{
    "version": "https:\/\/jsonfeed.org\/version\/1.1",
    "title": "Мастер Alt Linux: заметки с тегом Все трюки",
    "_rss_description": "Sysadmin, System Administrator, системное администрирование, сетевое администрирование, настройка первого модуля, настройка второго модуля, модуль 1 сетевое администрирование, модуль 2 системное администрирование, Alt Linux, HQ-RTR, BR-RTR, HQ-SRV, BR-SRV, HQ-CLI, ISP, VLAN, IPv4, NAT, iptables, GRE tunnel, OSPF, FRR, DHCP, DNS, SSH, Samba DC, Samba domain, au-team.irpo, sudoers, RAID 0, mdadm, NFS, chrony, Ansible, Docker, docker compose, MariaDB, Apache, PHP, Yandex Browser, hostnamectl, \/etc\/net\/ifaces, systemctl, sshd_config, Port 2026, samba-tool, gpupdate, ansible ping pong, docker compose up, СИСА, DEMO2026, DEMO2026 бюджет БУ, настройка DEMO2026, Альт Виртуализация, VirtualBox, ОС Альт, EcoRouterOS, Модуль 1 Настройка сетевой инфраструктуры, Модуль 4 Настройка сетевой инфраструктуры,",
    "_rss_language": "ru",
    "_itunes_email": "",
    "_itunes_categories_xml": "",
    "_itunes_image": false,
    "_itunes_explicit": "no",
    "home_page_url": "https:\/\/test3.716.su\/tags\/all\/",
    "feed_url": "https:\/\/test3.716.su\/tags\/all\/json\/",
    "icon": false,
    "authors": [
        {
            "name": "Мастер Alt Linux",
            "url": "https:\/\/test3.716.su\/",
            "avatar": false
        }
    ],
    "items": [
        {
            "id": "8",
            "url": "https:\/\/test3.716.su\/all\/2-3\/",
            "title": "Трюк 2-3. Как улучшить вторичный сервер на ALT Linux",
            "content_html": "<p>Всем привет. Сегодня будет про то, как на вторичном сервере ALT Linux:<\/p>\n<ul>\n<li>настроить контроллер домена Samba DC<\/li>\n<li>сконфигурировать ansible<\/li>\n<li>развернуть веб приложение в docker<\/li>\n<\/ul>\n<h2>1. Настраиваем контроллер домена Samba DC<\/h2>\n<p>Ставим пакет Samba<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install task-samba-dc -y\nrm -f \/etc\/samba\/smb.conf\nrm -rf {\/var\/lib\/samba, \/var\/cache\/samba}\nmkdir -p \/var\/lib\/samba\/sysvol<\/code><\/pre><p>Настраиваем Samba<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">samba-tool domain provision<\/code><\/pre><p>Продолжаем настраивать Samba<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">mv \/etc\/krb5.conf \/etc\/krb5.conf.back \ncp \/var\/lib\/samba\/private\/krb5.conf \/etc\/krb5.conf \n\nsystemctl enable --now samba \nsystemctl status samba\n\nsamba-tool domain info 127.0.0.1\n\necho $&#039;search au-team.irpo\\nnameserver 127.0.0.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf; systemctl restart network; cat \/etc\/resolv.conf<\/code><\/pre><p>Настраиваем пользователей<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">samba-tool group add hq\n\nfor i in {1..5}; do samba-tool user add hquser$i P@ssw0rd; done\n# for i in {1..5}; do samba-tool user setexpiry hquser1$i --noexpiry - может понадобится (но это не точно)\nfor i in {1..5}; do samba-tool group addmembers hq hquser$i; done\n\nsamba-tool group listmembers hq<\/code><\/pre><p>HQ-CLI вводим в домен<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install task-auth-ad-sssd\n\nна HQ-CLI  перезагружаем сеть, проверяем DNS\nвводим в домен\n\ncontrol libnss-role\nroleadd hq wheel\n\necho &quot;WHEEL_USERS ALL=(ALL:ALL) \/usr\/bin\/cat, \/usr\/bin\/grep, \/usr\/bin\/id&quot; &gt;&gt; \/etc\/sudoers\ntail \/etc\/sudoers\nзаходим доменным пользователем, выполняем sudo id<\/code><\/pre><h2>2. Настраиваем Ansible<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install ansible sshpass -y\nansible-config init &gt; ansible.cfg<\/code><\/pre><p>Меняем файл конфигурации<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">vim \/etc\/ansible\/ansible.cfg \n\n\n[defaults]\nhost_key_checking = False\ninterpreter_python=\/usr\/bin\/python3<\/code><\/pre><p>Создаём инвентарь и проверяем<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt;\/etc\/ansible\/hosts\nHQ-SRV ansible_user=sshuser ansible_password=P@ssw0rd ansible_port=2026\nHQ-RTR ansible_user=net_admin ansible_password=P@ssw0rd\nBR-RTR ansible_user=net_admin ansible_password=P@ssw0rd \nHQ-CLI ansible_user=user ansible_password=resu\nEOF\n\nansible all -m ping<\/code><\/pre><h2>3. Развёртываем приложение через Docker<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install docker-engine docker-compose-v2 -y\nsystemctl enable --now docker.service\nmount -o loop \/dev\/sr0 \/mnt\/ -v\nls -l \/mnt\/docker\/\ncat \/mnt\/docker\/readme.txt\n\ndocker load &lt; \/mnt\/docker\/site_latest.tar\ndocker load &lt; \/mnt\/docker\/mariadb_latest.tar\ndocker image ls<\/code><\/pre><p>Делаем docker-compose.yml<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; docker-compose.yml\nservices:\n  database:\n    container_name: db\n    image: mariadb:latest\n    restart: always\n    ports: \n      - &quot;3306:3306&quot;\n    environment:\n      MARIADB_DATABASE: testdb\n      MARIADB_USER: test\n      MARIADB_PASSWORD: P@ssw0rd\n      MARIADB_ROOT_PASSWORD: P@ssw0rd\n    volumes:\n      - db_data:\/var\/lib\/mysql\n      \n  app:\n    container_name: testapp\n    image: site:latest\n    restart: always\n    ports: \n      - &quot;8080:8000&quot;\n    environment: \n      DB_HOST: database\n      DB_PORT: 3306\n      DB_NAME: testdb\n      DB_USER: test\n      DB_PASS: P@ssw0rd\n      DB_TYPE: maria\n    depends_on: \n      - database\nvolumes:\n  db_data:\nEOF<\/code><\/pre><p>идём далее<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">docker compose config\ndocker compose up -d \ndocker ps\nss -ltnp4 | grep 8080<\/code><\/pre><p>переходим на HQ-CLI, заходим по docker.au-team.irpo и по 192.168.3.10:8080<br \/>\nсоздаем запись<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">docker rm -f $(docker ps -qa)<\/code><\/pre><p>снова запускаем docker compose<\/p>\n<h2>4. NTP<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/pool pool.ntp.org iburst\/server 172.16.1.1 iburst\/&#039; \/etc\/chrony.conf &amp;&amp; systemctl restart chronyd &amp;&amp; chronyc sources<\/code><\/pre>",
            "summary": "Всем привет. Сегодня будет про то, как на вторичном сервере ALT Linux",
            "date_published": "2026-06-03T13:11:13+07:00",
            "date_modified": "2026-06-03T13:11:09+07:00",
            "tags": [
                "ansible",
                "br-srv",
                "docker",
                "docker-compose",
                "krb5",
                "ping",
                "samba",
                "sambadc",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 13:11:13 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "8",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "7",
            "url": "https:\/\/test3.716.su\/all\/2-2\/",
            "title": "Трюк 2-2. Как настроить статическую трансляцию портов на маршрутизаторах ALT Linux",
            "content_html": "<h2>Как настроить статическую трансляцию портов на самом главном маршрутизаторе:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">nft add chain nat prerouting { type nat hook prerouting priority dstnat \\; }\nnft add rule nat prerouting iif &quot;ens18&quot; tcp dport 2026 dnat to 192.168.1.10\nnft add rule nat prerouting iif &quot;ens18&quot; tcp dport 8080 dnat to 192.168.1.10:80\n\n\nnft list ruleset\nnft list ruleset &gt; \/etc\/nftables\/nftables.nft\nsystemctl restart nftables\nnft list ruleset\n\nsed -i &#039;s\/pool pool.ntp.org iburst\/server 172.16.1.1 iburst\/&#039; \/etc\/chrony.conf &amp;&amp; systemctl