Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Lo mbhalo ungukuqhubeka kwe:
Sanibonani bangani nabangane!
Iqembu Abathandekayo uthenge igama lesizinda se-inthanethi desdelinux.umlandeli kumhlinzeki wakho we-Internet Services noma I-ISP. Njengengxenye yalokhu kuthengwa, bacela i-ISP yabo ukuthi ifake wonke amarekhodi e-DNS adingekayo emibuzweni efanele ephathelene nesizinda sabo ezoxazululwa kwi-Intanethi.
Bacele nokuthi kufakwe amarekhodi e-SRV maqondana ne- I-XMPP ngoba bahlela ukufaka i-server yemiyalezo esuselwa ku I-Prosody ezizojoyina umfelandawonye okhona wamaseva weXMMP ahambisanayo ku-Intanethi.
- Inhloso enkulu yalesi sihloko ukukhombisa ukuthi singawabonisa kanjani amarekhodi e-SRV ahlobene nensizakalo Yemiyalezo Esheshayo ehambelana ne-XMPP kufayela lezoni le-DNS..
- Ukufakwa kwe- I-Shorewall Nge-interface eyodwa yenethiwekhi, ingasebenzela labo abanquma ukufaka isiphakeli esinjengalesi ukuphatha i-DNS Zone ethunyelwe. Uma leyo seva ixhuma ku-Enterprise LAN ngaphezu kwe-Inthanethi, izilungiselelo ezidingekayo kufanele zenziwe ukusebenzisa izixhumi ezibili zenethiwekhi.
Iseva eyisisekelo
Sizofaka i-NSD enegunya egunyaziwe ku- I-Debian "Jessie". Le yiseva yezimpande ye- "fan." Imingcele eyinhloko yeseva yile:
Igama: ikheli le-ns.fan IP: 172.16.10.30 root @ ns: ~ # hostname ns impande @ ns: ~ # igama lomethuleli --fqdn ns.fan impande @ ns: ~ # ip addr show 1: yini: umuntu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo valid_lft forever preferred_lft forever inet1 :: 128/2 ububanzi bokubamba i-valid_lft unomphela okhethwayo_lft unomphela 0: eth1500: umuntu 1000 qdisc pfifo_fast state UP group default qlen 00 link / ether 0: 29c: 7: dc: d1: 172.16.10.30b brd ff: ff: ff: ff: ff: ff: ff inet 24/172.16.10.255 brd 0 scope global eth6 valid_lft unomphela uncamela_lft unomphela inet80 fe20 :: 29c: 71ff: fedc: d64b / XNUMX scope link valid_lft forever preferred_lft forever
I-Shorewall
Ngaphambi kokuhamba nensizakalo eya eWWW Village, kuhle kakhulu ukuvikela iseva nezinsizakalo ezihlinzeka ngeFirewall enamandla - iRouter. IShorewall kulula ukuyilungisa futhi iyindlela ephephile yokuvikela.
- Ukucushwa okulungile nokuphelele kwe-Firewall kungumsebenzi wongoti noma ochwepheshe, esingesibo. Sinikeza kuphela umhlahlandlela wokumiswa okuncane futhi okusebenzayo.
Sifaka iphakethe le-shorewall nemibhalo yalo.
