IPsec搭建(预共享密钥)---Centos部署服务器

本文操作经过实验认证，目前我正在使用的VPS的方案

任何服务器都绝对不能直接暴露在外网上，会被别人攻击，在公司的话整个网络就直接瘫痪了

最后会进行端口映射及防火墙的相关操作

CentOS 7

让修改后的sysctl.conf生效：

有可以报一些关于ipv6的error，不要管它，继续下一步

如何只有红框内这种报错，可以忽略！

如果有failed，就无法进行下去，那需要自己去百度、google找答案吧，我搭建的时候是没有遇到，记得把selinux关掉。

格式如下：

此设置表示，账户为admin，密码为123，可以在任何可以上网的客机上登陆此服务器。

安装防火墙

配置防火墙

重启电脑即服务器就配置完成了，客户端电脑请看我的WINDOWS客户端配置

外网路由器请自己映射好500、4500、1701，这样才可以正常使用

思科交换机映射举例

本人的经验分享，希望可以帮助到你们,如何不对的地方，可以评论留言，帮我指正一下，如果帮助了你，请给我点个赞吧

dhcp是动态主机配置协议，使用udp协议，主要使用udp67和udp 68号端口

1.client端会发送dhcp discover广播包

2.dhcp服务器会回应dhcp offer广播包

3.client端会发送dhcp request广播包

4.dhcp服务器发送dhcp ack广播包

[root@mini ~]# rpm -qa dhcp

[root@mini ~]# cat /etc/centos-release

CentOS release 6.9 (Final)

[root@mini ~]# uname -r

2.6.32-696.el6.i686

[root@mini ~]# uname -m

i686

[root@mini ~]# yum install -y dhcp

[root@mini ~]# rpm -qa dhcp

dhcp-4.1.1-53.P1.el6.centos.1.i686

[root@mini ~]# rpm -qc dhcp

/etc/dhcp/dhcpd.conf

/etc/dhcp/dhcpd6.conf

/etc/openldap/schema/dhcp.schema

/etc/portreserve/dhcpd

/etc/sysconfig/dhcpd

/etc/sysconfig/dhcpd6

/etc/sysconfig/dhcrelay

/etc/sysconfig/dhcrelay6

/var/lib/dhcpd/dhcpd.leases

/var/lib/dhcpd/dhcpd6.leases

[root@mini ~]# cat /etc/dhcp/dhcpd.conf

#

# DHCP Server Configuration file.

#  see /usr/share/doc/dhcp*/dhcpd.conf.sample

#  see 'man 5 dhcpd.conf'

#

查询dhcp sample文件(dhcpd.conf.sample文件为dhcp配置文件模板)

# rpm -ql dhcp

配置完成后的文件

[root@mini ~]# cat /etc/dhcp/dhcpd.conf

#

# DHCP Server Configuration file.

#  see /usr/share/doc/dhcp*/dhcpd.conf.sample

#  see 'man 5 dhcpd.conf'

#

# A slightly different configuration for an internal subnet.

subnet 172.16.1.0 netmask 255.255.255.0 {

range 172.16.1.10 172.16.1.30

option domain-name-servers mini.localdomain

option domain-name "mini.localdomain"

option routers 172.16.1.1

option broadcast-address 172.16.1.1

default-lease-time 600

max-lease-time 7200

}

查看配置是否正确

[root@mini ~]# /etc/init.d/dhcpd configtest

Syntax: OK

DHCP启动失败，并查询到如下报错信息(/var/log/messages)

Nov  6 06:37:24 mini dhcpd: No subnet declaration for eth0 (192.168.28.139).

Nov  6 06:37:24 mini dhcpd: ** Ignoring requests on eth0.  If this is not what

Nov  6 06:37:24 mini dhcpd:    you want, please write a subnet declaration

Nov  6 06:37:24 mini dhcpd:    in your dhcpd.conf file for the network segment

Nov  6 06:37:24 mini dhcpd:    to which interface eth0 is attached. **

Nov  6 06:37:24 mini dhcpd:

Nov  6 06:37:24 mini dhcpd:

Nov  6 06:37:24 mini dhcpd: Not configured to listen on any interfaces!

