各マシン役割 †hop (boss) †
themis †
oceanus †
cain †
hop †基本設定 †# yast2 Network Devices > Network Card Traditional なんとかを選択 Intel PRO/1000 MT Desktop Adapter を1つ選択 -> Edit IP Address: 192.168.4.1 Subnet Mask: 255.255.255.0 Hostname and Name Server Host Name: hop Domain: am.ics.keio.ac.jp Name Server 1: 0.0.0.0 Name Server 2: 131.113.69.24 Domain Search: am.ics.keio.ac.jp asap.am.ics.keio.ac.jp Routing Default Gateway: 131.113.69.24 Enable IP Forwarding にチェックをつける <-- これ重要 Quit (もう一方はhopのグローバル側なので変更しない) DNS (bind) †
# cp named.conf named.conf.orig バックアップ # vi named.conf 以下を追加変更 options { directory "/etc/ns_asap"; forwarders { 131.113.69.5; }; forward only; version "Nskw"; }; zone "asap.am.ics.keio.ac.jp" { type master; file "asap.zone"; }; zone "4.168.192.in-addr.arpa" { type master; file "192_168_4.rev"; }; localhost.zone のところはコメントアウト # mkdir ns_asap # cp /var/lib/named/root.hint # vi asap.zone いろいろ追加 # vi 192_168_4.rev いろいろ追加 # vi 127_0_0.rev いろいろ追加 設定ファイルの確認 # /usr/sbin/named-checkconf /etc/named.conf # /usr/sbin/named-checkzone asap /etc/ns_asap/asap.zone 再起動 # /etc/init.d/named restart Firewall †今日日LinuxでNAT/Firewallといえばiptables (多分)
# mkdir /etc/firewall # vi /etc/firewall/firewall.sh いまNFSに関するところはコメントアウト中 #!/bin/sh # Internet INET_ADDR=131.113.69.26 # local LOCAL_ADDR=192.168.4.1 # 69 network HLAB_NETWORK=131.113.69.0/24 # local network LOCAL_NETWORK=192.168.4.0/24 # NIC of internet side INET_IF=eth0 # NIC of local side LOCAL_IF=eth1 # flush everything at the beginning iptables -F iptables -t nat -F # accept any input from internet to hop iptables -P INPUT ACCEPT # accept any output from hop to internet iptables -P OUTPUT ACCEPT # accept any forwarding iptables -P FORWARD ACCEPT # RPC/NFS are dropped iptables -A INPUT -i $LOCAL_IF -p udp -m multiport --dports 111,2049 -j LOG iptables -A INPUT -i $LOCAL_IF -p tcp -m multiport --dports 111,2049 -j LOG iptables -A INPUT -i $LOCAL_IF -p udp -m multiport --dports 111,2049 -j DROP iptables -A INPUT -i $LOCAL_IF -p tcp -m multiport --dports 111,2049 -j DROP iptables -A FORWARD -i $LOCAL_IF -p udp -m multiport --dports 111,2049 -j LOG iptables -A FORWARD -i $LOCAL_IF -p tcp -m multiport --dports 111,2049 -j LOG iptables -A FORWARD -i $LOCAL_IF -p udp -m multiport --dports 111,2049 -j DROP iptables -A FORWARD -i $LOCAL_IF -p tcp -m multiport --dports 111,2049 -j DROP # ICMP iptables -A FORWARD -i $LOCAL_IF -p icmp -d $HLAB_NETWORK -j ACCEPT # NAT iptables -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $INET_IF -j SNAT --to-source $INET_ADDR /etc/init.d/after.local に以下を記述して起動時に有効になるように設定 # vi /etc/init.d/after.local if [ -e /etc/firewall/firewall.sh ]; then /etc/firewall/firewall.sh fi # chmod 755 /etc/init.d/after.local LDAP †NIS †NFS †# vi /etc/exports 以下を追加 /export/home2 192.168.4.0/255.255.255.0(rw,no_root_squash,no_subtree_check) /export/home3 192.168.4.0/255.255.255.0(rw,no_root_squash,no_subtree_check) /export/home4 192.168.4.0/255.255.255.0(rw,no_root_squash,no_subtree_check) NFS server 再起動 # /etc/init.d/nfsserver restart Samba †とりあえずこれと同じくやる Windows Netgroup †themis †基本設定 †# yast2 Network Devices > Network Card Traditional なんとかを選択 Intel PRO/1000 MT Desktop Adapter を1つ選択 -> Edit IP Address: 192.168.4.3 Subnet Mask: 255.255.255.0 Hostname and Name Server Host Name: themis Domain: asap.am.ics.keio.ac.jp Name Server 1: 192.168.4.1 Domain Search: am.ics.keio.ac.jp asap.am.ics.keio.ac.jp Routing Default Gateway: 192.168.4.1 NFS Sever停止 †特にexportはしない #/etc/init.d/nfsserver stop # chkconfig nfsserver off autofs †# vi /etc/auto.home 以下のみにする asap2 hop:/export/home2/& asap3 hop:/export/home3/& asap4 hop:/export/home4/& autofs起動 # /etc/init.d/autofs start # chkconfig autofs on |