Thursday, September 25, 2014

SuSE Linux Box Network Configuration

/etc/hosts

/etc/HOSTNAME

/etc/sysconfig/network/ifcfg-eth0
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='10.10.10.10/30'
MTU=''
NAME='82540EM Gigabit Ethernet Controller'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'

/etc/resolv.conf
/etc/sysconfig/network/routes
/etc/sysconfig/network/ifroute-eth0
10.23.30.128/25 10.10.10.1 - eth0

/etc/networks

/etc/nsswitch.conf

/etc/nscd.conf

/etc/init.d/network

/etc/sysconfig/sysctl.conf <- br="" forward="" ip="">echo 1 > /proc/sys/net/ipv4/ip_forward
#sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
sysctl -p

route add default gw 10.10.10.254 eth0

iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables-save > iptables_current
iptables-restore  iptables_current

iptables -nvL

/etc/init.d/boot.local
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 21,22,80,5060,8080,2100,30000:30100 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m multiport --dports 53,20,5060,8080,2100 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT

mount "SUSE Enterprise Linux 11 SP3 DVD x86_64"
mount /dev/cdrom /media
cd /media/suse/x86_64
zypper install vsftpd

vi /etc/vsftpd.conf
write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to My FTP Server"
ls_recurse_enable=YES
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#hide_ids=YES
local_enable=YES
local_umask=022
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
local_max_rate=1024000
anonymous_enable=NO
anon_world_readable_only=NO
anon_upload_enable=NO
#anon_umask=022
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
#chown_uploads=YES
#chown_username=whoever
#anon_max_rate=150
syslog_enable=NO
log_ftp_protocol=YES
#xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
#xferlog_std_format=NO
#xferlog_file=/var/log/xfer.log
dual_log_enable=YES
#setproctitle_enable=YES
connect_from_port_20=YES
#idle_session_timeout=600
#data_connection_timeout=120
#async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
pasv_enable=YES
pam_service_name=vsftpd
listen=YES
ssl_enable=NO
pasv_min_port=30000
pasv_max_port=30100
#local_root=/public_html
use_localtime=YES
max_clients=50

vi /etc/vsftpd.chroot_list
root

No comments: