###############################################################################
Configuring aggregation connections (NIC bindings)
Team, aggregation connections (also known as Link aggregation)
– A virtual network card formed with multiple network cards (team-slave),
i.e. "Team"
– Role 1: Traffic load Balancing for polling (Roundrobin)
– Role 2: Hot backup (activebackup) connection redundancy
I. Add TEAM TEAMS equipment
[email protected] ~]# man teamd.conf
/example #全文查找example
#按n jump next match find file for NIC backup
# NMCLI Connection Add type Team
Con-name TEAM0 ifname team0
Config ' {"runner": {"name": "Activebackup"}} '
# CAT/ETC/SYSCONFIG/NETWORK-SCRIPTS/IFCFG-TEAM0 See if there is a team0 NIC
# ifconfig Team0
Second, add members
# NMCLI Connection Add type Team-slave
ifname eth1 Master TEAM0//Add eth1 to Team0
# NMCLI Connection Add type Team-slave//Add eth2 to Team0
ifname eth2 Master Team0
Third, configure the IP address of the TEAM0
# NMCLI Connection Modify Team0
Ipv4.method Manual
Ipv4.addresses 192.168.1.1/24
Connection.autoconnect Yes//configure TEAM0IP Address
Iv. Activation of TEAM0
# NMCLI connection up team-slave-eth1 #激活设备eth1
# NMCLI connection up Team-slave-eth2 #激活设备eth2
# NMCLI connection up Team0 #激活主设备team0
V. Verification
# Teamdctl Team0 State #专用于查看team信息
########################################################################################
User Personalization Profile
Bash interpretation environment that affects the specified user
–~/.BASHRC, effective every time the bash terminal is turned on
Global Environment Configuration
Bash interpretation environment that affects all users
–/ETC/BASHRC, effective every time the bash terminal is turned on
[Email protected] ~]# VIM/ROOT/.BASHRC #影响root文件
Alias hello= ' echo Hello '
[Email protected] ~]# VIM/HOME/STUDENT/.BASHRC #影响student文件
Alias hi= ' echo Hi '
[Email protected] ~]# VIM/ETC/BASHRC #全局配置文件
Alias Haha= ' Echo Xixi '
Exit remote login, verify from new remote SERVER0
[email protected] ~]# Hello #成功
[email protected] ~]# Hi #失败
[email protected] ~]# haha #成功
[Email protected] ~]# su-student
[email protected] ~]$ Hello #失败
[email protected] ~]$ Hi #成功
[email protected] ~]$ haha #成功
[[Email protected] ~]$ exit
#############################################################################################
Firewall Policy Management (firewall)
First, build basic Web Services
Service side: httpd (software)
Installing httpd software on 1.server0
2.server0 start httpd service, set boot from
By default: Apache does not provide any pages
Default Apache Web page file storage path:/var/www/html
Default Apache web page file name: index.html
[[email protected] ~]# systemctl Restart httpd Restart HTTP service
[[email protected] ~]# Systemctl enable httpd random self-start
[[email protected] ~]# Firefox 172.25.0.11//The Red Hat page appears, indicating that the service is turned on and configured correctly
[[email protected] ~]# vim/var/www/html/index.html//Create a file (filename) under the storage path of the APACEH Web page
<marquee><font Color=green>Content scrolling set Font color set Font size content
[[email protected] ~]# Firefox 172.25.0.11//view page contents
########################################################################################
Second, the construction of FTP services
Service side: vsftpd (software)
Installing VSFTPD software on 1.server0
2.server0 start vsftpd Service, set boot from
Default shared location:/var/ftp
Configuration
# yum-y Install VSFTPD//pack
# systemctl Restart VSFTPD//restart
# Systemctl Enable VSFTPD//random self-start
# Touch/var/ftp/zhangsan.txt//Create a file in a shared location
Test
# Firefox ftp://172.25.0.11//You can see the shared Zhangsan. Txt
##########################################################################################
Firewall Policy Management (firewall)
Role: Isolation
Block Inbound, Allow outbound
System Services: FIREWALLD
Administrative Tools: Firewall-cmd (command), Firewall-config (graphics)
View Firewall Service Status
[Email protected] ~]# systemctl status Firewalld.service
Preset protection rule set based on the location of your network
–public: Only a few services that allow access to native sshd
–trusted: Allow any access
–block: Reject any request for a visit
–drop: Discard any incoming packets
Rules for firewall judgments: matching and stopping
1. First look at the source IP address in the request (client), whether there is a policy to change the IP address in all regions, if there is a request to enter the zone
2. Go to the default zone
Virtual Machine Server0:
# SYSTEMCTL Status Firewalld.service//view firewall status show active
# Firewall-cmd--get-default-zone//view default partition
Public
# firewall-cmd--zone=public--list-all//View information for public partitions
# Firewall-cmd--add-service=http//Add HTTP Service
# firewall-cmd--zone=public--list-all//view Zone rule information
Services:dhcpv6-client http SSH//Add success
Virtual Machine desktop0:
# Firefox http://172.25.0.11 #访问成功
# Firefox ftp://172.25.0.11 #访问失败
Virtual Machine Server0:
# Firewall-cmd--zone=public--add-service=ftp
# Firewall-cmd--zone=public--list-all
Virtual Machine desktop0:
# Firefox ftp://172.25.0.11 #访问成功
#######################################################################################
--permanent Options: Implementing Permanent settings
Virtual Machine Server0:
# Firewall-cmd--reload #重新加载防火墙
# Firewall-cmd--zone=public--list-all
The HTTP and FTP services that were previously configured disappear (because the settings above are set only this time, so the configuration service disappears after the firewall restarts)
# firewall-cmd--permanent--zone=public--add-service=ftp//Permanently set FTP
# firewall-cmd--permanent--zone=public--add-service=http//permanently set HTTP
# firewall-cmd--reload #重新加载防火墙 to see service information, otherwise the service is equivalent to not enabled
# Firewall-cmd--zone=public--list-all
################################################################################ #3 #3#
Modify the default zone and do not need to add--permanent
Virtual Machine desktop0:
# ping 172.25.0.11 #可以通信
Virtual Machine Server0:
# Firewall-cmd--set-default-zone=block
#修改默认区域 reject all requests (equivalent to a successful request, the server replies to reject the communication)
# firewall-cmd--get-default-zone #查看默认区域 block
Virtual Machine desktop0:
# ping 172.25.0.11 #不可以通信//page display cannot be linked
Virtual Machine Server0:
# Firewall-cmd--set-default-zone=drop
Discard any incoming packets (equivalent to discarding packets directly, the server does not return packets)
# Firewall-cmd--get-default-zone
Virtual Machine desktop0:
# ping 172.25.0.11 #通信无反馈, page display is being linked, but the link is not on
#########################################################################################
Implementing a native port mapping
Port redirection for on-premises applications (port 1 and Port 2)
– Automatically map to native port 2 from client Access port 1 requests
– For example, visit the following two addresses to see the same page:
Virtual Machine desktop0:
# Firefox http://172.25.0.11:5423-------"172.25.0.11:80
Virtual Machine Server0:
# Firewall-cmd--permanent--zone=public
--add-forward-port=port=5423:proto=tcp:toport=80
# Firewall-cmd--reload
# Firewall-cmd--zone=public--list-all
Virtual Machine desktop0:
# Firefox http://172.25.0.11:5423
###################################################################################
Dahne-linux Basic-day07-aggregation links and Firewall Policy Management (beginner)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
