LAB Linux in heterogenen Netzen: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 161: | Zeile 161: | ||
address 172.26.55.0/24 | address 172.26.55.0/24 | ||
</pre> | </pre> | ||
| + | =Forwarding anschalten= | ||
| + | *'''echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf''' | ||
| + | *'''echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf''' | ||
Version vom 3. Oktober 2024, 11:57 Uhr
![Bearbeiten](javascript:editDrawio("169760289", "linux-heterogen-01.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Aufbau des Labors
- Eine Debian Maschine soll uns als Firewall dienen
- Daran wird ein Cisco Layer 2 Switch angeschlossen.
- Zu diesem gegen 3 Vlans 1,21,22
- VLAN 1 = MGMT
- VLAN 21 = CLIENTS
- VLAN 22 = SERVER
- Des weiteren sind an der Firewal das WAN und das DMZ Interface
Die Netzzuteilung
IPv4
- gateway 172.30.34.1
- nameserver 8.8.8.8
- search labXX.linuggs.de
| Teilnehmer | Labor | Netz | Öffentliche Adresse | MGMT | CLIENTS | SERVER | DMZ |
|---|---|---|---|---|---|---|---|
| TN01 | lab00 | 172.26.0.0/22 | 172.30.34.1 | 172.26.0.0/24 | 172.26.1.0/24 | 172.26.2.0/24 | 172.26.3.0/24 |
| TN02 | lab04 | 172.26.4.0/22 | 172.30.34.2 | 172.26.4.0/24 | 172.26.5.0/24 | 172.26.6.0/24 | 172.26.7.0/24 |
| TN03 | lab08 | 172.26.8.0/22 | 172.30.34.3 | 172.26.8.0/24 | 172.26.9.0/24 | 172.26.10.0/24 | 172.26.11.0/24 |
| TN04 | lab0c | 172.26.12.0/22 | 172.30.34.4 | 172.26.12.0/24 | 172.26.13.0/24 | 172.26.14.0/24 | 172.26.15.0/24 |
| TN05 | lab10 | 172.26.16.0/22 | 172.30.34.5 | 172.26.16.0/24 | 172.26.17.0/24 | 172.26.18.0/24 | 172.26.19.0/24 |
| TN06 | lab14 | 172.26.20.0/22 | 172.30.34.6 | 172.26.20.0/24 | 172.26.21.0/24 | 172.26.22.0/24 | 172.26.23.0/24 |
| TN07 | lab18 | 172.26.24.0/22 | 172.30.34.7 | 172.26.24.0/24 | 172.26.25.0/24 | 172.26.26.0/24 | 172.26.27.0/24 |
| TN08 | lab1c | 172.26.28.0/22 | 172.30.34.8 | 172.26.28.0/24 | 172.26.29.0/24 | 172.26.30.0/24 | 172.26.31.0/24 |
| TN09 | lab20 | 172.26.32.0/22 | 172.30.34.9 | 172.26.32.0/24 | 172.26.33.0/24 | 172.26.34.0/24 | 172.26.35.0/24 |
| TN10 | lab24 | 172.26.36.0/22 | 172.30.34.10 | 172.26.36.0/24 | 172.26.37.0/24 | 172.26.38.0/24 | 172.26.39.0/24 |
| TN11 | lab28 | 172.26.40.0/22 | 172.30.34.11 | 172.26.40.0/24 | 172.26.41.0/24 | 172.26.42.0/24 | 172.26.43.0/24 |
| TN12 | lab2c | 172.26.44.0/22 | 172.30.34.12 | 172.26.44.0/24 | 172.26.45.0/24 | 172.26.46.0/24 | 172.26.47.0/24 |
| TN13 | lab30 | 172.26.48.0/22 | 172.30.34.13 | 172.26.48.0/24 | 172.26.49.0/24 | 172.26.50.0/24 | 172.26.51.0/24 |
| TN14 | lab34 | 172.26.52.0/22 | 172.30.34.14 | 172.26.52.0/24 | 172.26.53.0/24 | 172.26.54.0/24 | 172.26.55.0/24 |
IPv6
- gateway 2a02:24d8:71:3000::1
- nameserver 2001:4860:4860:8888
- search labXX.linuggs.de
| Teilnehmer | Labor | Netz | Öffentliche Adresse | MGMT | CLIENTS | SERVER | DMZ |
|---|---|---|---|---|---|---|---|
| TN01 | lab00 | 2a02:24d8:71:3000::/62 | 2a02:24d8:71:3040::3000 | 2a02:24d8:71:3000::/64 | 2a02:24d8:71:3001::/64 | 2a02:24d8:71:3002::/64 | 2a02:24d8:71:3003::/64 |
| TN02 | lab04 | 2a02:24d8:71:3004::/62 | 2a02:24d8:71:3040::3004 | 2a02:24d8:71:3004::/64 | 2a02:24d8:71:3005::/64 | 2a02:24d8:71:3006::/64 | 2a02:24d8:71:3007::/64 |
| TN03 | lab08 | 2a02:24d8:71:3008::/62 | 2a02:24d8:71:3040::3008 | 2a02:24d8:71:3008::/64 | 2a02:24d8:71:3009::/64 | 2a02:24d8:71:300a::/64 | 2a02:24d8:71:300b::/64 |
