Linux-5-作业练习
1、简述DNS服务器原理,并搭建主-辅服务器。
DNS服务器原理https://www.cnblogs.com/lyj1023/p/16063868.html
主从服务器https://www.cnblogs.com/lyj1023/p/16215909.html
2、搭建并实现智能DNS。
view实现只能DNShttps://www.cnblogs.com/lyj1023/p/16218423.html
3、使用iptable实现: 放行ssh,telnet, ftp, web服务80端口,其他端口服务全部拒绝
服务器 centos8:10.0.0.88 做iptables规则策略
客户端 centos7:10.0.0.77 访问
[root@centos7-liyj ~]#ftp 10.0.0.88 Connected to 10.0.0.88 (10.0.0.88). 220 (vsFTPd 3.0.3) Name (10.0.0.88:root): root 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> exit 221 Goodbye. [root@centos7-liyj ~]#telnet 10.0.0.88 Trying 10.0.0.88... Connected to 10.0.0.88. Escape character is '^]'. Kernel 4.18.0-348.7.1.el8_5.x86_64 on an x86_64 centos8-liyj login: root Password: Last login: Thu May 5 12:10:20 from ::ffff:10.0.0.77 [root@centos8-liyj ~]# [root@centos8-liyj ~]# [root@centos8-liyj ~]#exit logout Connection closed by foreign host. [root@centos7-liyj ~]#curl 10.0.0.88 10.0.0.88 hello word [root@centos7-liyj ~]# [root@centos7-liyj ~]#telnet 10.0.0.88 3306 Trying 10.0.0.88... Connected to 10.0.0.88. Escape character is '^]'. 代表访问成功 BHost '10.0.0.77' is not allowed to connect to this MySQL serverConnection closed by foreign host. [root@centos7-liyj ~]#ping 10.0.0.88 PING 10.0.0.88 (10.0.0.88) 56(84) bytes of data. 64 bytes from 10.0.0.88: icmp_seq=1 ttl=64 time=0.249 ms 64 bytes from 10.0.0.88: icmp_seq=2 ttl=64 time=0.241 ms 64 bytes from 10.0.0.88: icmp_seq=3 ttl=64 time=0.217 ms 64 bytes from 10.0.0.88: icmp_seq=4 ttl=64 time=0.328 ms 64 bytes from 10.0.0.88: icmp_seq=5 ttl=64 time=0.396 ms 64 bytes from 10.0.0.88: icmp_seq=6 ttl=64 time=0.248 ms
centos8 做iptables规则限制访问
方法1:白名单设置
[root@centos8-liyj ~]#iptables -A INPUT -p tcp -m multiport --dport 21,22,23,80 -j ACCEPT [root@centos8-liyj ~]#iptables -P INPUT DROP
[root@centos8-liyj ~]#iptables -vnL Chain INPUT (policy DROP 206 packets, 12791 bytes) pkts bytes target prot opt in out source destination 122 7128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,22,23,80 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 510 packets, 47606 bytes) pkts bytes target prot opt in out source destination
方法2:黑名单设置
[root@centos8-liyj ~]#iptables -P INPUT ACCEPT [root@centos8-liyj ~]#iptables -A INPUT -j REJECT [root@centos8-liyj ~]#iptables -vnL Chain INPUT (policy ACCEPT 240 packets, 15588 bytes) pkts bytes target prot opt in out source destination 406 26073 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,22,23,80 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 725 packets, 67498 bytes) pkts bytes target prot opt in out source destination
ping命令和数据库服务连接失败
[root@centos7-liyj ~]#ping 10.0.0.88 PING 10.0.0.88 (10.0.0.88) 56(84) bytes of data. ^C --- 10.0.0.88 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 9002ms [root@centos7-liyj ~]#telnet 10.0.0.88 3306 Trying 10.0.0.88... telnet: connect to address 10.0.0.88: Connection timed out
ssh,ftp,telnet,web访问成功
[root@centos7-liyj ~]#ssh 10.0.0.88 The authenticity of host '10.0.0.88 (10.0.0.88)' can't be established. ECDSA key fingerprint is SHA256:znuk6BAInoe362ut3bwJWL5K6tg8VKfXj2EHZ/8mt8s. ECDSA key fingerprint is MD5:a8:ca:c4:71:1a:11:6b:28:f5:f0:17:b6:a8:f4:49:e4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.88' (ECDSA) to the list of known hosts. root@10.0.0.88's password: Last login: Thu May 5 12:41:20 2022 from ::ffff:10.0.0.77 [root@centos8-liyj ~]#exit logout Connection to 10.0.0.88 closed. [root@centos7-liyj ~]#ftp 10.0.0.88 Connected to 10.0.0.88 (10.0.0.88). 220 (vsFTPd 3.0.3) Name (10.0.0.88:root): root 331 Please specify the password. Password: ^C ^Z [3]+ Stopped ftp 10.0.0.88 [root@centos7-liyj ~]#telnet 10.0.0.88 Trying 10.0.0.88... Connected to 10.0.0.88. Escape character is '^]'. Kernel 4.18.0-348.7.1.el8_5.x86_64 on an x86_64 centos8-liyj login: root Password: Last login: Thu May 5 13:32:04 from 10.0.0.77 [root@centos8-liyj ~]# [root@centos8-liyj ~]# [root@centos8-liyj ~]#exit logout Connection closed by foreign host. [root@centos7-liyj ~]#curl 10.0.0.88 10.0.0.88 hello word [root@centos7-liyj ~]#
3、NAT原理总结
总结https://www.cnblogs.com/lyj1023/p/16224490.html
4、iptables实现SNAT和DNAT,并对规则持久保存。
实验:https://www.cnblogs.com/lyj1023/p/16224647.html
5、在阿里云服务器搭建openv-p-n(有条件的同学做)
无
