Linux结合网络的综合实验---------模拟生产环境中项目的规划流程
项目需求
eNSP中:
RSW1:
<Huawei>sys
[Huawei]sysname RSW1
[RSW1]v b 10 20 30 50
[RSW1]int g0/0/1
[RSW1-GigabitEthernet0/0/1]p l a
[RSW1-GigabitEthernet0/0/1]p d v 10
[RSW1-GigabitEthernet0/0/1]un sh
[RSW1-GigabitEthernet0/0/1]int g0/0/2
[RSW1-GigabitEthernet0/0/2]p l a
[RSW1-GigabitEthernet0/0/2]p d v 20
[RSW1-GigabitEthernet0/0/2]un sh
[RSW1-GigabitEthernet0/0/2]int g0/0/3
[RSW1-GigabitEthernet0/0/3]p l a
[RSW1-GigabitEthernet0/0/3]p d v 30
[RSW1-GigabitEthernet0/0/3]un sh
[RSW1-GigabitEthernet0/0/3]int g0/0/5
[RSW1-GigabitEthernet0/0/5]p l a
[RSW1-GigabitEthernet0/0/5]p d v 30
[RSW1-GigabitEthernet0/0/5]un sh
[RSW1-GigabitEthernet0/0/5]int g0/0/4
[RSW1-GigabitEthernet0/0/4]p l a
[RSW1-GigabitEthernet0/0/4]p d v 50
[RSW1-GigabitEthernet0/0/4]un sh
[RSW1-GigabitEthernet0/0/4]q
[RSW1]int vlanif 10
[RSW1-Vlanif10]
[RSW1-Vlanif10]ip add 192.168.10.1 24
[RSW1-Vlanif10]int vlanif 20
[RSW1-Vlanif20]ip add 192.168.20.1 24
[RSW1-Vlanif20]int vlanif 30
[RSW1-Vlanif30]ip add 192.168.30.1 24
[RSW1-Vlanif30]int vlanif 50
[RSW1-Vlanif50]ip add 11.0.0.2 30
[RSW1-Vlanif50]q
[RSW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
R1:
<Huawei>sys
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 30
[R1-GigabitEthernet0/0/0]un sh
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 201.0.0.1 30
[R1-GigabitEthernet0/0/1]un sh
[R1-GigabitEthernet0/0/1]q
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2
[R1]ip route-static 192.168.30.0 24 11.0.0.2
[R1]ip route-static 203.0.0.0 24 201.0.0.2
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.10.0 0.0.0.255
[R1-acl-adv-3000]rule permit ip source 192.168.20.0 0.0.0.255
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3000
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 202.0.0.100 www inside 192.168.30.100 www
R2:
<Huawei>sys
[Huawei]sysname R2
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 201.0.0.2 30
[R2-GigabitEthernet0/0/1]un sh
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip add 203.0.0.1 24
[R2-GigabitEthernet0/0/2]un sh
[R2-GigabitEthernet0/0/2]q
[R2]ip route-static 202.0.0.100 32 201.0.0.1
[R2]ip route-static 0.0.0.0 0.0.0.0 201.0.0.1
虚拟机前期环境:
进入虚拟机,设置:【1】Web服务器(IP:192.168.30.100/24);【2】Samba,NFS服务器(IP:192.168.30.10/24);【3】DNS服务器(IP:203.0.0.2/24);【4】公司外网服务器(IP:203.0.0.3/24)。四台服务器均设置:防火墙、核心防护关闭,yum环境配置,光盘永久挂载。
【1】Web服务器访问共享目录(http)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
【访问共享目录】
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# yum -y install rpcbind
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# showmount -e 192.168.30.10 ##查看服务器共享的目录##
Export list for 192.168.30.10:
/opt/www 192.168.30.0/24
