1.firewalld sharing Internet
1. Server operation (server with external network)
1. Turn on the firewall and join the startup
[root@zeq ~]# systemctl start firewalld
[root@zeq ~]# systemctl enable firewalld
2. Remove the rule that the default owner can access ssh
[root@zeq ~]# firewall-cmd --remove-service=ssh --permanent
3. Add only allow 10.0.0.1 this host to access
[root@zeq ~]# firewall-cmd --add-rich-rule='rule family=ipv4 source address=10.0.0.1/32 service name=ssh accept' --permanent
4. Enable ip camouflage to provide shared Internet access for subsequent hosts [management machine]
[root@zeq ~]# firewall-cmd --add-masquerade --permanent
5. Restart firewalld to take effect
[root@zeq ~]# firewall-cmd --reload
2. Server operation without Internet
1. The internal server without a public network address is configured with a gateway to the manager
[root@eqzhang ~]# /etc/sysconfig/network-scripts/ifcfg-eth1 #Add the following two rules
GATEWAY=172.16.1.61 #Server intranet ip with extranet
DNS1=223.5.5.5
2. Restart the network card ping baidu.com (if the server cannot be restarted)
[root@eqzhang ~]# nmcli connection down eth1 && nmcli connection up eth1
[root@eqzhang ~]# ping baidu.com
2. Set up management server in local yum warehouse
1. Server (with external network)
1. Install vsftpd service
[root@zeq ~]# yum install vsftpd -y
2. Enable the yum cache function
[root@zeq ~]# sed -i '/^keepcache/c keepcache=1' /etc/yum.conf
[root@zeq ~]# cat /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1 #Change this from 0 to 1
3. Install createrepo and create reopdata warehouse
[root@zeq ~]# yum -y install createrepo
[root@zeq ~]# createrepo /var/ftp/ops
#Note: if new software is added to this warehouse, it needs to be regenerated once
4. Services required for installation
[root@zeq ~]# yum -y install
5. Find the installed rpm package and move it to the local warehouse
[root@zeq ~]# mkdir -p /var/ftp/ops
[root@zeq ~]# find /var/cache/yum/x86_64/7/ -iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;
6. Regenerate (createrepo /var/ftp/ops)
[root@zeq ~]# createrepo /var/ftp/ops
7. Start the vsftp service and add the bootstrap
[root@zeq ~]# systemctl start vsftpd
[root@zeq ~]# systemctl enable vsftpd
8.firewalld adds ftp service access
[root@zeq ~]# firewall-cmd --add-service=ftp --permanent
9. Restart firewalld to take effect
[root@zeq ~]# firewall-cmd --reload
2. Server operation without Internet
1. All servers (no extranet) package the original source
gzip /etc/yum.repos.d/*
2. Configure a local source with the same directory as the server
cat /etc/yum.repos.d/ops.repo
[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops ා fill in the ip address of the server with the external network
gpgcheck=0
enabled=1