Duangw

out-server

操作系统版本:Slackware 11.0

 

1 硬件

配置1块网卡,映射到/dev/vmnet9。

 

2 安装基础系统

只安装a/目录下的软件包,采用expert模式,全部安装。

配置lilo,安装在MBR中。

 

3 安装库文件

 

4 安装基本网络包

 

5 安装nfs包

 

6 安装网络服务器

 

7 配置网络

执行netconfig配置网络:

# netconfig

IP地址:172.18.0.20/24

 

8 安装补丁

使用nfs从develop获取更新包:

# mount -t nfs -o nolock 172.18.0.250:/newpkg /mnt
# cd /mnt/packages
# upgradepkg *.tgz
# umount /mnt

 

9 防火墙配置

有关各个iptables脚本的详细内容见:Iptables脚本

这里使用服务器脚本rc.iptables-server.ref,使用nfs从develop获取:

# mount -t nfs -o nolock 172.18.0.250:/newpkg /mnt
# cd /etc/rc.d
# cp /newpkg/rc.iptables-server.ref rc.iptables
# chmod a+x rc.iptables

修改/etc/rc.d/rc.S文件,把/newpkg/rc.S.ref模板内容粘贴到rc.S的末尾。

# umount /mnt

修改/etc/rc.d/rc.iptables脚本,去掉相关注释,使得:

 

10 设置内核参数

有关脚本的详细内容见:Sysctl脚本

# mount -t nfs -o nolock 172.18.0.250:/newpkg /mnt
# cd /etc/rc.d
# cp /newpkg/rc.sysctl.ref rc.sysctl
# chmod a+x rc.sysctl

编辑/etc/rc.d/rc.M,把/newpkg/rc.M.ref模板内容粘贴到rc.inet2的前面。

# umount /mnt

 

11 配置httpd

启动apache:

# chmod a+x /etc/rc.d/rc.httpd

启用mod_ssl,编辑/etc/apache/httpd.conf,取消如下注释:

#Include /etc/apache/mod_ssl.conf

编辑/etc/rc.d/rc.httpd,

将:
    /usr/sbin/apachectl start ;;
改为:
    /usr/sbin/apachectl startssl ;;

配置证书,这里仅仅作为测试,所以直接使用了现有的证书:

# cd /etc/apache/ssl.crt
# cp server.crt server.crt.bak
# cp snakeoil-rsa.crt server.crt
# cd /etc/apache/ssl.key
# cp server.key server.key.bak
# cp snakeoil-rsa.key server.key

修改/etc/rc.d/rc.iptables脚本,去掉相关注释,使得:

 

12 配置vsftpd

编辑/etc/inetd.conf, 打开vsftp,同时关闭其他打开的服务。

修改/etc/rc.d/rc.iptables脚本,去掉相关注释,使得:

 

13 配置域名服务bind

out-server作为outer.net、copyleft.net、other.net的主域服务器。

13.1 主配置

编辑/etc/named.conf,增加各个正向和反向解析zone,其余内容不变:

...
zone "outer.net" IN {
        type master;
        file "outer.zone";
};

zone "copyleft.net" IN {
        type master;
        file "copyleft.zone";
};

zone "other.net" IN {
        type master;
        file "other.zone";
};

zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "outer.172.16.0";
};

zone "0.17.172.in-addr.arpa" IN {
        type master;
        file "outer.172.17.0";
};

zone "0.18.172.in-addr.arpa" IN {
        type master;
        file "outer.172.18.0";
};
zone "1.31.172.in-addr.arpa" IN {
        type master;
        file "outer.172.31.1";
};
...

13.2 正向解析

(1).创建正向解析文件/var/named/outer.zone:

$TTL    86400
$ORIGIN outer.net.
@               IN SOA outer.net.       root.outer.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

out-server1     IN      A       172.18.0.20
out-server2     IN      A       172.18.0.30
out-server3     IN      A       172.18.0.40

router          IN      A       172.16.0.1
router          IN      A       172.17.0.1
router          IN      A       172.18.0.1
router          IN      A       172.31.1.1

www             IN      CNAME   out-server1
ftp             IN      CNAME   out-server1
dns             IN      CNAME   out-server1

其中:

$TTL定义一个通用的TTL变量。

$ORIGIN指出该文件的记录适用的域,注意outer.net后面的小数点(.),不可缺少。

SOA后面是此区域的授权主机和管理者邮箱,由于@是保留字,所以用(.)代替,实际邮箱是root@outer.net,注意不要少了小数点(.)。

SOA的设置内容在主域服务器和从域服务器之间复制的参数。

NS资源记录指定本地网域的域名服务器,注意该名必须是A资源记录,不能是CNAME等;不要少了小数点(.);否则在home-gate/away-gate等缓存服务器配置时会运行不正常!!!

后面就是具体的A资源记录和CNAME资源记录。

(2).创建正向解析文件/var/named/copyleft.zone:

$TTL    86400
$ORIGIN copyleft.net.
@               IN SOA copyleft.net.    root.copyleft.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

out-server1.outer.net.  IN      A       172.18.0.20

home-gate       IN      A       172.16.0.10
away-gate       IN      A       172.17.0.10

home            IN      CNAME   home-gate
gate.home       IN      CNAME   home-gate
server.home     IN      CNAME   home-gate
www.home        IN      CNAME   home-gate
ftp.home        IN      CNAME   home-gate
www             IN      CNAME   home-gate
ftp             IN      CNAME   home-gate

away            IN      CNAME   away-gate
gate.away       IN      CNAME   away-gate
server.away     IN      CNAME   away-gate
www.away        IN      CNAME   away-gate
ftp.away        IN      CNAME   away-gate

(3).创建正向解析文件/var/named/other.zone:

$TTL    86400
$ORIGIN other.net.
@               IN SOA other.net.       root.other.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

out-server1.outer.net.  IN      A       172.18.0.20

other-gate      IN      A       172.18.0.10

other           IN      CNAME   other-gate
gate.other      IN      CNAME   other-gate
server.other    IN      CNAME   other-gate
www.other       IN      CNAME   other-gate
ftp.other       IN      CNAME   other-gate
www             IN      CNAME   other-gate
ftp             IN      CNAME   other-gate

13.3 反向解析

(1).创建反向解析文件/var/named/outer.172.16.0:

$TTL    86400
@               IN SOA outer.net.       root.outer.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

1               IN      PTR     router.outer.net.
10              IN      PTR     home-gate.copyleft.net.

注意末尾的小数点(.)。

(2).创建反向解析文件/var/named/outer.172.17.0:

$TTL    86400
@               IN SOA outer.net.       root.outer.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

1               IN      PTR     router.outer.net.
10              IN      PTR     away-gate.copyleft.net.

(3).创建反向解析文件/var/named/outer.172.18.0:

$TTL    86400
@               IN SOA outer.net.       root.outer.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

1               IN      PTR     router.outer.net.
10              IN      PTR     other-gate.other.net.
20              IN      PTR     out-server1.outer.net.
30              IN      PTR     out-server2.outer.net.
40              IN      PTR     out-server3.outer.net.

(4).创建反向解析文件/var/named/outer.172.31.1:

$TTL    86400
@               IN SOA outer.net.       root.outer.net. (
                                2007061000      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum

                IN NS   out-server1.outer.net.

1               IN      PTR     router.outer.net.

13.4 其他设置

启动bind服务:

# cd /ec/rc.d/
# chmod a+x rc.bind

编辑/etc/rc.d/rc.iptables,允许DNS查询:

# dns
iptables -A INPUT -p udp --dport domain -m state --state NEW -j ACCEPT