restart chronyd &amp;&amp; chronyc sources<\/code><\/pre><h2>Как настроить статическую трансляцию портов на вторичном маршрутизаторе:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">nft add chain nat prerouting { type nat hook prerouting priority dstnat \\; }\nnft add rule nat prerouting iif &quot;ens18&quot; tcp dport { 8080, 2026 } dnat to 192.168.3.10\n\nnft list ruleset\nnft list ruleset &gt; \/etc\/nftables\/nftables.nft\nsystemctl restart nftables\nnft list ruleset\n\nsed -i &#039;s\/pool pool.ntp.org iburst\/server 172.16.1.1 iburst\/&#039; \/etc\/chrony.conf &amp;&amp; systemctl restart chronyd &amp;&amp; chronyc sources<\/code><\/pre>",
            "summary": "",
            "date_published": "2026-06-03T12:48:07+07:00",
            "date_modified": "2026-06-03T12:48:05+07:00",
            "tags": [
                "chrony",
                "nftables",
                "prerouting",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:48:07 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "7",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "6",
            "url": "https:\/\/test3.716.su\/all\/2-1\/",
            "title": "Трюк 2-1. Как улучшить настройку сервера интернет-провайдера на ALT Linux",
            "content_html": "<p>Всем привет. Сегодня будет про то, как на сервере интернет-провайдера на ALT Linux настроить:<\/p>\n<ul>\n<li>службу сетевого времени на базе сервиса chrony<\/li>\n<li>веб-сервер nginx как обратный прокси-сервер<\/li>\n<li>web-based аутентификацию<\/li>\n<\/ul>\n<h2>1. Настраиваем Chrony — службу точного времени:<\/h2>\n<p>Делаем сервер сервером:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">control chrony server<\/code><\/pre><p>И затем настраиваем сервер:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/pool pool.ntp.org iburst\/pool pool.ntp.org iburst prefer minstratum 4\/&#039; \/etc\/chrony.conf | grep pool \/etc\/chrony.conf\nsed -i &#039;s\/\\#local stratum 10\/local stratum 5\/&#039; \/etc\/chrony.conf | grep &quot;local stratum&quot; \/etc\/chrony.conf\nsystemctl restart chronyd<\/code><\/pre><h2>2. Настраиваем NGINX — обратный прокси-сервер:<\/h2>\n<p>Ставим nginx:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install nginx -y<\/code><\/pre><p>Пишем конфиг:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; &quot;EOF&quot; &gt; \/etc\/nginx\/sites-available.d\/r-proxy.conf\nserver {\n    listen 80;\n    server_name web.au-team.irpo;\n\n    location \/ {\n        proxy_pass http:\/\/172.16.1.10:8080;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n\n        auth_basic &quot;Restricted Access&quot;;\n        auth_basic_user_file \/etc\/nginx\/.htpasswd;\n    }\n}\n\nserver {\n    listen 80;\n    server_name docker.au-team.irpo;\n\n    location \/ {\n        proxy_pass http:\/\/172.16.3.10:8080;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n    }\n}\nEOF<\/code><\/pre><p>Затем включаем nginx:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">ln -s \/etc\/nginx\/sites-available.d\/r-proxy.conf \/etc\/nginx\/sites-enabled.d\/\n\nnginx -t\nsystemctl enable --now nginx\nsystemctl status nginx<\/code><\/pre><h2>3. Настраиваем базовую аутентификацию на прокси-сервере:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install apache2-htpasswd -y\nhtpasswd -c \/etc\/nginx\/.htpasswd WEB\ncat \/etc\/nginx\/.htpasswd<\/code><\/pre>",
            "summary": "Всем привет. Сегодня будет про то, как на сервере интернет-провайдера на ALT Linux настроить",
            "date_published": "2026-06-03T12:44:48+07:00",
            "date_modified": "2026-06-03T12:48:19+07:00",
            "tags": [
                "chrony",
                "htpasswd",
                "isp",
