[Show page]
[Old revisions]
[[unknown link type]]
[
]

Differences

This shows you the differences between two versions of the page.

--- linux:skoleni:firewall [2016/05/12 14:42]
admin [Hight Availability HA Router]
+++ linux:skoleni:firewall [2016/05/13 15:47] (current)
admin [OpenVPN a Easy RSA]
@@ Line 141: / Line 141: @@
 ===== High Availability HA Router =====
 VRRP nebo UCARP
+Instalace
+<code>
+yum install http://mirror.hosting90.cz/epel/6/x86_64/epel-release-6-8.noarch.rpm
+yum install ucarp
+</code>
 skripty ''up.sh'' a ''down.sh'', uvadim priklad jen pro UP
@@ Line 154: / Line 159: @@
 Dlouha prikazova radka
 <code>
-   ucarp --interface eth0 --srcip 192.168.5.16 --vhid=16  --pass=dalibor --addr=192.168.5.166 --preempt --shutdown --upscript=/etc/ucarp/up.sh --downscript=/etc/ucarp/down.sh
+   ucarp --interface eth0 --srcip 192.168.5.16 --vhid=16  --pass=dalibor \
+   --addr=192.168.5.166 --preempt --shutdown \
+   --upscript=/etc/ucarp/up.sh \
+   --downscript=/etc/ucarp/down.sh
 </code>
+====== OpenVPN a Easy RSA ======
+   yum install openvpn easy-rsa
+Nasledujici se bude odehravat v adresari
+''/usr/share/easy-rsa/2.0''
+<code>
+[root@router-bck 2.0]# . ./vars
+NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/easy-rsa/2.0/keys
+[root@router-bck 2.0]# ./clean-all
+[root@router-bck 2.0]# ./build-ca
+</code>
+Priklad konfigurace klienta '/etc/openvpn/client.conf''
+<code bash>
+client
+dev tun
+proto udp
+remote 192.168.5.38 1194
+; stoji za komentar
+;resolv-retry infinite
+nobind
+persist-key
+persist-tun
+ca ca.crt
+cert ten-vas.crt
+key taky-ten-vas.key
+verb 3
+</code>
+Konfigurace serveru ''/etc/openvpn/server.conf''
+<code>
+port 1194
+proto udp
+dev tun0
+ca ca.crt
+cert dalibor.crt
+key dalibor.key
+dh dh2048.pem
+server 10.88.88.0 255.255.255.0
+# okomentovat ifconfig-pool-persist ipp.txt
+route 10.0.1.0 255.255.255.0
+# Then create a file ccd/Thelonious with this line:
+# okomentovat
+#push "route 192.168.182.0 255.255.255.0"
+#push "redirect-gateway"
+#push "dhcp-option DNS 192.168.183.1"
+#push "dhcp-option WINS 10.8.0.1"
+#client-config-dir ccd
+#okomentovat client-to-client
+keepalive 10 120
+#tls-auth ta.key 0   # secret file
+#cipher BF-CBC         # Blowfish
+#cipher AES-128-CBC   # AES
+#cipher DES-EDE3-CBC  # Triple-DES
+# pozor na mikrotiky! :-D
+#comp-lzo   # compresion
+;max-clients 100
+status openvpn-status.log
+</code>
+====== Samba Server ======
+Priklad jednoducheho konfiguracniho souboru ''/etc/samba/smb.conf''
+<code>
+[global]
+        workgroup = MYGROUP
+        server string = Samba Server Version %v
+;       netbios name = MYSERVER
+        log file = /var/log/samba/log.%m
+        max log size = 50
+        security = user
+        passdb backend = tdbsam
+        # the login script name depends on the machine name
+;       logon script = %m.bat
+        # the login script name depends on the unix user used
+;       logon script = %u.bat
+;       logon path = \\%L\Profiles\%u
+        # disables profiles support by specifing an empty path
+;       logon path =
+[homes]
+        comment = Home Directories
+        browseable = no
+        writable = yes
+[pub]
+        path=/srv/samba-public
+        writable = yes
+        readonly = no
+        browsable = yes
+</code>
+Pridejte uzivatele uziv
+<code>
+  adduser uziv
+  pdbedit -a uziv
+</code>
+Priklad vytvoreni slozky Kos (Trash)
+<code>
+  vfs object = recycle:recycle
+  recycle:subdir_mode = 0777
+  recycle:repository = .recycle
+  recycle:keeptree = Yes
+  recycle:touch = Yes
+  recycle:versions = No
+  recycle:maxsize = 100000000 ; 100 metric million bytes
+</code>

linux/skoleni/firewall.1463056939.txt.gz · Last modified: 2016/05/12 14:42 by admin