Oracle Linux: Difference between revisions
No edit summary |
|||
(65 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
=Autorid= | =Autorid= | ||
---- | * Dmitri Keler A32 | ||
* | * Jevgeni Pogodin A31 | ||
* | * 2013 ITK | ||
=Oracle Linux paigaldamine= | |||
==Virtuaalmasina valmistamine== | |||
* RAM 512MB | |||
* HDD 12GB Dynamic | |||
* 2 Võrgukaarti | |||
** eth0 - NAT (lubab Interneti pääseda) | |||
** eth1 - Host only (ühendamine teise virtuaalmasinaga) | |||
==Installeerimine== | |||
Juhendis kasutatakse Oracle Linux Server 6.3. Allalaadimise link on siin: http://www.oracle.com/technetwork/server-storage/vm/downloads/index.html (seal on vaja registreerida) | |||
'''Installerimine käigus:''' | |||
1. Buutides isolt vali "Install an existing system" | |||
2. Aknas "testing the media" , vajutage skip | |||
3. Vali keel ja klaviatuuri layout | |||
4. Vali time zone | |||
5. Sisesta root kasutaja parooli | |||
6. Partitsiooni muutmine | |||
7. Peale partitsiooni muutmine, automaatselt tuleb package installimine | |||
8. Installerimine lõpeb, süsteemi reboot | |||
==Võrgukaartide seadistamine== | |||
On vaja muuda 2 faili: | |||
1. /etc/sysconfig/network-scripts/ifcfg-eth0 - NAT | |||
2. /etc/sysconfig/network-scripts/ifcfg-eth1 - Host Only | |||
'''eth0 konfigureerimine:''' | |||
<pre> | |||
vi /etc/sysconfig/network-scripts/ifcfg-eth0 | |||
</pre> | |||
<pre> | |||
DEVICE="eth0" | |||
BOOTPROTO="dhcp" | |||
HWADD="08:00:27:9E:F4:FC" | |||
NM_CONTROLLED="yes" | |||
ONBOOT="yes" | |||
TYPE="Ethernet" | |||
</pre> | |||
'''eth1 konfigureerimine:''' | |||
<pre> | |||
vi /etc/sysconfig/network-scripts/ifcfg-eth1 | |||
</pre> | |||
<pre> | |||
DEVICE="eth1" | |||
BOOTPROTO="static" | |||
HWADDR="08:00:27:22:BB:1D" | |||
NM_CONTROLLED="yes" | |||
ONBOOT="yes" | |||
IPADDR=192.168.56.205 | |||
NETMASK=255.255.255.0 | |||
TYPE="Ethernet" | |||
</pre> | |||
Lõpuks tuleb võrgu restarti teha: | |||
<pre> | |||
service network restart | |||
</pre> | |||
=DNS (bind9)= | |||
==Paigaldamine== | |||
Paigaldatakse DNS serveri käsuga | |||
<pre> | |||
yum install bind bind-utils | |||
</pre> | |||
==Konfigureerimine== | |||
* Muuda 'options' osa named.conf failis | |||
<pre> | |||
vi /etc/named.conf | |||
</pre> | |||
Muuda seal read listen-on port 53, sisesta 'any'; allow-query, sisesta 'any'; lisa rea allow-query-cache { any; }, listen-on ipv6 saab ära kustutada | |||
<pre> | |||
options { | |||
listen-on port 53 { any; }; | |||
directory "/var/named"; | |||
dump-file "/var/named/data/cache_dump.db"; | |||
statistics-file "/var/named/data/named_stats.txt"; | |||
memstatistics-file "/var/named/data/named_mem_stats.txt"; | |||
allow-query { any; }; | |||
allow-query-cache { any; }; | |||
dnssec-enable yes; | |||
dnssec-validation yes; | |||
dnssec-lookaside auto; | |||
/* Path to ISC DLV key */ | |||
bindkeys-file "/etc/named.iscdlv.key"; | |||
managed-keys-directory "/var/named/dynamic"; | |||
}; | |||
</pre> | |||
* Lisa faili named.conf lõppus enda teenindatavad domeeni tsoonid | |||
<pre> | |||
vi /etc/named.conf | |||
</pre> | |||
Teenindatavad domeeni tsoonid | |||
<pre> | |||
zone "students.ee" IN { | |||
type master; | |||
file "/var/named/students.ee"; | |||
}; | |||
zone "56.168.192.in-addr.arpa." IN { | |||
type master; | |||
file "/var/named/56.168.192.in-addr.arpa"; | |||
}; | |||
</pre> | |||
'''Ärge unustage tsooni kirjete failide omavaks gruppiks panna named käsuga''' | |||
<pre> | |||
chgrp named failinimi | |||
</pre> | |||
* Tsoonide kirjeldused | |||
Tsoonide failid asuvad | |||
<pre> | |||
/var/named kaustas | |||
</pre> | |||
Iga tsooni kohta loo 2 faili, kirjete fail ja reverse fail<br> | |||
Tsooni fail nimega students.ee näeb välja järgnev: | |||
<pre> | |||
vi /var/named/students.ee | |||
</pre> | |||
<pre> | |||
$TTL 3H | |||
@ IN SOA ns.students.ee. root.students.ee. ( | |||
11 ; serial | |||
1D ; refresh | |||
1H ; retry | |||
1W ; expire | |||
3H ) ; minimum | |||
;NS | |||
students.ee. IN NS ns.students.ee. | |||
;HOSTS | |||
ns IN A 192.168.56.205 | |||
www.students.ee. IN CNAME students.ee. | |||
students.ee. IN A 192.168.56.205 | |||
students.ee. IN MX 10 mail.students.ee. | |||
mail.students.ee. IN A 192.168.56.205 | |||
</pre> | |||
Reverse tsooni fail nimega 56.168.192.in-addr.arpa näeb välja järgnev: | |||
<pre> | |||
vi /var/named/56.168.192.in-addr.arpa | |||
</pre> | |||
<pre> | |||
$TTL 3H | |||
@ IN SOA ns.students.ee. root.students.ee. ( | |||
9 ; serial | |||
1D ; refresh | |||
1H ; retry | |||
1W ; expire | |||
3H ) ; minimum | |||
; | |||
205 IN PTR ns.students.ee. | |||
</pre> | |||
* Nüüd tuleks BIND9 teenus taaskäivitada järgmise käsuga: | |||
<pre> | |||
service named restart | |||
</pre> | |||
==Testimine== | |||
* Kontrollime, kas kõik tsoonide failid on OK | |||
<pre> | |||
named-checkzone students.ee /var/named/students.ee | |||
named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr.arpa | |||
</pre> | |||
*Kasutame dig ja nslookup, et kontrollida kas nimeserver vastab päringutele õigesti. | |||
<pre> | |||
dig ns.students.ee | |||
</pre> | |||
<pre> | |||
nslookup students.ee | |||
</pre> | |||
=Apache 2= | |||
==Paigaldamine== | |||
* Paigaldatakse Apache käsuga: | |||
<pre> | |||
yum install httpd | |||
</pre> | |||
==Konfigureerimine== | |||
* Kuna lokaalne server vastab alati aadressil 127.0.0.1 siis lisa /etc/hosts faili read: | |||
<pre> | |||
127.0.0.1 www.students.ee | |||
127.0.0.1 students.ee | |||
</pre> | |||
* Konfiguratsiooni fail on httpd.conf | |||
<pre> | |||
vi /etc/httpd/conf/httpd.conf | |||
</pre> | |||
Selle faili lisa alla oma konfiguratsioon, näiteks: | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerAdmin webmaster@localhost | |||
DocumentRoot /var/www/students.ee | |||
ServerName students.ee | |||
ErrorLog logs/students.ee-error_log | |||
CustomLog logs/students.ee-access_log common | |||
</VirtualHost> | |||
</pre> | |||
* Loo kataloog, mis me panime DocumentRoot(httpd.conf) ning loo üks lihtne fail(index.html) | |||
<pre> | |||
mkdir /var/www/students.ee | |||
touch /var/www/students.ee/index.html | |||
</pre> | |||
==Testimine== | |||
* Muuda faili index.html kaustas /var/www/students.ee/index.html | |||
<pre> | |||
vi /var/www/students.ee/index.html | |||
</pre> | |||
Näiteks lihtne: | |||
<pre> | |||
<html><body><h1>Tere </h1> | |||
<p>It works Fine!!</p> | |||
</body></html> | |||
</pre> | |||
* Et vaadata, kas töötab serveris, on vaja paigaldada konsooli brauserit | |||
<pre> | |||
yum install lynx | |||
</pre> | |||
* Lynx'i abil vaatame, kas töötab | |||
<pre> | |||
lynx www.students.ee | |||
</pre> | |||
=Samba= | |||
==Paigaldamine== | |||
Paigaldamine Samba käsuga: | |||
<pre> | |||
yum install samba samba-client | |||
</pre> | |||
==Konfigureerimine== | |||
* Luua kataloog mida tahetakse välja jagada: | |||
<pre> | |||
mkdir -p /var/data/students | |||
</pre> | |||
* Tuleb ka samba konfi faili muuta : | |||
<pre> | |||
vi /etc/samba/smb.conf | |||
</pre> | |||
Lisada Globali alla sellised read: | |||
<pre> | |||
netbios name = SERVER | |||
hosts allow = 127. 192.168.1. | |||
</pre> | |||
192.168.1 see on teie 'local network' address<br> | |||
Konfi faili alla lisame jagatava kataloogi: | |||
<pre> | |||
[students] | |||
comment=Studenti kaust | |||
path=/var/data/students | |||
writable=yes | |||
valid users=@students | |||
force group=students | |||
browsable=yes | |||
create mask=0664 | |||
directory mask=0775 | |||
</pre> | |||
* Edasi tuleb teha gruppi ja kasutaja, kes saab kataloogi liigi | |||
<pre> | |||
groupadd students | |||
useradd -G students student | |||
passwd student | |||
smbpasswd -a student | |||
</pre> | |||
* '''Tuleb kausta omanikgrupp muuta vastavalt sellele, kellele soovitakse välja jagada''' | |||
<pre> | |||
chgrp students /var/data/students | |||
</pre> | |||
*Failiõigused tuleks anda nii et kasutajale ja grupile on kõik lubatud, teistele mitte midagi | |||
<pre> | |||
chmod 770 /var/data/students | |||
</pre> | |||
* '''See on tähtis osa.''' Teha kataloogi "label": | |||
<pre> | |||
chcon -t samba_share_t /var/data/students/ | |||
</pre> | |||
* Restarti samba teenust | |||
<pre> | |||
service smb restart | |||
</pre> | |||
* Testime, kas töötab | |||
<pre> | |||
smbclient //192.168.56.205/students -U student | |||
</pre> | |||
=E-post (postfix)= | |||
==Paigaldamine== | |||
yum install postfix dovecot | |||
==Konfigureerimine== | |||
Vaikimisi e-kirjeid salvestatakse /var/mail kausta, seda saab muuta '''/etc/postfix/main.cf''' konfis | |||
home_mailbox = Maildir/ | |||
Selleks, et itcollege mailile kirjeid saata relayhost'iks pane mail.itcollege.ee | |||
relayhost = mail.itcollege.ee | |||
Mydestination viitab e-mail serverile | |||
mydestination = students.ee, | |||
Tehne nüüd postfix'ile restardi ja testige telnetides localhosti 25 pordile | |||
service postfix restart | |||
telnet localhost 25 | |||
EHLO | |||
MAIL TO: kasutajanimi@itcollege.ee | |||
RCPT FROM: kasutajanimi@students.ee | |||
DATA | |||
tekst siia | |||
. (punkt lõpetab) | |||
Probleemide puhul vaadake maili logi failid | |||
less /var/log/maillog | |||
Kirjete järjekorda vaatamiseks kirjuta | |||
postqueue -p | |||
Kirjet queue'st kustutamiseks kirjuta | |||
postsuper -d KIRJA_ID | |||
=Firewall (iptables)= | |||
==Paigaldamine== | |||
* Kui teie masinas veel pole iptables, siis seda võiks paigaldada käsuga: | |||
<pre> | |||
yum install iptables | |||
</pre> | |||
==Konfigureerimine== | |||
* Veenduge, et teenus on käivitatud ja auto-start taaskäivitamisel | |||
<pre> | |||
service iptables start | |||
chkconfig --level 345 iptables on | |||
</pre> | |||
* Määrake vaikimisi poliitika, mis võimaldab kõike, kuigi luuatakse uusi reegleid | |||
<pre> | |||
iptables -P INPUT ACCEPT | |||
iptables -P FORWARD ACCEPT | |||
iptables -P OUTPUT ACCEPT | |||
</pre> | |||
* "Flush" kõike kehtiva reegleid | |||
<pre> | |||
iptables -F | |||
</pre> | |||
* Edasi avame portid, mis on vaja: | |||
** SSH port 22 | |||
<pre> | |||
iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT | |||
</pre> | |||
** Postfix port 25 | |||
<pre> | |||
iptables -A INPUT -i eth1 -p tcp --dport 25 -j ACCEPT | |||
</pre> | |||
** DNS port 53 | |||
<pre> | |||
iptables -A INPUT -i eth1 -p tcp --dport 53 -j ACCEPT | |||
