -t NS toujague.org
olupin olupin toujague.org ns1.toujague.org. olupin olupin toujague.org ns2.toujague.org.

[buzz @ linuxbox ~] $ ogun -t MX toujague.org
toujague.org meeli ti wa ni abojuto nipasẹ 10 mail.toujague.org.

Jẹ ki a kan si alagbawo lati sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ ologbo /etc/resolv.conf 
wa lati linux.fan nameserver 192.168.10.5

xeon @ sysadmin: ~ $ gbalejo mail.toujague.org
mail.toujague.org ni adirẹsi 169.18.10.19

Dnsmasq n ṣiṣẹ bii Olugbeja ni deede.

Ti ipilẹ aimọ

Ninu iwe ni ọna kika PDF «Iṣeto ni Awọn olupin Linux»Dated July 25, 2016, nipasẹ Onkọwe Joel Barrios Duenas (darkshram@gmail.com - http://www.alcancelibre.org/), ọrọ si eyiti Mo tọka si ninu awọn nkan iṣaaju, o wa ipin gbogbo ti a yaṣoṣo fun awọn Awọn aṣayan Iṣeto Ipilẹ Squid.

Nitori pataki Oju opo wẹẹbu - Iṣẹ aṣoju, a ṣe ẹda Ifihan ti a ṣe nipa Squid ninu iwe ti a darukọ tẹlẹ:

105.1. Ifihan.

105.1.1. Kini Server Intermediary (Aṣoju)?

Oro naa ni Gẹẹsi "Aṣoju" ni gbogbogbo pupọ ati ni akoko kanna itumo onka, botilẹjẹpe
ti wa ni ka ka a synonym ti awọn Erongba ti "Alagbata". Nigbagbogbo a tumọ, ni ori ti o muna, bi aṣoju o gba agbara (eni ti o ni agbara lori elomiran).

Un Olupin Agbedemeji O ti ṣalaye bi kọnputa tabi ẹrọ ti o funni ni iṣẹ nẹtiwọọki kan ti o ni gbigba awọn alabara laaye lati ṣe awọn asopọ nẹtiwọọki aiṣe-taara si awọn iṣẹ nẹtiwọọki miiran. Lakoko ilana ilana atẹle naa waye:

  • Onibara sopọ si a Aṣoju aṣoju.
  • Onibara beere asopọ kan, faili, tabi orisun miiran ti o wa lori olupin miiran.
  • Olupin Intermediary n pese orisun boya nipasẹ sisopọ si olupin ti a ṣalaye
    tabi sìn o lati ibi ipamọ.
  • Ni awọn igba miiran awọn Olupin Agbedemeji le paarọ ibeere alabara tabi awọn
    esi olupin fun awọn oriṣiriṣi idi.

Los Awọn olupin aṣoju gbogbo wọn ni a ṣe lati ṣiṣẹ ni igbakanna bi ogiri ina ti n ṣiṣẹ ni Ipele nẹtiwọọki, ṣiṣe bi àlẹmọ apo, bi ninu ọran ti iptables tabi ṣiṣẹ ninu Ipele Ohun elo, ṣiṣakoso ọpọlọpọ awọn iṣẹ, bi o ṣe jẹ ọran ti TCP Ohun ọṣọ. Ti o da lori ayika, odi ina tun ni a mọ bi BPD o Bibere Piyipo Device tabi o kan àlẹmọ soso.

Ohun elo ti o wọpọ ti Awọn olupin aṣoju ni lati ṣiṣẹ bi kaṣe ti akoonu nẹtiwọọki (nipataki HTTP), n pese ni isunmọtosi ti awọn alabara kaṣe ti awọn oju-iwe ati awọn faili ti o wa nipasẹ Nẹtiwọọki lori awọn olupin HTTP latọna jijin, gbigba awọn alabara ti nẹtiwọọki agbegbe laaye lati wọle si wọn ni a yiyara ati diẹ gbẹkẹle.

