This is an old revision of the document!
# cat /etc/resolv.conf
search isp.un nameserver 127.0.0.1
# cat /etc/hosts
127.0.0.1 localhost localhost.isp.un 172.16.1.254 gate.isp.un gate
[gate.isp.un:~] # cat /etc/rc.conf
hostname="gate.isp.un" ifconfig_em0="inet 10.N.M.252" ifconfig_em0_alias0="inet 172.16.1.254/24" defaultrouter="10.N.M.254" gateway_enable=yes keyrate="fast" sshd_enable=yes pf_enable=yes
[gate.isp.un:~] # cat > /etc/pf.conf
ext_ip="10.N.M.252" table <int_net> {127/8, 172.16/12, !172.16.1.254, 10.N.M/24 ,192.168/16} nat from <int_net> to !<int_net> -> $ext_ip
[gate.isp.un:~] # cat route.sh
for i in `jot 55 1` do route add 192.168.${i}/24 172.16.1.${i} done
[gate.isp.un:~] # sh # for i in `jot 55 1`; do rmuser -y user$i; done # for i in `jot 55 1`; do echo user$i:::russian:::::/bin/csh:password$i; done | adduser -f - # for i in `jot 55 1`; do echo user$i::::::::/bin/csh:password$i; done | adduser -f -
root@nessus.isp.un:~# cat /etc/hostname
nessus.isp.un
root@nessus.isp.un:~# grep forw /etc/sysctl.conf
... net.ipv4.ip_forward=1 ...
root@nessus.isp.un:~# sysctl -f
root@nessus.isp.un:~# cat nat.sh
iptables -t nat --flush iptables -t nat -A POSTROUTING -s 172.16.1.254 -j ACCEPT iptables -t nat -A POSTROUTING -s 172.16.1.0/24,192.168.0.0/16 -j SNAT --to-source 10.M.N.178 conntrack -F
root@nessus.isp.un:~# sh nat.sh root@nessus.isp.un:~# iptables-save -c > /etc/iptables.rules
root@nessus.isp.un:~# cat /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static pre-up iptables-restore -c < /etc/iptables.rules address 10.N.M.252 netmask 255.255.255.0 gateway 10.N.M.254 auto eth0:0 iface eth0:0 inet static address 172.16.1.254 netmask 255.255.255.0 # up route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1 # ... # up route add -net 192.168.20.0 netmask 255.255.255.0 gw 172.16.1.20
# cat route.sh
for i in `jot 20 1` do #route add -net 192.168.${i}.0 netmask 255.255.255.0 gw 172.16.1.${i} #echo up route add -net 192.168.${i}.0 netmask 255.255.255.0 gw 172.16.1.${i} done
root@nessus.isp.un:~# cat createuser.sh
for i in `jot 20 1` do echo $i useradd user${i} -m -s /bin/bash echo user${i}:password${i} | chpasswd # userdel -r user${i} done
# cat /usr/local/etc/namedb/named.conf # cat /etc/bind/named.conf.options # cat /etc/bind/named.conf.local
options { ... forwarders { 10.N.M.Z; }; ... allow-recursion { any; }; ... // dnssec-validation auto; ... }; zone "un" { type master; // file "/usr/local/etc/namedb/master/un"; // file "/etc/bind/un"; }; //For un4, msc zone "168.192.in-addr.arpa" { type master; // file "/usr/local/etc/namedb/master/192.168.rev"; // file "/etc/bind/192.168.rev"; }; //for un2, bsd2 zone "corp1.un" IN {type forward;forwarders {192.168.1.10;};}; ... zone "corp20.un" IN {type forward;forwarders {192.168.20.10;};}; //zone "corp1.un" IN {type forward;forwarders {172.16.1.1;};}; ... //zone "corp20.un" IN {type forward;forwarders {172.16.1.20;};};
# cat un
$TTL 3h @ SOA ns root.gate.isp.un. 44 1d 12h 1w 3h NS ns ns A 172.16.1.254 isp A 172.16.1.254 gate.isp A 172.16.1.254 mail.isp A 172.16.1.254 ;$GENERATE 1-20 ns$ A 172.16.1.$ ;$GENERATE 1-20 ns$ A 192.168.$.10 ;$GENERATE 1-20 corp$ NS ns$ ;$GENERATE 1-20 gate.corp$ A 192.168.$.1 ;$GENERATE 1-20 server.corp$ A 192.168.$.10 ;$GENERATE 1-20 server.corp$ A 172.16.1.$ ;$GENERATE 1-20 mgmt.corp$ A 192.168.$.20 ;$GENERATE 1-20 router.corp$ A 192.168.$.1 ;$GENERATE 1-20 switch.corp$ A 192.168.$.3
# cat 192.168.rev
$TTL 3h @ SOA ns.un. root.gate.isp.un. 43 1d 12h 1w 3h NS ns.un. ;$GENERATE 1-20 1.$ PTR gate.corp$.un. $GENERATE 1-20 10.$ PTR server.corp$.un. ;$GENERATE 1-20 1.$ PTR router.corp$.un. $GENERATE 1-20 3.$ PTR switch.corp$.un. $GENERATE 1-20 20.$ PTR mgmt.corp$.un.
