Ukuqinisekiswa kwe-squid + PAM kuma-CentOS 7- SMB Networks

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Umbhali: UFederico Antonio Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico

Sanibonani bangani nabangane!

Isihloko se-athikili bekufanele sithi: «I-MATE + NTP + Dnsmasq + Gateway Service + i-Apache + Squid ene-PAM Ukugunyazwa ku-Centos 7 - Amanethiwekhi we-SME«. Ngezizathu ezizwakalayo siyayifinyeza.

Siyaqhubeka nokufakazela ubuqiniso kubasebenzisi bendawo kwikhompyutha ye-Linux besebenzisa i-PAM, futhi kulokhu sizobona ukuthi singanikeza kanjani insizakalo yeProxy nge-Squid ngenethiwekhi encane yamakhompyutha, ngokusebenzisa iziqinisekiso zokuqinisekisa ezigcinwe kukhompyutha efanayo lapho iseva iyasebenza Squid.

Yize sazi ukuthi kuyinto ejwayelekile kulezi zinsuku, ukufakazela izinsiza kuqhathaniswa ne-OpenLDAP, iRed Hat's Directory Server 389, Microsoft Active Directory, njll., Sibheka ukuthi kufanele siqale ngokusebenzisa izixazululo ezilula nezishibhile, bese sibhekana nezinkimbinkimbi kakhulu. Sikholwa ukuthi kumele sisuke kokulula siye kokuyinkimbinkimbi.

Inkomba

Isiteji

Kuyinhlangano encane - enezinsizakusebenza ezimbalwa kakhulu zezezimali- ezinikele ekusekeleni ukusetshenziswa kweFree Software futhi ekhethe igama le- KusukaLinux.Fan. Bangabathandi be-OS abahlukahlukene CentOS baqoqelwe ehhovisi elilodwa. Bathenga isiteshi sokusebenzela - hhayi iseva esezingeni elifanele - abazoyinikezela ukuze basebenze "njengeseva."

Abashisekeli abanalo ulwazi olubanzi lokuthi isetshenziswa kanjani iseva ye-OpenLDAP noma iSamba 4 AD-DC, futhi abakwazi ukukhokhela ilayisense iMicrosoft Active Directory. Kodwa-ke, ngomsebenzi wabo wansuku zonke badinga izinsizakalo zokufinyelela kwi-Intanethi nge-Proxy -ukusheshisa ukuphequlula- kanye nesikhala sokugcina imibhalo yabo ebaluleke kakhulu futhi basebenze njengamakhophi wesipele.

Basasebenzisa kakhulu amasistimu wokusebenza atholwe ngokusemthethweni e-Microsoft, kepha bafuna ukuwashintshela ku-Linux-based Operating Systems, ngokuqala nge- "Server" yabo.

Baphinde bafise ukuba ne-mail server yabo ukuze bakwazi ukuzimela - okungenani kusuka kumsuka - wezinsizakalo ezifana ne-Gmail, Yahoo, HotMail, njll, okuyikhona abakusebenzisayo njengamanje.

Imithetho ye-Firewall neRouting phambi kwe-Intanethi izoyisungula ku-ADSL Router enesivumelwano.

Abanalo igama langempela lesizinda njengoba bengadingi ukushicilela noma iyiphi insizakalo kwi-Intanethi.

I-CentOS 7 njengeseva ngaphandle kwe-GUI

Siqala ekufakweni okusha kweseva ngaphandle kwesikhombimsebenzisi sokuqhafaza, futhi okuwukuphela kwento esiyikhethayo ngesikhathi senqubo yile «Ingqalasizinda Server»Njengoba sibonile ezindatshaneni ezedlule ochungechungeni.

Izilungiselelo zokuqala

[root @ linuxbox ~] # ikati / njll / igama lomethuleli 
ibhokisi le-linux

[izimpande @ linuxbox ~] # ikati / njll / imikhosi
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox

[impande @ linuxbox ~] # igama lomethuleli
ibhokisi le-linux

[impande @ linuxbox ~] # igama lomethuleli -f
linuxbox.fromlinux.fan

[izimpande @ linuxbox ~] # ip addr uhlu
[impande @ linuxbox ~] # ifconfig -a
[izimpande @ linuxbox ~] # ls / sys / class / net /
ens32 ens34 bheka

Sikhubaza iMenenja yeNethiwekhi

[root @ linuxbox ~] # systemctl misa i-NetworkManager

[root @ linuxbox ~] # systemctl khubaza i-NetworkManager

[root @ linuxbox ~] # systemctl isimo NetworkManager
● I-NetworkManager.service - Imenenja yeNethiwekhi ilayishiwe: ilayishiwe (/usr/lib/systemd/system/NetworkManager.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kuvunyelwe) Kuyasebenza: akusebenzi (kufile) Amadokhumenti: indoda: I-NetworkManager (8)

[impande @ linuxbox ~] # ifconfig -a

Silungiselela izixhumi zenethiwekhi

Isixhumi esibonakalayo se-Ens32 LAN sixhumeke kunethiwekhi yangaphakathi

[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZONE = umphakathi

[impande @ linuxbox ~] # ifdown ens32 && ifup ens32

I-Ens34 WAN interface exhunywe kwi-Inthanethi

[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens34
I-DEVICE = ens34 ONBOOT = yebo BOOTPROTO = static HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = no IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Irutha ye-ADSL ixhunywe ku # lesi sixhumi # nekheli elilandelayo IGATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
ZONE = ngaphandle

[impande @ linuxbox ~] # ifdown ens34 && ifup ens34

Ukulungiswa kwamakhosombe

[impande @ linuxbox ~] # cd /etc/yum.repos.d/
[impande @ linuxbox ~] # mkdir yoqobo
[impande @ linuxbox ~] # mv Centos- * okwangempela /

[izimpande @ linuxbox ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[root @ linuxbox yum.repos.d] # yum hlanza konke
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks Ama-repositories wokuhlanza: Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Updates-Repo Ukuhlanza yonke into Ukuhlanza uhlu lwezibuko ezisheshayo
[root @ linuxbox yum.repos.d] # yum isibuyekezo
Ama-plugin Alayishiwe: i-fastestmirror, ama-langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 I-Epel-Repo | 4.3 kB 00:00 Abezindaba-Repo | 3.6 kB 00:00 Izibuyekezo-Repo | 3.4 kB 00:00 (1/9): I-Base-Repo / group_gz | 155 kB 00:00 (2/9): I-Epel-Repo / group_gz | I-170 kB 00: 00 (3/9): I-Media-Repo / group_gz | 155 kB 00:00 (4/9): I-Epel-Repo / updateinfo | I-734 kB 00:00 (5/9): I-Media-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Ukubuyekezwa-I-Repo / primary_db | 2.2 MB 00:00 (8/9): I-Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): I-Base-Repo / primary_db | 5.6 MB 00:01 Ukunquma izibuko ezisheshayo Azikho amaphakheji amakwe ukuvuselelwa

Umlayezo "Awekho amaphakheji amakwe ukuze abuyekezwe»Kuyakhonjiswa ngoba ngesikhathi sokufakwa simemezele amakhosombe afanayo endawo esinawo.