[root@localhost ~]# mkdir -p /var/www/html ##客户机上创建共享文件挂载的目录##
[root@localhost ~]# mount 192.168.30.10:/opt/www /var/www/html/ ##手动挂载共享目录##
[root@localhost ~]# vi /etc/fstab ###设置自动挂载,重启生效###
【2】Samba、NFS服务器
【发布NFS共享服务】
[root@promote ~]# yum -y install nfs-utils rpcbind ##安装所需工具##
[root@promote ~]# systemctl enable nfs
[root@promote ~]# systemctl enable rpcbind
[root@promote ~]# mkdir -p /opt/www ##创建共享目录##
[root@promote ~]# vi /etc/exports ##将共享目录放进此文件内,相当于永久挂载##
[root@promote ~]# systemctl start rpcbind
[root@promote ~]# systemctl start nfs
[root@promote ~]# showmount -e ##查看本机共享的目录##
Export list for promote.cache-dns.local:
/opt/www 192.168.30.0/24
【Samba服务器】
[root@promote samba]# cd /opt
[root@promote opt]# mkdir t1 t2 ##创建t1、t2目录##
[root@promote opt]# ll
total 0
drwxr-xr-x. 2 root root 6 Oct 31 2018 rh
drwxr-xr-x 2 root root 6 Aug 7 15:04 t1
drwxr-xr-x 2 root root 6 Aug 7 15:04 t2
drwxr-xr-x 2 root root 6 Aug 7 13:57 www
[root@promote opt]# useradd t1 ##创建t1##
[root@promote opt]# useradd t2 ##创建t2##
[root@promote opt]# useradd tom ##创建tom子账户##
[root@promote opt]# useradd jack ##创建jack子账户##
[root@promote opt]# chown t1:tomt1 ##将t1目录的属主改为t1属组改为tom##
[root@promote opt]# chown t2:jack t2 ##将t2目录的属主改为t2属组改为jack##
[root@promote opt]# ll
total 0
drwxr-xr-x. 2 root root 6 Oct 31 2018 rh
drwxr-xr-x 2 t1 tom 6 Aug 8 20:10 t1
drwxr-xr-x 2 t2 jack 6 Aug 8 20:10 t2
drwxr-xr-x 2 root root 6 Nov 5 2018 www
[root@promote opt]#chmod 740 /opt/t1 ##修改t1目录权限##
[root@promote opt]# chmod 740 /opt/t2 ##修改t2目录权限##
[root@promote opt]# ll
total 0
drwxr-xr-x. 2 root root 6 Oct 31 2018 rh
drwxr----- 2 tom t1 6 Aug 8 20:10 t1
drwxr----- 2 jack t2 6 Aug 8 20:10 t2
drwxr-xr-x 2 root root 6 Nov 5 2018 www
[root@promote opt]# cd /etc/samba
[root@promote samba]# ll
total 20
-rw-r--r--. 1 root root 20 Oct 31 2018 lmhosts
-rw-r--r--. 1 root root 706 Oct 31 2018 smb.conf
-rw-r--r--. 1 root root 11327 Oct 31 2018 smb.conf.example
[root@promote samba]# grep -v '^#|^$|^;' smb.conf > smb.conf1
##过滤#号开头的行 然后保存为smb.conf1文件##
[root@promote samba]# grep -v "^$" smb.conf1 > smb.conf2
##过滤空行 然后保存为smb.conf2文件##
[root@promote samba]# grep -v "^;" smb.conf2 > smb.conf3
##过滤;然后保存为smb.conf3文件##
[root@promote samba]# ll
total 32
-rw-r--r--. 1 root root 20 Oct 31 2018 lmhosts
-rw-r--r--. 1 root root 706 Oct 31 2018 smb.conf
-rw-r--r-- 1 root root 706 Aug 8 20:17 smb.conf1
-rw-r--r-- 1 root root 700 Aug 8 20:17 smb.conf2
-rw-r--r-- 1 root root 700 Aug 8 20:18 smb.conf3
-rw-r--r--. 1 root root 11327 Oct 31 2018 smb.conf.example
[root@promote samba]# mv smb.conf smb.conf.2020.08.07bak
##备份原来是smb文件,必须有时间有提示(线网操作格式)##
[root@promote samba]# mv smb.conf3 smb.conf
##将过滤号的配置文件 命名为smb.conf##
