Linux-5-作业练习

1、简述DNS服务器原理,并搭建主-辅服务器。

DNS服务器原理https://www.cnblogs.com/lyj1023/p/16063868.html

主从服务器https://www.cnblogs.com/lyj1023/p/16215909.html


2、搭建并实现智能DNS。

view实现只能DNShttps://www.cnblogs.com/lyj1023/p/16218423.html


3、使用iptable实现: 放行ssh,telnet, ftp, web服务80端口,其他端口服务全部拒绝

服务器 centos8:10.0.0.88  做iptables规则策略

客户端 centos7:10.0.0.77 访问

复制代码
[root@centos7-liyj ~]#ftp 10.0.0.88
Connected to 10.0.0.88 (10.0.0.88).
220 (vsFTPd 3.0.3)
Name (10.0.0.88:root): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221 Goodbye.

[root@centos7-liyj ~]#telnet 10.0.0.88
Trying 10.0.0.88...
Connected to 10.0.0.88.
Escape character is '^]'.

Kernel 4.18.0-348.7.1.el8_5.x86_64 on an x86_64

centos8-liyj login: root
Password: 
Last login: Thu May  5 12:10:20 from ::ffff:10.0.0.77
[root@centos8-liyj ~]#
[root@centos8-liyj ~]#
[root@centos8-liyj ~]#exit
logout
Connection closed by foreign host.

[root@centos7-liyj ~]#curl 10.0.0.88
10.0.0.88  hello word
[root@centos7-liyj ~]#

[root@centos7-liyj ~]#telnet  10.0.0.88  3306
Trying 10.0.0.88...
Connected to 10.0.0.88.
Escape character is '^]'.     代表访问成功
BHost '10.0.0.77' is not allowed to connect to this MySQL serverConnection closed by foreign host.

[root@centos7-liyj ~]#ping 10.0.0.88
PING 10.0.0.88 (10.0.0.88) 56(84) bytes of data.
64 bytes from 10.0.0.88: icmp_seq=1 ttl=64 time=0.249 ms
64 bytes from 10.0.0.88: icmp_seq=2 ttl=64 time=0.241 ms
64 bytes from 10.0.0.88: icmp_seq=3 ttl=64 time=0.217 ms
64 bytes from 10.0.0.88: icmp_seq=4 ttl=64 time=0.328 ms
64 bytes from 10.0.0.88: icmp_seq=5 ttl=64 time=0.396 ms
64 bytes from 10.0.0.88: icmp_seq=6 ttl=64 time=0.248 ms
centos7服务访问测试-都正常访问
复制代码

centos8 做iptables规则限制访问

方法1:白名单设置

复制代码
[root@centos8-liyj ~]#iptables -A INPUT  -p tcp -m multiport  --dport 21,22,23,80 -j ACCEPT
[root@centos8-liyj ~]#iptables -P INPUT DROP

[root@centos8-liyj ~]#iptables -vnL
Chain INPUT (policy DROP 206 packets, 12791 bytes)
pkts bytes target prot opt in out source destination
122 7128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,22,23,80

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 510 packets, 47606 bytes)
pkts bytes target prot opt in out source destination
复制代码

方法2:黑名单设置

复制代码
[root@centos8-liyj ~]#iptables -P INPUT ACCEPT
[root@centos8-liyj ~]#iptables -A INPUT -j REJECT
[root@centos8-liyj ~]#iptables -vnL
Chain INPUT (policy ACCEPT 240 packets, 15588 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  406 26073 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21,22,23,80
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 725 packets, 67498 bytes)
 pkts bytes target     prot opt in     out     source               destination
复制代码

 

 

ping命令和数据库服务连接失败

复制代码
[root@centos7-liyj ~]#ping 10.0.0.88
PING 10.0.0.88 (10.0.0.88) 56(84) bytes of data.
^C
--- 10.0.0.88 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9002ms

[root@centos7-liyj ~]#telnet 10.0.0.88 3306
Trying 10.0.0.88...
telnet: connect to address 10.0.0.88: Connection timed out
复制代码

ssh,ftp,telnet,web访问成功

复制代码
[root@centos7-liyj ~]#ssh 10.0.0.88
The authenticity of host '10.0.0.88 (10.0.0.88)' can't be established.
ECDSA key fingerprint is SHA256:znuk6BAInoe362ut3bwJWL5K6tg8VKfXj2EHZ/8mt8s.
ECDSA key fingerprint is MD5:a8:ca:c4:71:1a:11:6b:28:f5:f0:17:b6:a8:f4:49:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.88' (ECDSA) to the list of known hosts.
root@10.0.0.88's password:
Last login: Thu May 5 12:41:20 2022 from ::ffff:10.0.0.77
[root@centos8-liyj ~]#exit
logout
Connection to 10.0.0.88 closed.
[root@centos7-liyj ~]#ftp 10.0.0.88
Connected to 10.0.0.88 (10.0.0.88).
220 (vsFTPd 3.0.3)
Name (10.0.0.88:root): root
331 Please specify the password.
Password:
^C
^Z
[3]+ Stopped ftp 10.0.0.88
[root@centos7-liyj ~]#telnet 10.0.0.88
Trying 10.0.0.88...
Connected to 10.0.0.88.
Escape character is '^]'.

Kernel 4.18.0-348.7.1.el8_5.x86_64 on an x86_64
centos8-liyj login: root
Password:
Last login: Thu May 5 13:32:04 from 10.0.0.77
[root@centos8-liyj ~]#
[root@centos8-liyj ~]#
[root@centos8-liyj ~]#exit
logout
Connection closed by foreign host.
[root@centos7-liyj ~]#curl 10.0.0.88
10.0.0.88 hello word
[root@centos7-liyj ~]#
访问测试
复制代码

3、NAT原理总结

总结https://www.cnblogs.com/lyj1023/p/16224490.html
4、iptables实现SNAT和DNAT,并对规则持久保存。

实验:https://www.cnblogs.com/lyj1023/p/16224647.html
5、在阿里云服务器搭建openv-p-n(有条件的同学做)

posted @   goodbay说拜拜  阅读(49)  评论(0编辑  收藏  举报
相关博文:
·  Linux-iptables实现SNAT和DNAT
·  Linux -4-作业练习
·  第五周作业
·  第五周作业
·  第九周作业
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· AI 智能体引爆开源社区「GitHub 热点速览」
· 从HTTP原因短语缺失研究HTTP/2和HTTP/3的设计差异
· 三行代码完成国际化适配,妙~啊~
点击右上角即可分享
微信分享提示
SQL AI 助手