Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico
Sanibonani bangani nabangane!
Isihloko se-athikili bekufanele sithi: «I-MATE + NTP + Dnsmasq + Gateway Service + i-Apache + Squid ene-PAM Ukugunyazwa ku-Centos 7 - Amanethiwekhi we-SME«. Ngezizathu ezizwakalayo siyayifinyeza.
Siyaqhubeka nokufakazela ubuqiniso kubasebenzisi bendawo kwikhompyutha ye-Linux besebenzisa i-PAM, futhi kulokhu sizobona ukuthi singanikeza kanjani insizakalo yeProxy nge-Squid ngenethiwekhi encane yamakhompyutha, ngokusebenzisa iziqinisekiso zokuqinisekisa ezigcinwe kukhompyutha efanayo lapho iseva iyasebenza Squid.
Yize sazi ukuthi kuyinto ejwayelekile kulezi zinsuku, ukufakazela izinsiza kuqhathaniswa ne-OpenLDAP, iRed Hat's Directory Server 389, Microsoft Active Directory, njll., Sibheka ukuthi kufanele siqale ngokusebenzisa izixazululo ezilula nezishibhile, bese sibhekana nezinkimbinkimbi kakhulu. Sikholwa ukuthi kumele sisuke kokulula siye kokuyinkimbinkimbi.
Isiteji
Kuyinhlangano encane - enezinsizakusebenza ezimbalwa kakhulu zezezimali- ezinikele ekusekeleni ukusetshenziswa kweFree Software futhi ekhethe igama le- DesdeLinux.Umlandeli. Bangabathandi be-OS abahlukahlukene CentOS baqoqelwe ehhovisi elilodwa. Bathenga isiteshi sokusebenzela - hhayi iseva esezingeni elifanele - abazoyinikezela ukuze basebenze "njengeseva."
Abashisekeli abanalo ulwazi olubanzi lokuthi isetshenziswa kanjani iseva ye-OpenLDAP noma iSamba 4 AD-DC, futhi abakwazi ukukhokhela ilayisense iMicrosoft Active Directory. Kodwa-ke, ngomsebenzi wabo wansuku zonke badinga izinsizakalo zokufinyelela kwi-Intanethi nge-Proxy -ukusheshisa ukuphequlula- kanye nesikhala sokugcina imibhalo yabo ebaluleke kakhulu futhi basebenze njengamakhophi wesipele.
Basasebenzisa kakhulu amasistimu wokusebenza atholwe ngokusemthethweni e-Microsoft, kepha bafuna ukuwashintshela ku-Linux-based Operating Systems, ngokuqala nge- "Server" yabo.
Baphinde bafise ukuba ne-mail server yabo ukuze bakwazi ukuzimela - okungenani kusuka kumsuka - wezinsizakalo ezifana ne-Gmail, Yahoo, HotMail, njll, okuyikhona abakusebenzisayo njengamanje.
Imithetho ye-Firewall neRouting phambi kwe-Intanethi izoyisungula ku-ADSL Router enesivumelwano.
Abanalo igama langempela lesizinda njengoba bengadingi ukushicilela noma iyiphi insizakalo kwi-Intanethi.
I-CentOS 7 njengeseva ngaphandle kwe-GUI
Siqala ekufakweni okusha kweseva ngaphandle kwesikhombimsebenzisi sokuqhafaza, futhi okuwukuphela kwento esiyikhethayo ngesikhathi senqubo yile «Ingqalasizinda Server»Njengoba sibonile ezindatshaneni ezedlule ochungechungeni.
Izilungiselelo zokuqala
[root @ linuxbox ~] # ikati / njll / igama lomethuleli
ibhokisi le-linux
[izimpande @ linuxbox ~] # ikati / njll / imikhosi
127.0.0.1 localhost yendawohost.isizinda sendawo4 localhost4.isizinda sendawo4 ::1 ihosti yasendaweni.isizinda sendawohost6 sasekhaya6.isizinda sendawo6 192.168.10.5 linuxbox.desdelinux.balandeli be-linuxbox
[impande @ linuxbox ~] # igama lomethuleli
ibhokisi le-linux
[impande @ linuxbox ~] # igama lomethuleli -f
linuxbox.desdelinux.umlandeli
[izimpande @ linuxbox ~] # ip addr uhlu
[impande @ linuxbox ~] # ifconfig -a
[izimpande @ linuxbox ~] # ls / sys / class / net /
ens32 ens34 bheka
Sikhubaza iMenenja yeNethiwekhi
[root @ linuxbox ~] # systemctl misa i-NetworkManager [root @ linuxbox ~] # systemctl khubaza i-NetworkManager [root @ linuxbox ~] # systemctl isimo NetworkManager ● I-NetworkManager.service - Imenenja yeNethiwekhi ilayishiwe: ilayishiwe (/usr/lib/systemd/system/NetworkManager.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kuvunyelwe) Kuyasebenza: akusebenzi (kufile) Amadokhumenti: indoda: I-NetworkManager (8) [impande @ linuxbox ~] # ifconfig -a
Silungiselela izixhumi zenethiwekhi
Isixhumi esibonakalayo se-Ens32 LAN sixhumeke kunethiwekhi yangaphakathi
[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan DNS1=127.0.0.1
ZONE = umphakathi
[impande @ linuxbox ~] # ifdown ens32 && ifup ens32
I-Ens34 WAN interface exhunywe kwi-Inthanethi
[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens34 DEVICE=ens34 ONBOOT=yebo BOOTPROTO=static HWADDR=00:0c:29:da:a3:e7 NM_CONTROLLED=no IPADDR=172.16.10.10 NETMASK=255.255.255.0 # I-ADSL Router ixhunywe # kulesi sixhumanisi ngokulandelayo # IP GATEWAY=172.16.10.1 DOMAIN=desdelinux.fan DNS1=127.0.0.1 ZONE = ngaphandle [impande @ linuxbox ~] # ifdown ens34 && ifup ens34
Ukulungiswa kwamakhosombe
[impande @ linuxbox ~] # cd /etc/yum.repos.d/ [impande @ linuxbox ~] # mkdir yoqobo [impande @ linuxbox ~] # mv Centos- * okwangempela / [izimpande @ linuxbox ~] # nano centos.repo [Base-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/ gpgcheck=0 enabled=1 [CentosPlus-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/ gpgcheck=0 enabled=1 [Epel-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/ gpgcheck=0 enabled=1 [Updates-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/ gpgcheck=0 enabled=1 [root @ linuxbox yum.repos.d] # yum hlanza konke Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks Ama-repositories wokuhlanza: Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Updates-Repo Ukuhlanza yonke into Ukuhlanza uhlu lwezibuko ezisheshayo
[root @ linuxbox yum.repos.d] # yum isibuyekezo Ama-plugin Alayishiwe: i-fastestmirror, ama-langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 I-Epel-Repo | 4.3 kB 00:00 Abezindaba-Repo | 3.6 kB 00:00 Izibuyekezo-Repo | 3.4 kB 00:00 (1/9): I-Base-Repo / group_gz | 155 kB 00:00 (2/9): I-Epel-Repo / group_gz | I-170 kB 00: 00 (3/9): I-Media-Repo / group_gz | 155 kB 00:00 (4/9): I-Epel-Repo / updateinfo | I-734 kB 00:00 (5/9): I-Media-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Ukubuyekezwa-I-Repo / primary_db | 2.2 MB 00:00 (8/9): I-Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): I-Base-Repo / primary_db | 5.6 MB 00:01 Ukunquma izibuko ezisheshayo Azikho amaphakheji amakwe ukuvuselelwa
Umlayezo "Awekho amaphakheji amakwe ukuze abuyekezwe»Kuyakhonjiswa ngoba ngesikhathi sokufakwa simemezele amakhosombe afanayo endawo esinawo.
