- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:skoleni:firewall [2016/05/12 11:36] admin [MRTG - grafy toku] |
linux:skoleni:firewall [2016/05/13 15:47] (current) admin [OpenVPN a Easy RSA] |
||
|---|---|---|---|
| Line 119: | Line 119: | ||
| Vytvorime konfiguraci pro mrtg pomoci utility cfgmaker public@localhost | Vytvorime konfiguraci pro mrtg pomoci utility cfgmaker public@localhost | ||
| - | a vystup presmeerujeme do ''/etc/mrtg/mrtg.cfg" | + | a vystup presmeerujeme do ''/etc/mrtg/mrtg.cfg'' |
| cfgmaker public@localhost > /etc/mrtg/mrtg.cfg | cfgmaker public@localhost > /etc/mrtg/mrtg.cfg | ||
| Zvolime spravne cesty a trochu lepsi options | Zvolime spravne cesty a trochu lepsi options | ||
| Line 130: | Line 130: | ||
| </file> | </file> | ||
| - | a nastavime cron. | + | cron je obvykle (centos i debian) nastaveny spravne instalacnim balikem. |
| + | a nastavime apache. | ||
| + | ''/etc/httpd/conf.d/mrtg.conf'' | ||
| + | staci jedina radka | ||
| + | alias /mrtg /var/www/mrtg | ||
| + | A vygenerujeme index.html podle configu | ||
| + | indexmaker /etc/mrtg/mrtg.cfg > /var/www/mrtg/index.html | ||
| + | |||
| + | ===== High Availability HA Router ===== | ||
| + | VRRP nebo UCARP | ||
| + | Instalace | ||
| + | <code> | ||
| + | yum install http://mirror.hosting90.cz/epel/6/x86_64/epel-release-6-8.noarch.rpm | ||
| + | yum install ucarp | ||
| + | </code> | ||
| + | |||
| + | skripty ''up.sh'' a ''down.sh'', uvadim priklad jen pro UP | ||
| + | <file> | ||
| + | #!/bin/sh | ||
| + | |||
| + | ip a a 192.168.5.166/32 dev eth0 | ||
| + | ip a a 10.0.1.166/32 dev eth1 | ||
| + | |||
| + | #nezapomenout na arping | ||
| + | </file> | ||
| + | |||
| + | Dlouha prikazova radka | ||
| + | <code> | ||
| + | ucarp --interface eth0 --srcip 192.168.5.16 --vhid=16 --pass=dalibor \ | ||
| + | --addr=192.168.5.166 --preempt --shutdown \ | ||
| + | --upscript=/etc/ucarp/up.sh \ | ||
| + | --downscript=/etc/ucarp/down.sh | ||
| + | </code> | ||
| + | |||
| + | ====== OpenVPN a Easy RSA ====== | ||
| + | yum install openvpn easy-rsa | ||
| + | |||
| + | Nasledujici se bude odehravat v adresari | ||
| + | ''/usr/share/easy-rsa/2.0'' | ||
| + | |||
| + | <code> | ||
| + | [root@router-bck 2.0]# . ./vars | ||
| + | NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/easy-rsa/2.0/keys | ||
| + | [root@router-bck 2.0]# ./clean-all | ||
| + | [root@router-bck 2.0]# ./build-ca | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Priklad konfigurace klienta '/etc/openvpn/client.conf'' | ||
| + | <code bash> | ||
| + | client | ||
| + | dev tun | ||
| + | proto udp | ||
| + | |||
| + | remote 192.168.5.38 1194 | ||
| + | |||
| + | ; stoji za komentar | ||
| + | ;resolv-retry infinite | ||
| + | |||
| + | nobind | ||
| + | |||
| + | persist-key | ||
| + | persist-tun | ||
| + | |||
| + | ca ca.crt | ||
| + | cert ten-vas.crt | ||
| + | key taky-ten-vas.key | ||
| + | |||
| + | verb 3 | ||
| + | </code> | ||
| + | Konfigurace serveru ''/etc/openvpn/server.conf'' | ||
| + | <code> | ||
| + | port 1194 | ||
| + | proto udp | ||
| + | dev tun0 | ||
| + | |||
| + | ca ca.crt | ||
| + | cert dalibor.crt | ||
| + | key dalibor.key | ||
| + | |||
| + | dh dh2048.pem | ||
| + | server 10.88.88.0 255.255.255.0 | ||
| + | # okomentovat ifconfig-pool-persist ipp.txt | ||
| + | |||
| + | route 10.0.1.0 255.255.255.0 | ||
| + | # Then create a file ccd/Thelonious with this line: | ||
| + | |||
| + | # okomentovat | ||
| + | #push "route 192.168.182.0 255.255.255.0" | ||
| + | #push "redirect-gateway" | ||
| + | #push "dhcp-option DNS 192.168.183.1" | ||
| + | #push "dhcp-option WINS 10.8.0.1" | ||
| + | #client-config-dir ccd | ||
| + | |||
| + | |||
| + | #okomentovat client-to-client | ||
| + | keepalive 10 120 | ||
| + | #tls-auth ta.key 0 # secret file | ||
| + | |||
| + | #cipher BF-CBC # Blowfish | ||
| + | #cipher AES-128-CBC # AES | ||
| + | #cipher DES-EDE3-CBC # Triple-DES | ||
| + | |||
| + | # pozor na mikrotiky! :-D | ||
| + | #comp-lzo # compresion | ||
| + | ;max-clients 100 | ||
| + | status openvpn-status.log | ||
| + | </code> | ||
| + | |||
| + | ====== Samba Server ====== | ||
| + | Priklad jednoducheho konfiguracniho souboru ''/etc/samba/smb.conf'' | ||
| + | <code> | ||
| + | [global] | ||
| + | |||
| + | workgroup = MYGROUP | ||
| + | server string = Samba Server Version %v | ||
| + | |||
| + | ; netbios name = MYSERVER | ||
| + | |||
| + | log file = /var/log/samba/log.%m | ||
| + | max log size = 50 | ||
| + | |||
| + | security = user | ||
| + | passdb backend = tdbsam | ||
| + | |||
| + | # the login script name depends on the machine name | ||
| + | ; logon script = %m.bat | ||
| + | # the login script name depends on the unix user used | ||
| + | ; logon script = %u.bat | ||
| + | ; logon path = \\%L\Profiles\%u | ||
| + | # disables profiles support by specifing an empty path | ||
| + | ; logon path = | ||
| + | |||
| + | [homes] | ||
| + | comment = Home Directories | ||
| + | browseable = no | ||
| + | writable = yes | ||
| + | |||
| + | [pub] | ||
| + | path=/srv/samba-public | ||
| + | writable = yes | ||
| + | readonly = no | ||
| + | browsable = yes | ||
| + | |||
| + | </code> | ||
| + | |||
| + | Pridejte uzivatele uziv | ||
| + | <code> | ||
| + | adduser uziv | ||
| + | pdbedit -a uziv | ||
| + | </code> | ||
| + | |||
| + | Priklad vytvoreni slozky Kos (Trash) | ||
| + | <code> | ||
| + | vfs object = recycle:recycle | ||
| + | recycle:subdir_mode = 0777 | ||
| + | recycle:repository = .recycle | ||
| + | recycle:keeptree = Yes | ||
| + | recycle:touch = Yes | ||
| + | recycle:versions = No | ||
| + | recycle:maxsize = 100000000 ; 100 metric million bytes | ||
| + | </code> | ||
linux/skoleni/firewall.1463045782.txt.gz · Last modified: 2016/05/12 11:36 by admin