Nigba ti a ba gba ibeere kan fun ohun elo Nẹtiwọọki pàtó kan ninu a URL (Uapẹrẹ Rorisun Locator) awọn Olupin Agbedemeji wo abajade ti URL inu kaṣe. Ti o ba ti wa ni ri, awọn Olupin Agbedemeji Awọn idahun si alabara nipa fifun lẹsẹkẹsẹ akoonu ti a beere. Ti akoonu ti o beere ba wa ni isanwo ni kaṣe, awọn Olupin Agbedemeji yoo mu u lati ọdọ olupin latọna jijin, jiṣẹ rẹ si alabara ti o beere rẹ ati titọju ẹda ni ibi ipamọ. Akoonu ti o wa ninu kaṣe lẹhinna ni a yọ nipasẹ algorithm ipari ni ibamu si ọjọ-ori, iwọn ati itan-akọọlẹ ti awọn idahun si awọn ibeere (deba) (awọn apẹẹrẹ: LRU, LFUDA y GDSF).

Awọn olupin aṣoju fun akoonu Nẹtiwọọki (Awọn aṣoju Oju opo wẹẹbu) tun le ṣiṣẹ bi awọn awoṣe ti akoonu ti a ṣiṣẹ, ni lilo awọn ilana imunudani gẹgẹbi awọn ilana lainidii..

Ẹya ti Squid ti a yoo fi sii ni 3.5.20-2.el7_3.2 lati ibi ipamọ awọn imudojuiwọn.

Fifi sori

[root @ linuxbox ~] # yum fi sori ẹrọ squid

[root @ linuxbox ~] # ls / ati be be / squid /
cachemgr.conf errorpage.css.de aiyipada  squid.koko
cachemgr.conf. aiyipada mime.conf              squid.conf. aiyipada
errorpage.css mime.conf. aiyipada

[root @ linuxbox ~] # systemctl jeki squid

Pataki

  • Ohun pataki ti nkan yii ni lati fun laṣẹ Awọn olumulo agbegbe lati sopọ pẹlu Squid lati awọn kọmputa miiran ti o sopọ si LAN. Ni afikun, ṣe ipilẹ ti olupin eyiti awọn iṣẹ miiran yoo fi kun si. Kii ṣe nkan ti a ṣe igbẹhin si Squid bii iru bẹẹ.
  • Lati ni imọran awọn aṣayan iṣeto Squid, ka faili /usr/share/doc/squid-3.5.20/squid.conf.documented, eyiti o ni awọn ila 7915.

SELinux ati Squid

[gbongbo @ linuxbox ~] # getsebool -a | squid ọra-wara
squid_connect_any -> lori squid_use_tproxy -> pa

[root @ linuxbox ~] # setsebool -P squid_connect_any = lori

Eto

[root @ linuxbox ~] # nano /etc/squid/squid.conf
# LAN acl localnet src 192.168.10.0/24 acl SSL_ports ibudo 443 21
acl Safe_ports ibudo 80 # http acl Safe_ports ibudo 21 # ftp acl ibudo Safe_ports 443 # https acl ibudo Safe_ports 70 # gopher acl ibudo ibudo Safe_ports 210 # wais acl ibudo ibudo Safe_ports 1025-65535 # awọn ibudo ti ko forukọsilẹ acl ibudo Safe_ports 280 # http-mgmt acl Safe_ports ibudo 488 # gss-http acl Safe_ports port 591 # filemaker acl ibudo ibudo Safe_ports 777 # multilinging http acl ọna asopọ asopọ # A sẹ awọn ibeere fun awọn ibudo ti ko ni aabo http_access sẹ! Safe_ports # A sẹ ọna asopọ CONNECT fun awọn ibudo ti ko ni aabo http_access sẹ CONNECT! SSL_ports # Wiwọle si Oluṣakoso kaṣe nikan lati localhost http_access gba oluṣakoso agbegbe agbegbe http_access sẹ oluṣakoso # A gba iṣeduro ni iyanju pe atẹle ko ni ibanujẹ lati daabobo awọn ohun elo alaiṣẹ # wẹẹbu ti n ṣiṣẹ lori olupin aṣoju ti o ro pe ọkan nikan ti o le wọle si awọn iṣẹ lori "localhost" jẹ agbegbe kan olumulo http_access sẹ si_localhost # # FẸRẸ Ofin TI O TI (S) NIBI LATI Gba ẸYA LATI AWỌN ỌJỌ RẸ # # PAM asẹ
auth_param eto ipilẹ / usr / lib64 / squid / basic_pam_auth
auth_param ipilẹ awọn ọmọde 5 auth_param ipilẹ ipilẹ lati linux.fan auth_param ipilẹ iwe-ẹristtl 2 wakati auth_param ipilẹ ọran ti o ni pipa # Acl ìfàṣẹsí ni a nilo lati wọle si Awọn ololufẹ Squid proxy_auth ti a beere # A gba iraye si awọn olumulo ti o jẹri # nipasẹ PAM http_access sẹ! acl ftp proto FTP http_access gba ftp http_access gba agbegbenet http_access gba laaye localhost # A sẹ eyikeyi miiran wiwọle si aṣoju http_access sẹ gbogbo # Squid deede tẹtisi lori ibudo 3128 http_port 3128 # A fi awọn "coredumps" silẹ ni itọsọna akọkọ kaṣe coredump_dir / var / spool / squid # # Ṣafikun eyikeyi awọn titẹ sii imunilara_atẹ tirẹ loke awọn wọnyi. # refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / |??) 0 0% 0 refresh_pattern. 0 20% 4320 kaṣe_mem 64 MB # Ibi iranti kaṣe_tipo_policy lru kaṣe_replacement_policy okiti LFUDA cache_dir aufs / var / spool / squid 4096 16 256 o pọju_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mguxname.name.