[root@promote samba]# vi smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[t1]
path = /opt/t1
browseable=yes ##用户可以访问##
create mask=0644
directory mask=0755
valid users = tom
[t2]
path = /opt/t2
browseable=yes ##用户可以访问##
create mask=0644
directory mask=0755
valid users = jack
[root@promote samba]# systemctl start smb
【3】DNS服务器
[root@localhost yum.repos.d]# yum -y install bind
[root@localhost ~]# yum -y install bind-chroot
[root@localhost ~]# vi /etc/named.conf
options {
listen-on port 53 { 203.0.0.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
[root@localhost ~]# vi /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
};
zone "51xit.top" IN {
type master;
file "51xit.top.zone";
};
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
total 16
drwxr-x--- 7 root named 61 Aug 7 20:57 chroot
drwxrwx--- 2 named named 6 Oct 31 2018 data
drwxrwx--- 2 named named 6 Oct 31 2018 dynamic
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Oct 31 2018 slaves
[root@localhost named]# cp named.localhost kgc.com.zone
[root@localhost named]# cp named.localhost 51xit.top.zone
[root@localhost named]# vi kgc.com.zone
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 203.0.0.3
www IN A 203.0.0.3
[root@localhost named]# vi 51xit.top.zone
$TTL 1D
@ IN SOA 51xit.top admin.51xit.top. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS 51xit.top.
A 202.0.0.100
www IN A 202.0.0.100
[root@localhost named]# chown named:named /var/named/kgc.com.zone
[root@localhost named]# chown named:named /var/named/51xit.top.zone
[root@localhost named]# ll
total 24
-rw-r----- 1 named named 175 Aug 7 21:16 51xit.top.zone
drwxr-x--- 7 root named 61 Aug 7 20:57 chroot
drwxrwx--- 2 named named 6 Oct 31 2018 data
drwxrwx--- 2 named named 6 Oct 31 2018 dynamic
-rw-r----- 1 named named 168 Aug 7 21:13 kgc.com.zone
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Oct 31 2018 slaves
[root@localhost named]# systemctl restart named
【4】公司外网服务器
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
【网络访问测试】
【Web服务器能够访问外网服务器】
【测试外网服务器】
【外网服务器能够访问www.51xit.top(公司Web服务器)】
【DNS域名解析测试】
【连通性测试】
eNSP中,网络已配置好。虚拟机中,登录Web服务器,ping公司外网服务器:
登录Samba、NFS服务器,ping公司外网服务器:
【Samba服务器共享测试】
在真机中进行测试,需要将真机的VM1网卡的地址改为与Samba服务器同网段的地址,在真机中进入运行框按“windows键+R键”即可调出,输入“\192.168.30.10”,查看共享目录。
此时需要给这两个文件的属主tom和jack设置密码,进入虚拟机【2】Samba服务器
【此次项目试验需要注意的问题】
一、在eNSP中,网络已配置好,但是用团队1的PC机ping外网服务器ping不通,通过排查问题,最终找到问题所在:绑定的网卡实际上应该是VM2网卡,实验中绑定的是NAT,所以存在ping不通的情况。同样,虚拟机中,对应的此外网服务器也应绑定VM2网卡。
二、在DNS服务器中进行安装bind时,提示“有另一个应用程序目前持有yum锁”,无法正常安装,可能因为搭建yum环境时出现问题,现在针对此问题进行解决。
解决方法:
①cd /etc/yum.repos.d/
②rm -rf local.repo
③cp backup/CentOS-Base.repo local.repo
④vi local.repo
⑤rm -rf /var/run/yum.pid ##强行解除锁定##
⑥yum clean all
⑦yum makecache,然后就可以正常安装了。
