infra:serveurs:sonic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
infra:serveurs:sonic [2023-11-08 21:06] – removed - external edit (Unknown date) 127.0.0.1 | infra:serveurs:sonic [2023-11-08 21:41] (current) – update ToM | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Sonic : services internet FUZ ====== | ||
+ | |||
+ | **sonic** est un serveur qui a beaucoup souffert. Né dans le lieu précédent (rue de la Réunion), ce serveur a servi un peu à tout : partage de connexion internet, serveur mail et mailing lists, serveur web, serveur MPD, ... | ||
+ | |||
+ | Depuis, beaucoup de choses ont changé : ce serveur ne fait quasiment plus que [[infra: | ||
+ | |||
+ | * Localisation : local du FUZ, paillasse centrale, colonne de gauche, celui du dessus :-) | ||
+ | * CPU: | ||
+ | * RAM: | ||
+ | * HDD: | ||
+ | * Connexion : au routeur/ | ||
+ | * IP/DNS: '' | ||
+ | |||
+ | ===== Installation initiale ===== | ||
+ | |||
+ | <WRAP info> | ||
+ | |||
+ | ==== Roadmap ==== | ||
+ | |||
+ | * < | ||
+ | * < | ||
+ | * < | ||
+ | * Upgrade vers Debian 11 Bullseye | ||
+ | * Fix le RDNS '' | ||
+ | |||
+ | ==== Installation ==== | ||
+ | |||
+ | - Installation debian stretch (amd64) | ||
+ | - Ajout des paquets '' | ||
+ | - Ajout du fichier ''/ | ||
+ | # Port du haut | ||
+ | SUBSYSTEM==" | ||
+ | # Port du bas | ||
+ | SUBSYSTEM==" | ||
+ | </ | ||
+ | - Ajout du chargement automatique du module vlan au démarrage : < | ||
+ | # | ||
+ | # This file contains the names of kernel modules that should be loaded | ||
+ | # at boot time, one per line. Lines beginning with "#" | ||
+ | 8021q | ||
+ | </ | ||
+ | - Ajout du fichier ''/ | ||
+ | user " | ||
+ | |||
+ | pty "/ | ||
+ | noipdefault | ||
+ | defaultroute | ||
+ | hide-password | ||
+ | replacedefaultroute | ||
+ | persist | ||
+ | noauth | ||
+ | usepeerdns | ||
+ | lcp-echo-interval 20 | ||
+ | lcp-echo-failure 3 | ||
+ | plugin rp-pppoe.so wan0.835 | ||
+ | default-asyncmap | ||
+ | noaccomp | ||
+ | mtu 1492</ | ||
+ | - Configuration du réseau dans ''/ | ||
+ | |||
+ | iface wan0 inet manual | ||
+ | iface wan0.835 inet manual | ||
+ | |||
+ | iface ppp0 inet ppp | ||
+ | provider orange | ||
+ | |||
+ | iface lan0 inet static | ||
+ | address 192.168.42.1/ | ||
+ | </ | ||
+ | - Ajout des règles netfilter dans un fichier ''/ | ||
+ | #!/bin/bash | ||
+ | |||
+ | echo 1 > / | ||
+ | echo 0 > / | ||
+ | echo 1 > / | ||
+ | echo 0 > / | ||
+ | echo 0 > / | ||
+ | echo 1 > / | ||
+ | echo 1 > / | ||
+ | |||
+ | # Flush all chains | ||
+ | iptables --flush | ||
+ | ip6tables --flush | ||
+ | # stop routing | ||
+ | echo 0 > / | ||
+ | # Flush | ||
+ | iptables -F | ||
+ | iptables -t nat -F | ||
+ | |||
+ | OUT=" | ||
+ | echo " | ||
+ | |||
+ | # Allow unlimited traffic on the loopback interface | ||
+ | / | ||
+ | / | ||
+ | |||
+ | # Accepte les paquets des sessions deja etablies | ||
+ | / | ||
+ | # Allow unlimited outbound traffic | ||
+ | / | ||
+ | / | ||
+ | |||
+ | |||
+ | |||
+ | # Disallow NEW and INVALID incoming or forwarded packets from $OUT. | ||
+ | iptables -A INPUT -i $OUT -m state --state NEW,INVALID -j DROP | ||
+ | |||
+ | iptables -t nat -A POSTROUTING -o $OUT -j MASQUERADE | ||
+ | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | ||
+ | # Turn on IP forwarding | ||
+ | echo 1 > / | ||
+ | </ | ||
+ | - Configurer le serveur DHCP ''/ | ||
+ | option domain-name " | ||
+ | Option domain-name-servers 80.67.169.12, | ||
+ | |||
+ | ## LAN0 | ||
+ | subnet 192.168.42.0 netmask 255.255.255.0 { | ||
+ | range 192.168.42.42 192.168.42.254; | ||
+ | option subnet-mask 255.255.255.0; | ||
+ | option broadcast-address 192.168.42.255; | ||
+ | option routers 192.168.42.1; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Relancer tout ! | ||
+ | |||
+ | À suivre : configuration exim4/ | ||
+ | |||
infra/serveurs/sonic.txt · Last modified: 2023-11-08 21:41 by ToM