A ṣayẹwo sintasi ti faili naa /etc/squid/squid.conf

[gbongbo @ linuxbox ~] # squid -k parse
2017/04/16 15: 45: 10 | Ibẹrẹ: Bibẹrẹ Awọn eto Ijeri ...
 2017/04/16 15: 45: 10 | Ibẹrẹ: Eto Ijeri Ikinni 'ipilẹ' 2017/04/16 15: 45: 10 | Ibẹrẹ: Eto Ijeri Ikinni 'digest' 2017/04/16 15: 45: 10 | Ibẹrẹ: Eto Ijeri Ikinni 'duna' 2017/04/16 15: 45: 10 | Ibẹrẹ: Eto Ijeri ti Ibẹrẹ 'ntlm' 2017/04/16 15: 45: 10 | Ibẹrẹ: Ijeri ti ipilẹṣẹ.
 2017/04/16 15: 45: 10 | Faili Iṣeto ni Ṣiṣe: /etc/squid/squid.conf (ijinle 0) 2017/04/16 15: 45: 10 | Ilana: acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | Ṣiṣe: acl SSL_ports ibudo 443 21 2017/04/16 15: 45: 10 | Ṣiṣe: acl Safe_ports ibudo 80 # http 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl ibudo___iṣẹ 21 # ftp 2017/04/16 15:45: 10 | Ṣiṣẹ: acl ibudo Safe_ports 443 # https 2017/04/16 15: 45: 10 | Ilana: acl Safe_ports ibudo 70 # gopher 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl ibudo_ Safe_ports 210 # wais 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl ibudo ibudo_ Safe_ports 1025-65535 # awọn ibudo ti ko forukọsilẹ 2017/04/16 15:45: 10 | Ṣiṣẹ: acl Safe_ports ibudo 280 # http-mgmt 2017/04/16 15: 45: 10 | Ṣiṣe: acl Safe_ports ibudo 488 # gss-http 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl Safe_ports ibudo 591 # filemaker 2017/04/16 15: 45: 10 | Ṣiṣe: acl Safe_ports ibudo 777 # multilinging http 2017/04/16 15: 45: 10 | Ṣiṣe: acl ọna asopọ Asopọ 2017/04/16 15: 45: 10 | Ṣiṣe: http_access sẹ! Safe_ports 2017/04/16 15: 45: 10 | Ṣiṣẹ: http_access sẹ CONNECT! SSL_ports 2017/04/16 15: 45: 10 | Ilana: http_access gba oluṣakoso agbegbe localhost 2017/04/16 15: 45: 10 | Ilana: http_access sẹ oluṣakoso 2017/04/16 15: 45: 10 | Ṣiṣẹ: http_access sẹ si_localhost 2017/04/16 15: 45: 10 | Ṣiṣe: auth_param eto ipilẹ / usr / lib64 / squid / basic_pam_auth 2017/04/16 15: 45: 10 | Ṣiṣe: auth_param awọn ọmọde ipilẹ 5 2017/04/16 15: 45: 10 | Ṣiṣẹ: auth_param agbegbe ipilẹ lati linux.fan 2017/04/16 15: 45: 10 | Ṣiṣe: auth_param ipilẹṣẹ idanimọ ipilẹ 2 awọn wakati 2017/04/16 15: 45: 10 | Ṣiṣe: auth_param ipilẹ ọran ti o ni ipa pa 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl Awọn itara proxy_auth TI N beere 2017/04/16 15: 45: 10 | Ilana: http_access sẹ! Awọn ololufẹ 2017/04/16 15: 45: 10 | Ṣiṣẹ: acl ftp proto FTP 2017/04/16 15: 45: 10 | Ilana: http_access gba laaye ftp 2017/04/16 15: 45: 10 | Ṣiṣẹ: http_access gba laaye localnet 2017/04/16 15: 45: 10 | Ṣiṣe: http_access gba laaye localhost 2017/04/16 15: 45: 10 | Ṣiṣẹ: http_access sẹ gbogbo 2017/04/16 15: 45: 10 | Ṣiṣe: http_port 3128 2017/04/16 15: 45: 10 | Ṣiṣe: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | Ṣiṣe: refresh_pattern ^ ftp: 1440 20% 10080 2017/04/16 15: 45: 10 | Ilana: refresh_pattern ^ gopher: 1440 0% 1440 2017/04/16 15: 45: 10 | Ṣiṣẹ: refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 2017/04/16 15: 45: 10 | Ṣiṣẹ: refresh_pattern. 