impande @ ns: ~ # aptitude show shorewall
Iphakheji: shorewall New: yebo Isimo: ayifakiwe
Inguqulo: 4.6.4.3-2
impande @ ns: ~ # aptitude install shorewall shorewall-doc
imibhalo
Uzothola imibhalo eminingi kumafolda:
- / usr / share / doc / shorewall
- / usr / share / doc / shorewall / izibonelo
- / usr / share / doc / shorewall-doc / html
Silungiselela i-interface yenethiwekhi
impande @ ns: ~ # cp / usr / share / doc / shorewall / example / one-interface / interface = / njll / shorewall / impande @ ns: ~ # nano / etc / shorewall / interface #ZONE INTERFACE OPTIONS net eth0 tcpflags, logmartians, nosmurfs, sourceroute = 0
Simemezela izindawo ezingama-firewall
impande @ ns: ~ # cp / usr / share / doc / shorewall / example / one-interface / zones \ / njll / shorewall / impande @ ns: ~ # nano / etc / shorewall / zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4
Izinqubomgomo ezizenzakalelayo zokufinyelela ku-firewall
impande @ ns: ~ # cp / usr / share / doc / shorewall / example / one-interface / policy
/ njll / shorewall /
impande @ ns: ~ # nano / etc / shorewall / policy
#SOURCE DEST POLICY LOG LEVEL LIMIT: BURST $ FW net YAMUKELA
net yonke imininingwane ye-DROP
# INQUBOMGOMO ESILANDELAYO KUFANELE IGCINE KAKHULU yonke imininingwane YOKwenqaba
Imithetho yokufinyelela ku-firewall
impande @ ns: ~ # cp / usr / share / doc / shorewall / example / one-interface / rules \
/ njll / shorewall /
impande @ ns: ~ # nano / etc / shorewall / rules
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER / MARK CON $ # PORT PORT (S) DEST LIMIT GROUP? ISIGABA SONKE? ISIQEPHU SISIMISIWE? ISIQEPHU SIHLOBENE? ISIQEPHU SINGavUMELEkanga? amaphakethe asesimweni esingavumelekile isamba esingavumelekile (DROP) isamba se- $ FW tcp # Drop Ping kusuka ku- "bad" net zone .. futhi uvimbele i-log yakho ukuthi ingakhukhulwa .. # Lahla iPing kusuka endaweni "embi" yenetha. # Vimbela ukukhukhula kohlelo log (/ var / log / syslog) Ping (DROP) net $ FW # Vumela wonke umgwaqo we-ICMP UKUSUKA ku-firewall KUYA endaweni yetha # Vumela wonke umgwaqo we-ICMP UKUSUKA ku-firewall KUYA endaweni net. ACCEPT $ FW net icmp
# Imithetho Yakho # Ukufinyelela nge-SSH kusuka kumakhompyutha amabili
Inetha le-SSH / ACCEPT: 172.16.10.1,172.16.10.10 $ FW tcp 22
# Vumela ithrafikhi emachwebeni 53 / tcp kanye no-53 / udp
YAMUKELA inetha le- $ FW tcp 53
YAMUKELA inetha le- $ FW udp 53
Sihlola i-syntax yamafayela wokumisa
impande @ ns: ~ # isheke lokuhlola
Iyahlola ... Iyacubungula / njll / shorewall / params ... Iyacubungula /etc/shorewall/shorewall.conf ... Iyalayisha Amamojula ... Ihlola / njll / shorewall / izindawo ... Ihlola / njll / shorewall / interface .. Ukunquma Ababungazi Ezingxenyeni ... Ukuthola Amafayela Esenzo ... Ukuhlola / njll / shorewall / inqubomgomo ... Ukungeza Imithetho Yokulwa Nensimbi Ihlola Ukuhlungwa Kwamafulegi e-TCP ... Ukuhlola Ukuhlungwa Kwemizila ye-Kernel ... Ukuhlola Ukungena KweMartian ... Ukubheka Ukwamukela Umzila Womthombo ... Ukuhlola ukufakwa kwe-MAC - Isigaba 1 ... Ukubheka / njll / shorewall / imithetho ... Ukubheka / njll / shorewall / conntrack ... Ukubheka ukufakwa kwe-MAC - Isigaba 2 ... Ukusebenzisa Izinqubomgomo ... Ukuhlola / usr / share / shorewall / action.Drop for chain Drop ... Checking /usr/share/shorewall/action.Broadcast for chain Broadcast ... Shorewall configuration verified
impande @ ns: ~ # nano / etc / default / shorewall
# ukuvimbela ukuqalisa ngokucushwa okuzenzakalelayo # setha okulandelayo okusebenzayo ku-1 ukuze uvumele iShorewall ukuthi iqale
ukuqala =1
------
impande @ ns: ~ # service shorewall start
impande @ ns: ~ # service shorewall restart