I-Centos 7 enemvelo yedeskithophu ye-MATE

Ukuze sisebenzise amathuluzi okuphatha amahle kakhulu ane-interface esibonisa ngayo i-CentOS / Red Hat, futhi ngoba sihlala sikhumbula i-GNOME2, sinqume ukufaka i-MATE njengendawo yedeskithophu.

[impande @ linuxbox ~] # yum groupinstall "X Window system"
[root @ linuxbox ~] # yum groupinstall "MATE Desktop"

Ukuqinisekisa ukuthi i-MATE ilayisha kahle, senza umyalo olandelayo ku-console -local or remote-:

[root @ linuxbox ~] # systemctl behlukanisa graphical.target

futhi imvelo yedeskithophu kufanele ilayishwe -eqenjini lendawo- ngokushelela, ikhombisa I-albhamu kuphela njengokungena ngemvume kokuqhafaza. Sibhala igama lomsebenzisi wasendaweni ne-password yalo, bese sizongena ku-MATE.

Ukutshela i- i-systemd ukuthi ileveli yokuqalisa ezenzakalelayo imvelo eyi-5- sakha isixhumanisi esingokomfanekiso esilandelayo:

[izimpande @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

Siqala kabusha uhlelo futhi konke kusebenza kahle.

Sifaka i-Time Service for Networks

[impande @ linuxbox ~] # yum ukufaka ntp

Ngesikhathi sokufakwa silungiselela ukuthi iwashi lendawo lizovumelaniswa neseva yesikhathi semishini sysadmin.fromlinux.fan nge-IP 192.168.10.1. Ngakho-ke, sigcina ifayili ntp.conf okwangempela ngu:

[izimpande @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original

Manje, sakha okusha ngokuqukethwe okulandelayo:

[root @ linuxbox ~] # nano /etc/ntp.conf # Amaseva amisiwe ngesikhathi sokufakwa: iseva 192.168.10.1 iburst # Ngeminye imininingwane, bona amakhasi womuntu we: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). i-driftfile / var / lib / ntp / drift # Vumela ukuvumelanisa nomthombo wesikhathi, kepha hhayi # vumela umthombo ukuthi ubonisane noma uguqule le sevisi ikhawulele okuzenzakalelayo khetha i-notrap nopeer noquery # Vumela konke ukufinyelela kusixhumi esibonakalayo Loopback limited 127.0.0.1 limited :: 1 # Khawulela kancane kumakhompyutha kunethiwekhi yendawo. vimbela 192.168.10.0 mask 255.255.255.0 khetha i-notrap # Sebenzisa amaseva womphakathi we-pool.ntp.org # Uma ufuna ukujoyina iphrojekthi vakashela # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # ukusakaza server serverclient # ukusakaza iklayenti #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycasterver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey many # 192.168.10.255 # Nika amandla i-cryptography yomphakathi. #crypto includesefile / etc / ntp / crypto / pw # Ifayela elingukhiye eliqukethe okhiye nokokuhlonza ukhiye # lisetshenziswe lapho kusebenza ngokhiye wokulinganisa wokhiye we-symmetric / etc / ntp / keys # Cacisa okokuhlonza okhiye abathenjiwe. #trustedkey 4 8 42 # Cacisa okokuhlonza ukhiye ongakusebenzisa ne-utpdc utility. #requestkey 8 # Cacisa okokuhlonza ukhiye ongakusebenzisa ne-utpq utility. #controlkey 8 # Vumela ukubhala kwamarejista ezibalo. #statistics clockstats cryptostats loopstats peerstats # Khubaza ukuqapha kwe-secession ukuvimbela ukukhuliswa kokuhlaselwa okungu- # usebenzisa umyalo wohlu lwezinhlu ze-ntpdc, lapho ukucindezelwa okuzenzakalelayo # kungafaki ifulegi le-noquery. Funda i-CVE-2013-5211 # ukuthola eminye imininingwane. # Qaphela: I-Monitor ayikhutshaziwe nefulegi lomkhawulo onqunyelwe. khubaza ukuqapha

Sivumela, siqale futhi sihlole insiza ye-NTP

[impande @ linuxbox ~] # systemctl isimo ntpd
● ntpd.service - Isevisi Yesikhathi SeNethiwekhi Ilayishiwe: ilayishiwe (/usr/lib/systemd/system/ntpd.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)

[root @ linuxbox ~] # systemctl vumela i-ntpd
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[root @ linuxbox ~] # systemctl qala ntpd
[impande @ linuxbox ~] # systemctl isimo ntpd

[impande @ linuxbox ~] # systemctl isimo ntpdntpd.service - Isevisi Yesikhathi Senethiwekhi
   Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/ntpd.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoLwesihlanu 2017-04-14 15:51:08 EDT 1s edlule Inqubo: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (code = exited, status = 0 / SUCCESS) Main PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp kanye Firewall

[root @ linuxbox ~] # firewall-cmd - izindawo ezisebenzayo
zangaphandle
  izindlela: ens34
umphakathi
  izindlela: ens32

[root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 123 / udp - unomphela
impumelelo
[root @ linuxbox ~] # firewall-cmd - phinda ulayishe
impumelelo

Senza sikwazi futhi silungiselele i-Dnsmasq

Njengoba sibonile esihlokweni esandulele ochungechungeni lwe-Small Business Networks, iDnsamasq ifakwa ngokuzenzakalela ku-CentOS 7 Infrastructure Server.

[impande @ linuxbox ~] # systemctl isimo dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kukhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)

[root @ linuxbox ~] # systemctl vumela i-dnsmasq
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

[root @ linuxbox ~] # systemctl qala dnsmasq
[impande @ linuxbox ~] # systemctl isimo dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Fri 2017-04-14 16:21:18 EDT; 4s ago Main PID: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[impande @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