A ṣatunṣe awọn igbanilaaye ninu / usr / lib64 / squid / basic_pam_auth

[root @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

A ṣẹda itọsọna kaṣe

# Kan ni ọran ... [root @ linuxbox ~] # squid iṣẹ duro
Ìtúnjúwe si / bin / systemctl da squid.service duro

[gbongbo @ linuxbox ~] # squid -z
[gbongbo @ linuxbox ~] # 2017/04/16 15:48:28 ọmọ kekere1 | Ṣeto Ilana Lọwọlọwọ si / var / spool / squid 2017/04/16 15:48:28 kid1 | Ṣiṣẹda awọn ilana paṣipaarọ swap 2017/04/16 15:48:28 kid1 | / var / spool / squid ti o wa 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana itọsọna ni / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana itọsọna ni / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ni / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ṣiṣe awọn ilana ilana ni / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ṣiṣe awọn ilana itọsọna ni / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ṣiṣe awọn ilana inu / var / spool / squid / 0F

Ni aaye yii, ti o ba gba akoko diẹ lati pada tọ aṣẹ naa - eyiti ko pada si ọdọ mi - tẹ Tẹ.

[root @ linuxbox ~] # iṣẹ ibere squid
[gbongbo @ linuxbox ~] tun bẹrẹ squid iṣẹ
[root @ linuxbox ~] # ipo squid iṣẹ
Ìtúnjúwe si / bin / systemctl ipo squid.service ● squid.service - Aṣoju caching aṣoju Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/squid.service; alaabo; tito tẹlẹ ataja: alaabo) Ti nṣiṣe lọwọ: nṣiṣẹ (nṣiṣẹ) lati igba dom 2017-04-16 15:57:27 EDT; Ilana 1s sẹyin: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (koodu = jade, ipo = 0 / SUCCESS) Ilana: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (koodu = jade, ipo = 0 / SUCCESS) Ilana: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (koodu = jade, ipo = 0 / SUCCESS) PID akọkọ: 2876 (squid) CGroup: /system.slice/squid .iṣẹ └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Oṣu Kẹta 16 15:57:27 linuxbox systemd [1]: Bibẹrẹ aṣoju caching Squid ... Oṣu Kẹwa 16 15:57:27 linuxbox systemd [1]: Bibẹrẹ aṣoju caching Squid. Apr 16 15:57:27 linuxbox squid [2876]: Obi Squid: yoo bẹrẹ awọn ọmọde 1 Apr 16 15:57:27 linuxbox squid [2876]: Obi Squid: (squid-1) ilana 2878 ... ed Oṣu Kẹrin 16 15 : 57: 27 linuxbox squid [2876]: Obi Squid: (squid-1) ilana 2878 ... 1 ofiri: Diẹ ninu awọn ila ni ellipsized, lo -l lati fihan ni kikun