impande @ ns: ~ # service shorewall status
● shorewall.service - LSB: Lungiselela i-firewall ngesikhathi sokuqalisa Ilayishiwe: ilayishiwe (/etc/init.d/shorewall) Iyasebenza: iyasebenza (iphumile) kusukela ngeLanga 2017-04-30 16:02:24 EDT; Inqubo engama-31min edlule: 2707 ExecStop = / etc / init.d / shorewall stop (code = exited, status = 0 / SUCCESS) Inqubo: 2777 ExecStart = / etc / init.d / shorewall start (code = exited, status = 0 / IMPUMELELO)
Kuyafundisa kakhulu ukufunda ngokucophelela umphumela womyalo iptables -L ikakhulukazi maqondana nezinqubomgomo ezizenzakalelayo ze-INPUT, FORWARD, OUTPUT, nalezo enqaba zona - wenqaba i-Firewall ukuvikela ekuhlaselweni kwangaphandle. Okungenani, iya kwi-Intanethi ngokuvikelwa okuncane, akunjalo? 😉
impande @ ns: ~ # iptables -L
I-NSD
impande @ ns: ~ # ukufaneleka kokubonisa nsd
Iphakheji: nsd Okusha: yebo Isimo: kufakiwe Kufakiwe ngokuzenzakalela: cha
Inguqulo: 4.1.0-3
impande @ ns: ~ # ukufaneleka ukufaka i-nsd
impande @ ns: ~ # ls / usr / share / doc / nsd /
contrib changelog.Debian.gz NSD-DIFFFILE REQUIREMENTS.gz izibonelo changelog.gz NSD-FOR-BIND-USERS.gz TODO.gz copyright copyright.pdf.gz README.gz UPGRADING CREDITS NSD-DATABASE RELNOTES.
impande @ ns: ~ # nano /etc/nsd/nsd.conf
# Ifayela lokumiswa le-NSD le-Debian. # Bona i-nsd.conf (5) ikhasi lomuntu.
# Bona / usr/share/doc/nsd/examples/nsd.conf ukuthola amazwana
# ireferensi ye-config file.
# Lo mugqa olandelayo uhlanganisa amanye amafayela wokumisa asuka enkombeni engu- # /etc/nsd/nsd.conf.d. # ISEXWAYISO: Isitayela se-glob asisebenzi okwamanje ... # kufaka phakathi: "/etc/nsd/nsd.conf.d/*.conf" server: logfile: "/var/log/nsd.log" ip-address : 172.16.10.30 # lalela ukuxhumeka kwe-IPv4 do-ip4: yebo # lalela ekuxhumaneni kwe-IPv6 do-ip6: akukho # itheku lokuphendula imibuzo. okuzenzakalelayo kungu-53. imbobo: igama lomsebenzisi elingu-53: nsd # Ezingxenyeni, inketho yokuhlinzeka-xfr ingeye- # axfr checks zone: name: fan zonefile: /etc/nsd/fan.zone zone: name: desdelinux.umlandeli
ifayela lendawo: /etc/nsd/desdelinux.fan.zone provide-xfr: 172.16.10.250 NOKEY zone: igama: 10.16.172.in-addr.habhu
zonefile: /etc/nsd/10.16.172.arpa.zone provide-xfr: 172.16.10.250 NOKEY zone: name: swl.fan zonefile: /etc/nsd/swl.fan.zone zone: name: debian.fan zonefile: /etc/nsd/debian.fan.zone zone: name: centos.fan zonefile: /etc/nsd/centos.fan.zone zone: name: freebsd.fan zonefile: /etc/nsd/freebsd.fan.zone
impande @ ns: ~ # nsd-checkconf /etc/nsd/nsd.conf
impande @ ns: ~ #
Sakha amafayela wamaZoni
Indawo Yomsuka «fan.»Okumiswe ngezansi KUNGOKUHLOLA KUPHELA futhi akumele kuthathwe njengesibonelo. Asibona abaphathi bamaseva wegama langempela. 😉
impande @ ns: ~ # nano /etc/nsd/fan.zone
$ ORIGIN umlandeli. $ TTL 3H @ IN SOA ns.fan. impande.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS ns.fan. @ KU-A 172.16.10.30; ns KU-A 172.16.10.30
impande @ ns:~# nano /etc/nsd/desdelinux.indawo.yabalandeli
$ORIGIN desdelinux.umlandeli. $TTL 3H @ IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. ( 1 ; serial 1D ; vuselela 1H ; zama futhi 1W ; phelelwa yisikhathi 3H ); ubuncane noma; Isikhathi sokulondoloza isikhashana esingesihle sokuphila; @ IN NS ns.desdelinux.umlandeli. @ IN MX 10 i-imeyili.desdelinux.umlandeli. @ IN TXT "v=spf1 a:mail.desdelinux.fan -konke" ; ; Bhalisa ukuze uxazulule imibuzo yokumba desdelinux.umlandeli @ IN A 172.16.10.10 ; ns KU-imeyili 172.16.10.30 KU-CNAME desdelinux.umlandeli. xoxa KU-CNAME desdelinux.umlandeli. www KU-CNAME desdelinux.umlandeli. ; ; Amarekhodi e-SRV ahlobene ne-XMPP
_xmpp-server._tcp IN SRV 0 0 5269 desdelinux.umlandeli.