# cat dns.sh
STANDS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25" for i in $STANDS do #dir=/etc/bind #dir=/usr/local/etc/namedb/master echo zone "comp$i.un" \{type master\; file \"${dir}/comp$i.un\"\;\}\; cat > ${dir}/comp$i.un<<EOF \$TTL 3h @ SOA ns root.ns 45 1d 12h 1w 3h NS ns NS ns.corp$i.un. A 192.168.$i.10 ; MX 10 mail ns A 172.16.1.254 ;mail A 192.168.$i.10 ;mail A 172.16.1.$(( $i + 200)) EOF done for i in $STANDS do echo zone "corp$i.un" IN \{type forward\;forwarders \{192.168.$i.10\;\}\;\}\; done for i in $STANDS do echo zone "corp$i.un" IN \{type forward\;forwarders \{172.16.1.$i\;\}\;\}\; done
root@gate.isp2.un:~# cat /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 172.16.2.254 netmask 255.255.255.0 auto eth0:0 iface eth0:0 inet static pre-up iptables-restore -c < /etc/iptables.rules address 10.N.M.179 netmask 255.255.255.0 gateway 10.N.M.254 auto eth0:1 iface eth0:1 inet static address 172.16.1.60 netmask 255.255.255.0
root@gate.isp2.un:~# cat nat.sh
iptables -t nat --flush iptables -t nat -A POSTROUTING -s 172.16.2.254 -j ACCEPT iptables -t nat -A POSTROUTING -s 172.16.2.0/24 -j SNAT --to-source 10.N.M.179 conntrack -F
root@gate.isp2.un:~# grep forw /etc/sysctl.conf
... net.ipv4.ip_forward=1 ...