[root @ linuxbox ~] # ologbo / var / wọle / awọn ifiranṣẹ | squid ọra-wara

Awọn atunṣe Firewall

A tun gbọdọ ṣii ni Agbegbe «ita"awọn ibudo 80HTTP y 443 HTTPS nitorina Squid le ṣe ibaraẹnisọrọ pẹlu Intanẹẹti.

[gbongbo @ linuxbox ~] # ogiriina-cmd --zone = ita --add-ibudo = 80 / tcp --permanent
aseyori
[gbongbo @ linuxbox ~] # ogiriina-cmd --zone = ita --add-ibudo = 443 / tcp --permanent
aseyori
[root @ linuxbox ~] # ogiriina-cmd - ṣe igbasilẹ
aseyori
[root @ linuxbox ~] # ogiriina-cmd --info-ita ita
ita (ti nṣiṣe lọwọ) afojusun: aiyipada icmp-block-inversion: ko si awọn atọkun: awọn orisun ens34: awọn iṣẹ: awọn ibudo dns: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  awọn ilana: masquerade: bẹẹni awọn ibudo iwaju: awọn orisun orisun: awọn icmp-bulọọki: paramita-iṣoro ṣe atunṣe olulana-ipolowo olulana-ẹbẹ orisun-quench awọn ofin ọlọrọ:
  • Kii ṣe iṣẹ-ṣiṣe lati lọ si ohun elo ayaworan «Iṣeto ni ogiriina»Ati ṣayẹwo pe awọn ibudo 443 tcp, 80 tcp, 53 tcp, ati udp 53 wa ni sisi fun agbegbe naa«ita«, Ati pe a KO ṣe atẹjade eyikeyi iṣẹ fun u.

Akiyesi lori eto iranlọwọ olupilẹṣẹ_pam_auth

Ti a ba kan si itọnisọna ti ohun elo yii nipasẹ ọkunrin basic_pam_auth A yoo ka pe onkọwe tikararẹ ṣe iṣeduro ti o lagbara pe ki a gbe eto naa si itọsọna kan nibiti awọn olumulo deede ko ni awọn igbanilaaye to lati wọle si ọpa.

Ni apa keji, o mọ pe pẹlu ero igbanilaaye yii, awọn iwe eri n rin irin-ajo ni ọrọ pẹtẹlẹ ati pe ko ni aabo fun awọn agbegbe ọta, ka awọn nẹtiwọọki ṣiṣi.

Jeff Yestrumskas ya nkan naa siBii o ṣe le: Ṣeto aṣoju wẹẹbu ti o ni aabo nipa lilo fifi ẹnọ kọ nkan SSL, Aṣoju Caching Squid ati ijẹrisi PAM»Si ọrọ ti aabo npo si pẹlu eto idanimọ yii ki o le lo ninu awọn nẹtiwọọki ṣiṣi igboya ti o ni agbara.

A fi sori ẹrọ httpd

Gẹgẹbi ọna lati ṣayẹwo iṣiṣẹ ti Squid -and lairotẹlẹ ti ti Dnsmasq- a yoo fi iṣẹ naa sori ẹrọ httpd -Apache server wẹẹbu- eyiti ko nilo lati ṣee ṣe. Ninu faili ti o ni ibatan si Dnsmasq / ati be be lo / banner_add_hosts A ṣalaye awọn aaye ti a fẹ ki wọn fi ofin de, ati pe a fi ipinya IP kanna ti o ni fun ni kedere apoti Linux. Nitorinaa, ti a ba beere iraye si eyikeyi awọn aaye wọnyi, oju-iwe ile ti httpd.