_xmpp-client._tcp IN SRV 0 0 5222 desdelinux.umlandeli.
_jabber._tcp KU-SRV 0 0 5269 desdelinux.umlandeli.
impande @ ns: ~ # nano /etc/nsd/10.16.172.arpa.zone
$ OKUQALILE 10.16.172.in-addr.arpa.
$TTL 3H @ IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. ( 1 ; serial 1D ; vuselela 1H ; zama futhi 1W ; phelelwa yisikhathi 3H ); ubuncane noma; Isikhathi sokulondoloza isikhashana esingesihle sokuphila; @ IN NS ns.desdelinux.umlandeli. ; 30 KU-PTR izinombolo.desdelinux.umlandeli. 10 KU-PTR desdelinux.umlandeli.
impande @ ns:~# nsd-checkzone desdelinux.fan /etc/nsd/desdelinux.indawo.yabalandeli
Indawo desdelinux.umlandeli ulungile
impande @ ns: ~ # nsd-checkzone 10.16.172.in-addr.arpa /etc/nsd/10.16.172.arpa.zone
indawo engu-10.16.172.in-addr.arpa kulungile # Ku-Debian, i-NSD inqamula ukufakwa kwayo kunikwe amandla ngokuzenzakalela
impande @ ns: ~ # systemctl qala kabusha nsd
impande @ ns: ~ # systemctl isimo nsd
● nsd.service - Igama leDaemon Daemon Elilayishiwe: lilayishiwe (/lib/systemd/system/nsd.service; inikwe amandla) Iyasebenza: iyasebenza (isebenza) kusukela ngeLanga 2017-04-30 09:42:19 EDT; 21min edlule i-Main PID: 1230 (nsd) CGroup: /system.slice/nsd.service ├─1230 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf ├─1235 / usr / sbin / nsd - d -c /etc/nsd/nsd.conf └─1249 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf
Ukuhlolwa kusuka kuseva ye-ns.fan uqobo
impande@ns:~# umsingathi desdelinux.umlandeli desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. impande @ ns:~#hostmail.desdelinux.umlandeli imeyili.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. impande @ ns:~#hostchat.desdelinux.umlandeli xoxa.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. impande@ns:~#host www.desdelinux.umlandeli www.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. impande@ns:~# umsingathi ns.desdelinux.umlandeli ns.desdelinux.umlandeli unekheli 172.16.10.30 impande @ ns: ~ # umphathi 172.16.10.30 30.10.16.172.in-addr.arpa igama lesizinda sesikhombi ns.desdelinux.umlandeli. impande @ ns: ~ # umphathi 172.16.10.10 10.10.16.172.in-addr.arpa isikhombisi segama lesizinda desdelinux.umlandeli. impande @ ns: ~ # umphathi ns.fan ns.fan unekheli 172.16.10.30
Ukuhlolwa kwesinqumo segama kusuka ku-Intanethi
- Imibuzo enemininingwane ye-DNS ayikaze ibe miningi kakhulu, ngoba ukusebenza okulungile kwe-Domain Name Resolution kuzoncika kakhulu ekusebenzeni okulungile kwenethiwekhi.
