...
Replication of production setup
Here, we replicate the relevant parts of the present installation as a starting point.
Imported ~/Documents/Debian9-base.ova as Debian9-base_8021x, re-initializing all MAC addresses
Added eth adapter 2, re-init MAC
CPU, increase to 2
added eth1 mac address to server DHCP config, 192.168.10.52
server shwl add 52
Booted, disconnected eth2 because of errors
Logged in to GUI, connected DHCP
apt-get update
apt-get upgrade
reboot VM
rm 02proxy
set better ls and root passwords
installed ssh pub key in root
Code Block |
---|
apt-get install shorewall
apt-get install ipset
mv /etc/shorewall{,-orig}
mkdir /etc/shorewall
root@server.lastschl:~# scp /etc/shorewall/* root@192.168.10.52:/etc/shorewall/
#commented all entries related to loc and vpn zones (including dynamic zone man) in all files
#removed all MAC addresses of wifi clients
|
Code Block |
---|
cp -r shorewall{,-remove-loc-vpn-man-wifimac}
updated interface names in interfaces, masq
cp -r shorewall{,-updated-interfaces}
/etc/default/shorewall startup=1
removed postfix, proxy rules (did not update config backups)
added shorewall rules _apt |
Code Block |
---|
systemctl enable shorewall.service
systemctl disable network-manager.service
systemctl disable NetworkManager.service
root@server.lastschl:~# scp /etc/network/interfaces 192.168.10.52:/etc/network/
updated interface names, removed loc interface, and updated net ip
unlink /etc/resolv.conf
echo nameserver 192.168.10.1 > /etc/resolv.conf |
Code Block |
---|
root@server.lastschl:~# scp /etc/rsyslog.d/40-shorewall.conf 192.168.10.52:/etc/rsyslog.d/
root@server.lastschl:~# scp /etc/logrotate.d/shorewall 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.d/rsyslog 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.conf 192.168.10.52:/etc/
mkdir /etc/ltsp
root@server.lastschl:~# scp /etc/ltsp/dhcpd.conf 192.168.10.52:/etc/ltsp/
root@server.lastschl:~# scp /etc/dhcp/dhcpd.conf 192.168.10.52:/etc/dhcp/
apt-get install isc-dhcp-server
/etc/default/isc-dhcp-server
removed 10 network from dhcp
lastschl.av to test.av
removed MAC reservations |
Configure DNS (based on LASTSCHL-211):
Code Block |
---|
apt-get install dnsmasq
touch /var/log/dnsmasq
chmod 640 /var/log/dnsmasqSet in /etc/dnsmasq.conf |
Code Block |
---|
strict-order
interface=enp0s8
expand-hosts
domain=test.av
log-queries
log-facility=/var/log/dnsmasq
|
/etc/logrotate.d/dnsmasq
Code Block |
---|
/var/log/dnsmasq
{
rotate 730
daily
nomissingok
notifempty
delaycompress
compress
dateext
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
} |
/etc/hostname
Code Block |
---|
debian9-base.test.av |
/etc/hosts
Code Block |
---|
127.0.0.1 localhost
192.168.9.1 test.av
192.168.9.1 server.test.av server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters |
packages: shorewall
New stuff
...