[root @ linuxbox ~] # yum fi sori ẹrọ httpd [root @ linuxbox ~] # systemctl jeki httpd
Ṣẹda alasopọ lati /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root @ linuxbox ~] # systemctl bẹrẹ httpd

[root @ linuxbox ~] ipo # systemctl httpd
● httpd.service - Awọn Apata HTTP Server Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/httpd.service; ṣiṣẹ; 2017 EDT; 04s sẹhin Awọn Docs: eniyan: httpd (16) eniyan: apachectl (16) PID akọkọ: 41 (httpd) Ipo: "Awọn ibeere ṣiṣe ..." CGroup: /system.slice/httpd.service ├─35 / usr / sbin / httpd -DFOREGROUND ├─5 / usr / sbin / httpd -DFOREGROUND ├─8 / usr / sbin / httpd -DFOREGROUND ├─8 / usr / sbin / httpd -DFOREGROUND ├─2275 / usr / sbin / httpd -DFOREGROUND └─2275 / usr / sbin / httpd -DFOREGROUND Apr 2276 2277:2278:2279 linuxbox systemd [2280]: Bibẹrẹ Apoti HTTP Server ... Apr 16 16:41:35 linuxbox systemd [1]: Bibẹrẹ Apata HTTP Server.

SELinux ati Apache

Apache ni awọn ilana pupọ lati tunto laarin ipo SELinux.

[root @ linuxbox ~] # getsebool -a | grep httpd
httpd_anon_write -> pa httpd_builtin_scripting -> lori httpd_can_check_spam -> pa httpd_can_connect_ftp -> pa httpd_can_connect_ldap -> pa httpd_can_connect_mythtvwork_con_work_con_ httpd_can_network_memcache -> pa httpd_can_network_relay -> pa httpd_can_sendmail - pa httpd_dbus_avahi -> pa httpd_dbus_sssd -> pa httpd_enta_itgi -> pa httpd_enff_ httpd_graceful_shutdown -> on httpd_manage_ipa -> pa httpd_mod_auth_ntlm_winbind -> pa httpd_mod_auth_pam -> pa httpd_read_user_content -> pa httpd_run_ipa -> pipa httpd_run_preupgrade -> pipa pipaṣẹ pipaṣẹ httpd_ssi_exec -> pa httpd_sys_script_anon_write -> pa httpd_tmp_exec -> pa httpd_tty_comm - > kuro httpd_unified -> pa httpd_use_cifs -> pa httpd_use_fusefs -> pa httpd_use_gpg -> pa httpd_use_nfs -> pa httpd_use_openstack -> pa httpd_use_sasl -> pa httpd_verify_dns -> pipa

A yoo tunto awọn atẹle:

Fi imeeli ranṣẹ nipasẹ Apache

root @ linuxbox ~] # setsebool -P httpd_can_sendmail 1

Gba Apache laaye lati ka akoonu ti o wa ni awọn ilana ile awọn olumulo agbegbe

root @ linuxbox ~] # setsebool -P httpd_read_user_content 1

Gba laaye lati ṣakoso nipasẹ FTP tabi FTPS eyikeyi itọsọna ti o ṣakoso nipasẹ
Afun tabi gba Apache laaye lati ṣiṣẹ bi olupin FTP ti n tẹtisi awọn ibeere nipasẹ ibudo FTP

[root @ linuxbox ~] # setsebool -P httpd_enable_ftp_server 1

Fun alaye diẹ sii, jọwọ ka Iṣeto ni Awọn olupin Linux.

A ṣayẹwo Ijeri naa

O ku nikan lati ṣii ẹrọ lilọ kiri lori aaye iṣẹ ati aaye, fun apẹẹrẹ, si http://windowsupdate.com. A yoo ṣayẹwo pe a darí ìbéèrè naa si oju-iwe ile Apache ni linuxbox. Ni otitọ, eyikeyi orukọ aaye ti a kede ninu faili naa / ati be be lo / banner_add_hosts ao daru re si oju-iwe kanna.

Awọn aworan ni opin nkan naa fi idi rẹ mulẹ.