| TN04 | lab0c | 2a02:24d8:71:300c::/62 | 2a02:24d8:71:3040::300c | 2a02:24d8:71:300c::/64 | 2a02:24d8:71:300d::/64 | 2a02:24d8:71:300e::/64 | 2a02:24d8:71:300f::/64 |
| TN05 | lab10 | 2a02:24d8:71:3010::/62 | 2a02:24d8:71:3040::3010 | 2a02:24d8:71:3010::/64 | 2a02:24d8:71:3011::/64 | 2a02:24d8:71:3012::/64 | 2a02:24d8:71:3013::/64 |
| TN06 | lab14 | 2a02:24d8:71:3014::/62 | 2a02:24d8:71:3040::3014 | 2a02:24d8:71:3014::/64 | 2a02:24d8:71:3015::/64 | 2a02:24d8:71:3016::/64 | 2a02:24d8:71:3017::/64 |
| TN07 | lab18 | 2a02:24d8:71:3018::/62 | 2a02:24d8:71:3040::3018 | 2a02:24d8:71:3018::/64 | 2a02:24d8:71:3019::/64 | 2a02:24d8:71:301a::/64 | 2a02:24d8:71:301b::/64 |
| TN08 | lab1c | 2a02:24d8:71:301c::/62 | 2a02:24d8:71:3040::301c | 2a02:24d8:71:301c::/64 | 2a02:24d8:71:301d::/64 | 2a02:24d8:71:301e::/64 | 2a02:24d8:71:301f::/64 |
| TN09 | lab20 | 2a02:24d8:71:3020::/62 | 2a02:24d8:71:3040::3020 | 2a02:24d8:71:3020::/64 | 2a02:24d8:71:3021::/64 | 2a02:24d8:71:3022::/64 | 2a02:24d8:71:3023::/64 |
| TN10 | lab24 | 2a02:24d8:71:3024::/62 | 2a02:24d8:71:3040::3024 | 2a02:24d8:71:3024::/64 | 2a02:24d8:71:3025::/64 | 2a02:24d8:71:3026::/64 | 2a02:24d8:71:3027::/64 |
| TN11 | lab28 | 2a02:24d8:71:3028::/62 | 2a02:24d8:71:3040::3028 | 2a02:24d8:71:3028::/64 | 2a02:24d8:71:3029::/64 | 2a02:24d8:71:302a::/64 | 2a02:24d8:71:302b::/64 |
| TN12 | lab2c | 2a02:24d8:71:302c::/62 | 2a02:24d8:71:3040::302c | 2a02:24d8:71:302c::/64 | 2a02:24d8:71:302d::/64 | 2a02:24d8:71:302e::/64 | 2a02:24d8:71:302f::/64 |
| TN13 | lab30 | 2a02:24d8:71:3030::/62 | 2a02:24d8:71:3040::3030 | 2a02:24d8:71:3030::/64 | 2a02:24d8:71:3031::/64 | 2a02:24d8:71:3032::/64 | 2a02:24d8:71:3033::/64 |
| TN14 | lab34 | 2a02:24d8:71:3034::/62 | 2a02:24d8:71:3040::3034 | 2a02:24d8:71:3034::/64 | 2a02:24d8:71:3035::/64 | 2a02:24d8:71:3036::/64 | 2a02:24d8:71:3037::/64 |
Die Firewall
Setzen und anpassen des Hostnamen
- LAB=lab34
- hostnamectl set-hostname $LAB.linuggs.de
- hostnamectl
Static hostname: lab34.linuggs.de
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: a736abd11f52406db0e02d7a3877059b
Boot ID: 089a7ce53e6a429797007e7e4acba90b
Virtualization: oracle
Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.1.0-25-amd64
Architecture: x86-64
Hardware Vendor: innotek GmbH
Hardware Model: VirtualBox
Firmware Version: VirtualBox
- cat /etc/hosts
127.0.0.1 localhost 127.0.1.1 firewall.lab34.int firewall
Installation des vlan Paketes
- apt install vlan
Anpassen der Netzwerk Konfiguration
- cat /etc/network/interfaces
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # WAN auto enp0s3 iface enp0s3 inet static address 172.30.34.14 gateway 172.30.34.254 iface enp0s3 inet6 static address 2a02:24d8:71:3040::3034/64 gateway 2a02:24d8:71:3040::1 #MGMT auto enp0s9 iface enp0s9 inet6 static address 2a02:24d8:71:3034::1/64 iface enp0s9 inet static address 172.26.52.1/24 #CLIENTS auto enp0s9.21 iface enp0s9.21 inet6 static address 2a02:24d8:71:3035::1/64 vlan-raw-device enp0s9 iface enp0s9.21 inet static addres 172.26.53.1/24 vlan-raw-device enp0s9 #SERVER auto enp0s9.22 iface enp0s9.22 inet6 static address 2a02:24d8:71:3036::1/64 vlan-raw-device enp0s9 iface enp0s9.22 inet static address 172.26.54.1/24 vlan-raw-device enp0s9 #DMZ auto enp0s8 iface enp0s8 inet6 static address 2a02:24d8:71:3037::1/64 iface enp0s8 inet static address 172.26.55.0/24
Forwarding anschalten
- echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
- echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf