Прочее образование
Как сдать эказмен?
Как сдать экзамен?
вот так
int gi1/gi2
ip nat outside/inside
access-list 1 permit 192/172 0.0.0.255
ip nat inside source list 1 interface Gi1 overload
interface Tunnel 1
ip address 172.16.1.1/2 255...
tunnel mode gre ip
tunnel source 4.4.4.100
tunnel destination 5.5.5.100
router eigrp 6500
network 192/172 0.0.0.255
network 172.16.1.0 0.0.0.255
crypto isakmp policy 1
encr aes
authentication pre-share
hash sha256
group 14
crypto isakmp key cisco address 5.100/4.100
crypto isakmp nat keepalive 5
crypto ipsec transform-set имя esp-aes 256 esp-sha256-hmac
mode tunnel
crypto ipsec profile VTI
set transform-set имя
interface Tunnel1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
—
ip access-list extended Lnew
permit tcp any any established
permit udp host 4.4.4.100 eq 53 any
permit udp host 5.5.5.1 eq 123 any
permit tcp any host 4.4.4.100 eq 80
permit tcp any host 4.4.4.100 eq 443
permit tcp any host 4.4.4.100 eq 2222
permit udp host 5.5.5.100 host 4.4.4.100 eq 500
permit esp any any
permit icmp any any
int gi 1
ip access-group Lnew in
--—
ip access-list extended Rnew
permit tcp any any established
permit tcp any host 5.5.5.100 eq 80
permit tcp any host 5.5.5.100 eq 443
permit tcp any host 5.5.5.100 eq 2244
permit udp host 4.4.4.100 host 5.5.5.100 eq 500
permit esp any any
permit icmp any any
int gi 1
ip access-group Rnew in
(L) ip nat inside source static tcp 192.168.100.100 22 4.4.4.100 2222
ip nat inside source static tcp/udp 192.168.100.200 53 4.4.4.100 53
(R) ip nat inside source static tcp 172.16.100.100 22 5.5.5.100 2244
/etc/chrony/chrony.conf
(ISP) local stratum 4
allow 4.4.4.0/24
allow 3.3.3.0/24
(webL-R) pool ntp.int.demo.wsr iburst
allow 192.168.100.0/24
ip domain name int.demo.wsr
ip name-server 192.168.100.200
ntp server ntp.int.demo.wsr (ip)
raid
/root/.smbclient
username/password
/etc/fstab
//srv.int.demo.wsr/диск /opt/share cifs user,rw,_netdev,credentials=/root/.smbclient 0 0
mkdir /opt/share
mount -a
apt install -y docker-ce
systemctl start docker
systemctl enable docker
mkdir /mnt/app
mount /dev/sr1 /mnt/app
docker load < /mnt/app/app.tar
docker images
docker run —name app -p 8080:80 -d app
docker ps
no ip http secure-server
reload
(L) ip nat inside source static tcp 192.168.100.100 80 4.4.4.100 80
ip nat inside source static tcp 192.168.100.100 443 4.4.4.100 443
(R) ip nat inside source static tcp 172.16.100.100 80 5.5.5.100 80
ip nat inside source static tcp 172.16.100.100 443 5.5.5.100 443
Install-WindowsFeature -Name AD-Certificate, ADCS-Web-Enrollment -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType StandaloneRootCa -CACommonName "Demo.wsr" -force
Install-AdcsWebEnrollment -Confirm -force
New-SelfSignedCertificate -subject "localhost"
Get-ChildItem cert:\LocalMachine\My
Move-item Cert:\LocalMachine\My\rключ -destination Cert:\LocalMachine\Webhosting\
New-IISSiteBinding -Name 'Default Web Site' -BindingInformation "*:443:" -Protocol https -CertificateThumbPrint ключ
Start-WebSite -Name "Default Web Site"
Get-CACrlDistributionPoint | Remove-CACrlDistributionPoint -force
Get-CAAuthorityInformationAccess |Remove-CAAuthorityInformationAccess -force
Get-CAAuthorityInformationAccess
|Remove-CAAuthorityInformationAccess -force
Restart-Service CertSrc
int gi1/gi2
ip nat outside/inside
access-list 1 permit 192/172 0.0.0.255
ip nat inside source list 1 interface Gi1 overload
interface Tunnel 1
ip address 172.16.1.1/2 255...