Ukwenza imibuzo ye-DNS ngixhume kuswishi yami - switch test, ilaptop ene-IP 172.16.10.250 kanye nesango 172.16.10.1, Ikheli le-IP elihambelana nendawo yami yokusebenza sysadmin.desdelinux.umlandeli njengoba kwaziwa kusuka ezindatshaneni ezedlule.
sandra @ laptop: ~ $ sudo ip addr show 1: yini: Umuntu 16436 qdisc noqueue state UNKNOWN link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00: 127.0.0.1 inet 8/6 scope host lo inet1 :: 128/2 scope host valid_lft uncamathiselwe_lft unomphela 0: eth1500: umuntu 1000 qdisc pfifo_fast state UP qlen 00 link / ether 17: 42: 8: 85e: 54: 172.16.10.250 brd ff: ff: ff: ff: ff: ff inet 24/172.16.10.255 brd 0 global scope eth6 inet80 fe217: : 42: 8ff: fe8554e: 64/3 ububanzi besixhumanisi esivumayo_lft unomphela okhethwayo_lft unomphela 0: wlan1500: umuntu 1000 qdisc noop state DOWN qlen 00 link / ether 1: 0d: e88: 09: 5: d4 brd ff: ff: ff: ff: ff: ff 0: pan1500: umuntu 0 qdisc noop state DOWN link / ether de: 67b: 52: 69: XNUMX: ad brd ff: ff: ff: ff: ff: ff sandra @ laptop: ~ $ sudo umzila -n Ithebula lomzila weKernel IP Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 0 eth0 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 sandra @ laptop: ~ $ ikati /etc/resolv.conf nameserver 172.16.10.30 sandra@laptop:~$host desdelinux.umlandeli desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. sandra @ laptop:~$hostmail.desdelinux.umlandeli imeyili.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. sandra @ laptop:~$ umphathi ns.desdelinux.umlandeli ns.desdelinux.umlandeli unekheli 172.16.10.30 isandra @ laptop: ~ $ host 172.16.10.30 30.10.16.172.in-addr.arpa igama lesizinda sesikhombi ns.desdelinux.umlandeli. sandra @ laptop: ~ $ umsingathi 172.16.10.10 10.10.16.172.in-addr.arpa isikhombisi segama lesizinda desdelinux.umlandeli. sandra@laptop:~$ host -t SRV _xmpp-server._tcp.desdelinux.umlandeli _xmpp-server._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5269 desdelinux.umlandeli. sandra @ laptop:~$ host -t SRV _xmpp-client._tcp.desdelinux.umlandeli _xmpp-client._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5222 desdelinux.umlandeli. sandra @ laptop:~$ host -t SRV _jabber._tcp.desdelinux.umlandeli _jabber._tcp.desdelinux.umlandeli unerekhodi le-SRV 0 0 5269 desdelinux.umlandeli. sandra @ laptop: ~ $ host -a fan. Ukuzama "umlandeli" ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 57542 ;; amafulegi: qr aa rd; UMBUZO: 1, IMPENDULO: 3, UKUGUNYAZWA: 0, OKWENGEZIWE: 1 ;; ISIGABA SOMBUZO :; fan. NGAKHO ;; IMPENDULO ISIGABA: fan. I-10800 IN SOA ns.fan. impande.fan. 1 86400 3600 604800 10800 umlandeli. I-10800 IN NS ns.fan. fan. I-10800 KU-A 172.16.10.30 ;; ISIQEPHU ESINGEZIWE: ns.fan. 10800 IN A 172.16.10.30 Kutholwe ama-byte ayi-111 kusuka ku-172.16.10.30 # 53 ku-0 ms
- Sibeka ikheli ngenhloso 172.16.10.250 Kwi-Laptop, ukubheka KONKE ngokusebenzisa umbuzo we-DNS AXFR, ngoba amaZones amisiwe ukuvumela -nanoma iyiphi iphasiwedi- lolu hlobo lombuzo oluvela kuleyo IP.
sandra@laptop:~$ dig desdelinux.umlandeli axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> desdelinux.fan axfr ;; izinketho zomhlaba jikelele: +cmd
desdelinux.umlandeli. 10800 IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. 1 86400 3600 604800 10800
desdelinux.umlandeli. 10800 KU-NS izinombolo.desdelinux.umlandeli.
desdelinux.umlandeli. 10800 IN MX 10 i-imeyili.desdelinux.umlandeli.
desdelinux.umlandeli. 10800 IN TXT "v=spf1 a:mail.desdelinux.fan -konke"
desdelinux.umlandeli. 10800 IN A 172.16.10.10 _jabber._tcp.desdelinux.umlandeli. 10800 KU-SRV 0 0 5269 desdelinux.umlandeli. _xmpp-client._tcp.desdelinux.umlandeli. 10800 KU-SRV 0 0 5222 desdelinux.umlandeli. _xmpp-server._tcp.desdelinux.umlandeli. 10800 KU-SRV 0 0 5269 desdelinux.umlandeli. xoxa.desdelinux.umlandeli. 10800 KU-CNAME desdelinux.umlandeli. i-imeyili.desdelinux.umlandeli. 10800 KU-CNAME desdelinux.umlandeli. ns.desdelinux.umlandeli. 10800 KU-A 172.16.10.30 www.desdelinux.umlandeli. 10800 KU-CNAME desdelinux.umlandeli.
desdelinux.umlandeli. 10800 IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; Isikhathi sombuzo: 0 msec ;; Iseva: 172.16.10.30#53(172.16.10.30);; NINI: Sun Apr 30 10:37:10 EDT 2017 ;; Usayizi we-XFR: amarekhodi ayi-13 (imiyalezo 1, amabhayithi 428)
isandra @ laptop: ~ $ dig 10.16.172.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> 10.16.172.in-addr.arpa axfr ;; izinketho zomhlaba jikelele: +cmd 10.16.172.in-addr.arpa. 10800 IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. 1 86400 3600 604800 10800 10.16.172.in-addr.arpa. 10800 KU-NS izinombolo.desdelinux.umlandeli. 10.10.16.172.in-addr.arpa. 10800 KU-PTR desdelinux.umlandeli. 30.10.16.172.in-addr.arpa. 10800 IN PTR izinombolo.desdelinux.umlandeli. 10.16.172.in-addr.arpa. 10800 IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; Isikhathi sombuzo: 0 msec ;; Iseva: 172.16.10.30#53(172.16.10.30);; NINI: Sun Apr 30 10:37:27 EDT 2017 ;; Usayizi we-XFR: amarekhodi ayi-5 (imiyalezo 1, amabhayithi 193)
sandra @ laptop:~$ ping ns.desdelinux.umlandeli
PING izinombolo.desdelinux.umlandeli (172.16.10.30) 56(84) wamabhayithi wedatha.
Imibuzo edingekayo ye-DNS iphendulwe kahle. Siphinde futhi sihlole ukuthi iShorewall isebenza kahle nokuthi ayemukeli yini ping kusuka kumakhompyutha axhumeke kwi-Intanethi.
Isifingqo
- Sibone ukuthi ungayifaka kanjani futhi siyimise kanjani - ngezinketho eziyisisekelo nezincane - iseva ye-Authoritative DNS esekwe kwi-NSD. Siyaqinisekisa ukuthi i-syntax yamafayela endawo ifana kakhulu naleyo ye-BIND. Ku-Intanethi kunezincwadi ezinhle kakhulu futhi eziphelele kwi-NSD.
- Sihlangabezane nenhloso yokukhombisa ukumenyezelwa kwamarekhodi e-SRV ahlobene ne-XMPP.
- Sisiza ekufakweni nasekucushweni okuncane kwe-firewall esekwe eShorewall.
Ukulethwa okulandelayo
I-Prosody IM nabasebenzisi bendawo.