I-Centos 7 enemvelo yedeskithophu ye-MATE
Ukuze sisebenzise amathuluzi okuphatha amahle kakhulu ane-interface esibonisa ngayo i-CentOS / Red Hat, futhi ngoba sihlala sikhumbula i-GNOME2, sinqume ukufaka i-MATE njengendawo yedeskithophu.
[impande @ linuxbox ~] # yum groupinstall "X Window system" [root @ linuxbox ~] # yum groupinstall "MATE Desktop"
Ukuqinisekisa ukuthi i-MATE ilayisha kahle, senza umyalo olandelayo ku-console -local or remote-:
[root @ linuxbox ~] # systemctl behlukanisa graphical.target
futhi imvelo yedeskithophu kufanele ilayishwe -eqenjini lendawo- ngokushelela, ikhombisa I-albhamu kuphela njengokungena ngemvume kokuqhafaza. Sibhala igama lomsebenzisi wasendaweni ne-password yalo, bese sizongena ku-MATE.
Ukutshela i- i-systemd ukuthi ileveli yokuqalisa ezenzakalelayo imvelo eyi-5- sakha isixhumanisi esingokomfanekiso esilandelayo:
[izimpande @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
Siqala kabusha uhlelo futhi konke kusebenza kahle.
Sifaka i-Time Service for Networks
[impande @ linuxbox ~] # yum ukufaka ntp
Ngesikhathi sokufakwa silungiselela ukuthi iwashi lendawo lizovumelaniswa neseva yesikhathi semishini sysadmin.desdelinux.umlandeli nge-IP 192.168.10.1. Ngakho-ke, sigcina ifayili ntp.conf okwangempela ngu:
[izimpande @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original
Manje, sakha okusha ngokuqukethwe okulandelayo:
[root @ linuxbox ~] # nano /etc/ntp.conf # Amaseva amisiwe ngesikhathi sokufakwa: iseva 192.168.10.1 iburst # Ngeminye imininingwane, bona amakhasi womuntu we: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). i-driftfile / var / lib / ntp / drift # Vumela ukuvumelanisa nomthombo wesikhathi, kepha hhayi # vumela umthombo ukuthi ubonisane noma uguqule le sevisi ikhawulele okuzenzakalelayo khetha i-notrap nopeer noquery # Vumela konke ukufinyelela kusixhumi esibonakalayo Loopback limited 127.0.0.1 limited :: 1 # Khawulela kancane kumakhompyutha kunethiwekhi yendawo. vimbela 192.168.10.0 mask 255.255.255.0 khetha i-notrap # Sebenzisa amaseva womphakathi we-pool.ntp.org # Uma ufuna ukujoyina iphrojekthi vakashela # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # ukusakaza server serverclient # ukusakaza iklayenti #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycasterver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey many # 192.168.10.255 # Nika amandla i-cryptography yomphakathi. #crypto includesefile / etc / ntp / crypto / pw # Ifayela elingukhiye eliqukethe okhiye nokokuhlonza ukhiye # lisetshenziswe lapho kusebenza ngokhiye wokulinganisa wokhiye we-symmetric / etc / ntp / keys # Cacisa okokuhlonza okhiye abathenjiwe. #trustedkey 4 8 42 # Cacisa okokuhlonza ukhiye ongakusebenzisa ne-utpdc utility. #requestkey 8 # Cacisa okokuhlonza ukhiye ongakusebenzisa ne-utpq utility. #controlkey 8 # Vumela ukubhala kwamarejista ezibalo. #statistics clockstats cryptostats loopstats peerstats # Khubaza ukuqapha kwe-secession ukuvimbela ukukhuliswa kokuhlaselwa okungu- # usebenzisa umyalo wohlu lwezinhlu ze-ntpdc, lapho ukucindezelwa okuzenzakalelayo # kungafaki ifulegi le-noquery. Funda i-CVE-2013-5211 # ukuthola eminye imininingwane. # Qaphela: I-Monitor ayikhutshaziwe nefulegi lomkhawulo onqunyelwe. khubaza ukuqapha
Sivumela, siqale futhi sihlole insiza ye-NTP
[impande @ linuxbox ~] # systemctl isimo ntpd
● ntpd.service - Isevisi Yesikhathi SeNethiwekhi Ilayishiwe: ilayishiwe (/usr/lib/systemd/system/ntpd.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)
[root @ linuxbox ~] # systemctl vumela i-ntpd
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root @ linuxbox ~] # systemctl qala ntpd
[impande @ linuxbox ~] # systemctl isimo ntpd
[impande @ linuxbox ~] # systemctl isimo ntpd
● ntpd.service - Isevisi Yesikhathi Senethiwekhi
Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/ntpd.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoLwesihlanu 2017-04-14 15:51:08 EDT 1s edlule Inqubo: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (code = exited, status = 0 / SUCCESS) Main PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g
Ntp kanye Firewall
[root @ linuxbox ~] # firewall-cmd - izindawo ezisebenzayo zangaphandle izindlela: ens34 umphakathi izindlela: ens32 [root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 123 / udp - unomphela impumelelo [root @ linuxbox ~] # firewall-cmd - phinda ulayishe impumelelo
Senza sikwazi futhi silungiselele i-Dnsmasq
Njengoba sibonile esihlokweni esandulele ochungechungeni lwe-Small Business Networks, iDnsamasq ifakwa ngokuzenzakalela ku-CentOS 7 Infrastructure Server.
