Firewalld防火墙(二)

**一.配置网关服务器**

1.生成ens34和ens35网卡:

 cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34

anghs

cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens35

 

2.配置ens35网卡:vim  /etc/sysconfig/network-scripts/ifcfg-ens35

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511151700868.png)

3.配置ens34网卡:vim  /etc/sysconfig/network-scripts/ifcfg-ens34

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511151826658.png)

4.重启网卡:systemctl restart network

5.查看全部网卡是否配置成功:ifconfig

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152007669.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

6.开启路由功能:vim /etc/sysctl.conf

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152302559.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

7.重新加载内核:sysctl -p

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152429703.png)

8.启动防火墙服务:systemctl start firewalld

9.将ens32移动到区域trusted:firewall-cmd --add-interface=ens32 --zone=trusted

10.将ens34移动到区域externa:firewall-cmd --add-interface=ens34 --zone=external

11.将ens35移动到区域dmz:firewall-cmd --add-interface=ens32 --zone=dmz

12.设置默认区域:firewall-cmd --set-default-zone=trusted

11.写防火墙规则:firewall-cmd --zone=external --add-icmp-block=echo-request

12.修改端口号:vim /etc/ssh/sshd_config

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051120035564.png)

13.启动sshd:systemctl restart sshd

14.允许TCP12345号端口通信:firewall-cmd --add-port=12345/tcp --zone=external

15.关闭系统ip地址伪装:firewall-cmd --remove-masquerade --zone=external

16.配置将192.168.100.0/24网络伪装到防火墙外网接口IP地址访问:firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 source address=192.168.100.0/24 masquerade'

17.将内网服务器192.168.100.10的80端口映射到192.168.200.20的80端口上:firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 destination address=192.168.200.20/32 forward-port port=80 protocol=tcp to-addr=192.168.100.10'

18.添加防火墙规则允许http协议通信:firewall-cmd --add-service=http --zone=external

**二.配置外网**

1.配置网卡:vim  /etc/sysconfig/network-scripts/ifcfg-ens32

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051115445897.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

2.重启网卡:systemctl restart network

3.查看网卡是否配置成功:route -n

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511154716442.png)

4.挂载:mount /dev/cdrom /mnt/

5.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*

6.安装httpd服务:yum -y install httpd mod_ssl

                          yum -y install httpd ssl_mod

7.配置网站默认首页:echo "www.wan.com" > /var/www/html/index.html

8.启动httpd服务:systemctl start httpd

9.开启防火墙服务:systemctl start firewalld

10.设置默认区域:firewall-cmd --set-default-zone=external

12.将ens32移动到区域external:firewall-cmd --add-interface=ens32 --zone=external

13.拒绝ping:firewall-cmd --add-icmp-block=echo-request

14.允许https协议通信:firewall-cmd --add-service=https --zone=external

15.允许TCP443号端口通信:firewall-cmd --add-port=443/tcp --zone=external

16.修改端口号:vim /etc/ssh/sshd_config

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511201735172.png)

17.启动hhsd:systemctl restart sshd

18.查看是否生效:netstart -anptu | grep 12345

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051120210383.png)

19.允许TCP12345号端口通信:firewall-cmd --add-port=12345/tcp --zone=external

20.关闭网关:vim  /etc/sysconfig/network-scripts/ifcfg-ens32

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511204820386.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

21.systemctl restart network

**三.配置dmz**

1.配置网卡:vim  /etc/sysconfig/network-scripts/ifcfg-ens32

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511190309628.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

2.重启网卡:systemctl restart network

3.查看网卡是否配置成功:route -n

4.挂载:mount /dev/cdrom /mnt/

5.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*

6.安装httpd服务:yum -y install httpd mod_ssl

7.配置网站默认首页:echo "www.dmz.com" > /var/www/html/index.html

8.启动httpd服务:systemctl start httpd

9.开启防火墙服务:systemctl start firewalld.service

10.设置默认区域:firewall-cmd --set-default-zone=dmz

12.将ens32移动到区域dmz:firewall-cmd --add-interface=ens32 --zone=dmz

 

**四.配置测试机**

1.配置网卡:vim  /etc/sysconfig/network-scripts/ifcfg-ens32

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511191920689.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

2.重启网卡:systemctl restart network

3.查看网卡是否配置成功:route -n

4.开启防火墙服务:systemctl start firewalld

5.设置默认区域:firewall-cmd --set-default-zone=trusted

6.将ens32移动到区域trusted:firewall-cmd --add-interface=ens32 --zone=trusted

7.挂载:mount /dev/cdrom /mnt/

8.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*

8.安装服务: yum -y install httpd

9.启动服务: systemctl start httpd

10配置网站默认首页.echo "www.lan.com" > /var/www/html/index.html

 

11.是否可以ping通:ping 192.168.200.10

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511192613490.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

**五.测试**

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511211625208.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

2.外网切换到图形界面测试:init 5

![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511215548337.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)

 

上一篇:CentOS 8 关闭 Firewalld 及 SELinux


下一篇:firewalld防火墙(二)