Ftp service, Nfs service, and Nis Service

Source: Internet
Author: User
Tags dovecot nameserver to domain

Install vsftpd in ftp service, Nfs service, and Nis service ftp service: # yum install vsftpd *-y view vsftdd installation: # getsebool-tl | grep ftp Anonymous user # vi/etc/vsftpd. conf to # anon_mkdir_write_enable = YES and then add anon_other_write_enable = YES # anon_upload_enable = YES to restart the service:/etc/init. d/vsftpdrestart or Service vsftpd restart create directory: mkdir/pub change its owner/group to ftp: chmod ftp: ftp/pub change bool value: setsebool-P allow_ftpd_ano + n_writeon view bool value: getsebool-a | grep ftp modify context: chcon -R-t public_content_rw_t/var/ftp/pub restart the service:/etc/init. d/vsftpdrestart or Service vsftpd restart view: ll-Z local user limit upload/download speed create user: useraddaaa Passwd aaa 123 modify bool value: setsebool-P allow_home_dir on # vi/etc/vsftpd. add user_config_dir =/etc/vsftpd after local_umask = 22 in conf to limit the aaa speed: echo "local_max_rate = 1024">/etc/vsftpd/aaa Restart service: /etc/init. d/vsftpdrestart or Service vsftpd restart virtual user # vi/etc/vsftpd. conf Anon Ymous_wnable = NO disable anonymous user addition: guest_enable = YES Guest_username = vtest created in cd/etc/vstpd # Vivuser User1 username 123 password User2 123db_load-T-t hash-f vuser/etc/vsftpd/vuser. db modification permission: chmod 600/etc/vsftpd/vuser. db # vi/etc/pam. d/vsftpd content all use # Add auth required pam_userdb.so db =/etc/vsftpd/vuser account required pam_userdb.so db =/etc/vsftpd/vuser support process: useradd-s/sbin/nologin vtest common file: touch/home/vtest modify permission: chmod 70 4/home/vtest Restart service:/etc/init. d/vsftpdrestart or Service vsftpd restart Nfs server: create directory: mkdir/filepub # vi/etc/exports/filepub 192.168.1.0/24 (rw, no_root_squash) Server ip restart Service: /etc/init. d/nfs restart re-enter the configuration file: The exportfs-rv client accesses nfsshowmount-e 192.168.1.111 (Server ip) mount. nfs 192.168.1.111:/filepub/mntdf-h/mnt the file under/mnt is the file on the server. when viewing the file, the server is in/filepub, the client is on the Nis server of the/mnt service: # vi/etc/hosts192.168.0.100 (Server ip) abc. Com abc to view ping abc. comDomainname abc, comeho "domainname abc.com">/etc/rc. local # vi/etc/sysconfig/network NIS_DOMAIN = abc.com install nisyum install yp *-y # vi/etc/ypserv. add "192.168.0.0/24: *: none" to user useradd aaa Passwd 123 and upgrade it to domain user:/usr/lib/yp/ypinit-m to start service/etc/init. d/ypserv start/etc/init. d/yppasswddrestart issue the host file # vi/etc/exports/home192.168.1.0/24 (rw, no_root_squash) Server ip Restart service:/etc/init. d/nf S restart re-enter the configuration file: exportfs-rv client vi/etc/hosts 192.168.0.100 abc.com abcvi/etc/yp. conf domain abc.com server abc. comnisdomainname abc. comecho "nisdomainname abc.com">/etc/rc. localecho "NIS_DOMAIN = abc.com">/etc/sysconfig/network modify the client authentication method nis # vi/etc/nsswitch. conf change passwd file nis chadow file nis group file nis start service:/etc. init. d/ypbind startecho "/etc. init. d/ypbind start ">/etc/rc. localecho" Nisdomainname abc.com ">/etc/rc. localchkconfig ypbind on calls the host file showmount-e 192.168.0.100 (Server ip) mount. nfs 192.168.0.100:/home/homedf-h/mnt query echo "mount. nfs 192.168.0.100:/home ">/etc/rc. the