Awọn iṣakoso Awọn olumulo

A ṣe pẹlu lilo ohun elo iwọnyi «Isakoso olumulo»Ewo ti a wọle nipasẹ Eto akojọ -> Isakoso -> Iṣakoso olumulo. Ni gbogbo igba ti a ba ṣafikun olumulo tuntun, a ṣẹda folda rẹ / ile / olumulo laifọwọyi.

 

Awọn afẹyinti

Linux ibara

O nilo aṣawakiri faili deede ati tọka pe o fẹ sopọ, fun apẹẹrẹ: ssh: // buzz @ linuxbox / ile / buzz ati lẹhin titẹ ọrọ igbaniwọle sii, itọsọna naa yoo han ile ti olumulo Buzz.

Awọn onibara Windows

Ninu awọn alabara Windows, a lo ọpa WinSCP. Lọgan ti a fi sii, a lo o ni ọna atẹle:

 

 

Rọrun, otun?

Akopọ

A ti rii pe o ṣee ṣe lati lo PAM lati jẹrisi awọn iṣẹ ni nẹtiwọọki kekere kan ati ni agbegbe iṣakoso ti o ya sọtọ kuro lọwọ awọn ọwọ ti olosa. O jẹ pataki ni otitọ pe awọn iwe-ẹri ijẹrisi rin irin-ajo ni ọrọ pẹtẹlẹ ati nitorinaa kii ṣe eto idanimọ lati ṣee lo ni awọn nẹtiwọọki ṣiṣi gẹgẹbi awọn papa ọkọ ofurufu, awọn nẹtiwọọki Wi-Fi, abbl. Bibẹẹkọ, o jẹ sisẹ asẹ ni irọrun, rọrun lati ṣe ati tunto.

Awọn orisun gbìmọ

Ẹya PDF

Ṣe igbasilẹ ẹya PDF nibi.

Titi di nkan atẹle!


Awọn akoonu ti nkan naa faramọ awọn ilana wa ti awọn ilana olootu. Lati jabo aṣiṣe kan tẹ nibi.

Awọn asọye 9, fi tirẹ silẹ

Fi ọrọ rẹ silẹ

Adirẹsi imeeli rẹ yoo ko le ṣe atejade. O beere aaye ti wa ni samisi pẹlu *

*

*

  1. Lodidi fun data naa: Miguel Ángel Gatón
  2. Idi ti data naa: SPAM Iṣakoso, iṣakoso ọrọ asọye.
  3. Ofin: Iyọọda rẹ
  4. Ibaraẹnisọrọ data: Awọn data kii yoo ni ifọrọhan si awọn ẹgbẹ kẹta ayafi nipasẹ ọranyan ofin.
  5. Ibi ipamọ data: Alaye data ti o gbalejo nipasẹ Awọn nẹtiwọọki Occentus (EU)
  6. Awọn ẹtọ: Ni eyikeyi akoko o le ni opin, gba pada ki o paarẹ alaye rẹ.

  1.   NauTiluS wi

    Ifiweranṣẹ nla ti wa larada Ọgbẹni Fico. Ṣeun fun pinpin imọ rẹ.

  2.   alangba wi

    Mo mọ bi o ṣe ṣoro lati ṣajọ nkan pẹlu iru ipele ti alaye, pẹlu awọn idanwo ti o han gbangba ati ju gbogbo rẹ lọ pẹlu awọn imọran ati awọn imọran ti o baamu si awọn ipele naa. Mo kan mu fila mi lọ si ohun ọṣọ iyebiye yii, o ṣeun pupọ Fico fun iru iṣẹ to dara bẹ.

    Emi ko ṣe idapọ squid pẹlu ijẹrisi pam ṣugbọn Mo lọ bi o ti ṣee ṣe lati ṣe iṣe yii ni yàrá mi ... Ifojusi ete ati pe a tẹsiwaju !!

  3.   Frederick wi

    NaTiluS: O ṣeun pupọ fun asọye ati imọ rẹ.
    Lizard: Si iwọ paapaa, o ṣeun pupọ fun asọye ati imọ rẹ.

