Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste Überarbeitung Beide Seiten der Revision | ||
fortgeschrittene_11._-_13._juli_2011 [2011/07/17 19:43] admin |
fortgeschrittene_11._-_13._juli_2011 [2011/07/17 20:16] admin |
||
---|---|---|---|
Zeile 397: | Zeile 397: | ||
*Never change a running System! | *Never change a running System! | ||
*zypper | *zypper | ||
- | *OpenBuildService von openSUSE | + | *OBS openSUSE Build Service |
+ | * http://build.opensuse.org | ||
+ | * http://software.opensuse.org | ||
+ | * d4e2011 Standardrepos (Stand: 11. Juli 2011) | ||
+ | <file> | ||
+ | #!/bin/bash | ||
+ | zypper ar -f -C http://ftp.halifax.rwth-aachen.de/opensuse/repositories/openSUSE:/11.4:/Contrib/standard/ contrib | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/Education/openSUSE_11.4/ edu | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/KDE:/Extra/openSUSE_11.4/ extra | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/KDE:/Release:/46/openSUSE_11.4/ kde | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/network:/ldap/openSUSE_11.4/ ldap | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/X11:/lxde/openSUSE_11.4/ lxde | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/mozilla/openSUSE_11.4/ mozilla | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/distribution/11.4/repo/non-oss/ non-oss | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/distribution/11.4/repo/oss/ oss | ||
+ | zypper ar -f -C http://packman.inode.at/suse/11.4 packman | ||
+ | zypper ar -f -C http://ftp.halifax.rwth-aachen.de/opensuse/repositories/devel:/languages:/perl/openSUSE_11.4/ perl | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/server:/php:/applications/openSUSE_11.4/ php | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/Printing/openSUSE_11.4/ pykota | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/network:/samba:/STABLE/openSUSE_11.4/ samba | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/science/openSUSE_11.4/ science | ||
+ | zypper ar -f -C http://ftp.halifax.rwth-aachen.de/opensuse/repositories/openSUSE:/Tumbleweed/standard/ tumbleweed | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/update/11.4/ update | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/home:/openLHAG:/branches:/Virtualization/openSUSE_Tumbleweed/ virt_tumbleweed | ||
+ | zypper ar -f -C http://download.videolan.org/pub/videolan/vlc/SuSE/11.4 vlc | ||
+ | zypper ar -f -C http://ftp5.gwdg.de/pub/opensuse/repositories/X11:/XOrg/openSUSE_11.4/ x11 | ||
+ | </file> | ||
+ | |||
+ | ===== NAT/Bridge ===== | ||
+ | |||
+ | == NAT == | ||
+ | |||
+ | Clientrechner hinter einem Router/Proxy \\ | ||
+ | Von außen nur durch Router/Proxy aus sichtbar: Verbindungen von Clients erscheinen außerhalb alle als 1 Verbindung des Routers \\ | ||
+ | Um Zugriff von außen auf einen Client intern zu erhalten: Port Weiterleitung: | ||
+ | |||
+ | <code bash /etc/init.d/bridge> | ||
+ | #!/bin/sh | ||
+ | ### BEGIN INIT INFO | ||
+ | # Provides: bridge | ||
+ | # Required-Start: network | ||
+ | # Should-Start: | ||
+ | # Required-Stop: | ||
+ | # Should-Stop: | ||
+ | # Default-Start: 3 5 | ||
+ | # Default-Stop: 0 1 2 6 | ||
+ | # Short-Description: bridge | ||
+ | # Description: Start bridge | ||
+ | ### END INIT INFO | ||
+ | |||
+ | . /etc/rc.status | ||
+ | |||
+ | rc_reset | ||
+ | |||
+ | case "$1" in | ||
+ | start) | ||
+ | echo -n "Starting bridge " | ||
+ | |||
+ | ################################# | ||
+ | iptables -F | ||
+ | iptables -X | ||
+ | iptables -t nat -F | ||
+ | iptables -t nat -X | ||
+ | iptables -t mangle -F | ||
+ | iptables -t mangle -X | ||
+ | iptables -P INPUT ACCEPT | ||
+ | iptables -P FORWARD ACCEPT | ||
+ | iptables -P OUTPUT ACCEPT | ||
+ | |||
+ | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
+ | |||
+ | INTDEV="br1" | ||
+ | EXTDEV="eth0" | ||
+ | INTERN=10.0.0.10 | ||
+ | EXTERN=193.170.221.4 | ||
+ | |||
+ | ## NAT-Regeln ## | ||
+ | # Zugriff nach außen | ||
+ | iptables -t nat -A POSTROUTING -o $EXTDEV -s $INTERN -j SNAT --to-source $EXTERN | ||
+ | # Zugriff von außen | ||
+ | iptables -t nat -A PREROUTING -i $EXTDEV -p tcp -d $EXTERN -m multiport --dport 25,53,80,110,443,8080 -j DNAT --to-destination $INTERN | ||
+ | |||
+ | ## Firewall-Regeln == | ||
+ | # Akzeptiere alle aufgebauten Verbindungen | ||
+ | iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
+ | iptables -t nat -A POSTROUTING -j MASQUERADE | ||
+ | |||
+ | ################################# | ||
+ | rc_status -v | ||
+ | ;; | ||
+ | stop) | ||
+ | echo -n "Shutting down bridge " | ||
+ | |||
+ | iptables -F | ||
+ | iptables -X | ||
+ | iptables -t nat -F | ||
+ | iptables -t nat -X | ||
+ | iptables -t mangle -F | ||
+ | iptables -t mangle -X | ||
+ | iptables -P INPUT ACCEPT | ||
+ | iptables -P FORWARD ACCEPT | ||
+ | iptables -P OUTPUT ACCEPT | ||
+ | |||
+ | ################################# | ||
+ | |||
+ | rc_status -v | ||
+ | ;; | ||
+ | restart) | ||
+ | $0 stop | ||
+ | $0 start | ||
+ | |||
+ | rc_status | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Usage: $0 {start|stop|restart}" | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | rc_exit | ||
+ | </code> | ||
+ | |||
+ | *Alternativ, z.B. Mailserver, der nur intern steht: Fetchmail/Sendmail über entfernten anderen POP3/SMTP Server (falls kein Zugriff auf Router/Proxy/Telekom Kasterl) |