local samba service shares the file abc on windows. After linux accesses the window sharing, It queries and shares: net sharelinux to view: smbclient-L // 192.168.1.111 (windows ip)-U administrator to open the file: mount. cifs // 192.168.1.111/abc/mnt-ousername = administratordf-h/ Mnt or method 2 Smbclient // 192.168.1.111/abc-U administratorSmb:/Linux shared windows Access Linux installation: yum install samba *-y permanent chkconfig smb on view chkconfig amb--list modify bool value: setsebool-P samba_enable_home_dirs on create smb User Useradd aaa Smbopasswd-a 123 Restart service: /etc/init. d/smb restart Windows run input // 192.168.1.123 (linux ip) enter the user name and password, and you will see your home directory logged in with anonymous user nobody # vi/etc/samba/smb. before each sentence after conf [public]: Remove and change Path =/pub to delete Write list = + staff to create Directory: Mkdir/pub owner/group: Chown nobody: nobody/pub Restart service: etc/init. d/smb restart permission: chmod 700/pub change context: chcon-t samba_t _t/pub # vi/etc/samba/smb. conf change Security = share Restart service:/etc/init. d/smb restart: in this case, you can log on to windows with an anonymous user and you will see your public account. If you want to use the user, you will be able to see your home directory and public # vi/etc/samba. smb. conf change Security = user add browseable = yes # chmod o + rwx/pub in [public] and clear the password record in windows. net use */delete DHCP Service install yum install dhcp *- y # Vi/etc/dhc P/dhcpd. confddns-update-style interim; ignore client-updates; subnet 192.168.0.0 network 255.255.255.0 {Option routers 192.168.0.1; Option subnet-mask 255.255.255.0; Option nis-domain "abc.com "; option domain-name "abc.com"; Option domain-name-server 202.99.166.4; Option time-offset-18000; Range dynamic-bootp 192.168.0.10 192.168.0.100; Default-lease-time 21600; max-lease-time 43200; (retained) host jingli {Hard Ware Ethernet00: 0c: 29: 63: ac: 1c; (host max) Fixed-address192.168.1.11 (retained ip)} Vpn-pptp installation: Rpm-ivh pptpd-1.3.4-2.el6.i686 # I/etc/sysctl. conf: nex. listen 4_forward = 1 # I/etc/pptpd. confLocalip 192.168.1.1 (Internet) Remoteip 192.168.0.12-123 (Intranet) # vi/etc/ppp/chap-secertAaa (User) pptp 123 (password) * (select one of all) /192.168.0.23 (retained)/etc/init. d/pptpd restart attachment: Add Nic Cd/etc/sysconfig/network-scripts Cpifcfg-eth0 ifcfg-eth1 # viifcfg-eth1 Change eth0 to eth1 and go to max to change ipDNS to install: Yum installbind *-y # Vi/etc/named. conf change: Lliten-on port {192.168.0.100;} Server ip Allow-query {any;} # vi/etc/named. rfc1912.zone add forward zone "abc.com" zn {Type master; Fiel "abc.com. zone ";}; reverse zone" 0.168.192.in-adar arpa "zn {Type master; Fiel" abc.com ";}; Cd/var/namedCp named. localhost abc.com. zoneCp named. loopback abc. comVi abc.com. change zone to Mx10 mail (for emails) A 192.168.0.1 00 www A 192.168.0.100 (web Server ip address) ftp A 192.168.0.100 (ftp Server ip address) mail A 192.168.0.100 (mail Server) vi abc.com change: A 192.168.0.100100 PTR www. abc. com100 PTR ftp. abc. com100 PTR mail. abc. comChown root: named abc. comChown root: named abc.com. zone/etc/init. d/named restart/etc/init. d/named reload # Vi/etc/resolv. conf (with DNS) Nameserver 192.168.0.100 auxiliary DNSYum install bind *-yVi/etc/named. conf changed: Lliten-onport {192.168. 