2011年2月24日 星期四

eth0連線Internet, eth1連線內部網路

1. install DHCP
yum install dhcp

2. edit /etc/dhcpd.conf
option domain-name-servers x.x.x.x, x.x.x.x #domain name server of ISP
option routers x.x.x.x #ip address of this dhcp server

3.設定iptables (注意:會把iptables設定改掉)
iptables-save > iptables_original
iptables -F (清除規則)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

4. edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
apply /etc/sysctl.conf
# sysctl -p /etc/sysctl.conf

4. restart dhcpd service
#service dhcpd restart

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-fw.html#s1-firewall-ipt-fwd

autofs自動mount nfs

1. 編輯 /etc/auto.misc
2. 加上
nfs -fstype=nfs 10.3.23.111:/root/Desktop/XXX

3. service autofs restart

4. 進入資料夾 (要進入資料夾才會真的mount)
/misc/nfs

參考資料:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-client-config-autofs.html
http://www.centos.org/docs/4/4.5/System_Administration_Guide/Mounting_NFS_File_Systems-Mounting_NFS_File_Systems_using_autofs.html
http://blog.lefthander.tw/2010/03/blog-post.html

2011年2月22日 星期二

安裝DHCP Server

1. 安裝dhcpd
yum dhcp install

2. 更改設定檔 /etc/dhcpd.conf

3. 更改設定檔 /etc/sysconfig/dhcpd
DHCPDAGRS=eth0 #在哪個interface提供dhcpd service

/etc/init.d/functions

裡面有echo_passed, echo_success, echo_failure, echo_warning
可以輸出有顏色的[ OK ], [PASSED]等等
但是若output到文字檔會有顏色控制碼 (cat輸出還是有顏色)

http://bash.cyberciti.biz/guide//etc/init.d/functions

CentOS /etc/sysconfig/network-script/ifcfg-ethx

PERSISTENT_DHCLIENT=yes|no
預設no, 若yes會一直發DHCPDESCOVER (dhclient無-1參數)
但是若在interface initail時網路線沒接, 也不會執行dhclient

DHCPRELEASE=yes|no
預設no, 若yes則當interface down時會發DHCPRELEASE給DHCP server

2011年2月21日 星期一

ssh without password setup

http://linuxproblem.org/art_9.html

SSH login without password

Your aim

You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.

How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa): 
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
b@B's password: 
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password: 
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
  • Put the public key in .ssh/authorized_keys2
  • Change the permissions of .ssh to 700
  • Change the permissions of .ssh/authorized_keys2 to 640

2011年2月18日 星期五

CentOS Testing repo

http://dev.centos.org/centos/5/CentOS-Testing.repo
這可以用yum來升級一些套件, 例如PHP 5.2 (yum update php)
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

強化 yum 的功能

yum install yum-protectbase
yum install yum-fastestmirror yum-priorities

備份原有的 CentOS-Base.repo
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

修改 CentOS-Base.repo 設定 Priority
vim /etc/yum.repos.d/CentOS-Base.repo
在 [base]、[addons]、[updates]、[extras] 項目下新增 priority=1
在 [centosplus]、[contrib] 項目下新增 priority=2

重開 yum 的服務
/etc/rc.d/init.d/yum-updatesd restart

接著安裝 rpmforge
先匯入 rpmforge 的 Key
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

接著下載並安裝
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm


other:
http://wiki.centos.org/AdditionalResources/Repositories

2011年2月10日 星期四

webmin

linux的管理工具 web GUI
可以設定非常多東西
http://www.webmin.com/
裝好會開在port10000
http://localhost:10000/

http://www.webmin.com/rpm.html

DNS

DNS就是hostname + domain 對應到IP的轉換
透過DNS的查找, 就能知道host.domain所對應到的IP位置

要在Internet上有合法的domain,必須要到相關單位申請, 並擁有一個domain, 必須告訴該單位你所要掌管的domain的server IP, 或是domain託管

一個domain有一筆domain record是放在上層的DNS server上(google.com這個domain的domain record放在.com的DNS server上, google.com是.com的一個host), www.google.com是google.com的一個host

A record : host與IP address對應
MX record: 指定mail server的位置
CNAME record: Alias設定

http://www.aboutdebian.com/dns.htm