[impande @ linuxbox ~] # systemctl isimo dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kukhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile) [root @ linuxbox ~] # systemctl vumela i-dnsmasq Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service. [root @ linuxbox ~] # systemctl qala dnsmasq [impande @ linuxbox ~] # systemctl isimo dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Fri 2017-04-14 16:21:18 EDT; 4s ago Main PID: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k [impande @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original [izimpande @ linuxbox ~] # nano /etc/dnsmasq.conf # ------------------------------------------------ ------------------ # IZINKETHO EZIJWAYELEKILE # ----------------------------- ------------------------------------kudingeka isizinda # Ungadlulisi amagama ngaphandle kwesizinda ingxenye bogus-priv # Ungadlulisi amakheli esikhaleni esingathuthwanga sandisa-abasingathi # Yengeza ngokuzenzakalelayo isizinda kusixhumi esibonakalayo somsingathi=ens32 # Isixhumi esibonakalayo se-LAN esine-oda eliqinile # Ukuhleleka lapho ifayela /etc/resolv.conf libuzwa khona conf- dir=/etc/dnsmasq.d domain=desdelinux.fan # Igama lesizinda ikheli=/time.windows.com/192.168.10.5 # Ithumela inketho engenalutho yenani le-WPAD. Kudingeka # Windows 7 futhi amaklayenti akamuva ukuze aziphathe kahle. ;-) dhcp-option=252,"\n" # Ifayela lapho sizomemezela khona AMA-HOSTS "azovinjelwa" addn-hosts=/etc/banner_add_hosts local=/desdelinux.umlandeli/ # -------------------------------------------- --------------------- # RECORDSCNAMEMXTXT # --------------------------- --------------------------------------- # Lolu hlobo lwerekhodi ludinga okufakiwe # kufayela /etc/hosts # ex: 192.168.10.5 linuxbox.desdelinux.i-linuxbox yabalandeli # cname=ALIAS,REAL_NAME cname=mail.desdelinux.fan,linuxbox.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi le-MX elinegama "desdelinux.fan" imiselwe # ethimbeni lemeyili.desdelinux.umlandeli nokubalulekile kwe-10 mx-host=desdelinux.umlandeli,imeyili.desdelinux.fan,10 # Indawo okuyiwa kuyo ezenzakalelayo yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi le-MX elikhomba ku-mx-thagethi YAWO YONKE # imishini yendawomx # TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, Ibhulogi yakho inikezelwe Kuhlelo Lwesofthiwe Yamahhala" # ---------------------------------------- -------------------------- # IZINKETHO EZINGABANZI # ---------------------- ------------------------------------------- # IPv4 ububanzi nesikhathi sokuqashisa # 1 kuya ku-29 oweziseva nezinye izidingo dhcp-range=192.168.10.30,192.168.10.250,8h dhcp-lease-max=222 # Inombolo enkulu yamakheli azoqashiswa # ngokuzenzakalelayo ayi-150 # IPV6 Range # dhcp-range=1234::, ra-only # Izinketho zoBANGA # IZINKETHO dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,192.168.10.5 # ROUTER GATEWAY dhcp.6,192.168.10.5 Dhcp-15. =XNUMX,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # inketho ye-ip-forwarding KU-dhcp-option=28,192.168.10.255 # BROADCAST dhcp-option=42,192.168.10.5 # NTP dhcp-autho-DHcp-autho -DHcp-dhautho ye-NTP --------------------------------------------------- ----------- # Uma ufuna ukugcina umbuzo ungene ku-/var/log/messages # susa umugqa ongezansi # ---------- ------- ------------------------------------------ ------- Imibuzo engu- # log # UKUPHELA kwefayela /etc/dnsmasq.conf # --------------------------------------- ----------------------------
Sakha ifayela / njll / banner_add_hosts
[izimpande @ linuxbox ~] # nano / njll / banner_add_hosts 192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com
Amakheli we-IP alungisiwe
[izimpande @ linuxbox ~] # nano / etc / hosts 127.0.0.1 localhost yendawohost.isizinda sendawo4 localhost4.isizinda sendawo4 ::1 ihosti yasendaweni.isizinda sendawohost6 sasekhaya6.isizinda sendawo6 192.168.10.5 linuxbox.desdelinux.fan linuxbox 192.168.10.1 sysadmin.desdelinux.fan sysadmin
Silungiselela ifayela /etc/resolv.conf - i-resolver
[izimpande @ linuxbox ~] # nano /etc/resolv.conf search desdelinux.fan nameserver 127.0.0.1 # Ngemibuzo ye-DNS yangaphandle noma engu-# engeyona eyesizinda desdelinux.umlandeli # wendawo=/desdelinux.fan/ nameserver 8.8.8.8
Sihlola i-syntax yefayela dnsmasq.conf, siqala futhi sihlole isimo sesevisi
[root @ linuxbox ~] # dnsmasq - isivivinyo dnsmasq: isheke le-syntax KULUNGILE. [root @ linuxbox ~] # systemctl qala kabusha dnsmasq [impande @ linuxbox ~] # systemctl isimo dnsmasq
I-Dnsmasq ne-Firewall
[root @ linuxbox ~] # firewall-cmd - izindawo ezisebenzayo
zangaphandle
izindlela: ens34
umphakathi
izindlela: ens32
Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela«
[root @ linuxbox ~] # firewall-cmd --zone = umphakathi - i -add-port = 53 / tcp - ehlala njalo impumelelo [root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 53 / udp - unomphela impumelelo
Imibuzo ye-Dnsmasq kumaseva we-DNS angaphandle
[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 53 / tcp --permanent impumelelo [root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 53 / udp - ehlala njalo impumelelo
Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core«
[root @ linuxbox ~] # firewall-cmd --zone = umphakathi - i -add-port = 67 / tcp - ehlala njalo impumelelo [root @ linuxbox ~] # firewall-cmd --zone = umphakathi --add-port = 67 / udp - unomphela impumelelo [root @ linuxbox ~] # firewall-cmd - phinda ulayishe impumelelo [root @ linuxbox ~] # firewall-cmd --info-zone yomphakathi yomphakathi (esebenzayo) target: okuzenzakalelayo icmp-block-inversion: akukho zinhlaka: imithombo ye-ens32: izinsizakalo: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: no forward-port: sourceports: icmp -Imigoqo: imithetho ecebile: [root @ linuxbox ~] # firewall-cmd --info-zone yangaphandle yangaphandle (iyasebenza) target: default icmp-block-inversion: no interfaces: ens34 sources: services: dns ports: 53 / udp 53 / tcp protocols: masquerade: yes forward-port: sourceports: icmp-blocks: parameter-problem redirect router-advertising router- ukucela imithetho yokuqeda imithombo ecebile:
Uma sifuna ukusebenzisa isikhombimsebenzisi sokuqhafaza ukumisa i-Firewall ku-CentOS 7, sibheka kwimenyu ejwayelekile - kuzoncika kwimvelo yedeskithophu lapho kuvela khona imenyu engaphansi - uhlelo lokusebenza «i-Firewall», siyayisebenzisa futhi ngemuva kokufaka iphasiwedi yomsebenzisi izimpande, sizofinyelela kusixhumi esibonakalayo sohlelo kanjalo. Ku-MATE kubonakala kumenyu «Isistimu »->" Ukuphatha "->" I-Firewall ".
Sikhetha iNdawo «umphakathi»Futhi sigunyaza izinsizakalo esifuna ukuthi zishicilelwe ku-LAN, okuyizinto kuze kube manje dhcp, dns, ntp futhi ssh. Ngemuva kokukhetha izinsizakalo, siqinisekisa ukuthi yonke into isebenza kahle, kufanele senze izinguquko ku-Runtime to Permanent. Ukwenza lokhu siya kwimenyu yezinketho bese ukhetha inketho «Isikhathi sokuqalisa unomphela".
Kamuva sikhetha iNdawo «zangaphandle»Futhi sihlola ukuthi amachweba adingekayo ukuxhumana ne-Intanethi avulekile. UNGAYISHicileli Izinsizakalo kule Zone ngaphandle kokuthi sazi kahle esikwenzayo!.
Masingakhohlwa ukwenza ushintsho lube ngunaphakade ngokusebenzisa inketho «Isikhathi sokuqalisa unomphela»Futhi ulayishe kabusha idemoni I-FirewallD, ngaso sonke isikhathi lapho sisebenzisa leli thuluzi elinamandla lezithombe.
