Router> enable
Router# configure terminal
Router(config)#hostname RTR-L
RTR-L(config)#interface e0/1
RTR-L(config-if)#ip address 4.4.4.100 255.255.255.0
RTR-L(config-if)#no shutdown
RTR-L(config-if)#ip nat outside
RTR-L(config-if)#exit
RTR-L(config)#interface e0/0
RTR-L(config-if)#ip address 192.168.100.254 255.255.255.0
RTR-L(config-if)#no shutdown
RTR-L(config-if)#ip nat inside
RTR-L(config-if)#exit
RTR-L(config)#interface tunnel 1
RTR-L(config-if)#ip address 10.10.10.1 255.255.255.252
RTR-L(config-if)#tunnel destination 5.5.5.100
RTR-L(config-if)#tunnel source e0/1
RTR-L(config-if)#exit
RTR-L(config)#ip route 0.0.0.0 0.0.0.0 4.4.4.1
RTR-L(config)#router ospf 1
RTR-L(config-router)#router-id 4.4.4.100
RTR-L(config-router)#network 192.168.100.0 0.0.0.255 area 1
RTR-L(config-router)#netowrk 10.10.10.0 0.0.0.3 area 0
RTR-L(config-router)#passive-interface e0/0
RTR-L(config-router)#exit
RTR-L(config)#ntp server 192.168.100.200
RTR-L(config)#crypto isakmp policy 1
RTR-L(config-isakmp)#encryption aes 128
RTR-L(config-isakmp)#authentication pre-share
RTR-L(config-isakmp)#hash sha256
RTR-L(config-isakmp)#group 5
RTR-L(config-isakmp)#exit
RTR-L(config)#crypto isakmp key 12345 address 5.5.5.100
RTR-L(config)#crypto ipsec transform-set TS esp-aes esp-sha256-hmac
RTR-L(config-trans)#mode tunnel
RTR-L(config-trans)#exit
RTR-L(config)#crypto ipsec profile VPN
RTR-L(config-profile)#set transform-set TS
RTR-L(config-profile)#exit
RTR-L(config)#interface tunnel 1
RTR-L(config-if)#tunnel protection ipsec profile VPN
RTR-L(config-if)#exit
RTR-L(config)#access-list 1 permit 192.168.100.0 0.0.0.255
RTR-L(config)#ip nat inside source list 1 interface e0/1 overload
RTR-L(config)#ip nat inside source static tcp 192.168.100.100 22 4.4.4.100 2222 extendable
RTR-L(config)#ip nat inside source static tcp 192.168.100.200 53 4.4.4.100 53 extendable
RTR-L(config)#ip nat inside source static udp 192.168.100.200 53 4.4.4.100 53 extendable
RTR-L(config)#no ip http server
RTR-L(config)#ip nat inside source static tcp 192.168.100.100 5000 4.4.4.100 80 extendable
RTR-L(config)#ip nat inside source static tcp 192.168.100.100 5000 4.4.4.100 443 extendable
RTR-L(config)#ip access-list extended SERVICES
RTR-L(config-ext-nacl)#permit gre any any
RTR-L(config-ext-nacl)#permit esp any any
RTR-L(config-ext-nacl)#permit icmp any any
RTR-L(config-ext-nacl)#permit ospf any any
RTR-L(config-ext-nacl)#permit tcp any host 4.4.4.100 eq 53 www 443 2222
RTR-L(config-ext-nacl)#permit udp any host 4.4.4.100 eq 53
RTR-L(config-ext-nacl)#permit tcp any eq 53 host 4.4.4.100
RTR-L(config-ext-nacl)#permit udp any eq 53 123 host 4.4.4.100
RTR-L(config-ext-nacl)#permit udp any eq 500 any eq 500
RTR-L(config-ext-nacl)#exit
RTR-L(config)#interface e0/1
RTR-L(config-if)#ip access-group SERVICES in
RTR-L(config-if)#exit
RTR-L(config)#ip domain name int.demo.wsr
RTR-L(config)#ip name-server 192.168.100.200
RTR-L(config)#do wr
Router> enable
Router# configure terminal
Router(config)#hostname RTR-R
RTR-R(config)#interface e0/1
RTR-R(config-if)#ip address 5.5.5.100 255.255.255.0
RTR-R(config-if)#no shutdown
RTR-R(config-if)#ip nat outside
RTR-R(config-if)#exit
RTR-R(config)#interface e0/0
RTR-R(config-if)#ip address 172.16.100.254 255.255.255.0
RTR-R(config-if)#no shutdown
RTR-R(config-if)#ip nat inside
RTR-R(config-if)#exit
RTR-R(config)#interface tunnel 1
