RHCE实验环境的模拟,应用开源软件VirtualBox:宿主系统WinXp,虚拟机系统为RHEL5共2个。
CentOS的DVD光盘和RHEL5的DVD光盘、构建Yum库的对比。(一)RHCE环境创建、简单架设dhcpd、tftp,客户端实现网络启动
[
| 
2007/10/11 20:28]
| 2007/10/11 20:28]
RHCE环境创建、简单架设dhcpd、tftp,客户端实现网络启动
1:架设dhcpd服务
安装略
查看/etc/dhcpd.conf配置文件内容
ddns-update-style interim;
ignore client-updates;
allow booting;
filename "pxelinux.0";
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.254;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
# range dynamic-bootp 192.168.0.128 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server 192.168.0.254;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.100;
}
}
2:tftp服务配置
安装略
修改配置文件
[root@rhce ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
配置目录/tftpboot目录下的文件解析,pxelinux.0来源自syslinux,在tftpboot下面的默认位置目录文件
pxelinux.cfg/default,文件来自光盘CD中的isolinux目录。default来自isolinux.cfg。
[root@rhce tftpboot]# locate pxelinux.0
/usr/lib/syslinux/pxelinux.0
[root@rhce tftpboot]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
[root@rhce tftpboot]# cp /misc/cd/isolinux/* /tftpboot/
[root@rhce tftpboot]# mkdir pxelinux.cfg
[root@rhce tftpboot]# cp isolinux.cfg pxelinux.cfg/default
[root@rhce ~]# tree -C /tftpboot/
/tftpboot/
|-- TRANS.TBL
|-- boot.cat
|-- boot.msg
|-- general.msg
|-- initrd.img
|-- isolinux.bin
|-- isolinux.cfg
|-- memtest
|-- options.msg
|-- param.msg
|-- pxelinux.0
|-- pxelinux.cfg
| `-- default
|-- rescue.msg
|-- splash.lss
`-- vmlinuz
1 directory, 15 files
[root@rhce tftpboot]# cat pxelinux.cfg/default
default linux
prompt 1
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -
三:iptables的部分设置
从netstat获取xinetd的端口,或者/etc/services里面获取的
开放xinetd的端口69访问
[root@rhce ~]# netstat -nap | grep xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1682/xinetd
unix 2 [ ] DGRAM 4524 1682/xinetd
[root@rhce ~]# cat /etc/services | grep tftp
tftp 69/tcp
tftp 69/udp
tftp-mcast 1758/tcp
tftp-mcast 1758/udp
mtftp 1759/udp
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP
subntbcst_tftp 247/udp # SUBNTBCST_TFTP
etftp 1818/tcp # Enhanced Trivial File Transfer Protocol
etftp 1818/udp # Enhanced Trivial File Transfer Protocol
tftps 3713/tcp # TFTP over TLS
tftps 3713/udp # TFTP over TLS
[root@rhce ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
四:重启服务、添加服务,开机自启动。
[root@rhce ~]# /etc/init.d/dhcpd restart
关闭 dhcpd: [确定]
启动 dhcpd: [确定]
[root@rhce ~]# /etc/init.d/xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
[root@rhce ~]# /etc/init.d/iptables restart
清除防火墙规则: [确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块: [确定]
应用 iptables 防火墙规则: [确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns ip_conntrac[确定]
[root@rhce ~]# chkconfig dhcpd on
[root@rhce ~]# chkconfig xinetd on
[root@rhce ~]# chkconfig iptables on
[root@rhce ~]# chkconfig tftp on
本文链接:http://www.52zhe.cn/read.php/106.htm
本文作者:kook(若就博客内所涉及的技术问题交流,请用下面的MSN或Gmail联系我)
联系方式:(MSN:kook#live.com) (Google talk:kookliu)
没有版权:GNU,转载时请注明“转载人”欠本人一顿饭,来日见面之时兑现!谢谢合作!
1:架设dhcpd服务
安装略
查看/etc/dhcpd.conf配置文件内容
引用
ddns-update-style interim;
ignore client-updates;
allow booting;
filename "pxelinux.0";
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.254;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
# range dynamic-bootp 192.168.0.128 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server 192.168.0.254;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.100;
}
}
2:tftp服务配置
安装略
修改配置文件
引用
[root@rhce ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
配置目录/tftpboot目录下的文件解析,pxelinux.0来源自syslinux,在tftpboot下面的默认位置目录文件
pxelinux.cfg/default,文件来自光盘CD中的isolinux目录。default来自isolinux.cfg。
[root@rhce tftpboot]# locate pxelinux.0
/usr/lib/syslinux/pxelinux.0
[root@rhce tftpboot]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
[root@rhce tftpboot]# cp /misc/cd/isolinux/* /tftpboot/
[root@rhce tftpboot]# mkdir pxelinux.cfg
[root@rhce tftpboot]# cp isolinux.cfg pxelinux.cfg/default
[root@rhce ~]# tree -C /tftpboot/
/tftpboot/
|-- TRANS.TBL
|-- boot.cat
|-- boot.msg
|-- general.msg
|-- initrd.img
|-- isolinux.bin
|-- isolinux.cfg
|-- memtest
|-- options.msg
|-- param.msg
|-- pxelinux.0
|-- pxelinux.cfg
| `-- default
|-- rescue.msg
|-- splash.lss
`-- vmlinuz
1 directory, 15 files
[root@rhce tftpboot]# cat pxelinux.cfg/default
default linux
prompt 1
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -
三:iptables的部分设置
从netstat获取xinetd的端口,或者/etc/services里面获取的
开放xinetd的端口69访问
[root@rhce ~]# netstat -nap | grep xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1682/xinetd
unix 2 [ ] DGRAM 4524 1682/xinetd
[root@rhce ~]# cat /etc/services | grep tftp
tftp 69/tcp
tftp 69/udp
tftp-mcast 1758/tcp
tftp-mcast 1758/udp
mtftp 1759/udp
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP
subntbcst_tftp 247/udp # SUBNTBCST_TFTP
etftp 1818/tcp # Enhanced Trivial File Transfer Protocol
etftp 1818/udp # Enhanced Trivial File Transfer Protocol
tftps 3713/tcp # TFTP over TLS
tftps 3713/udp # TFTP over TLS
[root@rhce ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
四:重启服务、添加服务,开机自启动。
[root@rhce ~]# /etc/init.d/dhcpd restart
关闭 dhcpd: [确定]
启动 dhcpd: [确定]
[root@rhce ~]# /etc/init.d/xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
[root@rhce ~]# /etc/init.d/iptables restart
清除防火墙规则: [确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块: [确定]
应用 iptables 防火墙规则: [确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns ip_conntrac[确定]
[root@rhce ~]# chkconfig dhcpd on
[root@rhce ~]# chkconfig xinetd on
[root@rhce ~]# chkconfig iptables on
[root@rhce ~]# chkconfig tftp on
本文链接:http://www.52zhe.cn/read.php/106.htm
本文作者:kook(若就博客内所涉及的技术问题交流,请用下面的MSN或Gmail联系我)
联系方式:(MSN:kook#live.com) (Google talk:kookliu)
没有版权:GNU,转载时请注明“转载人”欠本人一顿饭,来日见面之时兑现!谢谢合作!