tunnel mode gre ip
tunnel source 4.4.4.100
tunnel destination 5.5.5.100
router eigrp 6500
network 192/172 0.0.0.255
network 172.16.1.0 0.0.0.255
crypto isakmp policy 1
encr aes
authentication pre-share
hash sha256
group 14
crypto isakmp key cisco address 5.100/4.100
crypto isakmp nat keepalive 5
crypto ipsec transform-set имя esp-aes 256 esp-sha256-hmac
mode tunnel
crypto ipsec profile VTI
set transform-set имя
interface Tunnel1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
—
ip access-list extended Lnew
permit tcp any any established
permit udp host 4.4.4.100 eq 53 any
permit udp host 5.5.5.1 eq 123 any
permit tcp any host 4.4.4.100 eq 80
permit tcp any host 4.4.4.100 eq 443
permit tcp any host 4.4.4.100 eq 2222
permit udp host 5.5.5.100 host 4.4.4.100 eq 500
permit esp any any
permit icmp any any
int gi 1
ip access-group Lnew in
--—
ip access-list extended Rnew
permit tcp any any established
permit tcp any host 5.5.5.100 eq 80
permit tcp any host 5.5.5.100 eq 443
permit tcp any host 5.5.5.100 eq 2244
permit udp host 4.4.4.100 host 5.5.5.100 eq 500
permit esp any any
permit icmp any any
int gi 1
ip access-group Rnew in
(L) ip nat inside source static tcp 192.168.100.100 22 4.4.4.100 2222
ip nat inside source static tcp/udp 192.168.100.200 53 4.4.4.100 53
(R) ip nat inside source static tcp 172.16.100.100 22 5.5.5.100 2244
/etc/chrony/chrony.conf
(ISP) local stratum 4
allow 4.4.4.0/24
allow 3.3.3.0/24
(webL-R) pool ntp.int.demo.wsr iburst
allow 192.168.100.0/24
ip domain name int.demo.wsr
ip name-server 192.168.100.200
ntp server ntp.int.demo.wsr (ip)
raid
/root/.smbclient
username/password
/etc/fstab
//srv.int.demo.wsr/диск /opt/share cifs user,rw,_netdev,credentials=/root/.smbclient 0 0
mkdir /opt/share
mount -a
apt install -y docker-ce
systemctl start docker
systemctl enable docker
mkdir /mnt/app
mount /dev/sr1 /mnt/app
docker load < /mnt/app/app.tar
docker images
docker run —name app -p 8080:80 -d app
docker ps
no ip http secure-server
reload
(L) ip nat inside source static tcp 192.168.100.100 80 4.4.4.100 80
ip nat inside source static tcp 192.168.100.100 443 4.4.4.100 443
(R) ip nat inside source static tcp 172.16.100.100 80 5.5.5.100 80
ip nat inside source static tcp 172.16.100.100 443 5.5.5.100 443
Install-WindowsFeature -Name AD-Certificate, ADCS-Web-Enrollment -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType StandaloneRootCa -CACommonName "Demo.wsr" -force
Install-AdcsWebEnrollment -Confirm -force
New-SelfSignedCertificate -subject "localhost"
Get-ChildItem cert:\LocalMachine\My
Move-item Cert:\LocalMachine\My\rключ -destination Cert:\LocalMachine\Webhosting\
New-IISSiteBinding -Name 'Default Web Site' -BindingInformation "*:443:" -Protocol https -CertificateThumbPrint ключ
Start-WebSite -Name "Default Web Site"
Get-CACrlDistributionPoint | Remove-CACrlDistributionPoint -force
Get-CAAuthorityInformationAccess |Remove-CAAuthorityInformationAccess -force
Get-CAAuthorityInformationAccess
|Remove-CAAuthorityInformationAccess -force
Restart-Service CertSrc
Ольга ***
в Lnew ошибка - ты подключаешься к ISP через пятую сеть, а ISP выдаёт время только третьей и четвёртой
Мария/ Maria Юрова/ Yurova
https://github.com/storm39mad/DEMO2022
взять всё выучить и сдать
Либо самому, либо просить кого то сдать за тебя.
