Projeto Integrador - 2009.2 - Equipe Epsilon
Ir para navegação
Ir para pesquisar
24/11/2009
Escolha do nome da equipe = Épsilon
Instalação do Servidor Ubuntu versão 9.10
- Usado o servidor DHCP do Laboratório Redes I para atualização dos serviços do servidor
sudo apt-get update
Instalando ssh
sudo apt-get install ssh
Configuração de teste na interface eth0
sudo ifconfig 200.135.37.115 netmask 255.255.255.0
Discussão do desenvolvimento do projeto
Teste do GRAPHVIZ
<graphviz>
digraph PI { CAB -> IER IER -> GAR GAR -> PRC IER -> PRC
} </graphviz>
25/11/2009
Apresentação do projeto, parte de IER
Configurado as interfaces
eth0 address 200.135.37.115 netmask 255.255.255.0 network 200.135.37.0 broadcast 200.135.37.255 gateway 200.135.37.1 dns-nameserves 200.135.37.1
eth1 address 172.115.1.1 netmask 255.255.255.0 network 172.115.1.0 broadcast 172.115.1.255
eth1.1 address 192.168.1.220 netmask 255.255.255.0
Instalado Hotspot no servidor
wget http://nocat.net/downloads/NoCatAuth/NocatAuth-nightty.tgz
Configurado resolv.conf
vim /etc/resolv.conf domain REDES1 search REDES1 nameserver 200.135.37.65
- Sequencia de comandos para o hotspot
tar zvxf NocatAuth-x.xx.tar.gz cd NocatAuth-x.xx make gateway cd /usr/local/nocat vim nocat.conf *verifcado linhas 22 alterado GatewayName Epsilon 125 130 141 150 160 168 176 183 alterado como RoteOnly 1 193 201 alterado como MemberOnly 1 211 226
- Hotspot ainda precisa ser configurado em alguns tópicos.
26/11/2009
Instalação de serviços
- APACHE
sudo apt-get install apache2
- DHCP
sudo apt-get install dhcpd3-server
- PHP
sudo apt-get install php5 php5-mysql
- MYSQL
sudo apt-get install mysql-server
- SNMP
sudo apt-get install snmp snmpd
- DNS
sudo apt-get install bind9
- POSTFIX e IMAP
sudo apt-get install postfix dovecot-imapd
- CACTI
sudo apt-get install cacti
Configuração DNS
configurado arquivo /etc/bind/named.conf.local
zone "epsilon.sj.ifsc.edu.br" { type master; file "/etc/bind/epsilon.sj.ifsc.edu.br"; }; zone "37.135.200.in-addr.arpa" { type master; file "/etc/bind/37.135.200.in-addr.arpa"; };
configurado arquivo /etc/bind/epsilon.sj.ifsc.edu.br
$TTL 86400 ; Start of Authority: início de autoridade @ IN SOA dns1.epsilon.sj.ifsc.edu.br. epsilon.sj.ifsc.edu.br. ( 2009112600 ; Serial 1d ; Refresh 4h ; Retry 1w ; Expire 1d ) ; Negative Cache TTL ; ; Name Server: servidores DNS @ IN NS dns1 @ IN MX 0 mail @ IN A 200.135.37.115 ; ; Address: endereço dns1 IN A 200.135.37.115 mail IN A 200.135.37.115 www IN A 200.135.37.115 ; ; Canonical Name: "epsilon" web IN CNAME www
configurado arquivo /etc/bind/37.135.200.in-addr.arpa
$TTL 86400 ; Start of Authority: início de autoridade @ IN SOA dns1.epsilon.sj.ifsc.edu.br. epsilon.sj.ifsc.edu.br. ( 2009112601 ; Serial 1d ; Refresh 4h ; Retry 1w ; Expire 1d ) ; Negative Cache TTL ; ; Name Server: servidores DNS @ IN NS dns1.epsilon.sj.ifsc.edu.br. ; ; Address: endereço 1 IN PTR dns1.epsilon.sj.ifsc.edu.br. 3 IN PTR mail.epsilon.sj.ifsc.edu.br. 100 IN PTR www.epsilon.sj.ifsc.edu.br.