RTR-R(config-if)#ip address 10.10.10.2 255.255.255.252
RTR-R(config-if)#tunnel destination 4.4.4.100
RTR-R(config-if)#tunnel source e0/1
RTR-R(config-if)#exit
RTR-R(config)#ip route 0.0.0.0 0.0.0.0 5.5.5.1
RTR-R(config)#router ospf 1
RTR-R(config-router)#router-id 5.5.5.100
RTR-R(config-router)#network 172.16.100.0 0.0.0.255 area 2
RTR-R(config-router)#netowrk 10.10.10.0 0.0.0.3 area 0
RTR-R(config-router)#passive-interface e0/0
RTR-R(config-router)#exit
RTR-R(config)#ntp server 192.168.100.200
RTR-R(config)#crypto isakmp policy 1
RTR-R(config-isakmp)#encryption aes 128
RTR-R(config-isakmp)#authentication pre-share
RTR-R(config-isakmp)#hash sha256
RTR-R(config-isakmp)#group 5
RTR-R(config-isakmp)#exit
RTR-R(config)#crypto isakmp key 12345 address 4.4.4.100
RTR-R(config)#crypto ipsec transform-set TS esp-aes esp-sha256-hmac
RTR-R(config-trans)#mode tunnel
RTR-R(config-trans)#exit
RTR-R(config)#crypto ipsec profile VPN
RTR-R(config-profile)#set transform-set TS
RTR-R(config-profile)#exit
RTR-R(config)#interface tunnel 1
RTR-R(config-if)#tunnel protection ipsec profile VPN
RTR-R(config-if)#exit
RTR-R(config)#access-list 1 permit 172.16.100.0 0.0.0.255
RTR-R(config)#ip nat inside source list 1 interface e0/1 overload
RTR-R(config)#ip nat inside source static tcp 172.16.100.100 22 5.5.5.100 2244 extendable
RTR-R(config)#no ip http server
RTR-R(config)#ip nat inside source static tcp 172.16.100.100 5000 5.5.5.100 80 extendable
RTR-R(config)#ip nat inside source static tcp 172.16.100.100 5000 5.5.5.100 443 extendable
RTR-R(config)#ip access-list extended SERVICES
RTR-R(config-ext-nacl)#permit gre any any
RTR-R(config-ext-nacl)#permit esp any any
RTR-R(config-ext-nacl)#permit icmp any any
RTR-R(config-ext-nacl)#permit ospf any any
RTR-R(config-ext-nacl)#permit tcp any host 5.5.5.100 eq www 443 2244
RTR-R(config-ext-nacl)#permit udp any eq 500 any eq 500
RTR-R(config-ext-nacl)#exit
RTR-R(config)#interface e0/1
RTR-R(config-if)#ip access-group SERVICES in
RTR-R(config-if)#exit
RTR-R(config)#ip domain name int.demo.wsr
RTR-R(config)#ip name-server 192.168.100.200
RTR-R(config)#do wr
Login: root
Password: toor
#echo "ISP" > /etc/hostname && reboot
#vim /etc/network/interfaces
{press i}
auto ens3
auto ens4
auto ens5
iface ens3 inet static
address 3.3.3.1
netmask 255.255.255.0
dns-nameservers 127.0.0.1
iface ens4 inet static
address 4.4.4.1
netmask 255.255.255.0
iface ens5 inet static
address 5.5.5.1
netmask 255.255.255.0
{press Esc}
:wq
#echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
#reboot
#vim /etc/bind/named.conf.options
изменяем:
dnssec-validation auto; -> dnssec-validation no;
{press Esc}
:wq
#vim /etc/bind/named.conf.local
zone "demo.wsr" {
type master;
file "/etc/bind/db.demo.wsr";
allow-query { any; };
allow-transfer { 4.4.4.100; };
};
{press Esc}
:wq
#cp /etc/bind/db.empty /etc/bind/db.demo.wsr
#vim /etc/bind/db.demo.wsr
->
$TTL 86400 | $TTL 86400
@ IN SOA localhost. root.localhost. ( | @ IN SOA demo.wsr. root.demo.wsr. (
1 ; Serial | 1 ; Serial
604800 ; Refresh | 604800 ; Refresh
86400 ; Retry | 86400 ; Retry
2419200 ; Expire | 2419200 ; Expire
86400 ) ; Negative Cache TTL | 86400 ; Negative Cache TTL
; | )
@ IN NS localhost. | ;
| @ IN NS isp
| int IN NS srv.int
|
| srv.int IN A 4.4.4.100
| isp IN A 3.3.3.1
| www IN A 3.3.3.1 [ЕСЛИ НАСТРОЕН NGINX!!]
