LAB Linux in heterogenen Netzen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Aufbau des Labors

  • Eine Debian Maschine soll uns als Firewall dienen
  • Daran wird ein Cisco Layer 2 Switch angeschlossen.
  • Zu diesem gegen 3 Vlans 1,21,22
  • VLAN 1 = MGMT
  • VLAN 21 = CLIENTS
  • VLAN 22 = SERVER
  • Des weiteren sind an der Firewal das WAN und das DMZ Interface

Die Netzzuteilung

IPv4

  • gateway 172.30.34.1
  • nameserver 8.8.8.8
  • search labXX.linuggs.de
Teilnehmer Labor Netz Öffentliche Adresse MGMT CLIENTS SERVER DMZ
TN01 lab00 172.26.0.0/22 172.30.34.1 172.26.0.0/24 172.26.1.0/24 172.26.2.0/24 172.26.3.0/24
TN02 lab04 172.26.4.0/22 172.30.34.2 172.26.4.0/24 172.26.5.0/24 172.26.6.0/24 172.26.7.0/24
TN03 lab08 172.26.8.0/22 172.30.34.3 172.26.8.0/24 172.26.9.0/24 172.26.10.0/24 172.26.11.0/24
TN04 lab0c 172.26.12.0/22 172.30.34.4 172.26.12.0/24 172.26.13.0/24 172.26.14.0/24 172.26.15.0/24
TN05 lab10 172.26.16.0/22 172.30.34.5 172.26.16.0/24 172.26.17.0/24 172.26.18.0/24 172.26.19.0/24
TN06 lab14 172.26.20.0/22 172.30.34.6 172.26.20.0/24 172.26.21.0/24 172.26.22.0/24 172.26.23.0/24
TN07 lab18 172.26.24.0/22 172.30.34.7 172.26.24.0/24 172.26.25.0/24 172.26.26.0/24 172.26.27.0/24
TN08 lab1c 172.26.28.0/22 172.30.34.8 172.26.28.0/24 172.26.29.0/24 172.26.30.0/24 172.26.31.0/24
TN09 lab20 172.26.32.0/22 172.30.34.9 172.26.32.0/24 172.26.33.0/24 172.26.34.0/24 172.26.35.0/24
TN10 lab24 172.26.36.0/22 172.30.34.10 172.26.36.0/24 172.26.37.0/24 172.26.38.0/24 172.26.39.0/24
TN11 lab28 172.26.40.0/22 172.30.34.11 172.26.40.0/24 172.26.41.0/24 172.26.42.0/24 172.26.43.0/24
TN12 lab2c 172.26.44.0/22 172.30.34.12 172.26.44.0/24 172.26.45.0/24 172.26.46.0/24 172.26.47.0/24
TN13 lab30 172.26.48.0/22 172.30.34.13 172.26.48.0/24 172.26.49.0/24 172.26.50.0/24 172.26.51.0/24
TN14 lab34 172.26.52.0/22 172.30.34.14 172.26.52.0/24 172.26.53.0/24 172.26.54.0/24 172.26.55.0/24