</pre> | |||
** Apache (HTTP,HTTPS) port 80,443 | |||
<pre> | |||
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT | |||
iptables -A INPUT -i eth1 -p tcp --dport 443 -j ACCEPT | |||
</pre> | |||
**Samba port 137,138,139,445 | |||
<pre> | |||
iptables -A INPUT -i eth1 -p tcp --dport 137 -j ACCEPT | |||
iptables -A INPUT -i eth1 -p tcp --dport 138 -j ACCEPT | |||
iptables -A INPUT -i eth1 -p tcp --dport 139 -j ACCEPT | |||
iptables -A INPUT -i eth1 -p tcp --dport 445 -j ACCEPT | |||
</pre> | |||
* Accept localhosti (loopback) | |||
<pre> | |||
iptables -A INPUT -i lo -j ACCEPT | |||
</pre> | |||
* Luba kõik olemasolevad ühendust jääda | |||
<pre> | |||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |||
</pre> | |||
* Taasta vaikimisi poliitika | |||
<pre> | |||
iptables -P INPUT DROP | |||
iptables -P FORWARD DROP | |||
</pre> | |||
* Aktsepteerima kõike väljaminevate taotlusi selle serveri | |||
<pre> | |||
iptables -P OUTPUT ACCEPT | |||
</pre> | |||
* Salvesta oma konfi | |||
<pre> | |||
service iptables save | |||
</pre> | |||
* Kui soovite vaadata oma konfi | |||
<pre> | |||
iptables -L -v --line-numbers | |||
</pre> | |||
==Lisamine== | |||
* Käsu, mis kontrollib iptables staatus | |||
<pre> | |||
service iptables status | |||
</pre> | |||
* Käsud, mis lülitavad välja iptabes | |||
<pre> | |||
service iptables stop | |||
chkconfig iptables off | |||
</pre> | |||
* Käsud, "Iptables backup and restore" | |||
<pre> | |||
Backup | |||
iptables-save > <filename> | |||
Restore | |||
iptables-restore < <save file path> | |||
</pre> | |||
=Kasutatud kirjandus= | |||
http://www.masaokitamura.com/2008/03/07/how-to-show-and-empty-the-postfix-queue/ | |||
http://articles.slicehost.com/2008/8/6/postfix-using-telnet-to-test-postfix | |||
http://www.geekamongus.com/2008/08/27/setting-up-samba-shares-on-redhat-enterprise-5/ | |||
http://www.oracle-base.com/articles/linux/dns-configuration-for-scan.php | |||
http://public-yum.oracle.com/ | |||
http://www.oracle-base.com/articles/linux/linux-firewall.php |
Latest revision as of 04:27, 15 January 2013
Autorid
- Dmitri Keler A32
- Jevgeni Pogodin A31
- 2013 ITK
Oracle Linux paigaldamine
Virtuaalmasina valmistamine
- RAM 512MB
- HDD 12GB Dynamic
- 2 Võrgukaarti
- eth0 - NAT (lubab Interneti pääseda)
- eth1 - Host only (ühendamine teise virtuaalmasinaga)
Installeerimine
Juhendis kasutatakse Oracle Linux Server 6.3. Allalaadimise link on siin: http://www.oracle.com/technetwork/server-storage/vm/downloads/index.html (seal on vaja registreerida)
Installerimine käigus:
1. Buutides isolt vali "Install an existing system"
2. Aknas "testing the media" , vajutage skip
3. Vali keel ja klaviatuuri layout
4. Vali time zone
5. Sisesta root kasutaja parooli
6. Partitsiooni muutmine
7. Peale partitsiooni muutmine, automaatselt tuleb package installimine
8. Installerimine lõpeb, süsteemi reboot
Võrgukaartide seadistamine
On vaja muuda 2 faili:
1. /etc/sysconfig/network-scripts/ifcfg-eth0 - NAT
2. /etc/sysconfig/network-scripts/ifcfg-eth1 - Host Only
eth0 konfigureerimine:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0" BOOTPROTO="dhcp" HWADD="08:00:27:9E:F4:FC" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet"
eth1 konfigureerimine:
vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" BOOTPROTO="static" HWADDR="08:00:27:22:BB:1D" NM_CONTROLLED="yes" ONBOOT="yes" IPADDR=192.168.56.205 NETMASK=255.255.255.0 TYPE="Ethernet"
