{
    "version": "https:\/\/jsonfeed.org\/version\/1.1",
    "title": "Мастер Alt Linux: заметки с тегом hq-rtr",
    "_rss_description": "Sysadmin, System Administrator, системное администрирование, сетевое администрирование, настройка первого модуля, настройка второго модуля, модуль 1 сетевое администрирование, модуль 2 системное администрирование, Alt Linux, HQ-RTR, BR-RTR, HQ-SRV, BR-SRV, HQ-CLI, ISP, VLAN, IPv4, NAT, iptables, GRE tunnel, OSPF, FRR, DHCP, DNS, SSH, Samba DC, Samba domain, au-team.irpo, sudoers, RAID 0, mdadm, NFS, chrony, Ansible, Docker, docker compose, MariaDB, Apache, PHP, Yandex Browser, hostnamectl, \/etc\/net\/ifaces, systemctl, sshd_config, Port 2026, samba-tool, gpupdate, ansible ping pong, docker compose up, СИСА, DEMO2026, DEMO2026 бюджет БУ, настройка DEMO2026, Альт Виртуализация, VirtualBox, ОС Альт, EcoRouterOS, Модуль 1 Настройка сетевой инфраструктуры, Модуль 4 Настройка сетевой инфраструктуры,",
    "_rss_language": "ru",
    "_itunes_email": "",
    "_itunes_categories_xml": "",
    "_itunes_image": false,
    "_itunes_explicit": "no",
    "home_page_url": "https:\/\/test3.716.su\/tags\/hq-rtr\/",
    "feed_url": "https:\/\/test3.716.su\/tags\/hq-rtr\/json\/",
    "icon": false,
    "authors": [
        {
            "name": "Мастер Alt Linux",
            "url": "https:\/\/test3.716.su\/",
            "avatar": false
        }
    ],
    "items": [
        {
            "id": "4",
            "url": "https:\/\/test3.716.su\/all\/1-4\/",
            "title": "Трюк 1-4. Как настроить самый главный сервер на ALT Linux",
            "content_html": "<h2>0. Поставить тег VLAN на интерфейс.<\/h2>\n<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname hq-srv.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &#039;TYPE=eth&#039; &gt; \/etc\/net\/ifaces\/ens18\/options\necho &#039;192.168.100.2\/27&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 192.168.100.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho &#039;nameserver 8.8.8.8&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf\nsystemctl restart network\nping zz.ru -c3<\/code><\/pre><h2>3. Настроить пользователя SSH :<\/h2>\n<p>(sshuser)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd -u 2026 sshuser\necho &quot;sshuser:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel sshuser\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/sshuser\nsu -l sshuser\nsudo id<\/code><\/pre><h2>4. Включить SSH<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo &quot;Authorized access only&quot; &gt; \/etc\/openssh\/banner\necho -e &quot;Port 2026\\nMaxAuthTries 2\\nAllowUsers sshuser\\nBanner \/etc\/openssh\/banner\\n&quot; &gt;&gt; \/etc\/openssh\/sshd_config\nsystemctl restart sshd\nss -ltnp | grep sshd \n\nssh sshuser@127.0.0.1 -p 2026<\/code><\/pre><h2>5. Установить необходимое ПО<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get update &amp;&amp; apt-get install bind bind-utils -y<\/code><\/pre><h2>6. Сменить DNS<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo $&#039;search au-team.irpo\\nnameserver 127.0.0.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre><h2>7. Настроить DNS:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">rndc-confgen -a -c \/etc\/bind\/rndc.key\n+++\n\ncat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/bind\/options.conf\nlogging { };\noptions {\n listen-on { localnets; 127.0.0.1; };\n forwarders { 77.88.8.7; 77.88.8.3; };\n recursion yes;\n allow-recursion { any; };\n allow-query { any; };\n dnssec-validation no;\n \n directory &quot;\/etc\/bind\/zone&quot;;\n dump-file &quot;\/var\/run\/named\/named_dump.db&quot;;\n statistics-file &quot;\/var\/run\/named\/named.stats&quot;;\n recursing-file &quot;\/var\/run\/named\/named.recursing&quot;; \n secroots-file &quot;\/var\/run\/named\/named.scroots&quot;;\n pid-file none;\n};\nzone &quot;au-team.irpo&quot; {\n type master;\n file &quot;au-team.irpo&quot;;\n};\nzone &quot;168.192.in-addr.arpa&quot; {\n type master;\n file &quot;168.192.in-addr.arpa&quot;;\n};\nEOF<\/code><\/pre><p>Файлы зоны — обратной:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/bind\/zone\/168.192.in-addr.arpa\n$TTL  1D\n@    IN   SOA   au-team.irpo. root.au-team.irpo. (\n                2025020600 ; serial\n                12H        ; refresh\n                1H         ; retry\n                1W         ; expire\n                1H         ; ncache\n            )\n      IN   NS    au-team.irpo.\n1.100 IN   PTR   hq-rtr.au-team.irpo.\n2.100 IN   PTR   hq-srv.au-team.irpo.\n2.200 IN   PTR   hq-cli.au-team.irpo.\nEOF<\/code><\/pre><p>Запустить DNS:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">chown :named \/etc\/bind\/zone\/au-team.irpo \/etc\/bind\/zone\/168.192.in-addr.arpa\nsystemctl enable --now bind\n\nservice network restart\nhost br-rtr\nhost -t PTR 192.168.100.2<\/code><\/pre><h2>9. Настроить часовой пояс:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre>",
            "summary": "(sshuser)",
            "date_published": "2026-06-03T12:31:29+07:00",
            "date_modified": "2026-06-03T12:31:26+07:00",
            "tags": [
                "bind",
                "dns",
                "ens18",
                "hq-rtr",
                "ssh",
                "sshuser",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:31:29 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "4",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "3",
            "url": "https:\/\/test3.716.su\/all\/1-3\/",
            "title": "Трюк 1-3. Как настроить самый главный маршрутизатор на ALT Linux",
            "content_html": "<h2>1. Настроить имя устройства:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">hostnamectl hostname hq-rtr.au-team.irpo\nexec bash<\/code><\/pre><h2>2. Настроить внутренние интерфейсы:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">mkdir -p \/etc\/net\/ifaces\/{ens19,vlan{100,200,999},gre1}\necho &#039;TYPE=eth&#039; | tee \/etc\/net\/ifaces\/ens{18,19}\/options\n\n\n-------to ISP------\necho &#039;172.16.1.2\/28&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4address\necho &#039;default via 172.16.1.1&#039; &gt; \/etc\/net\/ifaces\/ens18\/ipv4route\necho &#039;nameserver 8.8.8.8&#039; &gt; \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre><h2>3. Настроить VLAN:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">echo $&#039;100\\n200\\n999&#039; | xargs -i bash -c &#039;echo -e &quot;TYPE=vlan\\nHOST=ens19\\nVID={}&quot; &gt; \/etc\/net\/ifaces\/vlan{}\/options&#039;\n\ncat \/etc\/net\/ifaces\/vlan999\/options \n\necho &#039;192.168.100.1\/27&#039; &gt; \/etc\/net\/ifaces\/vlan100\/ipv4address\necho &#039;192.168.200.1\/28&#039; &gt; \/etc\/net\/ifaces\/vlan200\/ipv4address\necho &#039;192.168.99.1\/29&#039; &gt; \/etc\/net\/ifaces\/vlan999\/ipv4address<\/code><\/pre><h2>4. Включить маршрутизацию<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/net.ipv4.ip_forward = 0\/net.ipv4.ip_forward = 1\/&#039; \/etc\/net\/sysctl.conf<\/code><\/pre><h2>5. Настроить GRE-туннель<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/net\/ifaces\/gre1\/options\nTYPE=iptun\nTUNTYPE=gre\nTUNLOCAL=172.16.1.2\nTUNREMOTE=172.16.2.2\nTUNTTL=64\nTUNOPTIONS=&#039;ttl 64&#039;\nEOF\n\n+++\ncat \/etc\/net\/ifaces\/gre1\/options\n\necho &quot;10.10.10.2\/30&quot; &gt; \/etc\/net\/ifaces\/gre1\/ipv4address\n\nsystemctl restart network\nip -br -c a<\/code><\/pre><h2>5. Установить необходимое ПО:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">apt-get install frr nftables tzdata dnsmasq -y<\/code><\/pre><h2>7. Сменить DNS:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">rm -f \/etc\/net\/ifaces\/ens18\/resolv.conf\necho $&#039;search au-team.irpo\\nnameserver 192.168.100.2&#039; &gt; \/etc\/net\/ifaces\/vlan100\/resolv.conf<\/code><\/pre><h2>8. Настроить NFTables:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt; EOF &gt; \/etc\/nftables\/nftables.nft\n#!