W7 network-wide architecture-1

1. add the network adapter eth0ip 10.0.0.210netmask 24 gateway 10.0.0.254eth1ip 172.16.1.210netmask 242. all the gateways in the unified network environment are 10.0.0.254 computers ==> network connection 2. server IP address planning server description Internet IP address (NAT) Intranet IP address (LAN segment/Host-only) host Name Planning A1-nginx load server 01 10.0.0.5/24 172.16.1.5/24 lb01A1-nginx load server 02 10.0.0.6/24 172.16.1.6/24 lb02B2-nginx Web Server 10.0.0.7/24 172.16.1.7/24 web02B2-nginx Web Server 10.0.0.8/24 172.16.1.8/24 web01C3-mysql Database Server 10.0.0.51/24 172.16.1.51/24 db01C1-NFS storage server 10.0.0.31/24 172.16.1.31/24 nfs01C2-rsync storage server 10.0.0.41/24 172.16.1.41/24 backupx-Management Server 10.0.0.61/24 172.16.1.61/24 M01

System Preparation

System Optimization

# Basic optimization of all server model machines \ CP/etc/hosts {,. bak} Cat>/etc/hosts <eof127.0.0.1 localhost. localdomain localhost4 localhost4.localdomain4: 1 localhost. localdomain localhost6 localhost6.localdomain6172.16.1.5 lb01172.16.1.6 lb02172.16.1.7 web02172.16.1.8 web01172.16.1.51 db01 db01.etiantian. org172.16.1.31 nfs01172.16.1.41 backup172.16.1.61 m01eof #0. Change Yum source mV/etc/yum. repos. d/CentOS-Base.repo/etc /Yum. repos. d/CentOS-Base.repo.backupmv/etc/yum. repos. d/epel. repo/etc/yum. repos. d/epel. repo. backupmv/etc/yum. repos. d/epel-testing.repo/etc/yum. repos. d/epel-testing.repo.backupwget-O/etc/yum. repos. d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repowget-O/etc/yum. repos. d/epel. repo http://mirrors.aliyun.com/repo/epel-6.repoyum makecache #1. Disable selinuxsed-I. bak's/SELinux = enforcing/SE Linux = disabled/'/etc/SELinux/configgrep SELinux = disabled/etc/SELinux/configsetenforce 0 getenforce #2. Disable iptables/etc/init. d/iptables stop/etc/init. d/iptables stopchkconfig iptables off #3. Thin boot auto-start service export lang = enchkconfig | egrep-V "crond | sshd | Network | rsyslog | sysstat" | awk '{print "chkconfig", $1, "off"} '| bashchkconfig -- list | grep 3: On #4. Permission escalation oldboy can be sudouseradd oldboyecho 123456 | passwd -- stdin oldboy \ CP/ ETC/sudoers/etc/sudoers. oriecho "oldboy all = (all) nopasswd: All">/etc/sudoers?do-C #5. English character set CP/etc/sysconfig/i18n/etc/sysconfig/i18n. oriecho 'lang = "en_US.UTF-8" '>/etc/sysconfig/i18nsource/etc/sysconfig/i18necho $ Lang #6. Time sync echo' # Time sync by lidao at '>/ var/spool/cron/rootecho '*/5 *****/usr/sbin/ntpdate ntp1.aliyun.com>/dev/null 2> & 1'>/var/spool/cron /rootcrontab-L #8, Increase the file description echo '*-nofile 65535'>/etc/security/limits. conftail-1/etc/security/limits. conf #9. kernel optimization cat>/etc/sysctl. conf <eofnet. ipv4.tcp _ fin_timeout = 2net. ipv4.tcp _ tw_reuse = 1net. ipv4.tcp _ tw_recycle = 1net. ipv4.tcp _ syncookies = 1net. ipv4.tcp _ keepalive_time = 600net. ipv4.ip _ local_port_range = 4000 65000net. ipv4.tcp _ max_syn_backlog = 16384net. ipv4.tcp _ max_tw_buckets = 36000net. route 4.route. gc_timeo Ut = 100net. ipv4.tcp _ syn_retries = 1net. ipv4.tcp _ synack_retries = 1net. core. somaxconn = 16384net. core. netdev_max_backlog = 16384net. ipv4.tcp _ max_orphans = 16384 # The following parameters are used to optimize the iptables firewall. If the firewall does not have a meeting prompt, ignore it. Net. nf_conntrack_max = 2520.00net. netfilter. nf_conntrack_max = 2520.00net. netfilter. nf_conntrack_tcp_timeout_established = 180net. netfilter. nf_conntrack_tcp_timeout_time_wait = 120net. netfilter. nf_conntrack_tcp_timeout_close_wait = 60net. netfilter. nf_conntrack_tcp_timeout_fin_wait = 120 eofsysctl-P #10. install other software Yum install lrzsz NMAP tree dos2unix NC Telnet sl-y #11. Slow SSH connection speed optimized sed-I. bak '[email protected] # usedns [email protected] [email protected]; [email protected] ^ gssapiauthentication [email protected] [email protected] '/etc/ssh/sshd_config/etc/init. d/sshd reload

System Optimization

Clone a VM

Prepare 1 clear 2 delete 1 clear>/etc/udev/rules before cloning. d/70-persistent-net.rules2 Delete sed-ri '/UUID | hwaddr/D'/etc/sysconfig/network-scripts/ifcfg-eth * sed-I'/ipaddr/s #210 $ #31 # G'/etc/sysconfig/network-scripts/ifcfg-eth *

W7 network-wide architecture-1