[gate.isp2.un:~] # cat /etc/rc.conf
hostname="gate.isp2.un" ipv6_network_interfaces=none ifconfig_em0="inet 172.16.2.254/24" ifconfig_em0_alias0="inet 10.N.M.126/24" defaultrouter="10.N.M.254" gateway_enable="YES" pf_enable=yes keyrate="fast" sshd_enable=yes named_enable=yes
[gate.isp2.un:~] # cat /etc/pf.conf
ext_ip="10.N.M.126" table <int_net> {127/8, 172.16/12, !172.16.2.254, 10.N.M/24} nat from <int_net> to !<int_net> -> $ext_ip
[radio:~] # cat /usr/local/asterisk/etc/asterisk/sip.conf
[general] context=office udpbindaddr=80.250.209.226 udpbindport=5060 allowguest=no alwaysauthreject=yes disallow=all allow=alaw dtmfmode=rfc2833 ;register => xxxxxxxx:xxxxxxxx@sipnet.ru/sipnet_xxxxxxxx [sipnet_xxxxxxx] defaultuser=xxxxxxxx secret=xxxxxxxx host=sipnet.ru type=peer insecure=invite fromuser=xxxxxxxx fromdomain=sipnet.ru canreinvite=no callbackextension=sipnet_xxxxxxxx [200](!) type=friend host=dynamic canreinvite=no [202](200) secret=tpassword202 [204](200) secret=tpassword204 ;canreinvite=no ;mailbox=204@isp [000000](!) ;type=friend type=user host=dynamic context=voip ;nat=yes ;qualify=yes ;canreinvite=no [000001](000000) secret=spassword1 [000002](000000) secret=spassword2 [000003](000000) secret=spassword3 [000004](000000) secret=spassword4 [000005](000000) secret=spassword5 [000006](000000) secret=spassword6 [000007](000000) secret=spassword7 [000008](000000) secret=spassword8 [000009](000000) secret=spassword9 [000010](000000) secret=spassword10 [000011](000000) secret=spassword11 [000012](000000) secret=spassword12 [000013](000000) secret=spassword13
root@server.corp13.un:~# cat /etc/asterisk/iax.conf
... [corp1] type=user host=dynamic secret=apassword1 auth=md5 [corp01] type=peer host=server.corp1.un username=corp13 secret=apassword13 auth=md5 [corp2] type=user host=dynamic secret=apassword2 auth=md5 [corp02] type=peer host=server.corp2.un username=corp13 secret=apassword13 auth=md5 [corp3] type=user host=dynamic secret=apassword3 auth=md5 [corp03] type=peer host=server.corp3.un username=corp13 secret=apassword13 auth=md5 [corp4] type=user host=dynamic secret=apassword4 auth=md5 [corp04] type=peer host=server.corp4.un username=corp13 secret=apassword13 auth=md5 [corp5] type=user host=dynamic secret=apassword5 auth=md5 [corp05] type=peer host=server.corp5.un username=corp13 secret=apassword13 auth=md5 [corp6] type=user host=dynamic secret=apassword6 auth=md5 [corp06] type=peer host=server.corp6.un username=corp13 secret=apassword13 auth=md5 [corp7] type=user host=dynamic secret=apassword7 auth=md5 [corp07] type=peer host=server.corp7.un username=corp13 secret=apassword13 auth=md5 [corp8] type=user host=dynamic secret=apassword8 auth=md5 [corp08] type=peer host=server.corp8.un username=corp13 secret=apassword13 auth=md5 [corp9] type=user host=dynamic secret=apassword9 auth=md5 [corp09] type=peer host=server.corp9.un username=corp13 secret=apassword13 auth=md5 [corp10] type=user host=dynamic secret=apassword10 auth=md5 [corp10] type=peer host=server.corp10.un username=corp13 secret=apassword13 auth=md5 [corp11] type=user host=dynamic secret=apassword11 auth=md5 [corp11] type=peer host=server.corp11.un username=corp13 secret=apassword13 auth=md5 [corp12] type=user host=dynamic secret=apassword12 auth=md5 [corp12] type=peer host=server.corp12.un username=corp13 secret=apassword13 auth=md5
root@server.corp13.un:~# cat /etc/asterisk/extensions.conf
... exten => _89XXXXXXXXX,1,Dial(SIP/sipnet_xxxxxxxx/${EXTEN}) exten => _8XX,1,Dial(SIP/0000${EXTEN:1}) ;exten => sipnet_xxxxxxxx,1,Dial(SIP/204&SIP/202) exten => sipnet_xxxxxxxx,1,Dial(SIP/000001&SIP/000002&SIP/000003&SIP/000004&SIP/000005&SIP/000006&SIP/000007&SIP/000008&SIP/000009&SIP/000010&SIP/000011&SIP/000012) exten => _0XX4XX,1,Set(CALLERID(num)=013${CALLERID(num)}) exten => _0XX4XX,n,Dial(IAX2/corp${EXTEN:1:2}/${EXTEN:3}) [voip] exten => _89XXXXXXXXX,1,Dial(SIP/sipnet_xxxxxxxx/${EXTEN}) ...