[izimpande @ linuxbox ~] # nano /etc/dnsmasq.conf
# ----------------------------------------------------- ------------------ # IZINKETHO JIKELELE # ----------------------------- -------------------------------------- kudingeka isizinda # Ungadluli amagama ngaphandle kwengxenye yesizinda bogus-priv # Ungadluli amakheli esikhaleni esingavinjelwe sanda-abasingathi # Faka ngokuzenzakalela isizinda kusixhumi esibonakalayo = host32 # Interface LAN oda-oda # Oda lapho ubuza khona ifayela /etc/resolv.conf file conf-dir = / etc /dnsmasq.d domain = desdelinux.fan # Ikheli legama lesizinda = / time.windows.com / 192.168.10.5 # Ithumela inketho engenalutho yenani le-WPAD. Kuyadingeka kuma # Windos 7 nakamuva amaklayenti ukuthi aziphathe kahle. ;-) dhcp-option = 252, "\ n" # Ifayela lapho sizomemezela khona IZIMPAHLA ezizovinjelwa "addn-hosts = / etc / banner_add_hosts local = / desdelinux.fan / # ---------- ------------------------------------------------------ ------- # UKUBHALISWA KWE-NAMEMXTXT # ---------------------------------------- ----------- linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX RECORDS # Returns MX record with the name "desdelinux.fan" destined # for the mail.desdelinux computer. fan nokubekwa phambili kwe-192.168.10.5 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # Indawo okuyiwa kuyo ngokuzenzakalela yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target = mail.desdelinux.fan # Returns irekhodi le-MX elikhombisa i-mx-target YONKE # imishini yasendaweni localmx # TXT amarekhodi. Singamemezela futhi nerekhodi le-SPF txt-record = desdelinux.fan, "v = spf10 a -all" txt-record = desdelinux.fan, "FromLinux, your Blog dedicated to Free Software" # --------- ------------------------------------------------------ -------- # UBubanzi NOKUSETSHENZISWA # ------------------------------------------- ---------------------------- # Ibanga le-IPv1 nesikhathi sokuqashisa # 4 kuye ku-1 kungokwamaseva nezinye izidingo ze-dhcp -range = 29h dhcp-lease-max = 192.168.10.30,192.168.10.250,8 # Inani eliphakeme lamakheli okuqashisa # ngokuzenzakalela ayi-222 # IPV150 range # dhcp-range = 6 ::, ra-only # Izinketho ze- RANGE # OPTIONS dhcp-option = 1234 # NETMASK dhcp-option = 1,255.255.255.0 # ROUTER GATEWAY dhcp-option = 3,192.168.10.5 # DNS Servers dhcp-option = 6,192.168.10.5, desdelinux.fan # DNS Domain Name dhcp-option = 15 , 19,1 # inketho yokudlulisela phambili ku-dhcp-option = 28,192.168.10.255 # BROADCAST dhcp-option = 42,192.168.10.5 # NTP dhcp-onegunya # onegunya le-DHCP ku-subnet # -------------- ------------------ ----------------------------------- # Uma ufuna ukugcina ku- / var / log / messages the log of the imibuzo # uncomment umugqa ongezansi # ------------------------------------------- ----------------------------
Imibuzo engu- # log
# UKUPHELA kwefayela /etc/dnsmasq.conf # --------------------------------------- ----------------------------

Sakha ifayela / njll / banner_add_hosts

[izimpande @ linuxbox ~] # nano / njll / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Amakheli we-IP alungisiwe

[izimpande @ linuxbox ~] # nano / etc / hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox 192.168.10.1 sysadmin.fromlinux.fan sysadmin

Silungiselela ifayela /etc/resolv.conf - i-resolver

[izimpande @ linuxbox ~] # nano /etc/resolv.conf
sesha i-desdelinux.fan nameserver 127.0.0.1 # Ngemibuzo ye-DNS engaphandle noma engeyona eyesizinda # desdelinux.fan # local = / desdelinux.fan / nameserver 8.8.8.8

Sihlola i-syntax yefayela dnsmasq.conf, siqala futhi sihlole isimo sesevisi

[root @ linuxbox ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.
[root @ linuxbox ~] # systemctl qala kabusha dnsmasq
[impande @ linuxbox ~] # systemctl isimo dnsmasq

I-Dnsmasq ne-Firewall

[root @ linuxbox ~] # firewall-cmd - izindawo ezisebenzayo
zangaphandle
  izindlela: ens34
umphakathi
  izindlela: ens32

Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela«

[root @ linuxbox ~] # firewall-cmd --zone = umphakathi - i -add-port = 53 / tcp - ehlala njalo
impumelelo
[root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 53 / udp - unomphela
impumelelo

Imibuzo ye-Dnsmasq kumaseva we-DNS angaphandle

[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 53 / tcp --permanent
impumelelo
[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 53 / udp - ehlala njalo
impumelelo

Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core«

[root @ linuxbox ~] # firewall-cmd --zone = umphakathi - i -add-port = 67 / tcp - ehlala njalo
impumelelo
[root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 67 / udp - unomphela
impumelelo

[root @ linuxbox ~] # firewall-cmd - phinda ulayishe
impumelelo

[root @ linuxbox ~] # firewall-cmd --info-zone yomphakathi yomphakathi (esebenzayo)
  target: okuzenzakalelayo icmp-block-inversion: akukho zinhlaka: imithombo ye-ens32: izinsizakalo: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: no forward-port: sourceports: icmp -Imigoqo: imithetho ecebile:

[root @ linuxbox ~] # firewall-cmd --info-zone yangaphandle yangaphandle (iyasebenza)
  target: default icmp-block-inversion: no interfaces: ens34 sources: services: dns ports: 53 / udp 53 / tcp protocols: masquerade: yes forward-port: sourceports: icmp-blocks: parameter-problem redirect router-advertising router- ukucela imithetho yokuqeda imithombo ecebile:

Uma sifuna ukusebenzisa isikhombimsebenzisi sokuqhafaza ukumisa i-Firewall ku-CentOS 7, sibheka kwimenyu ejwayelekile - kuzoncika kwimvelo yedeskithophu lapho kuvela khona imenyu engaphansi - uhlelo lokusebenza «i-Firewall», siyayisebenzisa futhi ngemuva kokufaka iphasiwedi yomsebenzisi izimpande, sizofinyelela kusixhumi esibonakalayo sohlelo kanjalo. Ku-MATE kubonakala kumenyu «Isistimu »->" Ukuphatha "->" I-Firewall ".

Sikhetha iNdawo «umphakathi»Futhi sigunyaza izinsizakalo esifuna ukuthi zishicilelwe ku-LAN, okuyizinto kuze kube manje dhcp, dns, ntp futhi ssh. Ngemuva kokukhetha izinsizakalo, siqinisekisa ukuthi yonke into isebenza kahle, kufanele senze izinguquko ku-Runtime to Permanent. Ukwenza lokhu siya kwimenyu yezinketho bese ukhetha inketho «Isikhathi sokuqalisa unomphela".

Kamuva sikhetha iNdawo «zangaphandle»Futhi sihlola ukuthi amachweba adingekayo ukuxhumana ne-Intanethi avulekile. UNGAYISHicileli Izinsizakalo kule Zone ngaphandle kokuthi sazi kahle esikwenzayo!.

Masingakhohlwa ukwenza ushintsho lube ngunaphakade ngokusebenzisa inketho «Isikhathi sokuqalisa unomphela»Futhi ulayishe kabusha idemoni I-FirewallD, ngaso sonke isikhathi lapho sisebenzisa leli thuluzi elinamandla lezithombe.