                "nginx",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:44:48 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "6",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "5",
            "url": "https:\/\/test3.716.su\/all\/1-5\/",
            "title": "Трюк 1-5 (последний трюк первого сезона). Как настроить вторичный сервер и самый главный клиент на ALT Linux",
            "content_html": "<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname br-srv.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &#039;TYPE=eth&#039; &gt; \/etc\/net\/ifaces\/ens18\/options\necho &#039;192.168.3.2\/26&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 192.168.3.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho $&#039;search au-team.irpo\\nnameserver 192.168.100.2&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf\nsystemctl restart network\nping hq-srv -c 3<\/code><\/pre><h2>3. Настроить пользователя SSH :<\/h2>\n<p>(sshuser)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd -u 2026 sshuser\necho &quot;sshuser:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel sshuser\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/sshuser\nsu -l sshuser\nsudo id<\/code><\/pre><h2>4. Включить SSH<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &quot;Authorized access only&quot; &gt; \/etc\/openssh\/banner\necho -e &quot;Port 2026\\nMaxAuthTries 2\\nAllowUsers sshuser\\nBanner \/etc\/openssh\/banner\\n&quot; &gt;&gt; \/etc\/openssh\/sshd_config\nsystemctl restart sshd\nss -ltnp | grep sshd \n\nssh sshuser@127.0.0.1 -p 2026<\/code><\/pre><h2>5. На самом главном клиенте ставить тег VLAN на интерфейс<\/h2>\n<h2>6. По-быстрому настроить самый главный клиент<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname hq-cli.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre><p>и проверить IP<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">ip -br -c a<\/code><\/pre>",
            "summary": "(sshuser)",
            "date_published": "2026-06-03T12:35:27+07:00",
            "date_modified": "2026-06-03T12:35:23+07:00",
            "tags": [
                "br-srv",
                "ens18",
                "ssh",
                "sshuser",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:35:27 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "5",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": false,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "4",
            "url": "https:\/\/test3.716.su\/all\/1-4\/",
            "title": "Трюк 1-4. Как настроить самый главный сервер на ALT Linux",
            "content_html": "<h2>0. Поставить тег VLAN на интерфейс.<\/h2>\n<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname hq-srv.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &#039;TYPE=eth&#039; &gt; \/etc\/net\/ifaces\/ens18\/options\necho &#039;192.168.100.2\/27&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 192.168.100.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho &#039;nameserver 8.8.8.8&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf\nsystemctl restart network\nping zz.ru -c3<\/code><\/pre><h2>3. Настроить пользователя SSH :<\/h2>\n<p>(sshuser)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd -u 2026 sshuser\necho &quot;sshuser:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel sshuser\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/sshuser\nsu -l sshuser\nsudo id<\/code><\/pre><h2>4. Включить SSH<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &quot;Authorized access only&quot; &gt; \/etc\/openssh\/banner\necho -e &quot;Port 2026\\nMaxAuthTries 2\\nAllowUsers sshuser\\nBanner \/etc\/openssh\/banner\\n&quot; &gt;&gt; \/etc\/openssh\/sshd_config\nsystemctl restart sshd\nss -ltnp | grep sshd \n\nssh sshuser@127.0.0.1 -p 2026<\/code><\/pre><h2>5. Установить необходимое ПО<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get update &amp;&amp; apt-get install bind bind-utils -y<\/code><\/pre><h2>6. Сменить DNS<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo $&#039;search au-team.irpo\\nnameserver 127.0.0.