Added backup of master serve rconfiguration: DHCP, interfaces, iptables
This commit is contained in:
parent
7ffb187c54
commit
efb93675e2
254
server-config/dhcpd.conf
Normal file
254
server-config/dhcpd.conf
Normal file
@ -0,0 +1,254 @@
|
||||
# dhcpd.conf
|
||||
#
|
||||
# Sample configuration file for ISC dhcpd
|
||||
#
|
||||
|
||||
# option definitions common to all supported networks...
|
||||
option domain-name "example.org";
|
||||
option domain-name-servers ns1.example.org, ns2.example.org;
|
||||
|
||||
default-lease-time 600;
|
||||
max-lease-time 7200;
|
||||
|
||||
# The ddns-updates-style parameter controls whether or not the server will
|
||||
# attempt to do a DNS update when a lease is confirmed. We default to the
|
||||
# behavior of the version 2 packages ('none', since DHCP v2 didn't
|
||||
# have support for DDNS.)
|
||||
ddns-update-style none;
|
||||
|
||||
# If this DHCP server is the official DHCP server for the local
|
||||
# network, the authoritative directive should be uncommented.
|
||||
#authoritative;
|
||||
|
||||
# Use this to send dhcp log messages to a different log file (you also
|
||||
# have to hack syslog.conf to complete the redirection).
|
||||
#log-facility local7;
|
||||
|
||||
# No service will be given on this subnet, but declaring it helps the
|
||||
# DHCP server to understand the network topology.
|
||||
|
||||
#subnet 10.152.187.0 netmask 255.255.255.0 {
|
||||
#}
|
||||
|
||||
# This is a very basic subnet declaration.
|
||||
|
||||
#subnet 10.254.239.0 netmask 255.255.255.224 {
|
||||
# range 10.254.239.10 10.254.239.20;
|
||||
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
|
||||
#}
|
||||
|
||||
# This declaration allows BOOTP clients to get dynamic addresses,
|
||||
# which we don't really recommend.
|
||||
|
||||
#subnet 10.254.239.32 netmask 255.255.255.224 {
|
||||
# range dynamic-bootp 10.254.239.40 10.254.239.60;
|
||||
# option broadcast-address 10.254.239.31;
|
||||
# option routers rtr-239-32-1.example.org;
|
||||
#}
|
||||
|
||||
# A slightly different configuration for an internal subnet.
|
||||
#subnet 10.5.5.0 netmask 255.255.255.224 {
|
||||
# range 10.5.5.26 10.5.5.30;
|
||||
# option domain-name-servers ns1.internal.example.org;
|
||||
# option domain-name "internal.example.org";
|
||||
# option routers 10.5.5.1;
|
||||
# option broadcast-address 10.5.5.31;
|
||||
# default-lease-time 600;
|
||||
# max-lease-time 7200;
|
||||
#}
|
||||
|
||||
# Hosts which require special configuration options can be listed in
|
||||
# host statements. If no address is specified, the address will be
|
||||
# allocated dynamically (if possible), but the host-specific information
|
||||
# will still come from the host declaration.
|
||||
|
||||
#host passacaglia {
|
||||
# hardware ethernet 0:0:c0:5d:bd:95;
|
||||
# filename "vmunix.passacaglia";
|
||||
# server-name "toccata.example.com";
|
||||
#}
|
||||
|
||||
# Fixed IP addresses can also be specified for hosts. These addresses
|
||||
# should not also be listed as being available for dynamic assignment.
|
||||
# Hosts for which fixed IP addresses have been specified can boot using
|
||||
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
|
||||
# be booted with DHCP, unless there is an address range on the subnet
|
||||
# to which a BOOTP client is connected which has the dynamic-bootp flag
|
||||
# set.
|
||||
#host fantasia {
|
||||
# hardware ethernet 08:00:07:26:c0:a5;
|
||||
# fixed-address fantasia.example.com;
|
||||
#}
|
||||
|
||||
# You can declare a class of clients and then do address allocation
|
||||
# based on that. The example below shows a case where all clients
|
||||
# in a certain class get addresses on the 10.17.224/24 subnet, and all
|
||||
# other clients get addresses on the 10.0.29/24 subnet.
|
||||
|
||||
#class "foo" {
|
||||
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
|
||||
#}
|
||||
|
||||
#shared-network 224-29 {
|
||||
# subnet 10.17.224.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-224.example.org;
|
||||
# }
|
||||
# subnet 10.0.29.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-29.example.org;
|
||||
# }
|
||||
# pool {
|
||||
# allow members of "foo";
|
||||
# range 10.17.224.10 10.17.224.250;
|
||||
# }
|
||||
# pool {
|
||||
# deny members of "foo";
|
||||
# range 10.0.29.10 10.0.29.230;
|
||||
# }
|
||||
#}
|
||||
|
||||
|
||||
subnet 10.0.13.0 netmask 255.255.255.0 {
|
||||
range 10.0.13.10 10.0.13.12;
|
||||
option routers 10.0.13.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.14.0 netmask 255.255.255.0 {
|
||||
range 10.0.14.10 10.0.14.12;
|
||||
option routers 10.0.14.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.15.0 netmask 255.255.255.0 {
|
||||
range 10.0.15.10 10.0.15.12;
|
||||
option routers 10.0.15.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.16.0 netmask 255.255.255.0 {
|
||||
range 10.0.16.10 10.0.16.12;
|
||||
option routers 10.0.16.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.17.0 netmask 255.255.255.0 {
|
||||
range 10.0.17.10 10.0.17.12;
|
||||
option routers 10.0.17.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.18.0 netmask 255.255.255.0 {
|
||||
range 10.0.18.10 10.0.18.12;
|
||||
option routers 10.0.18.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.19.0 netmask 255.255.255.0 {
|
||||
range 10.0.19.10 10.0.19.12;
|
||||
option routers 10.0.19.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.20.0 netmask 255.255.255.0 {
|
||||
range 10.0.20.10 10.0.20.12;
|
||||
option routers 10.0.20.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.21.0 netmask 255.255.255.0 {
|
||||
range 10.0.21.10 10.0.21.12;
|
||||
option routers 10.0.21.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.22.0 netmask 255.255.255.0 {
|
||||
range 10.0.22.10 10.0.22.12;
|
||||
option routers 10.0.22.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.23.0 netmask 255.255.255.0 {
|
||||
range 10.0.23.10 10.0.23.12;
|