0.1;} ip address of the secondary server Allow-query {any;} # vi/etc/named. rfc1912.zone add forward zone "abc.com" zn {Type slave; Fiel "slave/abc.com. zone "; Masters {192.168.0.100;} (primary dns ip address)}; reverse zone" 0.168.192.in-adar arpa "zn {Type slaver; Fiel" slave/abc.com "; masters {192.168.0.100 ;}};/etc/init. d/named restart cluster create an IIS ip address 192.168.0.123Linux in windows to create a webpage step Yuminstall httpd *-y # Vi/etc/www/html/index.html content # vi/etc/ Httpd/conf/httpd. change conf to servername www.abc.com: 80/etc/init. d/httpd restart # vi/var/named/abc.com. change the zone to www 0 A 192.168.0.100 www 0 A 192.168.0.123/etc/init. d/httpd restart Web installation: Yum install httpd *-y create a website: vi/var/www/html/index.html/etc/init. d/httpdrestart: curl 192.168.0.100 (web Server ip) on LINUX) create a website Mkdir/web # Vi/web/index.html under your own directory to create a website # Vi/etc/httpd/conf/httpd. the default value of conf to DocumentBoot "/web" is/var/www/htm. L modify the context chcon-R-t httpd_sys_content_t/web/etc/init. d/httpdrestart limits # Vi/etc/httpd/conf/httpd. conf and <Directory/web> Order deny, allow Deny from all Allow from 192.168.0.100 AuthType Basic AuthName "helllo" AuthUserFile/etc/httpd/userpasswd Require user aaa <Diretory> Htpasswd-c/etc/httpd/userpasswd aaa/etc/init. d/httpdrestart user's home directory UseraddaaaVi/etc/httpd/conf/httpd. conf UserDir public_html # User Dir disabled plus # Mkdir/home/aaa/public_htmlVi/home/aaa/public_html/index.html Setsebool-P httpd_enable_homedirs onChcon-R-release/home/aaa/public_htmlChmod o + x/home/ aaa uses windows to access 192.168.0.100 /~ AaaLamp install msq database yum install mysql * and enable/etc/init. d/mysqld restartchkconfigmysqld onnetstat-nl | grep mysql queries mysql to enter view exit password mysqladmin-u root password 123 mysql-uroot-p to log on to showdatebeses to view Server Information usevi/etc /php. ini [MySQL] Mysql. defaule_port = 3306 insert mysql. default_host = 192.168.0.100mysql.default _ user = rootmysql. default_password = 1234 extension = msql. add a line of extension = msqli. so let him support msqli and exit vi/etc/httpd/conf/ Httpd. conf and LoadModuce php5_modulemodules/libphp5.so AddType application/x-http-php. Php share phpwind on Windows... Linux mount. cifs // 192.168.0.123/aaa/mnt-ousername = administratorCd/mntCp php... /Usr/local/srcCd/usr/local/src unzip: unzip php .. cp-Rfupload/var/www/htmlChmod-Rf777/var/www/html/uploadVi/etc/httpd/conf/httpd. conf change: DocumentBoot "/var/www/html/upload" AddDefaultCharset zh-CN/etc/init. d/httpdrestart: the name-based VM has DNS support for two nds forward regions: abc.com bbb.com # Vi/etc/httpd/conf/httpd. add <VirtualHost * 80> DocumentRoot/web1 Servername www.abc.com <Virtualhost> <VirtualHost * 80> DocumentRoot/web2 Servername www..bbb.com <Virtualhost> Mkdir/web1Mkdir/web2 # vi/etc/resolv. conf Nameserver 192.168.0.100 # vi/web1/index.html # vi/web2/index.html Chcon-R-t httpd_sys_content_t/web1/2/etc/init. d/httpdrestart combined with FTP Yuminstall vstftpd *-yUseraddaaa/bbb # Vi/etc/passwd change home directory:/home/aaa/web1/hoem/bbb/web2Chcon-Rfaaa: aaa/web1Chcon-Rfbbb: bbb/web2Setsebool-P allow_ftp_full_access onSetsebool-P ftp_hom E_dir onMv/var/ftp/var/bak. ftp. bak/etc/init. d/vsftpdrestart HTTPSYuminstall mod-ssl *-yCd/etc/pki/tls/certsMakeabc. the first three of crt are the passwords followed by www.abc.com, the