I-NTP ne-Dnsmasq kusuka kuklayenti le-Windows 7
Ukuvumelanisa ne-NTP
zangaphandle
Ikheli le-IP eliqashiwe
I-Microsoft Windows [Inguqulo 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: Abasebenzisi buzz> ipconfig / lonke igama leWindows Windows Configuration Host. . . . . . . . . . . . : ISIKHOMBISA
Isijobelelo se-Primary Dns. . . . . . . :
I-NodeType. . . . . . . . . . . . : I-Hybrid IP Routing Inikwe amandla. . . . . . . . : Akekho ummeleli WINS onikwe amandla. . . . . . . . : Alukho uhlu lokusesha lwesijobelelo se-DNS. . . . . . : desdelinuxI-adaptha ye-Ethernet ye-.fan Uxhumano Lwendawo Yasendaweni: Isijobelelo se-DNS esiqondene ngqo . : desdelinux.Incazelo yabalandeli . . . . . . . . . . . : Ikheli lendawo le-Intel(R) PRO/1000 MT Network Connection. . . . . . . . . : 00-0C-29-D6-14-36 DHCP Inikwe amandla. . . . . . . . . . . : Yebo Ukumisa Okuzenzakalelayo Kunikwe amandla . . . . : Izimfoloko
Ikheli le-IPv4. . . . . . . . . . . : 192.168.10.115 (ethandwayo)
I-SubnetMask . . . . . . . . . . . : 255.255.255.0 Ukuqashisa Kutholiwe. . . . . . . . . . : NgoLwesihlanu, Ephreli 14, 2017 5:12:53 PM Ukuqashisa Kuphelelwa Isikhathi . . . . . . . . . . : NgoMgqibelo, Ephreli 15, 2017 1:12:53 AM Isango Elizenzakalelayo . . . . . . . . . : 192.168.10.1 DHCPSIseva. . . . . . . . . . . : 192.168.10.5 DNS Amaseva. . . . . . . . . . . : 192.168.10.5 NetBIOS phezu kwe-Tcpip. . . . . . . . : I-adaptha yomhubhe enikwe amandla Uxhumano Lwendawo Yendawo* 9: Isimo Semidiya . . . . . . . . . . . : Imidiya inqanyuliwe Isijobelelo se-DNS esiqondile . : Incazelo . . . . . . . . . . . : Ikheli Lendawo le-Microsoft Teredo Tunneling Adapter. . . . . . . . . : 00-00-00-00-00-00-00-E0 I-DHCP Inikwe amandla. . . . . . . . . . . : Akukho Ukumisa Okuzenzakalelayo Okuvunyelwe. . . . : Yebo i-adaptha yomhubhe isatap.desdelinux.fan: Media State. . . . . . . . . . . : Imidiya inqanyuliwe Isijobelelo se-DNS esiqondile . : desdelinux.Incazelo yabalandeli . . . . . . . . . . . : I-adaptha ye-Microsoft ISAPA #2 Ikheli Lendawo. . . . . . . . . : 00-00-00-00-00-00-00-E0 I-DHCP Inikwe amandla. . . . . . . . . . . : Akukho Ukumisa Okuzenzakalelayo Okuvunyelwe. . . . : Yebo C:\Abasebenzisi\buzz>
Ithiphu
Inani elibalulekile kumakhasimende e-Windows yi- "Primary Dns Suffix" noma "Main suffix connection". Lapho isilawuli seMicrosoft Domain singasetshenzisiwe, uhlelo olusebenzayo aluniki inani laso. Uma sibhekene necala elifana nalelo elichazwe ekuqaleni kwe-athikili futhi sifuna ukulibeka ngokusobala lelo nani, kufanele siqhubeke ngokuvumelana nalokho okuboniswe esithombeni esilandelayo, samukele ushintsho bese siqala kabusha iklayenti.
Uma sigijima futhi CMD -> ipconfig / konke sizothola okulandelayo:
I-Microsoft Windows [Inguqulo 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: Abasebenzisi buzz> ipconfig / lonke igama leWindows Windows Configuration Host. . . . . . . . . . . . : ISIKHOMBISA
Isijobelelo se-Primary Dns. . . . . . . : desdelinux.umlandeli
I-NodeType. . . . . . . . . . . . : I-Hybrid IP Routing Inikwe amandla. . . . . . . . : Akekho ummeleli WINS onikwe amandla. . . . . . . . : Alukho uhlu lokusesha lwesijobelelo se-DNS. . . . . . : desdelinux.umlandeli
Wonke amanye amanani ahlala engashintshiwe
Ukuhlolwa kwe-DNS
buzz @ sysadmin: ~ $ host spynet.microsoft.com I-spynet.microsoft.com inekheli elithi 127.0.0.1 I-Host spynet.microsoft.com ayitholakali: 5(REFUSED) spynet.microsoft.com imeyili iphathwa ngemeyili engu-1.desdelinux.umlandeli. buzz @ sysadmin: ~ $ host linuxbox linuxbox.desdelinux.fan unekheli 192.168.10.5 linuxbox.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli. buzz @ sysadmin: ~ $ host sysadmin sysadmin.desdelinuxI-.fan inekheli elithi 192.168.10.1 sysadmin.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli. buzz @ sysadmin: ~ $ imeyili yokubamba imeyili.desdelinuxI-.fan isibizo se-linuxbox.desdelinux.umlandeli. linuxbox.desdelinux.fan unekheli 192.168.10.5 linuxbox.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.
Sifaka -ukuhlolwa kuphela- iseva egunyaziwe ye-DNS NSD ku sysadmin.desdelinux.umlandeli, futhi sifaka ikheli le-IP 172.16.10.1 endaweni yokugcina umlando /etc/resolv.conf weqembu linuxbox.desdelinux.umlandeli, Ukuqinisekisa ukuthi iDnsmasq yayiqhuba kahle umsebenzi wayo Wokudlulisela phambili. Ama-sandboxes kuseva ye-NSD yiwo ethanda.org y yomakXNUMX. Onke ama-IP aqanjiwe noma avela kumanethiwekhi angasese.
Uma sikhubaza isikhombimsebenzisi se-WAN en34 usebenzisa umyalo ifdown en34, I-Dnsmasq ngeke ikwazi ukubuza amaseva we-DNS angaphandle.
[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ umphathi -t mx toujague.org I-Host toujague.org ayitholakali: 3 (NXDOMAIN) [buzz @ linuxbox ~] $ umphathi pizzapie.favt.org I-pizzapie.favt.org ayitholakali: 3 (NXDOMAIN)
Masivumele isikhombimsebenzisi se-ens34 bese sihlola futhi:
[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ umphathi pizzapie.favt.org pizzapie.favt.org kuyinto alias for paisano.favt.org. I-paisano.favt.org inekheli elithi 172.16.10.4 [buzz @ linuxbox ~] $ umphathi pizzapie.toujague.org Ama-pizzas.toujague.org awatholakali: 3 (NXDOMAIN) [buzz @ linuxbox ~] $ umphathi poblacion.toujague.org poblacion.toujague.org inekheli 169.18.10.18 [buzz @ linuxbox ~] $ umphathi -t NS favt.org favt.org igama leseva ns1.favt.org. ifavt.org igama leseva ns2.favt.org. [buzz @ linuxbox ~] $ umphathi -t NS toujague.org toujague.org igama leseva ns1.toujague.org. toujague.org igama leseva ns2.toujague.org. [buzz @ linuxbox ~] $ umphathi -t MX toujague.org Iposi ye-toujague.org iphathwa nge-10 mail.toujague.org.