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre><h2>7. Настроить DNS:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">rndc-confgen -a -c \/etc\/bind\/rndc.key\n+++\n\ncat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/bind\/options.conf\nlogging { };\noptions {\n listen-on { localnets; 127.0.0.1; };\n forwarders { 77.88.8.7; 77.88.8.3; };\n recursion yes;\n allow-recursion { any; };\n allow-query { any; };\n dnssec-validation no;\n \n directory &quot;\/etc\/bind\/zone&quot;;\n dump-file &quot;\/var\/run\/named\/named_dump.db&quot;;\n statistics-file &quot;\/var\/run\/named\/named.stats&quot;;\n recursing-file &quot;\/var\/run\/named\/named.recursing&quot;; \n secroots-file &quot;\/var\/run\/named\/named.scroots&quot;;\n pid-file none;\n};\nzone &quot;au-team.irpo&quot; {\n type master;\n file &quot;au-team.irpo&quot;;\n};\nzone &quot;168.192.in-addr.arpa&quot; {\n type master;\n file &quot;168.192.in-addr.arpa&quot;;\n};\nEOF<\/code><\/pre><p>Файлы зоны — обратной:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/bind\/zone\/168.192.in-addr.arpa\n$TTL  1D\n@    IN   SOA   au-team.irpo. root.au-team.irpo. (\n                2025020600 ; serial\n                12H        ; refresh\n                1H         ; retry\n                1W         ; expire\n                1H         ; ncache\n            )\n      IN   NS    au-team.irpo.\n1.100 IN   PTR   hq-rtr.au-team.irpo.\n2.100 IN   PTR   hq-srv.au-team.irpo.\n2.200 IN   PTR   hq-cli.au-team.irpo.\nEOF<\/code><\/pre><p>Запустить DNS:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">chown :named \/etc\/bind\/zone\/au-team.irpo \/etc\/bind\/zone\/168.192.in-addr.arpa\nsystemctl enable --now bind\n\nservice network restart\nhost br-rtr\nhost -t PTR 192.168.100.2<\/code><\/pre><h2>9. Настроить часовой пояс:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre>",
            "summary": "(sshuser)",
            "date_published": "2026-06-03T12:31:29+07:00",
            "date_modified": "2026-06-03T12:31:26+07:00",
            "tags": [
                "bind",
                "dns",
                "ens18",
                "hq-rtr",
                "ssh",
                "sshuser",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:31:29 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "4",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "3",
            "url": "https:\/\/test3.716.su\/all\/1-3\/",
            "title": "Трюк 1-3. Как настроить самый главный маршрутизатор на ALT Linux",
            "content_html": "<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname hq-rtr.au-team.irpo\nexec bash<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">mkdir -p \/etc\/net\/ifaces\/{ens19,vlan{100,200,999},gre1}\necho &#039;TYPE=eth&#039; | tee \/etc\/net\/ifaces\/ens{18,19}\/options\n\n\n-------to ISP------\necho &#039;172.16.1.2\/28&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 172.16.1.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho &#039;nameserver 8.8.8.8&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre><h2>3. Настроить VLAN:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo $&#039;100\\n200\\n999&#039; | xargs -i bash -c &#039;echo -e &quot;TYPE=vlan\\nHOST=ens19\\nVID={}&quot; &gt; \/etc\/net\/ifaces\/vlan{}\/options&#039;\n\ncat \/etc\/net\/ifaces\/vlan999\/options \n\necho &#039;192.168.100.1\/27&#039; &gt; \/etc\/net\/ifaces\/vlan100\/ipv4address\necho &#039;192.168.200.1\/28&#039; &gt; \/etc\/net\/ifaces\/vlan200\/ipv4address\necho &#039;192.168.99.1\/29&#039; &gt; \/etc\/net\/ifaces\/vlan999\/ipv4address<\/code><\/pre><h2>4. Включить маршрутизацию<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/&#039; \/etc\/net\/sysctl.conf<\/code><\/pre><h2>5. Настроить GRE-туннель<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/net\/ifaces\/gre1\/options\nTYPE=iptun\nTUNTYPE=gre\nTUNLOCAL=172.16.1.2\nTUNREMOTE=172.16.2.2\nTUNTTL=64\nTUNOPTIONS=&#039;ttl 64&#039;\nEOF\n\n+++\ncat \/etc\/net\/ifaces\/gre1\/options\n\necho &quot;10.10.10.2\/30&quot; &gt; \/etc\/net\/ifaces\/gre1\/ipv4address\n\nsystemctl restart network\nip -br -c a<\/code><\/pre><h2>5. Установить необходимое ПО:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install frr nftables tzdata dnsmasq -y<\/code><\/pre><h2>7. Сменить DNS:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">rm -f \/etc\/net\/ifaces\/ens18\/resolv.conf\necho $&#039;search au-team.irpo\\nnameserver 192.168.100.2&#039; &gt; \/etc\/net\/ifaces\/vlan100\/resolv.conf<\/code><\/pre><h2>8. Настроить NFTables:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/nftables\/nftables.nft\n#!\/usr\/sbin\/nft -f\nflush ruleset\ntable ip nat {\n chain postrouting {\n type nat hook postrouting priority srcnat;\n oifname &quot;ens18&quot;  masquerade\n }\n}\nEOF<\/code><\/pre><p>и включить nftables<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now nftables<\/code><\/pre><h2>9. Настроить часовой пояс:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre><h2>10. Создать сетевого пользователя NetAdmin:<\/h2>\n<p>(net_admin)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd net_admin\necho &quot;net_admin:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel net_admin\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/net_admin\nsu -l net_admin\nsudo id<\/code><\/pre><h2>11. Настроить OSPF:<\/h2>\n<p>Сначала надо включить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/ospfd=no\/ospfd=yes\/&#039; \/etc\/frr\/daemons ; grep ospf \/etc\/frr\/daemons<\/code><\/pre><p>Затем надо настроить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/frr\/frr.conf\ninterface gre\n no ip ospf passive\nexit\n!\ninterface gre1\n ip ospf area 0\n ip ospf authentication\n ip ospf authentication-key P@ssw0rd\n no ip ospf passive\nexit\n!\ninterface vlan100\n ip ospf area 0\nexit\n!\ninterface vlan200\n ip ospf area 0\nexit\n!\ninterface vlan999\n ip ospf area 0\nexit\n!\nrouter ospf\n passive-interface default\nexit\n\nEOF<\/code><\/pre><p>Потом надо запустить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl restart network\nsystemctl enable --now  nftables frr\ncat \/etc\/resolv.conf<\/code><\/pre><p>Проверять маршруты OSPF надо так:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">ip r<\/code><\/pre><h2>12. Как правильно настроить DHCP:<\/h2>\n<p>Сначала надо отключить DNS-сервер, т. к. он будет в другом месте (об этом будет другой трюк:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/AUTO_LOCAL_RESOLVER=yes\/AUTO_LOCAL_RESOLVER=no\/&#039; \/etc\/sysconfig\/dnsmasq ; grep AUTO_LOCAL_RESOLVER \/etc\/sysconfig\/dnsmasq<\/code><\/pre><p>Потом настроить DHCP на один адрес:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/dnsmasq.conf\nport=0\ninterface=vlan200\nlisten-address=192.168.200.1\ndhcp-authoritative\ndhcp-range=interface:vlan200,192.168.200.2,192.168.200.2,255.255.255.240,6h\ndhcp-option=3,192.168.200.1\ndhcp-option=6,192.168.100.2\nleasefile-ro\nEOF<\/code><\/pre><p>Потом стартуем DHCP:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now frr dnsmasq ; ss -lun | grep 67\n\nsystemctl restart network\ncat \/etc\/resolv.conf\nip r | grep ospf<\/code><\/pre>",
            "summary": "и включить nftables",
            "date_published": "2026-06-03T12:13:55+07:00",