Editado o arquivo /etc/network/interfaces
# The loopback network interface auto lo iface lo inet loopback # Interface externa auto eth0 iface eth0 inet static address 200.135.37.115 netmask 255.255.255.0 network 200.135.37.0 broadcast 200.135.37.255 gateway 200.135.37.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 200.135.37.1 # Interface Interna auto eth1 iface eth1 inet static address 172.20.1.1 netmask 255.255.255.0 network 172.20.1.0 # Interface Virtual auto vlan1 iface vlan1 inet static address 192.168.1.220 netmask 255.255.255.0 vlan_raw_device eth1 # Vlan 501 auto vlan501 iface vlan501 inet static address 172.21.1.1 netmask 255.255.255.0 vlan_raw_device eth1 # Vlan 502 auto vlan502 iface vlan502 inet static address 172.22.1.1 netmask 255.255.255.0 vlan_raw_device eth1 # Vlan 503 auto vlan503 iface vlan503 inet static address 172.23.1.1 netmask 255.255.255.0 vlan_raw_device eth1 # Vlan 504 auto vlan504 iface vlan504 inet static address 172.24.1.1 netmask 255.255.255.0 vlan_raw_device eth1
Criado um script simples para salvar configurações já setadas até o momento:
#!/bin/bash nome=backup-txt-`date +%Y_%m_%d-_%H_%M`.txt touch $nome echo "**** INTERFACES DE REDE ****" >> $nome echo >> $nome ifconfig -a >> $nome echo >> $nome echo "**** ROTAS ****" >> $nome echo >> $nome route -n >> $nome echo >> $nome echo "**** Arquivo Resolv.conf ****" >> $nome echo >> $nome cat /etc/resolv.conf >> $nome echo >> $nome echo "**** HOTSPOT ****" >> $nome echo >> $nome cat /usr/local/nocat/nocat.conf >> $nome echo >> $nome echo "**** DNS ****" >> $nome echo >> $nome echo "/etc/bind/named.conf.local" >> $nome cat /etc/bind/named.conf.local >> $nome echo >> $nome echo "/etc/bind/epsilon.sj.ifsc.edu.br" >> $nome cat /etc/bind/epsilon.sj.ifsc.edu.br >> $nome echo >> $nome echo "/etc/bins/37.135.200.in-addr.arpa" >> $nome cat /etc/bind/37.135.200.in-addr.arpa >> $nome echo >> $nome
Adicionado ao Crontab a execução do script de backup simples e a sincronização do relógio do servidor:
vim /etc/crontab ### Backup 1 - Texto 20 22 * * * root /backup/scripts/txback.sh bash 00 12 * * * root /backup/scripts/txback.sh bash ### Backup 1 - Texto 20 22 * * * root /backup/scripts/txback.sh bash 00 12 * * * root /backup/scripts/txback.sh bash
27/11/2009
Configuração Cacti
Configuração SNMP
vim /etc/snmp/snmpd.conf
rocommunity epsilon syscontact root syslocation IFSC-SJ - Laboratório Redes I
vim /etc/default/snmpd
export MIBDIRS=/usr/share/snmp/mibs SNMPDRUN=yes SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 200.135.37.115' TRAPDRUN=no TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' SNMPDCOMPAT=yes
Configuração no Cacti
Devices Servidor Epsilon
Description: Servidor Epsilon Hostname: 200.135.37.115 Host Template: Generic SNMP-enabled Disable Host: not set Downed Device Detection: SNMP Ping Timeout Value: 400 Ping Retry Count: 1 SNMP Version: Version 2 SNMP Community: epsilon SNMP Port: 161 SNMP Timeout: 500 Maximum OID's Per Get Request: 10 Associated Graph Templates: *Host MIB - Logged in Users *Host MIB - Processes *ucd/net - CPU Usage *ucd/net - Load Average *ucd/net - Memory Usage Associated Data Queries *SNMP - Interface Statistics *Unix - Get Mounted Partitions
Graph Trees
Parent Item: root Tree Item Type: Host Host: Servidor Epsilon: 200.135.37.115 Graph Grouping Style: Graph Template
Firewall
Script do firewall
- A interface eth2 está na rede 200.135.37.0/24 (rede com IPs válidos)
IFACE="eth0"
- Ativa o roteamento entre as interfaces de rede
sysctl -w net.ipv4.ip_forward=1
- Ativa o NAT para o acesso à Internet
iptables -t nat -A POSTROUTING -o ${IFACE} -j MASQUERADE