Татьяна Задворных
74 976
И вот так
RTR-L
hostname RTR-L
do wr
RTR-R
hostname RTR-R
do wr
SRV
Rename-Computer -NewName SRV
WEB-L
hostnamectl set-hostname WEB-L
WEB-R
hostnamectl set-hostname WEB-R
ISP
hostnamectl set-hostname ISP
CLI
Rename-Computer -NewName CLI
RTR-L
int gi 1
ip address 4.4.4.100 255.255.255.0
no sh
int gi 2
ip address 192.168.100.254 255.255.255.0
no sh
end
wr
RTR-R
int gi 1
ip address 5.5.5.100 255.255.255.0
no sh
int gi 2
ip address 172.16.100.254 255.255.255.0
no sh
end
wr
SRV
$GetIndex = Get-NetAdapter
New-NetIPAddress -InterfaceIndex $GetIndex.ifIndex -IPAddress 192.168.100.200 -PrefixLength 24 -DefaultGateway 192.168.100.254
Set-DnsClientServerAddress -InterfaceIndex $GetIndex.ifIndex -ServerAddresses ("192.168.100.200","4.4.4.1")
Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True -Profile Any
WEB-L
apt-cdrom add
apt install -y network-manager
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '192.168.100.100/24' ipv4.dns 192.168.100.200 ipv4.gateway 192.168.100.254
WEB-R
apt-cdrom add
apt install -y network-manager
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '172.16.100.100/24' ipv4.dns 192.168.100.200 ipv4.gateway 172.16.100.254
ISP
apt-cdrom add
apt install -y network-manager bind9 chrony
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '3.3.3.1/24'
nmcli connection modify Wired\ connection\ 2 conn.autoconnect yes conn.interface-name ens224 ipv4.method manual ipv4.addresses '4.4.4.1/24'
nmcli connection modify Wired\ connection\ 3 conn.autoconnect yes conn.interface-name ens256 ipv4.method manual ipv4.addresses '5.5.5.1/24'
CLI
$GetIndex = Get-NetAdapter
New-NetIPAddress -InterfaceIndex $GetIndex.ifIndex -IPAddress 3.3.3.10 -PrefixLength 24 -DefaultGateway 3.3.3.1
Set-DnsClientServerAddress -InterfaceIndex $GetIndex.ifIndex -ServerAddresses ("3.3.3.1")
RTR-L
hostname RTR-L
do wr
RTR-R
hostname RTR-R
do wr
SRV
Rename-Computer -NewName SRV
WEB-L
hostnamectl set-hostname WEB-L
WEB-R
hostnamectl set-hostname WEB-R
ISP
hostnamectl set-hostname ISP
CLI
Rename-Computer -NewName CLI
RTR-L
int gi 1
ip address 4.4.4.100 255.255.255.0
no sh
int gi 2
ip address 192.168.100.254 255.255.255.0
no sh
end
wr
RTR-R
int gi 1
ip address 5.5.5.100 255.255.255.0
no sh
int gi 2
ip address 172.16.100.254 255.255.255.0
no sh
end
wr
SRV
$GetIndex = Get-NetAdapter
New-NetIPAddress -InterfaceIndex $GetIndex.ifIndex -IPAddress 192.168.100.200 -PrefixLength 24 -DefaultGateway 192.168.100.254
Set-DnsClientServerAddress -InterfaceIndex $GetIndex.ifIndex -ServerAddresses ("192.168.100.200","4.4.4.1")
Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True -Profile Any
WEB-L
apt-cdrom add
apt install -y network-manager
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '192.168.100.100/24' ipv4.dns 192.168.100.200 ipv4.gateway 192.168.100.254
WEB-R
apt-cdrom add
apt install -y network-manager
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '172.16.100.100/24' ipv4.dns 192.168.100.200 ipv4.gateway 172.16.100.254
ISP
apt-cdrom add
apt install -y network-manager bind9 chrony
nmcli connection show
nmcli connection modify Wired\ connection\ 1 conn.autoconnect yes conn.interface-name ens192 ipv4.method manual ipv4.addresses '3.3.3.1/24'
nmcli connection modify Wired\ connection\ 2 conn.autoconnect yes conn.interface-name ens224 ipv4.method manual ipv4.addresses '4.4.4.1/24'
nmcli connection modify Wired\ connection\ 3 conn.autoconnect yes conn.interface-name ens256 ipv4.method manual ipv4.addresses '5.5.5.1/24'
CLI
$GetIndex = Get-NetAdapter
New-NetIPAddress -InterfaceIndex $GetIndex.ifIndex -IPAddress 3.3.3.10 -PrefixLength 24 -DefaultGateway 3.3.3.1
Set-DnsClientServerAddress -InterfaceIndex $GetIndex.ifIndex -ServerAddresses ("3.3.3.1")
Мерц Серёга
120
Мерц Серёга
А ещё можно так
Сети, подключенные к ISP, считаются внешними:
ISP forward
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p
image
Сети, подключенные к ISP, считаются внешними:
ISP forward
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p
image
Похожие вопросы
- Билет по эказмену. Что представляет из себя охрана и изучение Вод Мирового океана.
- Как сдать ЕГЭ в 20 лет?
- Что будет, если не сдать ОГЭ по математике (пересдачи тоже завалить)?
- Что делать, если не сдам ОГЭ? Умирать?
- Можно ли работать заграницей, не сдав ОГЭ?
- Не знаю какой ЕГЭ сдать. Сдаю в 2022
- Я не сдала огэ 2022
- Я не сдам огэ
- Реально ли сдать егэ по химии если ничё не знаешь?
- Боюсь не сдать гиа....