Sawubona bangani bomphakathi we-linux okokufundisa okuhle kakhulu ngazama ukufaka i-dns kepha ithi leli oda alitholakali uma kukhona enye indlela yokubonga ngolwazi
Umbuzo?…. Ngabe awusebenzisi i-SAMBA njengesilawuli sesizinda samanethiwekhi we-SME?
fracielarevalo: Qaphela ukuthi i-athikili isuselwa ekufakeni i-NSD kuhlelo lokusebenza lwe-Debian "Jessie", hhayi ku-CentOS.
U-Alberto: Kufanele uhambe usuka kokulula uye enkingeni. Kamuva sizobona iSamba 4 njenge-AD-DC, okungukuthi, i-Active Directory - Domain Controler. Ukubekezela. Ngincoma ukuthi ufunde i-athikili edlule, ikakhulukazi isigaba esithi: Ingabe inqubo yokuqinisekisa ngesikhathi sokuzalwa kwe-ARPANET, i-Intanethi, namanye amaNethiwekhi Wide Area Network noma ama-Local Area Networks asuselwa ku-LDAP, Directory Service, noma iMicrosoft LSASS, noma i-Active Directory, noma iKerberos? Isho ezimbalwa.
Khumbula ukuthi wonke ama-athikili ahlobene nokuthi uchungechunge. Angicabangi ukuthi kuyasiza nakancane ukuqala enye indlela ezungeze, okusho ukuthi, kusuka ku-Active Directory bese ubuyela ku-PAM. Njengoba uzobona, izinhlobo eziningi zokuqinisekisa zigcina ku-PAM kudeskithophu yakho ye-Linux. Izixazululo ezilula njengalezo esizimboza nge-PAM kufanele ukubhalwa. Uma injongo iqondakala, kufanele ifundwe futhi ifundwe.
Ngiyabingelela futhi ngiyabonga nobabili ngokuphawula.
Enye indatshana enhle yombhali, njengenjwayelo kuhlale kunokuthile okusha futhi okuwusizo kakhulu kithina esizicabanga ngathi "ngama-sysadmins".
Nawa amanothi ami:
1- Ukusetshenziswa kwe-NSD esikhundleni sokubopha njengeseva ye-Authoritarian DNS server.
2- Faka kufayela lezoni le-DNS amarekhodi e-SRV ahlobene nensizakalo Yemiyalezo Esheshayo ehambisana ne-XMPP.
3- Usebenzisa i-Shorewall Firewall ene-interface yenethiwekhi.
Lokhu okuthunyelwe kusebenza "njengesisekelo" kimi (njengoba esho ngesizotha futhi kuyisifiso sombhali kulo lonke uchungechunge lwama-SME) uma ngokuzayo ngizithola ngidinga ukusebenzisa isixazululo esifanayo.
Iqembu labathandi futhi liyasisiza ukuthi sandise ulwazi lwethu endaweni yamanethiwekhi ama-SME. Ngibonga kakhulu ngomnikelo omuhle kangaka, umphakathi, mina uqobo futhi ngicabanga ukuthi inombolo enhle ye-sysadmin ngiyabonga ngomnikelo obaluleke kangaka ... Esikhathini esedlule benginobunye ubudlelwane nobushushi, kepha ngibheka icala elisebenzayo ngendlela engikwenze ngayo kunzima impela, lolu chungechunge lwamanethiwekhi ama-SME luyiphayona emibhalweni ezindaweni ezahlukahlukene okufanele i-sysadmin ibhekane nayo, iqonda ukuthi iningi lemibhalo mayelana nalokhu isolimini lwesiNgisi jikelele. ..
Ungapheli, siyakuhalalisela bese siyaqhubeka !!!
ILagarto: Ngiyabonga kakhulu ngokuphawula kwakho nangokubonga. Ngizama ukunikeza ochungechungeni isisekelo esincane esidingwa iSysadmin. Vele, ukuzifundela kanye nentshisekelo yomuntu ngamunye esihlokweni ngasinye esixoxiwe kuzoya ngezinga elithile.
Siyaqhubeka phambili !!!
Sawubona emphakathini we-linx;). Ngimusha ku-OS.opte po leave windows esikhathini esedlule futhi ngizimisele ukufunda okuningi ngangokunokwenzeka..indatshana enhle kakhulu ..
Siyabonga iGhost ngokujoyina uMphakathi nangokuphawula