    Akoko ati ipa ti a ṣe fun ṣiṣe awọn nkan bii eleyi ni a san ẹsan pẹlu kika ati awọn asọye lati ọdọ awọn ti o ṣabẹwo si agbegbe FromLinux. Mo nireti pe o wulo fun ọ ninu iṣẹ ojoojumọ rẹ.
    A tẹsiwaju!

  4.   afasiribo wi

    Ilowosi ara ilu alaragbayida !!!! Mo ka ọkọọkan awọn nkan rẹ ati pe Mo le sọ pe paapaa fun eniyan ti ko ni imọ ilọsiwaju ninu Software ọfẹ (bii mi) le tẹle nkan olorinrin yii ni igbesẹ nipasẹ igbesẹ. Ikini !!!!

  5.   IWO wi

    O ṣeun Fico fun nkan nla miiran yii; Bi ẹnipe iyẹn ko to pẹlu gbogbo awọn ifiweranṣẹ ti a ti tẹ tẹlẹ, ninu eyi a ni iṣẹ kan ti a ko bo tẹlẹ nipasẹ PYMES Series ati pe iyẹn ṣe pataki lalailopinpin: “SQUID” tabi Aṣoju ti LAN kan. Ko si ohunkan fun awa ẹbi ti awọn ti o ro pe awa jẹ “sysadmins” ni ohun elo miiran ti o dara miiran lati ka ati jinle imọ wa.

  6.   Frederick wi

    O ṣeun fun gbogbo awọn ọrọ rẹ. Nkan ti o tẹle yoo ṣe pẹlu olupin iwiregbe Prosody pẹlu ijẹrisi lodi si awọn iwe eri agbegbe (PAM) nipasẹ Cyrus-SASL, ati pe iṣẹ naa yoo wa ni imuse ni olupin kanna.

  7.   kenpachiRo17 wi

    Ni akoko ti o dara orilẹ-ede !!!! Ilowosi nla paapaa fun awọn ti o dabi emi ti ko ni imọ nla nipa Sọfitiwia ọfẹ jẹ kepe nipa kikọ ẹkọ pẹlu awọn nkan bi olorinrin bi eleyi. Mo ti tẹle awọn idasi rẹ ati pe Emi yoo fẹ lati mọ nipasẹ iru nkan wo ni iwọ yoo ṣeduro fun mi lati bẹrẹ lori jara yii ti Awọn Nẹtiwọọki SME, nitori Mo ti nka ni ọna aiṣedede ati pe Mo ro pe o ni ọpọlọpọ akoonu ti o niyelori lati padanu eyikeyi alaye. Laisi diẹ sii, awọn ikini ati ki o le jẹ ki imoye ti a pin gẹgẹ bi Sọfitiwia wa Free !!

    1.    Frederick wi

      Ẹ kí ará ìlú !!!. Mo ṣeduro pe ki o bẹrẹ ni ibẹrẹ, pe botilẹjẹpe o le dabi ọna ti o gun, o jẹ ọna to kuru ju ki o ma padanu. Ninu atọka-eyi ti ko ṣe imudojuiwọn pẹlu awọn nkan meji ti o kẹhin- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, a ṣe agbekalẹ aṣẹ kika kika ti jara, eyiti o bẹrẹ pẹlu bii o ṣe le ṣe mi Iṣẹ, tẹsiwaju pẹlu ọpọlọpọ awọn ifiweranṣẹ ti a ṣe igbẹhin si koko-ọrọ naa Iwoye, tẹle pẹlu ọpọlọpọ apoowe DINN, Isc-Dhcp-Server, ati Dnsmasq, ati bẹẹ bẹẹ lọ titi di igba ti a ba de apakan imuse iṣẹ fun nẹtiwọọki SME, eyiti o wa nibiti a wa lọwọlọwọ. Mo nireti pe o ṣe iranlọwọ fun ọ.

      1.    kenpachiRo17 wi

        Daradara yoo jẹ !!!! Lẹsẹkẹsẹ Mo bẹrẹ pẹlu awọn jara lati ibẹrẹ ati pe Mo nireti si awọn nkan tuntun. Ikini !!!!