Nov  6 06:37:24 mini dhcpd:

Nov  6 06:37:24 mini dhcpd: This version of ISC DHCP is based on the release available

Nov  6 06:37:24 mini dhcpd: on ftp.isc.org.  Features have been added and other changes

Nov  6 06:37:24 mini dhcpd: have been made to the base software release in order to make

Nov  6 06:37:24 mini dhcpd: it work better with this distribution.

Nov  6 06:37:24 mini dhcpd:

Nov  6 06:37:24 mini dhcpd: Please report for this software via the CentOS Bugs Database:

Nov  6 06:37:24 mini dhcpd:    http://bugs.centos.org/

Nov  6 06:37:24 mini dhcpd:

Nov  6 06:37:24 mini dhcpd: exiting.

解决办法:

这是因为DHCP程序发现没有“Not configured to listen on any interfaces”，只需要配置相应的IP到目标网卡中便可以解决这个问题。

[root@mini ~]# ifconfig eth1 172.16.1.1/24

[root@mini ~]# /etc/init.d/dhcpd start

Nov  6 06:43:11 mini dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1

Nov  6 06:43:11 mini dhcpd: Copyright 2004-2010 Internet Systems Consortium.

Nov  6 06:43:11 mini dhcpd: All rights reserved.

Nov  6 06:43:11 mini dhcpd: For info, please visit https://www.isc.org/software/dhcp/

Nov  6 06:43:11 mini dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file

Nov  6 06:43:11 mini dhcpd: Wrote 0 leases to leases file.

Nov  6 06:43:11 mini dhcpd: Listening on LPF/eth1/00:0c:29:c5:2b:7e/172.16.1.0/24

Nov  6 06:43:11 mini dhcpd: Sending on  LPF/eth1/00:0c:29:c5:2b:7e/172.16.1.0/24

Nov  6 06:43:11 mini dhcpd:

Nov  6 06:43:11 mini dhcpd: No subnet declaration for eth0 (192.168.28.139).

Nov  6 06:43:11 mini dhcpd: ** Ignoring requests on eth0.  If this is not what

Nov  6 06:43:11 mini dhcpd:    you want, please write a subnet declaration

Nov  6 06:43:11 mini dhcpd:    in your dhcpd.conf file for the network segment

Nov  6 06:43:11 mini dhcpd:    to which interface eth0 is attached. **

Nov  6 06:43:11 mini dhcpd:

Nov  6 06:43:11 mini dhcpd: Sending on  Socket/fallback/fallback-net

[root@mini ~]# cat /var/lib/dhcpd/dhcpd.leases

注意：如果Linux开启了防火墙，那么需要对UDP 67和UDP 68放行。或者直接将放火墙关闭

Centos7搭建DNS服务器  ，位WEB服务器提供域名解析

1.关闭防火墙

 systemctl stop firewalld

2.配置IP地址 启动网络服务

   vim /etc/sysconfig/network-scripts/ifcfg-ens33

    systemctl start network

    ifconfig

3.挂载系统镜像

   mount /dev/cdrom /mnt/

4.编辑yum环境

   rm -rf /etc/yum.repos.d/*

   vim /etc/yum.repos.d/yum.repo

5.使用yum安装bind软件包

   yum -y install bind

 5.1 查看是否将bind软件包安装成功

   rpm -qa bind

5.2 编辑dns配置文件

   vim /etc/named.conf

   named-checkconf /etc/named.conf

   vim /var/named/huizhong.com.zone

   named-checkzone huizhong.com /var/named/huizhong.com.zone

   vim /var/named/huizhong.com.zone

   named-checkzone huizhong.com /var/named/huizhong.com.zone

6.启动dns服务

   systemctl start named

6.1查看dns运行状态

   systemctl status named

6.3 查看dns网络连接情况

   netstat -anpt | grep named

   netstat -anpu | grep named

---