Ake sibonisane kusuka ku- sysadmin.desdelinux.umlandeli:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf search desdelinux.fan nameserver 192.168.10.5 xeon @ sysadmin: ~ $ bamba mail.toujague.org mail.toujague.org inekheli 169.18.10.19
IDnsmasq isebenza njenge Phambili kahle.
Squid
Encwadini ngefomethi ye-PDF «Ukucushwa Kwamaseva we-Linux»Yabhalwa ngoJulayi 25, 2016, nguMlobi UJoel Barrios Dueñas (darkshram@gmail.com - http://www.alcancelibre.org/), umbhalo engikhulume ngawo kuma-athikili adlule, kunesahluko esiphelele esinikezwe i- Izinketho Zokumiswa Okuyisisekelo Kwe-squid.
Ngenxa yokubaluleka kwensiza yeWebhu - iProxy, senza kabusha iSingeniso ngeSquid encwadini eshiwo ngenhla:
105.1. Isingeniso.
105.1.1. Iyini i-Intermediary Server (Proxy)?
Leli gama ngesiNgisi "Ummeleli" inencazelo ejwayelekile kakhulu futhi ngasikhathi sinye edidayo, noma kunjalo
njalo kubhekwa njengokufana komqondo we "Umxhumanisi". Imvamisa ihunyushwa, ngomqondo oqinile, njenge isithunywa o amandla (lowo onamandla phezu komunye).
Un Umxhumanisi Weseva Ichazwa njengekhompyutha noma idivaysi enikezela ngensizakalo yenethiwekhi equkethe ukuvumela amaklayenti ukuthi enze ukuxhumana okungaqondile kwenethiwekhi kwamanye amasevisi wenethiwekhi. Ngesikhathi kwenziwa lokhu okulandelayo:
- Iklayenti lixhuma kufayela le- Iseva yommeleli.
- Iklayenti licela ukuxhumeka, ifayela, noma enye insiza etholakala kwiseva ehlukile.
- I-Server intermediary inikeza insizakusebenza ngokuxhuma kwiseva ecacisiwe
noma ukuyinikeza kusuka kunqolobane. - Kwezinye izimo i Umxhumanisi Weseva ingaguqula isicelo seklayenti noma i-
Impendulo yeseva ngezinhloso ezahlukahlukene.
I-Los Ama-proxy Servers ngokuvamile zenziwa zisebenze ngasikhathi sinye njengodonga lomlilo olusebenza kufayela le- Izinga lenethiwekhi, esebenza njengesihlungi sephakethe, njengakwisimo se- iptables noma kusebenza kufayela le- Izinga Lokufaka Isicelo, ukulawula amasevisi ahlukahlukene, njengoba kwenzeka Isisongeli se-TCP. Ngokuya ngomongo, udonga lomlilo luyaziwa nangokuthi I-BPD o BOda Pukujikeleza Device noma nje isihlungi sephakethe.
Isicelo esivamile se- Ama-proxy Servers ukusebenza njengenqolobane yokuqukethwe kwenethiwekhi (ikakhulukazi i-HTTP), inikezela ngokuseduze kwamakhasimende isilondolozi samakhasi namafayela atholakala ngenethiwekhi kumaseva we-HTTP akude, avumela amaklayenti enethiwekhi yendawo ukuthi awafinyelele ku iyashesha futhi inokwethenjelwa.
Lapho kutholwa isicelo semithombo ethile yeNethiwekhi kufayela le- I-URL (Ui-niform Rinsiza Locator) the Umxhumanisi Weseva funa umphumela we I-URL ngaphakathi kwesilondolozi. Uma kutholakala, i- Umxhumanisi Weseva Iphendula ikhasimende ngokunikezela ngokushesha okuqukethwe okuceliwe. Uma okuqukethwe okuceliwe kungekho kunqolobane, i- Umxhumanisi Weseva izoyilanda kusuka kuseva ekude, iyise kwiklayenti eliyicelile futhi igcine ikhophi kunqolobane. Okuqukethwe okulondoloziwe kususwa nge-algorithm yokuphelelwa isikhathi ngokuya ngeminyaka, usayizi nomlando we izimpendulo zezicelo (hits) (izibonelo: I-LRU, LFUDA y I-GDSF).
Ama-Proxy Servers wokuqukethwe kwenethiwekhi (ama-Web Proxies) nawo angasebenza njengezihlungi zokuqukethwe okuhlinzekiwe, asebenzise izinqubomgomo zokucwaninga ngokwezinqubo zokuphikisana..
Uhlobo lwe-squid esizolifaka yi- 3.5.20-2.el7_3.2 kusuka endaweni yokugcina izinto izibuyekezo.
Ukufakwa
[root @ linuxbox ~] # yum ukufaka squid [izimpande @ linuxbox ~] # ls / njll / squid / ikhasi lephutha le-cachemgr.conf.css.default ingwane.conf cachemgr.conf.default mime.conf squid.conf.okuzenzakalelayo iphutha.css mime.conf.default [root @ linuxbox ~] # systemctl vumela i-squid
Kubalulekile
- Inhloso enkulu yale ndatshana ukugunyaza abasebenzisi bendawo ukuthi baxhumane ne-squid kusuka kwamanye amakhompyutha axhunywe kwi-LAN. Ngaphezu kwalokho, sebenzisa umnyombo wesiphakeli lapho ezinye izinsizakalo zizongezwa khona. Akuyona i-athikili enikezelwe ku-squid kanjalo.
- Ukuze uthole umbono wezinketho zokumiswa kwe-squid, funda i- / usr/share/doc/squid-3.5.20/squid.conf.documented file, enemigqa engu-7915.