I-NTP ne-Dnsmasq kusuka kuklayenti le-Windows 7

Ukuvumelanisa ne-NTP

zangaphandle

Ikheli le-IP eliqashiwe

I-Microsoft Windows [Inguqulo 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: Abasebenzisi buzz> ipconfig / lonke igama leWindows Windows Configuration Host. . . . . . . . . . . . : ISIKHOMBISA
   Isijobelelo se-Primary Dns. . . . . . . :
   Uhlobo lweNode. . . . . . . . . . . . Umzila we-Hybrid IP Unikwe amandla. . . . . . . . : Akukho Proxy WINS Enikwe Amandla. . . . . . . . : Alukho Uhlu Lokusesha Isijobelelo Se-DNS. . . . . . : desdelinux.fan Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : desdelinux.fan Incazelo. . . . . . . . . . . I-Intel (R) PRO / 1000 MT Network Connection Ikheli Lendawo. . . . . . . . . : 00-0C-29-D6-14-36 DHCP Inikwe amandla. . . . . . . . . . . : Yebo Ukulungiswa kokuzenzakalelayo kunikwe amandla. . . . : Futhi kunjalo
   Ikheli le-IPv4. . . . . . . . . . . : 192.168.10.115 (ethandwayo)
   Imaski ye-Subnet. . . . . . . . . . . : 255.255.255.0 Ukuqashwa Kutholakele. . . . . . . . . . : NgoLwesihlanu, Ephreli 14, 2017 5:12:53 PM Ukuqashiswa Kuphela. . . . . . . . . . : NgoMgqibelo, Ephreli 15, 2017 1: 12: 53 AM Isango elizenzakalelayo. . . . . . . . . : 192.168.10.1 Iseva ye-DHCP. . . . . . . . . . . : 192.168.10.5 amaseva we-DNS. . . . . . . . . . . : 192.168.10.5 I-NetBIOS ngaphezulu kweTcpip. . . . . . . . : I-adaptha ye-Tunnel evunyelwe Ukuxhumeka Kwendawo Yendawo * 9: Media State. . . . . . . . . . . : Imidiya inqanyuliwe Isixhumi Sesixhumi Esicacisiwe Sokuxhumeka. : Incazelo. . . . . . . . . . . : I-adaptha ye-Microsoft Teredo Tunneling Ikheli Lendawo. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Inikwe amandla. . . . . . . . . . . : Akukho ukulungiswa okuzenzakalelayo okunikwe amandla. . . . : Yebo i-adapter yomhubhe isatap.fromlinux.fan: Media State. . . . . . . . . . . : Imidiya inqanyuliwe Isixhumi Sesixhumi Esicacisiwe Sokuxhumeka. : desdelinux.fan Incazelo. . . . . . . . . . . I-adaptha ye-Microsoft ISATAP # 2 Ikheli Lendawo . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Inikwe amandla. . . . . . . . . . . : Akukho ukulungiswa okuzenzakalelayo okunikwe amandla. . . . : Yebo C: \ Abasebenzisi \ buzz>

Ithiphu

Inani elibalulekile kumakhasimende e-Windows yi- "Primary Dns Suffix" noma "Main suffix connection". Lapho isilawuli seMicrosoft Domain singasetshenzisiwe, uhlelo olusebenzayo aluniki inani laso. Uma sibhekene necala elifana nalelo elichazwe ekuqaleni kwe-athikili futhi sifuna ukulibeka ngokusobala lelo nani, kufanele siqhubeke ngokuvumelana nalokho okuboniswe esithombeni esilandelayo, samukele ushintsho bese siqala kabusha iklayenti.

 

Uma sigijima futhi CMD -> ipconfig / konke sizothola okulandelayo:

I-Microsoft Windows [Inguqulo 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: Abasebenzisi buzz> ipconfig / lonke igama leWindows Windows Configuration Host. . . . . . . . . . . . : ISIKHOMBISA
   Isijobelelo se-Primary Dns. . . . . . . : desdelinux.fan
   Uhlobo lweNode. . . . . . . . . . . . Umzila we-Hybrid IP Unikwe amandla. . . . . . . . : Akukho Proxy WINS Enikwe Amandla. . . . . . . . : Alukho Uhlu Lokusesha Isijobelelo Se-DNS. . . . . . : desdelinux.fan

Wonke amanye amanani ahlala engashintshiwe

Ukuhlolwa kwe-DNS

buzz @ sysadmin: ~ $ host spynet.microsoft.com
i-spynet.microsoft.com inekheli le-127.0.0.1 Host spynet.microsoft.com ayitholakali: 5 (REFUSED) spynet.microsoft.com mail isingathwa nge-mail eyodwa 1.fromlinux.fan.

buzz @ sysadmin: ~ $ host linuxbox
linuxbox.desdelinux.fan inekheli le-192.168.10.5 linuxbox.desdelinux.fan imeyili liphathwa nge-mail engu-1.desdelinux.fan.

buzz @ sysadmin: ~ $ host sysadmin
i-sysadmin.desdelinux.fan inekheli le-192.168.10.1 sysadmin.desdelinux.fan imeyili liphathwa nge-mail engu-1.desdelinux.fan.

buzz @ sysadmin: ~ $ imeyili yokubamba
i-mail.desdelinux.fan iyi-alias ye-linuxbox.desdelinux.fan. linuxbox.desdelinux.fan inekheli 192.168.10.5 imeyili ye-linuxbox.desdelinux.fan isingathwa nge-mail eyodwa engu-1.desdelinux.fan.

Sifaka -ukuhlolwa kuphela- iseva egunyaziwe ye-DNS NSD ku sysadmin.fromlinux.fan, futhi sifaka ikheli le-IP 172.16.10.1 endaweni yokugcina umlando /etc/resolv.conf weqembu linuxbox.fromlinux.fan, Ukuqinisekisa ukuthi iDnsmasq yayiqhuba kahle umsebenzi wayo Wokudlulisela phambili. Ama-sandboxes kuseva ye-NSD yiwo ethanda.org y yomakXNUMX. Onke ama-IP aqanjiwe noma avela kumanethiwekhi angasese.

Uma sikhubaza isikhombimsebenzisi se-WAN en34 usebenzisa umyalo ifdown en34, I-Dnsmasq ngeke ikwazi ukubuza amaseva we-DNS angaphandle.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ umphathi -t mx toujague.org
I-Host toujague.org ayitholakali: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ umphathi pizzapie.favt.org
I-pizzapie.favt.org ayitholakali: 3 (NXDOMAIN)

Masivumele isikhombimsebenzisi se-ens34 bese sihlola futhi:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ umphathi pizzapie.favt.org
pizzapie.favt.org kuyinto alias for paisano.favt.org. I-paisano.favt.org inekheli elithi 172.16.10.4

[buzz @ linuxbox ~] $ umphathi pizzapie.toujague.org
Ama-pizzas.toujague.org awatholakali: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ umphathi poblacion.toujague.org
poblacion.toujague.org inekheli 169.18.10.18

[buzz @ linuxbox ~] $ umphathi -t NS favt.org
favt.org igama leseva ns1.favt.org. ifavt.org igama leseva ns2.favt.org.