            "date_modified": "2026-06-03T12:13:51+07:00",
            "tags": [
                "dhcp",
                "dns",
                "dnsmasq",
                "ens18",
                "ens19",
                "frr",
                "gre",
                "hq-rtr",
                "ip_forward",
                "net_admin",
                "nftables",
                "ospf",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:13:55 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "3",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "2",
            "url": "https:\/\/test3.716.su\/all\/1-2\/",
            "title": "Трюк 1-2. Как настроить второй маршрутизатор на ALT Linux",
            "content_html": "<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname br-rtr.au-team.irpo\nexec bash<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">mkdir -p \/etc\/net\/ifaces\/{ens19,gre1}\necho &#039;TYPE=eth&#039; | tee \/etc\/net\/ifaces\/ens{18,19}\/options\n\n\n-------to ISP------\necho &#039;172.16.2.2\/28&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 172.16.2.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho &#039;nameserver 8.8.8.8&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf\n\n-------to BR-SRV---\necho &#039;192.168.3.1\/28&#039; &gt; \/etc\/net\/ifaces\/ens19\/ipv4address<\/code><\/pre><h2>3. Включить маршрутизацию<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/&#039; \/etc\/net\/sysctl.conf<\/code><\/pre><h2>4. Настроить GRE-туннель<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/net\/ifaces\/gre1\/options\nTYPE=iptun\nTUNTYPE=gre\nTUNLOCAL=172.16.2.2\nTUNREMOTE=172.16.1.2\nTUNTTL=64\nTUNOPTIONS=&#039;ttl 64&#039;\nEOF\n\n+++\ncat \/etc\/net\/ifaces\/gre1\/options\n\necho &quot;10.10.10.2\/30&quot; &gt; \/etc\/net\/ifaces\/gre1\/ipv4address\n\nsystemctl restart network\nip -br -c a<\/code><\/pre><h2>5. Установить необходимое ПО:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install frr nftables tzdata -y<\/code><\/pre><h2>6. Сменить DNS:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">rm -f \/etc\/net\/ifaces\/ens18\/resolv.conf\necho $&#039;search au-team.irpo\\nnameserver 192.168.100.2&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre><h2>7. Настроить NFTables:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/nftables\/nftables.nft\n#!\/usr\/sbin\/nft -f\nflush ruleset\ntable ip nat {\n chain postrouting {\n type nat hook postrouting priority srcnat;\n oifname &quot;ens18&quot;  masquerade\n }\n}\nEOF<\/code><\/pre><p>и включить nftables<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now nftables<\/code><\/pre><h2>8. Настроить часовой пояс:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre><h2>9. Создать сетевого пользователя NetAdmin:<\/h2>\n<p>(net_admin)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd net_admin\necho &quot;net_admin:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel net_admin\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/net_admin\nsu -l net_admin\nsudo id<\/code><\/pre><h2>10. Настроить OSPF:<\/h2>\n<p>Сначала надо включить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/ospfd=no\/ospfd=yes\/&#039; \/etc\/frr\/daemons ; grep ospf \/etc\/frr\/daemons<\/code><\/pre><p>Затем надо настроить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/frr\/frr.conf\n\ninterface gre1\n ip ospf area 0\n ip ospf authentication\n ip ospf authentication-key P@ssw0rd\n no ip ospf passive\nexit\n!\ninterface ens19\n ip ospf area 0\nexit\n!\nrouter ospf\n passive-interface default\nexit\nEOF<\/code><\/pre><p>Потом надо запустить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl restart network\nsystemctl enable --now  nftables frr\ncat \/etc\/resolv.conf<\/code><\/pre><p>Проверять маршруты OSPF надо так (но об этом будет следующий трюк):<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">ip r<\/code><\/pre>",