I-SELinux ne-squid
[impande @ linuxbox ~] # i-getsebool -a | i-grep squid squid_connect_any -> ku-squid_use_tproxy -> kuvaliwe [root @ linuxbox ~] # setsebool -P squid_connect_any = ivuliwe
Isethaphu
[izimpande @ linuxbox ~] # nano /etc/squid/squid.conf # LAN acl localnet src 192.168.10.0/24 acl SSL_ports port 443 21 i-acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # amarekhodi angabhalisiwe acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Siyayiphika imibuzo yamachweba angavikelekile Imenenja yesilondolozi kuphela kusuka ku-localhost http_access vumela umphathi we-localhost http_access ukuphika umphathi # Sincoma ngokuqinile okulandelayo ukuthi kungavunyelwa ukuvikela izinhlelo ze-web ezingenacala ezisebenza kuseva elibamba abacabanga ukuthi ukuphela # okungafinyelela izinsiza ku- "localhost" kungumbonisi wendawo umsebenzisi http_access wenqabe ku_localhost # # FAKA IMITHETHO YAKHO (S) LAPHA UKUZE UVUMELE UKUFINYELELEKA KWAMAKHASIMENDE AKHO # ukugunyazwa kwePAM Uhlelo oluyisisekelo lwe-auth_param / usr / lib64 / squid / basic_pam_auth auth_param izingane eziyisisekelo 5 i-auth_param basic realm desdelinux.fan auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # Ukufinyelela kwe-squid kudinga ukuqinisekiswa acl Enthusiasts proxy_auth IYADINGEKA # Sivumela ukufinyelela kubasebenzisi abaqinisekisiwe # nge-PAM http_access deny !Abashisekeli # Ukufinyelela kumasayithi e-FTP vumela i-http ftpnet vumela i-http ftp cess yasendaweni ye-FTPac vumela i-localhost # Siyenqaba noma yikuphi okunye ukufinyelela kummeleli we-http_access ukuphika konke # Ingwane ngokuvamile ilalela ethekwini 3128 http_port 3128 # Sishiya "ama-coredumps" kumkhombandlela wokuqala wenqolobane i-coredump_dir /var/spool/squid # # Engeza noma iyiphi i-refresh_pattern yakho okufakiwe ngenhla kwalokhu. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_mem 64 MB # Inqolobane yenkumbulo memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid 4096 16 256 maximum_object_size 4 MB cache_swap85cache_swap_lowdesdelinux.fan # Eminye imingcele ebonakalayo_yegama lomethuleli linuxbox.desdelinux.umlandeli
Sihlola i-syntax yefayela /etc/squid/squid.conf
[impande @ linuxbox ~] # squid -k parse 2017/04/16 15:45:10| Ukuqalisa: Ukuqalisa Izikimu Zokuqinisekisa... 2017/04/16 15:45:10| Ukuqala: I-Initialed Authentication Scheme 'eyisisekelo' 2017/04/16 15:45:10| Ukuqalisa: I-Initialed Authentication Scheme 'digest' 2017/04/16 15:45:10| Ukuqala: Uhlelo Lokuqinisekisa Oluqalisiwe 'luxoxisana' 2017/04/16 15:45:10| Ukuqalisa: I-Initialed Authentication Scheme 'ntlm' 2017/04/16 15:45:10| Ukuqala: Ukuqinisekisa Okuqalisiwe. 2017/04/16 15:45:10| Icubungula Ifayela Lokucushwa: /etc/squid/squid.conf (ukushona 0) 2017/04/16 15:45:10| Iyacubungula: acl localnet src 192.168.10.0/24 2017/04/16 15:45:10| Iyacubungula: acl SSL_ports port 443 21 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 80 # http 2017/04/16 15:45:10| Iyacubungula: i-acl Safe_ports port 21 # ftp 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 443 # https 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 70 # gopher 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 210 # wais 2017/04/16 15:45:10| Iyacubungula: i-acl Safe_ports port 1025-65535 # izimbobo ezingabhalisiwe 2017/04/16 15:45:10| Iyacubungula: i-acl Safe_ports port 280 # http-mgmt 2017/04/16 15:45:10| Iyacubungula: i-acl Safe_ports port 488 # gss-http 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 591 # filemaker 2017/04/16 15:45:10| Iyacubungula: acl Safe_ports port 777 # multiling http 2017/04/16 15:45:10| Iyacubungula: indlela ye-acl CONNECT CONNECT 2017/04/16 15:45:10| Iyacubungula: http_access phika !Safe_ports 2017/04/16 15:45:10| Iyacubungula: http_ukufinyelela kwenqaba CONNECT !SSL_ports 2017/04/16 15:45:10| Iyacubungula: http_access vumela umphathi wendawo 2017/04/16 15:45:10| Iyacubungula: http_access yenqaba umphathi 2017/04/16 15:45:10| Iyacubungula: http_access phika to_localhost 2017/04/16 15:45:10| Iyacubungula: auth_param uhlelo oluyisisekelo /usr/lib64/squid/basic_pam_auth 2017/04/16 15:45:10| Iyacubungula: auth_param izingane eziyisisekelo 5 2017/04/16 15:45:10| Iyacubungula: i-auth_param basic realm desdelinux.fan 2017/04/16 15:45:10| Iyacubungula: auth_param basic credentialstl amahora angu-2 2017/04/16 15:45:10| Iyacubungula: i-auth_param basic casesensitive off 2017/04/16 15:45:10| Iyacubungula: acl Enthusiasts proxy_auth IYADINGEKA 2017/04/16 15:45:10| Iyacubungula: http_access phika !Abashisekeli 2017/04/16 15:45:10| Iyacubungula: acl ftp proto FTP 2017/04/16 15:45:10| Iyacubungula: http_access allow ftp 2017/04/16 15:45:10| Iyacubungula: http_access vumela localnet 2017/04/16 15:45:10| Iyacubungula: http_access vumela i-localhost 2017/04/16 15:45:10| Iyacubungula: http_access iphika konke 2017/04/16 15:45:10| Iyacubungula: http_port 3128 2017/04/16 15:45:10| Iyacubungula: coredump_dir /var/spool/squid 2017/04/16 15:45:10| Iyacubungula: refresh_pattern ^ftp: 1440 20% 10080 2017/04/16 15:45:10| Iyacubungula: refresh_pattern ^gopher: 1440 0% 1440 2017/04/16 15:45:10| Iyacubungula: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2017/04/16 15:45:10| Iyacubungula: refresh_pattern . 0 20% 4320 2017/04/16 15:45:10| Iyacubungula: cache_mem 64 MB 2017/04/16 15:45:10| Iyacubungula: memory_replacement_policy lru 2017/04/16 15:45:10| Iyacubungula: cache_replacement_policy heap LFUDA 2017/04/16 15:45:10| Iyacubungula: cache_dir aufs /var/spool/squid 4096 16 256 2017/04/16 15:45:10| Iyacubungula: maximum_object_size 4 MB 2017/04/16 15:45:10| Iyacubungula: cache_swap_low 85 2017/04/16 15:45:10| Iyacubungula: cache_swap_high 90 2017/04/16 15:45:10| Iyacubungula: cache_mgr buzz@desdelinux.fan 2017/04/16 15:45:10| Iyacubungula: i-linuxbox yegama lomphathi elibonakalayo.desdelinux.fan 2017/04/16 15:45:10| Iqalisa umongo wommeleli we-https
Silungisa izimvume ku- / usr / lib64 / squid / basic_pam_auth
[impande @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth
Sakha umkhombandlela wenqolobane
# Uma kungenzeka ... [root @ linuxbox ~] # service squid stop Iqondisa kabusha ku- / bin / systemctl stop squid.service [impande @ linuxbox ~] # squid -z [impande @ linuxbox ~] # 2017/04/16 15:48:28 kid1 | Setha Uhla lwemibhalo yamanje ku / var / spool / squid 2017/04/16 15:48:28 kid1 | Ukwakha izinkomba zokushintshana ezingekhoyo 2017/04/16 15:48:28 kid1 | / var / spool / squid ikhona 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ukwenza izinkomba ku / var / spool / squid / 0F
Ngalesi sikhathi, uma kuthatha isikhashana ukubuyisa i-oda Prompt - elingakaze libuyiselwe kimi - cindezela u-Enter.