domain name of the National Department of the City company (hereinafter referred to as the National full name). In the change to SSCertificateFile/etc/pki/tls/certs/aaa. crt SSCertificateFile/etc/pki/tls/certs/aaa. key # vi/etc/httpd/conf/httpd. confListen 80 plus # vi/var/www/htm/index.html access https: // SENDMAIL mail install DNS resolution mail.abc.com can mail Yum install sendmail *-yCd/et C/mail # Viaccess Add: connect 192.168.1.10 RELAY or Connect abc.com RELAYAlternatves -- config mta select 2:/usr/sbin/sendmail. sendmail disables postfix:/etc/int. d/postfix stop Chkconfig postfix off Yum remove postfix *-y # visendmail. cf plus #0 DaemonPortopt = port = smtp/Addr = 127.0.0.1Name = MTA/etc/init. d/sendmailrestart receive email Yuminstall dovecot *-y # Vi/etc/dovecot. conf and protocols = pop3 Listen = * Login_trusted_network = 192.168.0.0/24 # vi/etc/dovecot. conf/10-mail.conf # mail_location = mbox :~ /Mail: INBOX =/var/mail/% u/etc/init. d/dovecotrestart install DNS resolution based on identity audit SMTP authentication mail.abc.com can send an email Yum install sendmail *-yCd/etc/mail # Viaccess Add: connect 192.168.1.10 RELAY or Connect abc.com RELAYAlternatves -- select 2 for config mta:/usr/sbin/sendmail. sendmail disables postfix:/etc/int. d/postfix stop Chkconfig postfix off Yum remove postfix *-yYuminstall syrus *-y/etc/init. d/saslauthdstartChkconfigsasauthd on # visendmail. Mc Dnl TRUST_AUTH-MECH... MD5 .... Dnl .. GSSAP2 MD5 Delete dnlDAEMON-OPIONS... ADDR = 127.0.0.1 .. add ndlM4sendmail. mc> sendmail. cf/etc/init. d/sendmailrestart Yum install dovecot *-y # Vi/etc/dovecot. conf and protocols = pop3 Listen = * Login_trusted_network = 192.168.0.0/24 # vi/etc/dovecot. conf/10-mail.conf # mail_location = mbox :~ /Mail: INBOX =/var/mail/% u/etc/init. d/dovecotrestart Firewall add Nic Intranet 192.168.1.1 and Internet 222.222.222.222Vi/etc/sysctl. change conf to net. ipv4 = 1 Sysctl-p Based on the Source ip Address: iptables-t nat-APOSTROUTING-s 192.168.1.0/24-j SNAT-to 222.222.222.222 Based on the destination ip address: iptables-t nat-a prerouting-d222.222.222.222-p tcp-dport 80-j 192.168.1.2: 80 ping: iptables-a input-p icmp-jDROP external telnet internal: iptables-t nat-a prerouting-d222.222.222.222-p tcp-dport telnet-j DNAT-to192.168.1.2: 23 disable an external telnet instance: iptables-a forward-S222.222.222.222-p tcp-dport 23-j DROP release ftp: ip: iptables-t nat-APREROUTING-d 222.222.222.222-p tcp-dport 21-j 192.168.1.2: 21 Add module: modprobenf_nat_ftp (remove module rmmod nf_nat_ftp) Echo "modprobenf_nat_ftp">/etc/rc. modulesChmod 755/etc/rc. modules prohibits other hosts from pinging the firewall, but the firewall can ping other Iptables-AINPUT-p icmp-type Echo-Request-j DROPIptables-AINPUT-p icmp-type Echo-_ reply -j ACCEPTIptables-AINPUT-p icmp-type destination-unreachable-j ACCEPT: 01: 02: 03: 04: 05-j DROP allow the firewall machine to open tcp ports 20, 21, 25,110 and passive mode FTP ports 1250-1280Iptables-AINPUT-p tcp-m multiport-dport 20, 21, 25,110,125 0-1280-j ACCEPT prohibit conversion from source IP address segment Iptables-AFORWARD-p tcp-m iprang-src-rang 192.168.1.20-192.168.1.50-j DROP open local dnsIptables-AINPUT-p tcp- dport 53-j ACCEPTIptables-AINPUT-p udp-dport 53-j ACCEPTIptables-AOUPUT-p tcp-dport 53-j ACCEPTIptables-AOUPUT-p udp-dport 53-j ACCEPT view iptables -t nat-L clear rules iptables-F

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.