| www IN A 4.4.4.100
| www IN A 5.5.5.100
| internet IN CNAME isp
{press Esc}
:wq
#systemctl restart {bind9 or named}
#vim /etc/chrony/chrony.conf
Удаляем все записи peer, pool, server и добавляем:
server 127.0.0.1 iburst trust
local stratum 4
allow 4.4.4.100
allow 3.3.3.10
{press Esc}
:wq
#systemctl restart {chrony or chronyd}
#cp /etc/nginx/sites-available/default /etc/nginx/sites-available/demo.wsr
#vim /etc/nginx/sites-available/demo.wsr
изменяем:
upstream www.demo.wsr {
server 4.4.4.100:80 max_fails=2 fail_timeout=10s;
server 5.5.5.100:80 max_fails=2 fail_timeout=10s;
}
server {
listen 80;
server_name www.demo.wsr;
location / {
proxy_pass http://www.demo.wsr;
}
}
{press Esc}
:wq
#ln -s /etc/nginx/sites-available/demo.wsr /etc/nginx/sites-enable/demo.wsr
#nginx -t
#systemctl restart nginx
Запускаем PowerShell(от имени Администратора):
Install-WindowsFeature -Name DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -Name "int.demo.wsr" -ZoneFile "int.demo.wsr.dns"
Add-DnsServerPrimaryZone -NetworkId 192.168.100.0/24 -ZoneFile "int.demo.wsr.dns"
Add-DnsServerPrimaryZone -NetworkId 172.16.100.0/24 -ZoneFile "int.demo.wsr.dns"
Add-DnsServerForwarder -IPAddress 3.3.3.1
Set-DnsServerRecursion -Enable $true
Add-DnsServerResourceRecordA -Name "web-l" -ZoneName "int.demo.wsr" -AllowUpdateAny -IPv4Address "192.168.100.100" -CreatePtr
Add-DnsServerResourceRecordA -Name "web-r" -ZoneName "int.demo.wsr" -AllowUpdateAny -IPv4Address "172.16.100.100" -CreatePtr
Add-DnsServerResourceRecordA -Name "srv" -ZoneName "int.demo.wsr" -AllowUpdateAny -IPv4Address "192.168.100.200" -CreatePtr
Add-DnsServerResourceRecordA -Name "rtr-l" -ZoneName "int.demo.wsr" -AllowUpdateAny -IPv4Address "192.168.100.254" -CreatePtr
Add-DnsServerResourceRecordA -Name "rtr-r" -ZoneName "int.demo.wsr" -AllowUpdateAny -IPv4Address "172.16.100.254" -CreatePtr
Add-DnsServerResourceRecordCName -Name "webapp1" -HostNameAlias "web-l.int.demo.wsr" -ZoneName "int.demo.wsr"
Add-DnsServerResourceRecordCName -Name "webapp2" -HostNameAlias "web-r.int.demo.wsr" -ZoneName "int.demo.wsr"
Add-DnsServerResourceRecordCName -Name "ntp" -HostNameAlias "srv.int.demo.wsr" -ZoneName "int.demo.wsr"
Add-DnsServerResourceRecordCName -Name "dns" -HostNameAlias "srv.int.demo.wsr" -ZoneName "int.demo.wsr"
[PowerShell]
New-NetFirewallRule -DisplayName "NTP" -Direction Inbound -LocalPort 123 -Protocol UDP -Action Allow
Start-Service W32Time
w32tm /config /manualpeerlist:4.4.4.1 /syncfromflags:manual /reliable:yes /update
Restart-Service W32Time
w32tm /resync
Заходим в Disk Management(ПКМ по Пуску)
Переводим 2 диска в состояне online
Инициализировать диски
Преобразовать в Dynamic
Создать Mirrored
В Демонстрационном экзамене возможно будет 2 варианта удаленного хранилища: iSCSI или SMB
[Короче, сами найдете.]
login: root
Password: toor
#echo "WEB-L" > /etc/hostname && reboot
#vim /etc/network/interfaces
auto ens3
iface ens3 inet static
address 192.168.100.100
netmask 255.255.255.0
dns-nameservers 192.168.100.200
gateway 192.168.100.254
{press Esc}
:wq
#reboot
#mount -o loop /dev/cdrom /media/cdrom
#docker image load -i /media/cdrom/appdocker0.zip
#docker run -p 5000:5000 -d appdocker0:latest
#vim /etc/chrony/chrony.conf
Удаляем все записи peer, pool, server и добавляем:
server 192.168.100.200 iburst
{press Esc}
:wq
#vim /root/.smb
username=Administrator
password=P@ssw0rd
{press Esc}
:wq
#mkdir /opt/share
#vim /etc/fstab
Добавляем:
//192.168.100.200/shares /opt/share cifs user,rw,_netdev,credentials=/root/.smb 0 0
{press Esc}
:wq
[Короче, сами найдете.]
login: root
Password: toor
#echo "WEB-R" > /etc/hostname && reboot
#vim /etc/network/interfaces
auto ens3
iface ens3 inet static
address 172.16.100.100
netmask 255.255.255.0
dns-nameservers 192.168.100.200
gateway 172.16.100.254
{press Esc}
:wq
#reboot
#mount -o loop /dev/cdrom /media/cdrom
#docker image load -i /media/cdrom/appdocker0.zip
#docker run -p 5000:5000 -d appdocker0:latest
#vim /etc/chrony/chrony.conf
Удаляем все записи peer, pool, server и добавляем:
server 192.168.100.200 iburst
{press Esc}
:wq
#systemctl restart chronyd
#vim /root/.smb
username=Administrator
password=P@ssw0rd
{press Esc}
:wq
#mkdir /opt/share
#vim /etc/fstab
Добавляем:
//192.168.100.200/shares /opt/share cifs user,rw,_netdev,credentials=/root/.smb 0 0
{press Esc}
:wq
[Короче, сами найдете.]
[Короче, сами найдете.]