[root @ linuxbox ~] # service squid start [root @ linuxbox ~] # service squid restart [root @ linuxbox ~] # isimo se-squid yesevisi Iqondisa kabusha ku- / bin / systemctl status squid.service ● squid.service - Proxy caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset preset: disabled) Iyasebenza: iyasebenza (isebenza) kusukela ku-dom 2017-04-16 15:57:27 EDT; Inqubo engu-1 edlule: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Inqubo: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (code = kuphumile, isimo = 0 / IMPUMELELO) Inqubo: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (ikhodi = iphumile, isimo = 0 / IMPUMELELO) I-PID enkulu: 2876 (squid) CGroup: /system.slice/squid isevisi └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Iqala ummeleli wokulondolozwa kwesikhashana se-Squid ... Apr 16 15:57:27 linuxbox systemd [1]: Ummeleli wokulondolozwa kwesikhashana we-Squid. Eph 16 15:57:27 linuxbox squid [2876]: Umzali we-squid: uzoqala izingane ezi-1 Apr 16 15:57:27 linuxbox squid [2876]: Umzali weSquid: (squid-1) inqubo 2878 ... ed Apr 16 15 : 57: 27 linuxbox squid [2876]: Umzali weSquid: (squid-1) inqubo 2878 ... 1 Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele [root @ linuxbox ~] # ikati / var / log / imiyalezo | i-grep squid
Ukulungiswa kwe-Firewall
Kumele futhi sivule kuZoni «zangaphandle"amachweba 80HTTP y 443 I-HTTPS ngakho-ke iSquid sikwazi ukuxhumana ne-Intanethi.
[root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 80 / tcp --permanent impumelelo [root @ linuxbox ~] # firewall-cmd --zone = yangaphandle --add-port = 443 / tcp --permanent impumelelo [root @ linuxbox ~] # firewall-cmd - phinda ulayishe impumelelo [root @ linuxbox ~] # firewall-cmd --info-zone yangaphandle ukubhekelwa kwangaphandle (okusebenzayo): okuzenzakalelayo icmp-block-inversion: akukho zinhlaka: imithombo ye-ens34: izinsizakalo: amachweba we-dns: 443 / tcp 53 / udp 80 / tcp 53 / tcp ama-protocols: masquerade: yebo phambili-amachweba: ama-sourceports: ama-icmp-block: ipharamitha-inkinga eqondisa kabusha umzila-wokukhangisa umzila-wokucela umthombo wokuqeda imithetho ecebile:
- Akukhona ukungenzi lutho ukuya kuhlelo lokusebenza lwezithombe «Izilungiselelo ze-Firewall»Futhi uhlole ukuthi amachweba 443 tcp, 80 tcp, 53 tcp, no-53 udp avulekele indawo«zangaphandle«, Nokuthi asikaze simshicilele noma iyiphi insizakalo.
Qaphela ohlelweni oluyisisekelo_pam_auth lomsizi
Uma sibheka imanuwali yalolu hlelo ngokusebenzisa indoda eyisisekelo_pam_auth Sizofunda ukuthi umbhali uqobo wenza isincomo esinamandla sokuthi uhlelo ludluliselwe enkombeni lapho abasebenzisi abajwayelekile bengenazo izimvume ezanele zokuthola ithuluzi.
Ngakolunye uhlangothi, kuyaziwa ukuthi ngalolu hlelo lokugunyazwa, iziqinisekiso zihamba ngombhalo osobala futhi akuphephile ezindaweni ezinobutha, funda amanethiwekhi avulekile.
UJeff Yestrumskas nikezela i-athikili «Ukwenzanjani: Ukusetha ummeleli wewebhu ophephile usebenzisa ukubethela kwe-SSL, ummeleli we-Squid Caching kanye ne-PAM»Endabeni yokwanda kwezokuphepha ngalolu hlelo lokuqinisekisa ukuze lusetshenziswe kumanethiwekhi avulekile angaba nobutha.
Sifaka i-httpd
Njengendlela yokubheka ukusebenza kwe-squid - futhi ngeshwa kweDnsmasq- sizofaka insiza httpd -Apache web server- okungaphoqelekile ukukwenza. Kufayela elihlobene ne-Dnsmasq / njll / banner_add_hosts Simemezela amasayithi esifuna ukuvinjelwa kuwo, futhi sibeka ngokusobala ikheli elifanayo le-IP elinalo ibhokisi le-linux. Ngakho-ke, uma sicela ukufinyelela kunoma iyiphi yalezi zingosi, ikhasi lasekhaya le- httpd.
[impande @ linuxbox ~] # yum ukufaka i-httpd [impande @ linuxbox ~] # systemctl vumela i-httpd Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root @ linuxbox ~] # systemctl qala i-httpd [impande @ linuxbox ~] # systemctl isimo httpd ● httpd.service - Iseva ye-Apache HTTP ilayishiwe: ilayishiwe (/usr/lib/systemd/system/httpd.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngeLanga 2017-04-16 16:41: I-35 EDT; 5s ago Docs: man: httpd (8) man: apachectl (8) Main PID: 2275 (httpd) Isimo: "Icubungula izicelo ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND / usr / sbin / httpd -DFOREGROUND Apr 2280 16:16:41 linuxbox systemd [35]: Iqala i-Apache HTTP Server ... Apr 1 16:16:41 linuxbox systemd [35]: Iqale i-Apache HTTP Server.
I-SELinux ne-Apache
I-Apache inezinqubomgomo eziningana okufanele zilungiselelwe ngaphakathi komongo we-SELinux.
[impande @ linuxbox ~] # i-getsebool -a | grep httpd httpd_anon_write -> off httpd_builtin_scripting -> ku-httpd_can_check_spam -> kuvaliwe httpd_can_connect_ftp -> off httpd_can_connect_ldap -> off httpd_can_connect_mythtv -> off httpd_can_connect off_zabbix -> off httpb_bop_braf_con httpd_can_network_memcache -> off httpd_can_network_relay -> off httpd_can_sendmail -> off httpd_dbus_avahi -> off httpd_dbus_sssd -> off httpd_dontaudit_search_dirs -> off httpd_enable_cgi -> httpd_enable_offmirs -> httpd_enable_enable offpd_server_offmirs -> httpd_enablem offpd_server_enable_cgi -> offhpd_enablem off httpd_graceful_shutdown -> on httpd_manage_ipa -> off httpd_mod_auth_ntlm_winbind -> off httpd_mod_auth_pam -> off httpd_read_user_content -> off httpd_run_ipa -> off httpd_run_preupgrade -> off httpdrrrizeshi offdrrrsshi httpd_ssi_exec -> kuvaliwe httpd_sys_script_anon_write -> kucishiwe httpd_tmp_exec -> kuvaliwe httpd_tty_comm - > off httpd_unified -> off httpd_use_cifs -> off httpd_use_fusefs -> off httpd_use_gpg -> off httpd_use_nfs -> off httpd_use_openstack -> off httpd_use_sasl -> off httpd_verify_dns -> off
Sizomisa okulandelayo kuphela:
Thumela i-imeyili nge-Apache
impande @ linuxbox ~] # setsebool -P httpd_can_sendmail 1
Vumela i-Apache ukuthi ifunde okuqukethwe okutholakala kwizikhombisi zasekhaya zabasebenzisi bendawo
impande @ linuxbox ~] # setsebool -P httpd_read_user_content 1
Vumela ukuphatha nge-FTP noma nge-FTPS noma yimuphi umkhombandlela ophethwe yi-
I-Apache noma vumela i-Apache ukuthi isebenze njengeseva ye-FTP elalela izicelo ngetheku le-FTP
[izimpande @ linuxbox ~] # setsebool -P httpd_enable_ftp_server 1
Ngeminye imininingwane, sicela ufunde Ukucushwa Kwamaseva we-Linux.