[buzz @ linuxbox ~] $ umphathi -t NS toujague.org
toujague.org igama leseva ns1.toujague.org. toujague.org igama leseva ns2.toujague.org.

[buzz @ linuxbox ~] $ umphathi -t MX toujague.org
Iposi ye-toujague.org iphathwa nge-10 mail.toujague.org.

Ake sibonisane kusuka ku- sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
sesha kusuka linux.fan nameserver 192.168.10.5

xeon @ sysadmin: ~ $ bamba mail.toujague.org
mail.toujague.org inekheli 169.18.10.19

IDnsmasq isebenza njenge Phambili kahle.

Squid

Encwadini ngefomethi ye-PDF «Ukucushwa Kwamaseva we-Linux»Yabhalwa ngoJulayi 25, 2016, nguMlobi UJoel Barrios Dueñas (darkshram@gmail.com - http://www.alcancelibre.org/), umbhalo engikhulume ngawo kuma-athikili adlule, kunesahluko esiphelele esinikezwe i- Izinketho Zokumiswa Okuyisisekelo Kwe-squid.

Ngenxa yokubaluleka kwensiza yeWebhu - iProxy, senza kabusha iSingeniso ngeSquid encwadini eshiwo ngenhla:

105.1. Isingeniso.

105.1.1. Iyini i-Intermediary Server (Proxy)?

Leli gama ngesiNgisi "Ummeleli" inencazelo ejwayelekile kakhulu futhi ngasikhathi sinye edidayo, noma kunjalo
njalo kubhekwa njengokufana komqondo we "Umxhumanisi". Imvamisa ihunyushwa, ngomqondo oqinile, njenge isithunywa o amandla (lowo onamandla phezu komunye).

Un Umxhumanisi Weseva Ichazwa njengekhompyutha noma idivaysi enikezela ngensizakalo yenethiwekhi equkethe ukuvumela amaklayenti ukuthi enze ukuxhumana okungaqondile kwenethiwekhi kwamanye amasevisi wenethiwekhi. Ngesikhathi kwenziwa lokhu okulandelayo:

  • Iklayenti lixhuma kufayela le- Iseva yommeleli.
  • Iklayenti licela ukuxhumeka, ifayela, noma enye insiza etholakala kwiseva ehlukile.
  • I-Server intermediary inikeza insizakusebenza ngokuxhuma kwiseva ecacisiwe
    noma ukuyinikeza kusuka kunqolobane.
  • Kwezinye izimo i Umxhumanisi Weseva ingaguqula isicelo seklayenti noma i-
    Impendulo yeseva ngezinhloso ezahlukahlukene.

I-Los Ama-proxy Servers ngokuvamile zenziwa zisebenze ngasikhathi sinye njengodonga lomlilo olusebenza kufayela le- Izinga lenethiwekhi, esebenza njengesihlungi sephakethe, njengakwisimo se- iptables noma kusebenza kufayela le- Izinga Lokufaka Isicelo, ukulawula amasevisi ahlukahlukene, njengoba kwenzeka Isisongeli se-TCP. Ngokuya ngomongo, udonga lomlilo luyaziwa nangokuthi I-BPD o BOda Pukujikeleza Device noma nje isihlungi sephakethe.

Isicelo esivamile se- Ama-proxy Servers ukusebenza njengenqolobane yokuqukethwe kwenethiwekhi (ikakhulukazi i-HTTP), inikezela ngokuseduze kwamakhasimende isilondolozi samakhasi namafayela atholakala ngenethiwekhi kumaseva we-HTTP akude, avumela amaklayenti enethiwekhi yendawo ukuthi awafinyelele ku iyashesha futhi inokwethenjelwa.

Lapho kutholwa isicelo semithombo ethile yeNethiwekhi kufayela le- I-URL (Ui-niform Rinsiza Locator) the Umxhumanisi Weseva funa umphumela we I-URL ngaphakathi kwesilondolozi. Uma kutholakala, i- Umxhumanisi Weseva Iphendula ikhasimende ngokunikezela ngokushesha okuqukethwe okuceliwe. Uma okuqukethwe okuceliwe kungekho kunqolobane, i- Umxhumanisi Weseva izoyilanda kusuka kuseva ekude, iyise kwiklayenti eliyicelile futhi igcine ikhophi kunqolobane. Okuqukethwe okulondoloziwe kususwa nge-algorithm yokuphelelwa isikhathi ngokuya ngeminyaka, usayizi nomlando we izimpendulo zezicelo (hits) (izibonelo: I-LRU, LFUDA y I-GDSF).

Ama-Proxy Servers wokuqukethwe kwenethiwekhi (ama-Web Proxies) nawo angasebenza njengezihlungi zokuqukethwe okuhlinzekiwe, asebenzise izinqubomgomo zokucwaninga ngokwezinqubo zokuphikisana..

Uhlobo lwe-squid esizolifaka yi- 3.5.20-2.el7_3.2 kusuka endaweni yokugcina izinto izibuyekezo.

Ukufakwa

[root @ linuxbox ~] # yum ukufaka squid

[izimpande @ linuxbox ~] # ls / njll / squid /
ikhasi lephutha le-cachemgr.conf.css.default  ingwane.conf
cachemgr.conf.default mime.conf              squid.conf.okuzenzakalelayo
iphutha.css mime.conf.default

[root @ linuxbox ~] # systemctl vumela i-squid

Kubalulekile

  • Inhloso enkulu yale ndatshana ukugunyaza abasebenzisi bendawo ukuthi baxhumane ne-squid kusuka kwamanye amakhompyutha axhunywe kwi-LAN. Ngaphezu kwalokho, sebenzisa umnyombo wesiphakeli lapho ezinye izinsizakalo zizongezwa khona. Akuyona i-athikili enikezelwe ku-squid kanjalo.
  • Ukuze uthole umbono wezinketho zokumiswa kwe-squid, funda i- / usr/share/doc/squid-3.5.20/squid.conf.documented file, enemigqa engu-7915.