            "summary": "и включить nftables",
            "date_published": "2026-06-03T12:05:21+07:00",
            "date_modified": "2026-06-03T12:14:32+07:00",
            "tags": [
                "br-rtr",
                "dns",
                "ens18",
                "ens19",
                "frr",
                "gre",
                "ip_forward",
                "net_admin",
                "nftables",
                "ospf",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:05:21 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "2",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "1",
            "url": "https:\/\/test3.716.su\/all\/1-1\/",
            "title": "Трюк 1-1. Как настроить ISP на ALT Linux",
            "content_html": "<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname ISP\nexec bash<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">mkdir -p \/etc\/net\/ifaces\/ens{19,20}\n\necho &#039;TYPE=eth&#039; | tee \/etc\/net\/ifaces\/ens{19,20}\/options\n\necho &#039;172.16.1.1\/28&#039; &gt; \/etc\/net\/ifaces\/ens19\/ipv4address\necho &#039;172.16.2.1\/28&#039; &gt; \/etc\/net\/ifaces\/ens20\/ipv4address<\/code><\/pre><h2>3. Настроить NAT:<\/h2>\n<p>Сначала следует установить NFTables:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get update &amp;&amp; apt-get install nftables -y<\/code><\/pre><p>Затем следует включить маскарадинг:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/nftables\/nftables.nft\n#!\/usr\/sbin\/nft -f\nflush ruleset\ntable ip nat {\n chain postrouting {\n type nat hook postrouting priority srcnat;\n oifname &quot;ens18&quot;  masquerade\n }\n}\nEOF<\/code><\/pre><p>и включить nftables<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now nftables<\/code><\/pre><h2>4. Включить маршрутизацию<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/&#039; \/etc\/net\/sysctl.conf\nsystemctl restart network\nsysctl net.ipv4.ip_forward<\/code><\/pre><h2>Ссылки:<\/h2>\n<ul>\n<li><a href=\"https:\/\/wiki.archlinux.org\/title\/Nftables_(%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9)#%D0%9C%D0%B0%D1%81%D0%BA%D0%B0%D1%80%D0%B0%D0%B4%D0%B8%D0%BD%D0%B3\">https:\/\/wiki.archlinux.org\/title\/Nftables_(%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9)#%D0%9C%D0%B0%D1%81%D0%BA%D0%B0%D1%80%D0%B0%D0%B4%D0%B8%D0%BD%D0%B3<\/a><\/li>\n<li><a href=\"https:\/\/www.altlinux.org\/Static_Multicast_Routing#%D0%9D%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B0_%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D0%B8\">https:\/\/www.altlinux.org\/Static_Multicast_Routing#%D0%9D%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B0_%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D0%B8<\/a><\/li>\n<\/ul>\n",
            "summary": "Сначала следует установить NFTables",
            "date_published": "2026-06-03T11:55:02+07:00",
            "date_modified": "2026-06-03T12:14:47+07:00",
            "tags": [
                "ens18",
                "ens19",
                "ens20",
                "ip_forward",
                "isp",
                "nftables",
                "Все трюки"
            ],
            "image": "https:\/\/test3.716.su\/pictures\/image.png",
            "_date_published_rfc2822": "Wed, 03 Jun 2026 11:55:02 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "1",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": [
                    "https:\/\/test3.716.su\/pictures\/image.png",
                    "https:\/\/test3.716.su\/pictures\/image-1.png"
                ]
            }
        }
    ],
    "_e2_version": 4199,
    "_e2_ua_string": "Aegea 11.5 (v4199e)"
}