||||
option routers 10.0.23.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.24.0 netmask 255.255.255.0 {
|
||||
range 10.0.24.10 10.0.24.12;
|
||||
option routers 10.0.24.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.25.0 netmask 255.255.255.0 {
|
||||
range 10.0.25.10 10.0.25.12;
|
||||
option routers 10.0.25.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.26.0 netmask 255.255.255.0 {
|
||||
range 10.0.26.10 10.0.26.12;
|
||||
option routers 10.0.26.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.27.0 netmask 255.255.255.0 {
|
||||
range 10.0.27.10 10.0.27.12;
|
||||
option routers 10.0.27.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.28.0 netmask 255.255.255.0 {
|
||||
range 10.0.28.10 10.0.28.12;
|
||||
option routers 10.0.28.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.29.0 netmask 255.255.255.0 {
|
||||
range 10.0.29.10 10.0.29.12;
|
||||
option routers 10.0.29.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.30.0 netmask 255.255.255.0 {
|
||||
range 10.0.30.10 10.0.30.12;
|
||||
option routers 10.0.30.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.31.0 netmask 255.255.255.0 {
|
||||
range 10.0.31.10 10.0.31.12;
|
||||
option routers 10.0.31.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.32.0 netmask 255.255.255.0 {
|
||||
range 10.0.32.10 10.0.32.12;
|
||||
option routers 10.0.32.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.33.0 netmask 255.255.255.0 {
|
||||
range 10.0.33.10 10.0.33.12;
|
||||
option routers 10.0.33.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.34.0 netmask 255.255.255.0 {
|
||||
range 10.0.34.10 10.0.34.12;
|
||||
option routers 10.0.34.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.35.0 netmask 255.255.255.0 {
|
||||
range 10.0.35.10 10.0.35.12;
|
||||
option routers 10.0.35.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.36.0 netmask 255.255.255.0 {
|
||||
range 10.0.36.10 10.0.36.12;
|
||||
option routers 10.0.36.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.37.0 netmask 255.255.255.0 {
|
||||
range 10.0.37.10 10.0.37.12;
|
||||
option routers 10.0.37.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.38.0 netmask 255.255.255.0 {
|
||||
range 10.0.38.10 10.0.38.12;
|
||||
option routers 10.0.38.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.39.0 netmask 255.255.255.0 {
|
||||
range 10.0.39.10 10.0.39.12;
|
||||
option routers 10.0.39.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.40.0 netmask 255.255.255.0 {
|
||||
range 10.0.40.10 10.0.40.12;
|
||||
option routers 10.0.40.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
||||
subnet 10.0.41.0 netmask 255.255.255.0 {
|
||||
range 10.0.41.10 10.0.41.12;
|
||||
option routers 10.0.41.1;
|
||||
option domain-name-servers 8.8.8.8, 1.1.1.1;
|
||||
}
|
185
server-config/interfaces.backup
Normal file
185
server-config/interfaces.backup
Normal file
@ -0,0 +1,185 @@
|
||||
# This file describes the network interfaces available on your system
|
||||
# and how to activate them. For more information, see interfaces(5).
|
||||
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto enp9s0f0
|
||||
iface enp9s0f0 inet static
|
||||
address 130.192.93.78
|
||||
netmask 255.255.255.0
|
||||
gateway 130.192.93.17
|
||||
|
||||
auto enp9s0f1
|
||||
iface enp9s0f1 inet static
|
||||
address 192.168.1.10
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0
|
||||
iface enp5s0f0 inet static
|
||||
address 10.0.0.0
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1013
|
||||
iface enp5s0f0.1013 inet static
|
||||
address 10.0.13.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1014
|
||||
iface enp5s0f0.1014 inet static
|
||||
address 10.0.14.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1015
|
||||
iface enp5s0f0.1015 inet static
|
||||
address 10.0.15.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1016
|
||||
iface enp5s0f0.1016 inet static
|
||||
address 10.0.16.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1017
|
||||
iface enp5s0f0.1017 inet static
|
||||
address 10.0.17.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1018
|
||||
iface enp5s0f0.1018 inet static
|
||||
address 10.0.18.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1019
|
||||
iface enp5s0f0.1019 inet static
|
||||
address 10.0.19.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1020
|
||||
iface enp5s0f0.1020 inet static
|
||||
address 10.0.20.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1021
|
||||
iface enp5s0f0.1021 inet static
|
||||
address 10.0.21.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1022
|
||||
iface enp5s0f0.1022 inet static
|
||||
address 10.0.22.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1023
|
||||