I-SELinux ne-squid

[impande @ linuxbox ~] # i-getsebool -a | i-grep squid
squid_connect_any -> ku-squid_use_tproxy -> kuvaliwe

[root @ linuxbox ~] # setsebool -P squid_connect_any = ivuliwe

Isethaphu

[izimpande @ linuxbox ~] # nano /etc/squid/squid.conf
# LAN acl localnet src 192.168.10.0/24 acl SSL_ports port 443 21
i-acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # amarekhodi angabhalisiwe acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Siyayiphika imibuzo yamachweba angavikelekile Imenenja yesilondolozi kuphela kusuka ku-localhost http_access vumela umphathi we-localhost http_access ukuphika umphathi # Sincoma ngokuqinile okulandelayo ukuthi kungavunyelwa ukuvikela izinhlelo ze-web ezingenacala ezisebenza kuseva elibamba abacabanga ukuthi ukuphela # okungafinyelela izinsiza ku- "localhost" kungumbonisi wendawo umsebenzisi http_access wenqabe ku_localhost # # FAKA IMITHETHO YAKHO (S) LAPHA UKUZE UVUMELE UKUFINYELELEKA KWAMAKHASIMENDE AKHO # ukugunyazwa kwePAM
Uhlelo oluyisisekelo lwe-auth_param / usr / lib64 / squid / basic_pam_auth
auth_param basic children 5 auth_param basic realm from linux.fan auth_param basic credentialsttl 2 hours auth_param basic censensitive off # Acl authentication is required to access Squid Enthusiasts proxy_auth REQUIRED # We allow access to authenticated users # through PAM http_access deni! Enthusiasts # Access to FTP sites i-acl ftp proto FTP http_access ivumela i-ftp http_access ivumele i-localnet http_access ivumele i-localhost # Siphika noma yikuphi okunye ukufinyelela kummeleli http_access ukuphika konke # squid ngokujwayelekile kulalela echwebeni 3128 http_port 3128 # Sishiya "ama-coredumps" ku-directory yokuqala ye-cache coredump_dir / var / spool / squid # # Faka noma yikuphi okufakile kwakho_ukuvuselela okufakiwe ngaphezulu kwalokhu. # refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache memory memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 maximum_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgr buzz@desdelindux_fanux

Sihlola i-syntax yefayela /etc/squid/squid.conf

[impande @ linuxbox ~] # squid -k parse
2017/04/16 15: 45: 10 | Ukuqalisa: Iqalisa amaSu Sokuqinisekisa ...
 2017/04/16 15: 45: 10 | Ukuqalisa: Isikimu sokuQinisekiswa sokuQala 'okuyisisekelo' 2017/04/16 15: 45: 10 | Ukuqalisa: Isikimu sokuQinisekiswa sokuQala 'digest' 2017/04/16 15: 45: 10 | Ukuqalisa: Isikimu sokuQinisekiswa sokuQala 'sokuxoxisana' 2017/04/16 15: 45: 10 | Ukuqalisa: Isikimu Sokuqinisekisa Esisunguliwe 'ntlm' 2017/04/16 15: 45: 10 | Ukuqalisa: Ukuqinisekisa okuqalisiwe.
 2017/04/16 15: 45: 10 | Icubungula Ifayela Lokumisa: /etc/squid/squid.conf (ukujula 0) 2017/04/16 15: 45: 10 | Ukucubungula: i-acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | Ukucubungula: i-acl SSL_ports port 443 21 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 80 # http 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 21 # ftp 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 443 # https 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 70 # gopher 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 210 # wais 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 1025-65535 # amachweba angabhalisiwe 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 280 # http-mgmt 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 488 # gss-http 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 591 # filemaker 2017/04/16 15: 45: 10 | Ukucubungula: i-acl Safe_ports port 777 # multiling http 2017/04/16 15: 45: 10 | Ukucubungula: indlela ye-acl CONNECT CONNECT 2017/04/16 15: 45: 10 | Ukucubungula: http_access deni! Safe_ports 2017/04/16 15: 45: 10 | Ukucubungula: http_access ukuphika XHUMANA! Ukucubungula: http_access vumela umphathi we-localhost 2017/04/16 15: 45: 10 | Ukucubungula: http_access deni manager 2017/04/16 15: 45: 10 | Ukucubungula: http_access deni to_localhost 2017/04/16 15: 45: 10 | Ukucubungula: auth_param basic program / usr / lib2017 / squid / basic_pam_auth 04/16/15 45: 10: 64 | Ukucubungula: auth_param izingane eziyisisekelo 2017 04/16/15 45: 10: 5 | Ukucubungula: auth_param indawo eyisisekelo evela ku-linux.fan 2017/04/16 15: 45: 10 | Ukucubungula: i-auth_param basic credentialsttl 2017 amahora 04/16/15 45: 10: 2 | Ukucubungula: auth_param basic censitive off 2017/04/16 15: 45: 10 | Ukucubungula: Abathanda i-acl proxy_auth KWADINGEKA 2017/04/16 15: 45: 10 | Ukucubungula: http_access deni! Abathandekayo 2017/04/16 15: 45: 10 | Ukucubungula: i-acl ftp proto FTP 2017/04/16 15: 45: 10 | Ukucubungula: http_access vumela i-ftp 2017/04/16 15: 45: 10 | Ukucubungula: http_access kuvumela i-localnet 2017/04/16 15: 45: 10 | Ukucubungula: http_access vumela i-localhost 2017/04/16 15: 45: 10 | Ukucubungula: http_access ukuphika konke okungu-2017/04/16 15: 45: 10 | Ukucubungula: http_port 2017 04/16/15 45: 10: 3128 | Ukucubungula: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | Ukucubungula: refresh_pattern ^ ftp: 2017 04% 16 15/45/10 1440: 20: 10080 | Iyacubungula: i-refresh_pattern ^ gopher: 2017 04% 16 15/45/10 1440: 0: 1440 | Ukucubungula: refresh_pattern -i (/ cgi-bin / | \?) 2017 04% 16 15/45/10 0: 0: 0 | Ukucubungula: refresh_pattern. 

Silungisa izimvume ku- / usr / lib64 / squid / basic_pam_auth

[impande @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

Sakha umkhombandlela wenqolobane

# Uma kungenzeka ... [root @ linuxbox ~] # service squid stop
Iqondisa kabusha ku- / bin / systemctl stop squid.service

[impande @ linuxbox ~] # squid -z
[impande @ linuxbox ~] # 2017/04/16 15:48:28 kid1 | Setha Uhla lwemibhalo yamanje ku / var / spool / squid 2017/04/16 15:48:28 kid1 | Ukwakha izinkomba zokushintshana ezingekhoyo 2017/04/16 15:48:28 kid1 | / var / spool / squid ikhona 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0F

Ngalesi sikhathi, uma kuthatha isikhashana ukubuyisa i-oda Prompt - elingakaze libuyiselwe kimi - cindezela u-Enter.

[root @ linuxbox ~] # service squid start
[root @ linuxbox ~] # service squid restart
[root @ linuxbox ~] # isimo se-squid yesevisi
Iqondisa kabusha ku- / bin / systemctl status squid.service ● squid.service - Proxy caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset preset: disabled) Iyasebenza: iyasebenza (isebenza) kusukela ku-dom 2017-04-16 15:57:27 EDT; Inqubo engu-1 edlule: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Inqubo: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (code = kuphumile, isimo = 0 / IMPUMELELO) Inqubo: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (ikhodi = iphumile, isimo = 0 / IMPUMELELO) I-PID enkulu: 2876 (squid) CGroup: /system.slice/squid isevisi └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Iqala ummeleli wokulondolozwa kwesikhashana se-Squid ... Apr 16 15:57:27 linuxbox systemd [1]: Ummeleli wokulondolozwa kwesikhashana we-Squid. Eph 16 15:57:27 linuxbox squid [2876]: Umzali we-squid: uzoqala izingane ezi-1 Apr 16 15:57:27 linuxbox squid [2876]: Umzali weSquid: (squid-1) inqubo 2878 ... ed Apr 16 15 : 57: 27 linuxbox squid [2876]: Umzali weSquid: (squid-1) inqubo 2878 ... 1 Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele

[root @ linuxbox ~] # ikati / var / log / imiyalezo | i-grep squid

Ukulungiswa kwe-Firewall

Kumele futhi sivule kuZoni «zangaphandle"amachweba 80HTTP y 443 I-HTTPS ngakho-ke iSquid sikwazi ukuxhumana ne-Intanethi.

[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 80 / tcp --permanent
impumelelo
[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 443 / tcp --permanent
impumelelo
[root @ linuxbox ~] # firewall-cmd - phinda ulayishe
impumelelo
[root @ linuxbox ~] # firewall-cmd --info-zone yangaphandle
ukubhekelwa kwangaphandle (okusebenzayo): okuzenzakalelayo icmp-block-inversion: akukho zinhlaka: imithombo ye-ens34: izinsizakalo: amachweba we-dns: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  ama-protocols: masquerade: yebo phambili-amachweba: ama-sourceports: ama-icmp-block: ipharamitha-inkinga eqondisa kabusha umzila-wokukhangisa umzila-wokucela umthombo wokuqeda imithetho ecebile:
  • Akukhona ukungenzi lutho ukuya kuhlelo lokusebenza lwezithombe «Izilungiselelo ze-Firewall»Futhi uhlole ukuthi amachweba 443 tcp, 80 tcp, 53 tcp, no-53 udp avulekele indawo«zangaphandle«, Nokuthi asikaze simshicilele noma iyiphi insizakalo.

Qaphela ohlelweni oluyisisekelo_pam_auth lomsizi

Uma sibheka imanuwali yalolu hlelo ngokusebenzisa indoda eyisisekelo_pam_auth Sizofunda ukuthi umbhali uqobo wenza isincomo esinamandla sokuthi uhlelo ludluliselwe enkombeni lapho abasebenzisi abajwayelekile bengenazo izimvume ezanele zokuthola ithuluzi.

Ngakolunye uhlangothi, kuyaziwa ukuthi ngalolu hlelo lokugunyazwa, iziqinisekiso zihamba ngombhalo osobala futhi akuphephile ezindaweni ezinobutha, funda amanethiwekhi avulekile.

UJeff Yestrumskas nikezela i-athikili «Ukwenzanjani: Ukusetha ummeleli wewebhu ophephile usebenzisa ukubethela kwe-SSL, ummeleli we-Squid Caching kanye ne-PAM»Endabeni yokwanda kwezokuphepha ngalolu hlelo lokuqinisekisa ukuze lusetshenziswe kumanethiwekhi avulekile angaba nobutha.

Sifaka i-httpd

Njengendlela yokubheka ukusebenza kwe-squid - futhi ngeshwa kweDnsmasq- sizofaka insiza httpd -Apache web server- okungaphoqelekile ukukwenza. Kufayela elihlobene ne-Dnsmasq / njll / banner_add_hosts Simemezela amasayithi esifuna ukuvinjelwa kuwo, futhi sibeka ngokusobala ikheli elifanayo le-IP elinalo ibhokisi le-linux. Ngakho-ke, uma sicela ukufinyelela kunoma iyiphi yalezi zingosi, ikhasi lasekhaya le- httpd.

[impande @ linuxbox ~] # yum ukufaka i-httpd [impande @ linuxbox ~] # systemctl vumela i-httpd
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root @ linuxbox ~] # systemctl qala i-httpd

[impande @ linuxbox ~] # systemctl isimo httpd
● httpd.service - Iseva ye-Apache HTTP ilayishiwe: ilayishiwe (/usr/lib/systemd/system/httpd.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngeLanga 2017-04-16 16:41: I-35 EDT; 5s ago Docs: man: httpd (8) man: apachectl (8) Main PID: 2275 (httpd) Isimo: "Icubungula izicelo ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND / usr / sbin / httpd -DFOREGROUND Apr 2280 16:16:41 linuxbox systemd [35]: Iqala i-Apache HTTP Server ... Apr 1 16:16:41 linuxbox systemd [35]: Iqale i-Apache HTTP Server.

I-SELinux ne-Apache

I-Apache inezinqubomgomo eziningana okufanele zilungiselelwe ngaphakathi komongo we-SELinux.

[impande @ linuxbox ~] # i-getsebool -a | grep httpd
httpd_anon_write -> off httpd_builtin_scripting -> ku-httpd_can_check_spam -> kuvaliwe httpd_can_connect_ftp -> off httpd_can_connect_ldap -> off httpd_can_connect_mythtv -> off httpd_can_connect off_zabbix -> off httpb_bop_braf_con httpd_can_network_memcache -> off httpd_can_network_relay -> off httpd_can_sendmail -> off httpd_dbus_avahi -> off httpd_dbus_sssd -> off httpd_dontaudit_search_dirs -> off httpd_enable_cgi -> httpd_enable_offmirs -> httpd_enable_enable offpd_server_offmirs -> httpd_enablem offpd_server_enable_cgi -> offhpd_enablem off httpd_graceful_shutdown -> on httpd_manage_ipa -> off httpd_mod_auth_ntlm_winbind -> off httpd_mod_auth_pam -> off httpd_read_user_content -> off httpd_run_ipa -> off httpd_run_preupgrade -> off httpdrrrizeshi offdrrrsshi httpd_ssi_exec -> kuvaliwe httpd_sys_script_anon_write -> kucishiwe httpd_tmp_exec -> kuvaliwe httpd_tty_comm - > off httpd_unified -> off httpd_use_cifs -> off httpd_use_fusefs -> off httpd_use_gpg -> off httpd_use_nfs -> off httpd_use_openstack -> off httpd_use_sasl -> off httpd_verify_dns -> off

Sizomisa okulandelayo kuphela:

Thumela i-imeyili nge-Apache

impande @ linuxbox ~] # setsebool -P httpd_can_sendmail 1

Vumela i-Apache ukuthi ifunde okuqukethwe okutholakala kwizikhombisi zasekhaya zabasebenzisi bendawo

impande @ linuxbox ~] # setsebool -P httpd_read_user_content 1

Vumela ukuphatha nge-FTP noma nge-FTPS noma yimuphi umkhombandlela ophethwe yi-
I-Apache noma vumela i-Apache ukuthi isebenze njengeseva ye-FTP elalela izicelo ngetheku le-FTP

[izimpande @ linuxbox ~] # setsebool -P httpd_enable_ftp_server 1

Ngeminye imininingwane, sicela ufunde Ukucushwa Kwamaseva we-Linux.

