在内网维护机器的时候,为了统一,我们会安装一些基础服务例如:NTP、DNS等等;
今天用Debian来安装一个基础服务器
修改网卡信息:
# 安装使用软件
# 如果不是虚拟机安装可以不安装 open-vm-tools
apt install dnsmasq vim open-vm-tools netfilter-persistent iptables-persistent dante-server ntp net-tools dnsutils ntpdate
# 遇见设定 iptables-persistent 都选择yes
1、网络设置
vim /etc/sysctl.conf
# 添加配置
net.ipv4.ip_forward=1
sysctl -p
iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
iptables-save > /etc/iptables/rules.v4
2、DNS配置
vim /etc/dnsmasq.conf
# 添加配置
addn-hosts=/etc/hosts
vim /etc/hosts
# 添加配置
192.168.40.30 vcenter.xxx.com
systemctl restart dnsmasq
# 测试dns服务器
nslookup vcenter.xxx.com 127.0.0.1
nslookup vcenter.xxx.com 192.168.40.10
3、NTP服务器配置
vim /etc/ntp.conf
# 添加配置
server ntp.aliyun.com
server ntp1.aliyun.com
server ntp2.aliyun.com
server ntp3.aliyun.com
server ntp4.aliyun.com
server ntp5.aliyun.com
server ntp6.aliyun.com
server ntp7.aliyun.com
restrict 192.168.40.0 mask 255.255.255.0 nomodify notrap nopeer
restrict 192.168.41.0 mask 255.255.255.0 nomodify notrap nopeer
restrict 192.168.42.0 mask 255.255.255.0 nomodify notrap nopeer
systemctl restart ntp
4、代理服务器设置
cd /etc
cp danted.conf{,.bak}
>danted.conf
vim danted.conf
# 添加配置
errorlog: /var/log/sockd.errlog
logoutput: /var/log/docks.log
internal: ens192 port = 1080
external: 192.168.40.10
method: username none
clientmethod: none
user.privileged: proxy
user.notprivileged: nobody
user.libwrap: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
}
systemctl restart danted
#测试代理服务器
apt install netcat
nc -zv 192.168.40.10 1080
5、日志服务器配置
vim /etc/rsyslog.conf
# 添加配置
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
vim /etc/rsyslog.d/allhosts.conf
# 添加配置
# 配置允许的服务器
$AllowedSender UDP, 192.168.40.0/24, *
$AllowedSender TCP, 192.168.40.0/24, *
# 模板
$template remote-incoming-logs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs
systemctl restart rsyslog
# 测试日志服务器
nc -zv -u 192.168.40.10 514
nc -zv 192.168.40.10 514