IPv6

  • gateway 2a02:24d8:71:3000::1
  • nameserver 2001:4860:4860:8888
  • search labXX.linuggs.de
Teilnehmer Labor Netz Öffentliche Adresse MGMT CLIENTS SERVER DMZ
TN01 lab00 2a02:24d8:71:3000::/62 2a02:24d8:71:3040::3000 2a02:24d8:71:3000::/64 2a02:24d8:71:3001::/64 2a02:24d8:71:3002::/64 2a02:24d8:71:3003::/64
TN02 lab04 2a02:24d8:71:3004::/62 2a02:24d8:71:3040::3004 2a02:24d8:71:3004::/64 2a02:24d8:71:3005::/64 2a02:24d8:71:3006::/64 2a02:24d8:71:3007::/64
TN03 lab08 2a02:24d8:71:3008::/62 2a02:24d8:71:3040::3008 2a02:24d8:71:3008::/64 2a02:24d8:71:3009::/64 2a02:24d8:71:300a::/64 2a02:24d8:71:300b::/64
TN04 lab0c 2a02:24d8:71:300c::/62 2a02:24d8:71:3040::300c 2a02:24d8:71:300c::/64 2a02:24d8:71:300d::/64 2a02:24d8:71:300e::/64 2a02:24d8:71:300f::/64
TN05 lab10 2a02:24d8:71:3010::/62 2a02:24d8:71:3040::3010 2a02:24d8:71:3010::/64 2a02:24d8:71:3011::/64 2a02:24d8:71:3012::/64 2a02:24d8:71:3013::/64
TN06 lab14 2a02:24d8:71:3014::/62 2a02:24d8:71:3040::3014 2a02:24d8:71:3014::/64 2a02:24d8:71:3015::/64 2a02:24d8:71:3016::/64 2a02:24d8:71:3017::/64
TN07 lab18 2a02:24d8:71:3018::/62 2a02:24d8:71:3040::3018 2a02:24d8:71:3018::/64 2a02:24d8:71:3019::/64 2a02:24d8:71:301a::/64 2a02:24d8:71:301b::/64
TN08 lab1c 2a02:24d8:71:301c::/62 2a02:24d8:71:3040::301c 2a02:24d8:71:301c::/64 2a02:24d8:71:301d::/64 2a02:24d8:71:301e::/64 2a02:24d8:71:301f::/64
TN09 lab20 2a02:24d8:71:3020::/62 2a02:24d8:71:3040::3020 2a02:24d8:71:3020::/64 2a02:24d8:71:3021::/64 2a02:24d8:71:3022::/64 2a02:24d8:71:3023::/64
TN10 lab24 2a02:24d8:71:3024::/62 2a02:24d8:71:3040::3024 2a02:24d8:71:3024::/64 2a02:24d8:71:3025::/64 2a02:24d8:71:3026::/64 2a02:24d8:71:3027::/64
TN11 lab28 2a02:24d8:71:3028::/62 2a02:24d8:71:3040::3028 2a02:24d8:71:3028::/64 2a02:24d8:71:3029::/64 2a02:24d8:71:302a::/64 2a02:24d8:71:302b::/64
TN12 lab2c 2a02:24d8:71:302c::/62 2a02:24d8:71:3040::302c 2a02:24d8:71:302c::/64 2a02:24d8:71:302d::/64 2a02:24d8:71:302e::/64 2a02:24d8:71:302f::/64
TN13 lab30 2a02:24d8:71:3030::/62 2a02:24d8:71:3040::3030 2a02:24d8:71:3030::/64 2a02:24d8:71:3031::/64 2a02:24d8:71:3032::/64 2a02:24d8:71:3033::/64
TN14 lab34 2a02:24d8:71:3034::/62 2a02:24d8:71:3040::3034 2a02:24d8:71:3034::/64 2a02:24d8:71:3035::/64 2a02:24d8:71:3036::/64 2a02:24d8:71:3037::/64

Die Firewall

Setzen und anpassen des Hostnamen

  • LAB=lab34
  • hostnamectl set-hostname $LAB.linuggs.de
  • hostnamectl
 Static hostname: lab34.linuggs.de
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: a736abd11f52406db0e02d7a3877059b
         Boot ID: 089a7ce53e6a429797007e7e4acba90b
  Virtualization: oracle
Operating System: Debian GNU/Linux 12 (bookworm)  
          Kernel: Linux 6.1.0-25-amd64
    Architecture: x86-64
 Hardware Vendor: innotek GmbH
  Hardware Model: VirtualBox
Firmware Version: VirtualBox
  • cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	firewall.lab34.int	firewall

Installation des vlan Paketes

  • apt install vlan

Anpassen der Netzwerk Konfiguration

  • cat /etc/network/interfaces
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# WAN
auto enp0s3
iface enp0s3 inet static
 address 172.30.34.14
 gateway 172.30.34.254

iface enp0s3 inet6 static
 address 2a02:24d8:71:3040::3034/64
 gateway 2a02:24d8:71:3040::1


#MGMT
auto enp0s9
iface enp0s9 inet6 static
 address 2a02:24d8:71:3034::1/64

iface enp0s9 inet static
 address 172.26.52.1/24

#CLIENTS
auto enp0s9.21
iface enp0s9.21 inet6 static
 address 2a02:24d8:71:3035::1/64
 vlan-raw-device enp0s9

iface enp0s9.21 inet static
 address 172.26.53.1/24 
 vlan-raw-device enp0s9

#SERVER
auto enp0s9.22
iface enp0s9.22 inet6 static
 address 2a02:24d8:71:3036::1/64
 vlan-raw-device enp0s9

iface enp0s9.22 inet static
 address 172.26.54.1/24
 vlan-raw-device enp0s9

#DMZ
auto enp0s8
iface enp0s8 inet6 static
 address 2a02:24d8:71:3037::1/64

iface enp0s8 inet static
 address 172.26.55.0/24

Forwarding anschalten

  • echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
  • echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf

Reboot

  • reboot

Der Cisco Router

Grundsätzliches

Es dauert bis er bootet
  • Zugang über ssh admin@localhost -p 3022
  • User: admin
  • Pass: admin

Wichtige Befehle

Konfig anzeigen
  • cisco# show running-config
Konfig Modus
  • cisco(config)# configure terminal
Hostname setzen
  • cisco(config)# hostname cisco-sw
Wieder zurück
  • cisco-sw(config)# exit
Konfig zu Start Konfig machen
  • cisco-sw# copy running-config startup-config

VLANS anlegen

  • cisco-sw# configure terminal
  • cisco-sw(config)# vlan 21
  • cisco-sw(config-vlan)# name CLIENTS
  • cisco-sw(config-vlan)# vlan 22
  • cisco-sw(config-vlan)# name SERVER
  • cisco-sw(config-vlan)# end
  • cisco-sw# copy running-config startup-config
  • cisco-sw# show vlan

Managment Interface Addressieren

  • cisco-sw# conf t
  • cisco-sw(config)# interface Vlan1
  • cisco-sw(config-if)# description MGMT
  • cisco-sw(config-if)# no shutdown
  • cisco-sw(config-if)# ipv6 address 2a02:24d8:71:3034::2/64
  • cisco-sw(config-if)# ip address 172.26.52.2/24
  • cisco-sw(config-if)# end
  • cisco-sw# show running-config interface vlan 1
!Command: show running-config interface Vlan1
!Running configuration last done at: Thu Oct  3 12:15:05 2024
!Time: Thu Oct  3 12:15:30 2024

version 10.1(1) Bios:version  

interface Vlan1
  description MGMT
  no shutdown
  ip address 172.26.52.2/24
  ipv6 address 2a02:24d8:71:3034::2/64
  • cisco-sw# copy running-config startup-config

Konnektivität testen

  • cisco-sw# ping 172.26.52.1
  • cisco-sw# ping6 2a02:24d8:71:3034::1

Default Routen

  • cisco-sw# configure terminal
  • cisco-sw(config)# ip route 0.0.0.0 0.0.0.0 172.26.52.1
  • cisco-sw(config)# ipv6 route ::/0 2a02:24d8:71:3034::1
  • cisco-sw(config)# end

Konnektivität testen

  • cisco-sw# ping 8.8.8.8
  • cisco-sw# ping6 2001:4860:4860::8888

Nameserver einrichten

  • cisco-sw# configure terminal
  • cisco-sw(config)# ip name-server 8.8.8.8
  • cisco-sw(config)# ip name-server 2001:4860:4860::8888
  • cisco-sw(config)# ip domain-name lab34.linuggs.de
  • cisco-sw# exit
  • cisco-sw# copy running-config startup-config

Ports einrichten

  • cisco-sw# configure terminal
  • cisco-sw(config)# interface ethernet 1/1
  • cisco-sw(config)# interface ethernet 1/1
  • cisco-sw(config-if)# switchport mode trunk
  • cisco-sw(config-if)# description Zur Firewall
  • cisco-sw(config)# interface ethernet 1/2
  • cisco-sw(config-if)# switchport access vlan 22
  • cisco-sw(config-if)# description SERVER
  • cisco-sw(config)# interface Ethernet1/3
  • cisco-sw(config-if)# switchport access vlan 21
  • cisco-sw(config-if)# description CLIENTS
  • cisco-sw(config)# interface Ethernet1/4
  • cisco-sw(config-if)# switchport access vlan 22
  • cisco-sw(config-if)# description SERVER
  • cisco-sw(config)# interface Ethernet1/5
  • cisco-sw(config-if)# switchport access vlan 22
  • cisco-sw(config-if)# description SERVER
  • cisco-sw(config)# interface Ethernet1/6
  • cisco-sw(config-if)# switchport access vlan 21
  • cisco-sw(config-if)# description CLIENTS
  • cisco-sw(config)# interface Ethernet1/7
  • cisco-sw(config-if)# switchport access vlan 22
  • cisco-sw(config-if)# description SERVER
  • cisco-sw# exit
  • cisco-sw# copy running-config startup-config

Ergebnis

Abgerufen von „http://wiki.ixheim.de/index.php?title=LAB_Linux_in_heterogenen_Netzen&oldid=56739