Sihlola Ukufakazela ubuqiniso

Kuhlala kuphela ukuvula isiphequluli endaweni yokusebenza nendawo, ngokwesibonelo, ku- http://windowsupdate.com. Sizobheka ukuthi isicelo siqondiswe kabusha kahle ekhasini lasekhaya le-Apache ku-linuxbox. Eqinisweni, noma yiliphi igama lesayithi elimenyezelwe kufayela / njll / banner_add_hosts uzoqondiswa kabusha ekhasini elifanayo.

Izithombe ezisekugcineni kwendatshana ziyakufakazela lokho.

Ukuphathwa kwabasebenzisi

Sikwenza sisebenzisa ithuluzi lokuqhafaza «Ukuphathwa komsebenzisi»Esikuthola ngemenyu Isistimu -> Ukuphatha -> Ukuphathwa komsebenzisi. Njalo lapho sifaka umsebenzisi omusha, ifolda yayo iyakhiwa / ikhaya / umsebenzisi ngokuzenzakalelayo.

 

Izipele

Amaklayenti we-Linux

Udinga kuphela isiphequluli sefayela elijwayelekile futhi ukhombise ukuthi ufuna ukuxhumana, ngokwesibonelo: ssh: // buzz @ linuxbox / home / buzz futhi ngemuva kokufaka iphasiwedi, umkhombandlela uzokhonjiswa ikhaya yomsebenzisi buzz.

Amaklayenti eWindows

Kumaklayenti eWindows, sisebenzisa ithuluzi WinSCP. Uma sekufakiwe, siyisebenzisa ngale ndlela elandelayo:

 

 

Kulula, akunjalo?

Isifingqo

Sibonile ukuthi kungenzeka ukusebenzisa i-PAM ukuqinisekisa izinsizakalo kwinethiwekhi encane futhi endaweni elawulwayo ehlukaniswe ngokuphelele nezandla ze kubaduni. Lokhu kungenxa yokuthi iziqinisekiso zokuqinisekisa zihamba ngombhalo osobala ngakho-ke akusilo uhlelo lokuqinisekisa okufanele lusetshenziswe kumanethiwekhi avulekile anjengezikhumulo zezindiza, amanethiwekhi we-Wi-Fi, njll. Noma kunjalo, kuyindlela elula yokugunyazwa, okulula ukuyisebenzisa nokuyilungiselela.

Imithombo exoxiwe

Inguqulo ye-PDF

Landa inguqulo ye-PDF lapha.

Kuze kube yindatshana elandelayo!


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-9, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-NauTiluS kusho

    Ukuthunyelwa okukhulu kuphulukisiwe uMnu Fico. Siyabonga ngokwabelana ngolwazi lwakho.

  2.   isibankwa kusho

    Ngiyazi ukuthi kunzima kanjani ukuhlanganisa i-athikili enezinga elinjalo lemininingwane, enezivivinyo ezicace bha futhi ngaphezu kwakho konke enemiqondo namasu aqondaniswe namazinga. Ngivele ngikhumule isigqoko sami kuleli tshe eliyigugu leminikelo, ngiyabonga kakhulu uFico ngomsebenzi omuhle kangaka.

    Angikaze ngihlanganise i-squid ne-pam authentication kodwa ngiya ngangokunokwenzeka ukwenza lo mkhuba elabhorethri yami ... Goal Goal bese siyaqhubeka !!

  3.   frederico kusho

    NaTiluS: Ngiyabonga kakhulu ngokuphawula kwakho nokuhlola kwakho.
    Lizard: Nawe, ngiyabonga kakhulu ngokuphawula kwakho nokuhlola kwakho.

    Isikhathi nokuzikhandla okunikelwe ekwenzeni izindatshana ezinjengalezi kuvuzwa kuphela ngokufunda namazwana avela kulabo abavakashela umphakathi waseLivingLinux. Ngiyethemba ilusizo kuwe emsebenzini wakho wansuku zonke.
    Siyaqhubeka!

  4.   engaziwa kusho

    Umnikelo omangalisayo wesakhamuzi !!!! Ngifunde i-athikili ngayinye yakho futhi ngingasho ukuthi nomuntu ongenalo ulwazi oluthuthukile lweSoftware yamahhala (njengami) angalandela le ndatshana enhle igxathu negxathu. Halala !!!!

  5.   IWO kusho

    Ngiyabonga uFico ngalesi sihloko esihle; Njengokungathi lokho bekunganele ngakho konke okuthunyelwe osekuvele kushicilelwe, kulokhu sinesevisi engazange ihlanganiswe ngaphambili yiPYMES Series futhi ebaluleke kakhulu: i- "SQUID" noma i-Proxy ye-LAN. Akukho lutho olwenzelwe thina mndeni walabo abacabanga ukuthi singama- "sysadmins" lapha olunezinye izinto ezinhle zokufunda nokujulisa ulwazi lwethu.

  6.   frederico kusho

    Ngiyabonga nonke ngemibono yenu. I-athikili elandelayo izobhekana nesiphakeli sokuxoxa ngeProsody ngokuqinisekiswa okuphikisana nobufakazi bendawo (i-PAM) ngeCyrus-SASL, futhi leyo nsizakalo izofakwa kule seva efanayo.

  7.   kenpachiRo17 kusho

    Ngesikhathi esihle sizwe !!!! Umnikelo omkhulu ngisho nakulabo abanjengami abangenalo ulwazi olukhulu nge-Free Software bayathanda ukufunda ngezihloko ezinjengalezi. Bengilokhu ngilandela iminikelo yakho futhi ngithanda ukwazi ukuthi ungangincoma yiphi indatshana ukuthi ngiqale kulolu chungechunge lwama-SME Networks, ngoba bengifunda ngendlela engahlelekile futhi ngicabanga ukuthi inokuqukethwe okuningi okuyigugu okuphuthelwa yimininingwane. Ngaphandle kokunye, imikhonzo futhi kwangathi ulwazi olwabiwe kanye neSoftware luhlala lukhululekile !!

    1.    frederico kusho

      Sanibonani sizwe !!!. Ngincoma ukuthi uqale ekuqaleni, ukuthi yize kungabonakala kuyindlela ende, kuyindlela emfushane kakhulu ukuze ungalahleki. Enkombeni -okungabuyekezwa ngezihloko ezimbili zokugcina- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, sisungule ukuhleleka kokufunda okunconyiwe kochungechunge, okuqala ngokuthi ungayenza kanjani i- my Indawo yokusebenza, iyaqhubeka ngokuthunyelwe okuningana okuhlinzekelwe isihloko Ukwenza izinto ngamehlo, alandele ngemvilophu eminingana Bopha, i-Isc-Dhcp-Server, ne-Dnsmasq, njalonjalo size sifike engxenyeni yokuqalisa insizakalo yenethiwekhi ye-SME, okuyilapho sikhona njengamanje. Ngiyethemba kuyakusiza.

      1.    kenpachiRo17 kusho

        Kuzobe kunjalo !!!! Ngaso leso sikhathi ngiqala ngochungechunge kusukela ekuqaleni futhi ngilangazelela izindatshana ezintsha. Halala !!!!