红帽企业版网络配置--centos7配置DHCP DNS绑定域名 FTP HTTP samba

目录

• 简介
• 环境
• • docker
  • vmware
  • 云服务
  • 主机
• 如果会写shell脚本可以直接把以下代码加以修改
• DHCP
• • • • 分配固定ip则在之前的配置文件之后增加以下内容
      • 客户端设置为dhcp启动 （此验证是在centos7)
• DNS
• • • • 配置文件
      • 解析
      • 再次配置
      • test（使用客户端）
• HTTP
• FTP
• • • • 配置
• samba
• • • • 为了方便使用centos7（一样的镜像当客户端测试）

简介

我太懒了 所以等待有缘人帮我写

环境 docker vmware

这边我选择使用vmware演示 实际上docker 更为合适

云服务 主机 如果会写shell脚本可以直接把以下代码加以修改

要注意ip 客户端id 端口 网关一类个人本地配置

DHCP

配置网络可以看这里

yum -y install dhcp #下载服务
vim /etc/dhcp/dhcpd.conf 

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
ddns-update-style none;
log-facility local7;
​
subnet 192.168.125.0 netmask 255.255.255.0 {     # 管理192.168.125.0/24子网
    range 192.168.125.50 192.168.125.250;       # ip地址的分配范围
    option routers 192.168.125.254;               # 网关地址
    option domain-name-servers 192.168.125.254;   # 域名服务器地址
    option broadcast-address 192.168.125.255;     # 广播地址
    default-lease-time 600;                       # 默认超时时间
    max-lease-time 7200;                          # 最大超时时间
}

分配固定ip则在之前的配置文件之后增加以下内容

host 自定义主机名 {                                # 指定要固定的主机
     hardware ethernet （这里写mac地址）;    # 指定主机的mac地址
     fixed-address 192.168.125.（选择固定范围不能在之前规定的50到250）;           # 指定要分配的ip地址（此处的ip地址不能再range的范围内）
}

systemctl enable dhcpd.service           # 设置dhcp服务开机自启
systemctl start dhcpd.service            # 设置dhcp服务开启
systemctl restart dhcpd.service 				# 重启服务

客户端设置为dhcp启动 （此验证是在centos7)

vi /etc/svsconfig/network-scripts/ifcfg-ens33
DEVICE=ens33
ONBOOT=yes
BOOTPROTO=dhcp

DNS 配置文件

yum install -y bind bind-chroot
vi /etc/named.conf 

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
    listen-on port 53 { any; };            
    
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };             
    
    
    recursion yes;
    dnssec-enable yes;
    dnssec-validation no;              
    
    bindkeys-file "/etc/named.root.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
    type hint;
    file "named.ca";
};
include "/etc/named.125.zones";       
include "/etc/named.root.key";

vi /etc/named.125.zones

zone "rhel.com" IN {                        # 正向解析
    type master;
    file "rhel.com.zone";
    allow-update {none;};
};

zone "125.168.192.in-addr.arpa" IN {        # 反向解析  这注释不要写进去
    type master;
    file "192.168.125.loopback";
    allow-update {none;};
};

解析

cp /var/named/named.localhost /var/named/rhel.com.zone   # 正向解析清单
vim /var/named/rhel.com.zone

$TTL 1D
@   IN SOA  @ root.rhel.com. (                         # 指定为rhel.com域   注释不要写进去
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum

@ IN NS server.rhel.com                                # 指定DNS解析服务器的地址
server IN A 192.168.125.20                             # A类解析，从域名解析到ipv4地址

cp /var/named/named.loopback /var/named/192.168.125.loopback  # 反向解析清单
vim /var/named/192.168.125.loopback

$TTL 1D
@   IN SOA  @ root.rhel.com. (                         # 指定为rhel.com域
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
@ IN NS server.rhel.com                                # 指定DNS解析服务器的地址
20  IN PTR server.rhel.com.                            # PTR类解析，从ip反向解析为域名
25  IN PTR client.rhel.com.
100 IN PTR windows.rhel.com.

再次配置

firewall-cmd --add-service=dns --permanent    				# 防火墙放行dns的服务器访问
firewall-cmd --reload
chown :named /var/named/192.168.125.loopback
chown :named /var/named/rhel.com.zone 
chown :named /etc/named.125.zones
systemctl enable named
systemctl start named
vim /etc/resolv.conf

# Generated by NetworkManager
nameserver 192.168.125.20
nameserver 192.168.125.254

test（使用客户端）

nslookup
> server
> exit

dig windows.rhel.com

HTTP

yum install -y httpd
systemctl enable httpd
systemctl start httpd
firewall-cmd --add-service=http --permanent 
firewall-cmd --reload 
vim /var/www/html/index.html      # 写一个html页面 

mkdir /var/www/html/server
vim /var/www/html/server/index.html #自己写
mkdir /var/www/html/test
touch /var/www/html/test/1.html
vim /etc/httpd/conf.d/vhost.conf          # 虚拟站点配置

                              # 绑定的ip地址
    DocumentRoot /var/www/html/server                      # 网站的根目录
    ServerName server.rhel.com                             # 访问的时候填写的域名



    AllowOverride None
    Order deny,allow                                       # 默认允许所有客户端访问
    deny from 192.168.125.100                              # 禁止192.168.125.100主机访问



    DocumentRoot /var/www/html
    ServerName 192.168.125.20                              # 当使用ip 的方式进行访问


Alias /hello "/var/www/html/test"                          # 将原本应该是192.168.125.20/test通过虚拟目录的方式，修改了192.168.125.20/hello

    AllowOverride None
    Order deny,allow

FTP

yum install -y vsftpd                      # ftp的服务端
																		# 客户端
# redhat
yum install -y  ftp
# debian
sudo apt-get -y ftp
# window
从设置里面添加服务

配置

firewall-cmd --add-service=ftp --permanent 
firewall-cmd --reload 
systemctl start vsftpd
touch /var/ftp/pub/test.txt
vim /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
anon_root=/var/www/html                              # 匿名用户登录ftp默认显示的位置（需要处理一下selinux）
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

samba

yum install samba -y
cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
echo > /etc/samba/smb.conf
vim /etc/samba/smb.conf

[public]                                 # 共享名

    comment=public                       # 备注信息

    path=/public                         # 共享的目录（绝对路径）

    public=yes                           # 是否允许匿名访问

    writable=yes                         # 是否可以有写入的操作（还有文件本身的权限要考虑）

#   valid users=smbuser                  # 设置可以使用此共享的用户

#   hosts allow=192.168.125.             # 允许来自192.168.125.0网络的用户访问

#   hosts deny=192.168.125.50            # 不允许来自192.168.125.50网络的用户访问

firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
setenforce 0
systemctl start smb
mkdir /public
useradd smbuser
smbpasswd -a smbuser
chown smbuser:smbuser /public

为了方便使用centos7（一样的镜像当客户端测试）

 yum install -y samba-client cifs-utils
 smbclient //192.168.125.20/public
 Enter SAMBAroot's password: 

Anonymous login successful

Try "help" to get a list of possible commands.

smb: > ls

mkdir /mnt/samba
mount -t cifs //192.168.125.20/public /mnt/samba -o username=smbuser

Password for smbuser@//192.168.125.20/public:  *******