Lõpuks tuleb võrgu restarti teha:
service network restart
DNS (bind9)
Paigaldamine
Paigaldatakse DNS serveri käsuga
yum install bind bind-utils
Konfigureerimine
- Muuda 'options' osa named.conf failis
vi /etc/named.conf
Muuda seal read listen-on port 53, sisesta 'any'; allow-query, sisesta 'any'; lisa rea allow-query-cache { any; }, listen-on ipv6 saab ära kustutada
options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-query-cache { any; }; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
- Lisa faili named.conf lõppus enda teenindatavad domeeni tsoonid
vi /etc/named.conf
Teenindatavad domeeni tsoonid
zone "students.ee" IN { type master; file "/var/named/students.ee"; }; zone "56.168.192.in-addr.arpa." IN { type master; file "/var/named/56.168.192.in-addr.arpa"; };
Ärge unustage tsooni kirjete failide omavaks gruppiks panna named käsuga
chgrp named failinimi
- Tsoonide kirjeldused
Tsoonide failid asuvad
/var/named kaustas
Iga tsooni kohta loo 2 faili, kirjete fail ja reverse fail
Tsooni fail nimega students.ee näeb välja järgnev:
vi /var/named/students.ee
$TTL 3H @ IN SOA ns.students.ee. root.students.ee. ( 11 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum ;NS students.ee. IN NS ns.students.ee. ;HOSTS ns IN A 192.168.56.205 www.students.ee. IN CNAME students.ee. students.ee. IN A 192.168.56.205 students.ee. IN MX 10 mail.students.ee. mail.students.ee. IN A 192.168.56.205
Reverse tsooni fail nimega 56.168.192.in-addr.arpa näeb välja järgnev:
vi /var/named/56.168.192.in-addr.arpa
$TTL 3H @ IN SOA ns.students.ee. root.students.ee. ( 9 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum ; 205 IN PTR ns.students.ee.
- Nüüd tuleks BIND9 teenus taaskäivitada järgmise käsuga:
service named restart
Testimine
- Kontrollime, kas kõik tsoonide failid on OK
named-checkzone students.ee /var/named/students.ee named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr.arpa
- Kasutame dig ja nslookup, et kontrollida kas nimeserver vastab päringutele õigesti.
dig ns.students.ee
nslookup students.ee
Apache 2
Paigaldamine
- Paigaldatakse Apache käsuga:
yum install httpd
Konfigureerimine
- Kuna lokaalne server vastab alati aadressil 127.0.0.1 siis lisa /etc/hosts faili read:
127.0.0.1 www.students.ee 127.0.0.1 students.ee
- Konfiguratsiooni fail on httpd.conf
vi /etc/httpd/conf/httpd.conf
Selle faili lisa alla oma konfiguratsioon, näiteks:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/students.ee ServerName students.ee ErrorLog logs/students.ee-error_log CustomLog logs/students.ee-access_log common </VirtualHost>
- Loo kataloog, mis me panime DocumentRoot(httpd.conf) ning loo üks lihtne fail(index.html)
mkdir /var/www/students.ee touch /var/www/students.ee/index.html
Testimine
- Muuda faili index.html kaustas /var/www/students.ee/index.html
vi /var/www/students.ee/index.html
Näiteks lihtne:
<html><body><h1>Tere </h1> <p>It works Fine!!</p> </body></html>
- Et vaadata, kas töötab serveris, on vaja paigaldada konsooli brauserit
yum install lynx
- Lynx'i abil vaatame, kas töötab
lynx www.students.ee
Samba
Paigaldamine
Paigaldamine Samba käsuga:
yum install samba samba-client
Konfigureerimine
- Luua kataloog mida tahetakse välja jagada:
mkdir -p /var/data/students
- Tuleb ka samba konfi faili muuta :
vi /etc/samba/smb.conf
Lisada Globali alla sellised read:
netbios name = SERVER hosts allow = 127. 192.168.1.