Sihlola Ukufakazela ubuqiniso
Kuhlala kuphela ukuvula isiphequluli endaweni yokusebenza nendawo, ngokwesibonelo, ku- http://windowsupdate.com. Sizobheka ukuthi isicelo siqondiswe kabusha kahle ekhasini lasekhaya le-Apache ku-linuxbox. Eqinisweni, noma yiliphi igama lesayithi elimenyezelwe kufayela / njll / banner_add_hosts uzoqondiswa kabusha ekhasini elifanayo.
Izithombe ezisekugcineni kwendatshana ziyakufakazela lokho.
Ukuphathwa kwabasebenzisi
Sikwenza sisebenzisa ithuluzi lokuqhafaza «Ukuphathwa komsebenzisi»Esikuthola ngemenyu Isistimu -> Ukuphatha -> Ukuphathwa komsebenzisi. Njalo lapho sifaka umsebenzisi omusha, ifolda yayo iyakhiwa / ikhaya / umsebenzisi ngokuzenzakalelayo.
Izipele
Amaklayenti we-Linux
Udinga kuphela isiphequluli sefayela elijwayelekile futhi ukhombise ukuthi ufuna ukuxhumana, ngokwesibonelo: ssh: // buzz @ linuxbox / home / buzz futhi ngemuva kokufaka iphasiwedi, umkhombandlela uzokhonjiswa ikhaya yomsebenzisi buzz.
Amaklayenti eWindows
Kumaklayenti eWindows, sisebenzisa ithuluzi WinSCP. Uma sekufakiwe, siyisebenzisa ngale ndlela elandelayo:
Kulula, akunjalo?
Isifingqo
Sibonile ukuthi kungenzeka ukusebenzisa i-PAM ukuqinisekisa izinsizakalo kwinethiwekhi encane futhi endaweni elawulwayo ehlukaniswe ngokuphelele nezandla ze kubaduni. Lokhu kungenxa yokuthi iziqinisekiso zokuqinisekisa zihamba ngombhalo osobala ngakho-ke akusilo uhlelo lokuqinisekisa okufanele lusetshenziswe kumanethiwekhi avulekile anjengezikhumulo zezindiza, amanethiwekhi we-Wi-Fi, njll. Noma kunjalo, kuyindlela elula yokugunyazwa, okulula ukuyisebenzisa nokuyilungiselela.
Imithombo exoxiwe
- Ukucushwa Kwamaseva we-Linux
- Izincwajana zomyalo - amakhasi omuntu
Inguqulo ye-PDF
Landa inguqulo ye-PDF lapha.
Kuze kube yindatshana elandelayo!
Ukuthunyelwa okukhulu kuphulukisiwe uMnu Fico. Siyabonga ngokwabelana ngolwazi lwakho.
Ngiyazi ukuthi kunzima kanjani ukuhlanganisa i-athikili enezinga elinjalo lemininingwane, enezivivinyo ezicace bha futhi ngaphezu kwakho konke enemiqondo namasu aqondaniswe namazinga. Ngivele ngikhumule isigqoko sami kuleli tshe eliyigugu leminikelo, ngiyabonga kakhulu uFico ngomsebenzi omuhle kangaka.
Angikaze ngihlanganise i-squid ne-pam authentication kodwa ngiya ngangokunokwenzeka ukwenza lo mkhuba elabhorethri yami ... Goal Goal bese siyaqhubeka !!
NaTiluS: Ngiyabonga kakhulu ngokuphawula kwakho nokuhlola kwakho.
Lizard: Nawe, ngiyabonga kakhulu ngokuphawula kwakho nokuhlola kwakho.
Isikhathi nomzamo onikezelwe ekudaleni ama-athikili afana nalesi kuvuzwa kuphela ngokufundwa nokuphawula kwalabo abavakashela umphakathi. DesdeLinux. Ngethemba ukuthi iwusizo kuwena emsebenzini wakho wansuku zonke.
Siyaqhubeka!
Umnikelo omangalisayo wesakhamuzi !!!! Ngifunde i-athikili ngayinye yakho futhi ngingasho ukuthi nomuntu ongenalo ulwazi oluthuthukile lweSoftware yamahhala (njengami) angalandela le ndatshana enhle igxathu negxathu. Halala !!!!
Ngiyabonga uFico ngalesi sihloko esihle; Njengokungathi lokho bekunganele ngakho konke okuthunyelwe osekuvele kushicilelwe, kulokhu sinesevisi engazange ihlanganiswe ngaphambili yiPYMES Series futhi ebaluleke kakhulu: i- "SQUID" noma i-Proxy ye-LAN. Akukho lutho olwenzelwe thina mndeni walabo abacabanga ukuthi singama- "sysadmins" lapha olunezinye izinto ezinhle zokufunda nokujulisa ulwazi lwethu.
Ngiyabonga nonke ngemibono yenu. I-athikili elandelayo izobhekana nesiphakeli sokuxoxa ngeProsody ngokuqinisekiswa okuphikisana nobufakazi bendawo (i-PAM) ngeCyrus-SASL, futhi leyo nsizakalo izofakwa kule seva efanayo.
Ngesikhathi esihle sizwe !!!! Umnikelo omkhulu ngisho nakulabo abanjengami abangenalo ulwazi olukhulu nge-Free Software bayathanda ukufunda ngezihloko ezinjengalezi. Bengilokhu ngilandela iminikelo yakho futhi ngithanda ukwazi ukuthi ungangincoma yiphi indatshana ukuthi ngiqale kulolu chungechunge lwama-SME Networks, ngoba bengifunda ngendlela engahlelekile futhi ngicabanga ukuthi inokuqukethwe okuningi okuyigugu okuphuthelwa yimininingwane. Ngaphandle kokunye, imikhonzo futhi kwangathi ulwazi olwabiwe kanye neSoftware luhlala lukhululekile !!
Sanibonani sizwe !!!. Ngincoma ukuthi uqale ekuqaleni, ukuthi yize kungabonakala kuyindlela ende, kuyindlela emfushane kakhulu ukuze ungalahleki. Enkombeni -okungabuyekezwa ngezihloko ezimbili zokugcina- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, sisungule ukuhleleka kokufunda okunconyiwe kochungechunge, okuqala ngokuthi ungayenza kanjani i- my Indawo yokusebenza, iyaqhubeka ngokuthunyelwe okuningana okuhlinzekelwe isihloko Ukwenza izinto ngamehlo, alandele ngemvilophu eminingana Bopha, i-Isc-Dhcp-Server, ne-Dnsmasq, njalonjalo size sifike engxenyeni yokuqalisa insizakalo yenethiwekhi ye-SME, okuyilapho sikhona njengamanje. Ngiyethemba kuyakusiza.
Kuzobe kunjalo !!!! Ngaso leso sikhathi ngiqala ngochungechunge kusukela ekuqaleni futhi ngilangazelela izindatshana ezintsha. Halala !!!!