iface enp5s0f0.1023 inet static
|
||||
address 10.0.23.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1024
|
||||
iface enp5s0f0.1024 inet static
|
||||
address 10.0.24.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1025
|
||||
iface enp5s0f0.1025 inet static
|
||||
address 10.0.25.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1026
|
||||
iface enp5s0f0.1026 inet static
|
||||
address 10.0.26.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1027
|
||||
iface enp5s0f0.1027 inet static
|
||||
address 10.0.27.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1028
|
||||
iface enp5s0f0.1028 inet static
|
||||
address 10.0.28.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1029
|
||||
iface enp5s0f0.1029 inet static
|
||||
address 10.0.29.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1030
|
||||
iface enp5s0f0.1030 inet static
|
||||
address 10.0.30.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1031
|
||||
iface enp5s0f0.1031 inet static
|
||||
address 10.0.31.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1032
|
||||
iface enp5s0f0.1032 inet static
|
||||
address 10.0.32.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1033
|
||||
iface enp5s0f0.1033 inet static
|
||||
address 10.0.33.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1034
|
||||
iface enp5s0f0.1034 inet static
|
||||
address 10.0.34.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1035
|
||||
iface enp5s0f0.1035 inet static
|
||||
address 10.0.35.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1036
|
||||
iface enp5s0f0.1036 inet static
|
||||
address 10.0.36.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1037
|
||||
iface enp5s0f0.1037 inet static
|
||||
address 10.0.37.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1038
|
||||
iface enp5s0f0.1038 inet static
|
||||
address 10.0.38.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1039
|
||||
iface enp5s0f0.1039 inet static
|
||||
address 10.0.39.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1040
|
||||
iface enp5s0f0.1040 inet static
|
||||
address 10.0.40.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1041
|
||||
iface enp5s0f0.1041 inet static
|
||||
address 10.0.41.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1100
|
||||
iface enp5s0f0.1100 inet static
|
||||
address 10.0.100.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1101
|
||||
iface enp5s0f0.1101 inet static
|
||||
address 10.0.101.1
|
||||
netmask 255.255.255.0
|
||||
|
||||
auto enp5s0f0.1102
|
||||
iface enp5s0f0.1102 inet static
|
||||
address 10.0.102.1
|
||||
netmask 255.255.255.0
|
||||
|
8
server-config/iptables
Executable file
8
server-config/iptables
Executable file
@ -0,0 +1,8 @@
|
||||
iptables -N LOG_DROP
|
||||
iptables -I FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
|
||||
iptables -A LOG_DROP -j LOG --log-prefix "refused connection: "
|
||||
iptables -A LOG_DROP -j DROP
|
||||
iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
|
||||
iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o enp9s0f0 -j MASQUERADE
|
||||
#iptables -A FORWARD -j DROP
|
27
server-config/iptables-save.dropall.rules
Normal file
27
server-config/iptables-save.dropall.rules
Normal file
@ -0,0 +1,27 @@
|
||||
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:LOG_DROP - [0:0]
|
||||
|
||||
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
-A FORWARD -s 10.0.0.0/16 -d 168.119.32.41 -j ACCEPT
|
||||
-A FORWARD -s 10.0.0.0/16 -d 168.119.32.44 -j ACCEPT
|
||||
-A FORWARD -s 10.0.0.0/16 -j LOG_DROP
|
||||
|
||||
-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
|
||||
-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A LOG_DROP -j LOG --log-prefix "refused connection: "
|
||||
-A LOG_DROP -j DROP
|
||||
COMMIT
|
||||
# Completed on Fri Sep 25 17:53:13 2020
|
||||
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A POSTROUTING -o enp9s0f0 -j MASQUERADE
|
||||
COMMIT
|
||||
# Completed on Fri Sep 25 17:53:13 2020
|
22
server-config/iptables-save.dropvlans.rules
Normal file
22
server-config/iptables-save.dropvlans.rules
Normal file
@ -0,0 +1,22 @@
|
||||
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:LOG_DROP - [0:0]
|
||||
-A FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
|
||||
-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
|
||||
-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A LOG_DROP -j LOG --log-prefix "refused connection: "
|
||||
-A LOG_DROP -j DROP
|
||||
COMMIT
|
||||
# Completed on Fri Sep 25 17:53:13 2020
|
||||
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A POSTROUTING -o enp9s0f0 -j MASQUERADE
|
||||
COMMIT
|
||||
# Completed on Fri Sep 25 17:53:13 2020
|
Loading…
Reference in New Issue
Block a user