In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Firewalld Experimental Topology Diagram
Demand analysis
(1) users in the company's intranet need to share the Internet through gateway servers.
(2) Internet users need to access the website server.
(3) only 192.168.1.0/24ping gateways and servers are allowed
(4) both website server and gateway server are managed remotely through SSH. For security, change the default port of SSH to 12345, only allow 192.168.1.10 host SSH gateway and server, and allow Internet SSH internal server.
In this experiment, we need four virtual machines, and we use Centos7 64-bit as the gateway server.
Centos7-2 is used as the intranet testing machine, Centos7-3 as the website server, and Centos7-4 as the internet testing machine.
Equipment preparation
First install the httpd service on the virtual machines Centos7-3 and Centos7-4
Create 3 network cards in Centos7 64 bit, do static, network card 1 binds VMnet1, for trust zone, network card 2 binds VMnet2, DMZ zone, network card 3 binds VMnet3. Is an external area.
1.2. Set the address of the network card
Network card 33, set as external network, IP address is 100.1.1.10 255.255.255.0
Nic 36, set as trust network, IP address is 192.168.10.1 255.255.255.0
Network card 37, set as DMZ area network, IP address is 192.168.20.1 255.255.255.0
[root@localhost ~] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # vim ifcfg-ens33
[root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 [root@localhost network-scripts] # vim ifcfg-ens36
[root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens37 [root@localhost network-scripts] # vim ifcfg-ens37
Restart the network service: check the IP address
[root@localhost network-scripts] # service network restart [root@localhost network-scripts] # ifconfig
Turn on the routing forwarding function of the gateway server.
[root@localhost ~] # vim / etc/sysctl.conf net.ipv4.ip_forward= 1 [root @ localhost ~] # sysctl-p2, enter Centos7-2, change the host network card to custom, and bind the VMent3 network card.
Enter the host and modify the IP address, subnet mask and gateway.
Set the IP address to 192.168.10.10 and the gateway to 192.168.10.1
[root@localhost ~] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # vim ifcfg-ens33
[root@localhost] # service network restart / / restart network service [root@localhost ~] # ifconfig / / check the local address
[root@localhost ~] # ping 192.168.10.1 / / Test connectivity with gateway server
2. Enter Centos7-3, change the host network card to custom, and bind the VMent2 network card.
Configure host IP address 192.168.20.20, gateway 192.168.20.1
[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static / / change dhcp to staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=f4d8cf47-c855-4d04-8c68-75ab8644df70DEVICE=ens33ONBOOT=yesIPADDR=192.168.20.20 / / IP address NETMASK=255.255.255.0 / / subnet mask GATEWAY=192.168.20.1 / / gateway [root@localhost ~] # service network Restart / / restart the network service [root@localhost ~] # ifconfig / / check the IP address of the network card
[root@localhost ~] # ping 192.168.20.1 / / Test connectivity with the gateway
3 、 Modify the hostname of Centos7-3 to dmz and configure the firewall rule [root@localhost ~] # hostnamectl set-hostname dmz / / modify the hostname [root@localhost ~] # su [root@dmz ~] # systemctl start httpd / / start the http service [root@dmz ~] # cd / var/www/html / / enter the network Page area configuration file [root@dmz html] # vim index.html / / enter the input page display content [root@dmz html] # firewall-cmd-- set-default-zone=dmz / / change the default area to dmzsuccess [root@dmz html] # firewall-cmd-- add-service=http-- zone=dmz-- permanent / / add the http service to the dmz permanent setting Set success [root@dmz html] # firewall-cmd-- remove-service=ssh-- zone=dmz-- permanent / / disable ssh login success [root@dmz html] # firewall-cmd-- add-icmp-block=echo-request-- zone=dmz-- permanent / / disable icmp protocol success [root@dmz html] # firewall-cmd-- reload / / reload firewall success4, Enter Centos7-4 Change the host network card to custom, and bind the VMent1 network card
Configure host IP address 100.1.1.20, gateway address 100.1.1.10
[root@extemal ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static / / change dhcp to staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=0d5d6fbf-efdf-4b5b-90f9-f08be3fda756DEVICE=ens33ONBOOT=yesIPADDR=100.1.1.20 / / configure IP address NETMASK=255.255.255.0 / / configure subnet mask GATEWAY=100.1.1. 10 / / configure the gateway [root@localhost ~] # service network restart / / restart the network service [root@localhost ~] # ifconfig / / check the IP address of the network card
[root@localhost ~] # hostnamectl set-hostname extemal / / modify hostname [root@localhost ~] # su [root@extemal ~] # systemctl stop firewalld.service / / turn off the firewall [root@extemal ~] # setenforce 0 [root@extemal ~] # systemctl start httpd / / enable Http service [root@extemal ~] # vim / var/www/html/index.html / / configure web content this is extwrnal web5, Configure the firewall [root@localhost ~] # firewall-cmd on the Centos7 64-bit server-- set-default-zone=external / / change the default zone to extemalsuccess [root@localhost ~] # firewall-cmd-- change-interface=ens36-- zone=trusted-- permanent / / set ens36 to the trust zone The interface is under control of NetworkManager Setting zone to 'trusted'. Success [root@localhost ~] # firewall-cmd-- change-interface=ens37-- zone=dmz-- permanent / / set ens37 to dmz region The interface is under control of NetworkManager, setting zone to "dmz"'. Success [root@localhost ~] # firewall-cmd-- zone=dmz-- remove-service=ssh-- permanent / prohibit ssh from logging in to success [root@localhost ~] # firewall-cmd-- zone=dmz-- add-service=http-- permanent / / add http service success [root@localhost ~] # firewall-cmd-- zone=dmz-- add-icmp-block=echo-request-- permanent blocking icmp Protocol success [root@localhost ~] # firewall-cmd-zone=external-- add-service=http-- permanent / / add http service success [root@localhost ~] # firewall-cmd-- reload / / reload firewall success6, Return to Centos 7-2 Test, use the corporate intranet test machine to view, web server and internel web pages
7. Configure [root@localhost ~] # firewall-cmd-- zone=external-- add-forward port=port=80:proto=tcp:toaddr=192.168.20.20-- permanent / / set the port mapping success [root@localhost ~] # firewall-cmd-- reload success8, and view the web page of the website server through the browser on Centos7-4.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