192.168.1 see on teie 'local network' address
Konfi faili alla lisame jagatava kataloogi:
[students] comment=Studenti kaust path=/var/data/students writable=yes valid users=@students force group=students browsable=yes create mask=0664 directory mask=0775
- Edasi tuleb teha gruppi ja kasutaja, kes saab kataloogi liigi
groupadd students useradd -G students student passwd student smbpasswd -a student
- Tuleb kausta omanikgrupp muuta vastavalt sellele, kellele soovitakse välja jagada
chgrp students /var/data/students
- Failiõigused tuleks anda nii et kasutajale ja grupile on kõik lubatud, teistele mitte midagi
chmod 770 /var/data/students
- See on tähtis osa. Teha kataloogi "label":
chcon -t samba_share_t /var/data/students/
- Restarti samba teenust
service smb restart
- Testime, kas töötab
smbclient //192.168.56.205/students -U student
E-post (postfix)
Paigaldamine
yum install postfix dovecot
Konfigureerimine
Vaikimisi e-kirjeid salvestatakse /var/mail kausta, seda saab muuta /etc/postfix/main.cf konfis
home_mailbox = Maildir/
Selleks, et itcollege mailile kirjeid saata relayhost'iks pane mail.itcollege.ee
relayhost = mail.itcollege.ee
Mydestination viitab e-mail serverile
mydestination = students.ee,
Tehne nüüd postfix'ile restardi ja testige telnetides localhosti 25 pordile
service postfix restart
telnet localhost 25 EHLO MAIL TO: kasutajanimi@itcollege.ee RCPT FROM: kasutajanimi@students.ee DATA tekst siia . (punkt lõpetab)
Probleemide puhul vaadake maili logi failid
less /var/log/maillog
Kirjete järjekorda vaatamiseks kirjuta
postqueue -p
Kirjet queue'st kustutamiseks kirjuta
postsuper -d KIRJA_ID
Firewall (iptables)
Paigaldamine
- Kui teie masinas veel pole iptables, siis seda võiks paigaldada käsuga:
yum install iptables
Konfigureerimine
- Veenduge, et teenus on käivitatud ja auto-start taaskäivitamisel
service iptables start chkconfig --level 345 iptables on
- Määrake vaikimisi poliitika, mis võimaldab kõike, kuigi luuatakse uusi reegleid
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
- "Flush" kõike kehtiva reegleid
iptables -F
- Edasi avame portid, mis on vaja:
- SSH port 22
iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
- Postfix port 25
iptables -A INPUT -i eth1 -p tcp --dport 25 -j ACCEPT
- DNS port 53
iptables -A INPUT -i eth1 -p tcp --dport 53 -j ACCEPT
- Apache (HTTP,HTTPS) port 80,443
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 443 -j ACCEPT
- Samba port 137,138,139,445
iptables -A INPUT -i eth1 -p tcp --dport 137 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 138 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 139 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 445 -j ACCEPT
- Accept localhosti (loopback)
iptables -A INPUT -i lo -j ACCEPT
- Luba kõik olemasolevad ühendust jääda
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- Taasta vaikimisi poliitika
iptables -P INPUT DROP iptables -P FORWARD DROP
- Aktsepteerima kõike väljaminevate taotlusi selle serveri
iptables -P OUTPUT ACCEPT
- Salvesta oma konfi
service iptables save
- Kui soovite vaadata oma konfi
iptables -L -v --line-numbers
Lisamine
- Käsu, mis kontrollib iptables staatus
service iptables status
- Käsud, mis lülitavad välja iptabes
service iptables stop chkconfig iptables off
- Käsud, "Iptables backup and restore"
Backup iptables-save > <filename> Restore iptables-restore < <save file path>
Kasutatud kirjandus
http://www.masaokitamura.com/2008/03/07/how-to-show-and-empty-the-postfix-queue/
http://articles.slicehost.com/2008/8/6/postfix-using-telnet-to-test-postfix
http://www.geekamongus.com/2008/08/27/setting-up-samba-shares-on-redhat-enterprise-5/
http://www.oracle-base.com/articles/linux/dns-configuration-for-scan.php
http://www.oracle-base.com/articles/linux/linux-firewall.php