\/usr\/sbin\/nft -f\nflush ruleset\ntable ip nat {\n chain postrouting {\n type nat hook postrouting priority srcnat;\n oifname &quot;ens18&quot;  masquerade\n }\n}\nEOF<\/code><\/pre><p>и включить nftables<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now nftables<\/code><\/pre><h2>9. Настроить часовой пояс:<\/h2>\n<pre class=\"e2-text-code\"><code class=\"\">timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre><h2>10. Создать сетевого пользователя NetAdmin:<\/h2>\n<p>(net_admin)<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">useradd net_admin\necho &quot;net_admin:P@ssw0rd&quot; | chpasswd\nusermod -aG wheel net_admin\necho &quot;WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL&quot; &gt; \/etc\/sudoers.d\/net_admin\nsu -l net_admin\nsudo id<\/code><\/pre><h2>11. Настроить OSPF:<\/h2>\n<p>Сначала надо включить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/ospfd=no\/ospfd=yes\/&#039; \/etc\/frr\/daemons ; grep ospf \/etc\/frr\/daemons<\/code><\/pre><p>Затем надо настроить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/frr\/frr.conf\ninterface gre\n no ip ospf passive\nexit\n!\ninterface gre1\n ip ospf area 0\n ip ospf authentication\n ip ospf authentication-key P@ssw0rd\n no ip ospf passive\nexit\n!\ninterface vlan100\n ip ospf area 0\nexit\n!\ninterface vlan200\n ip ospf area 0\nexit\n!\ninterface vlan999\n ip ospf area 0\nexit\n!\nrouter ospf\n passive-interface default\nexit\n\nEOF<\/code><\/pre><p>Потом надо запустить OSPF:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl restart network\nsystemctl enable --now  nftables frr\ncat \/etc\/resolv.conf<\/code><\/pre><p>Проверять маршруты OSPF надо так:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">ip r<\/code><\/pre><h2>12. Как правильно настроить DHCP:<\/h2>\n<p>Сначала надо отключить DNS-сервер, т. к. он будет в другом месте (об этом будет другой трюк:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">sed -i &#039;s\/AUTO_LOCAL_RESOLVER=yes\/AUTO_LOCAL_RESOLVER=no\/&#039; \/etc\/sysconfig\/dnsmasq ; grep AUTO_LOCAL_RESOLVER \/etc\/sysconfig\/dnsmasq<\/code><\/pre><p>Потом настроить DHCP на один адрес:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">cat &lt;&lt;&#039;EOF&#039; &gt; \/etc\/dnsmasq.conf\nport=0\ninterface=vlan200\nlisten-address=192.168.200.1\ndhcp-authoritative\ndhcp-range=interface:vlan200,192.168.200.2,192.168.200.2,255.255.255.240,6h\ndhcp-option=3,192.168.200.1\ndhcp-option=6,192.168.100.2\nleasefile-ro\nEOF<\/code><\/pre><p>Потом стартуем DHCP:<\/p>\n<pre class=\"e2-text-code\"><code class=\"\">systemctl enable --now frr dnsmasq ; ss -lun | grep 67\n\nsystemctl restart network\ncat \/etc\/resolv.conf\nip r | grep ospf<\/code><\/pre>",
            "summary": "и включить nftables",
            "date_published": "2026-06-03T12:13:55+07:00",
            "date_modified": "2026-06-03T12:13:51+07:00",
            "tags": [
                "dhcp",
                "dns",
                "dnsmasq",
                "ens18",
                "ens19",
                "frr",
                "gre",
                "hq-rtr",
                "ip_forward",
                "net_admin",
                "nftables",
                "ospf",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:13:55 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "3",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        }
    ],
    "_e2_version": 4199,
    "_e2_ua_string": "Aegea 11.5 (v4199e)"
}