Table of contents
4. Allow traffic from a certain port to pass:
5. Block traffic from an IP address:
6. Allow traffic from a certain IP address:
1. View the current routing table:
3. Delete a routing rule, for example, delete the 192.168.1.0/24 routing rule added above:
4. Use the `ip` command to configure the default route:
5. Manually configure a static route:
6. Save routing settings permanently:
1. View the current network interface:
2. Create a virtual network card:
3. Assign IP to the virtual network card:
4. Start the virtual network card:
PXE installation system operation process:
(1) Advantages of PXE batch deployment
(3) Requirements for deploying PXE network system
(4) Steps to build a PXE remote installation server
1. Install and enable TFTP service
2. Install and enable DHCP service
3. Prepare the Linux kernel and initialize the image file
5. Install FTP service and prepare CentOS 7 installation source
6. Configure the boot menu file
(5) Automatically install Linux system
Iptables
iptables is a commonly used firewall software in Linux. Using iptables can help you control the flow of network data packets and achieve network security protection.
Here are some common uses of iptables:
1. View iptables settings:
iptables -L
This command will list the current iptables settings.
2. Enable all traffic:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
The above command will allow all traffic to pass through the firewall.
3. Close all traffic:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
The above command turns off the firewall and does not allow any traffic to pass.
4. Allow traffic from a certain port to pass:
iptables -A INPUT -p tcp --dport port_number -j ACCEPT
Among them, `port_number` is the port number that needs to be allowed: for example, port 80
5. Block traffic from an IP address:
iptables -A INPUT -s ip_address -j DROP
Where `ip_address` is the IP address that needs to be blocked: such as 192.168.1.140
6. Allow traffic from a certain IP address:
iptables -A INPUT -s ip_address -j ACCEPT
Among them, `ip_address` is the IP address that needs to be allowed: such as 192.168.1.127
There are many other options and usages of iptables, here are only some commonly used ones. If you need more help, you can check the official documentation or use the `man iptables` command to view the help manual.
Clear all iptables rules
Before configuring iptables, you usually need to use the iptables --list command or iptables-save command to check whether there are existing rules, because sometimes you need to delete existing iptables rules:
iptables --flush
or
iptables -F
The following command clears the iptables nat table rules.
iptables -t nat -F
Effective permanently
When you delete or add rules, these changes will not take effect permanently, and these rules will most likely be restored to their original state after the system is restarted. The following configuration makes the configuration permanent.
# Save iptables rules
service iptables save
# Restart iptables service
service iptables stop
service iptables start
View current rules:
cat /etc/sysconfig/iptables
cat /etc/sysconfig/iptables-config
Routing table configuration
In Linux systems, you can use the `ip` command to configure the routing table. Specific steps are as follows:
1. View the current routing table:
```
ip route show
```
2. Add a routing rule, for example, send all data packets with the destination address 192.168.1.0/24 through the gateway 192.168.0.1:
```
ip route add 192.168.1.0/24 via 192.168.0.1
```
3. Delete a routing rule, for example, delete the 192.168.1.0/24 routing rule added above:
```
ip route del 192.168.1.0/24
```
4. Use the `ip` command to configure the default route:
```
ip route add default via <gateway ip>
```
Where `<gateway ip>` refers to the gateway IP address.
5. Manually configure a static route:
```
ip route add <network>/<mask> via <gateway>
```
Where `<network>` is the network to be accessed, `<mask>` is the network mask, and `<gateway>` is the gateway IP address.
6. Save routing settings permanently:
If you want the routes you set to be permanent, you can add routing rules to the `/etc/network/interfaces` file.
For example, to permanently add a routing rule, edit the `/etc/network/interfaces` file and add the following content at the end of the file:
```
up ip route add <network>/<mask> via <gateway>
```
After saving the file, restart the network using the following command:
```
sudo systemctl restart networking
```
The above are some common methods for configuring routing in Linux, but the actual operation should be configured according to specific scenarios and needs.
Create virtual IP under Linux
In Linux, you can use the `ip` command to create a virtual IP address. The specific steps are as follows:
1. View the current network interface:
```
ip a
```
You can see the list of network interfaces of the current system.
2. Create a virtual network card:
You can use the following command to create a virtual network card, such as eth0:0:
```
sudo ip link add name eth0:0 link eth0 type macvlan mode bridge
```
3. Assign IP to the virtual network card:
You can use the following command to assign an IP address to the virtual network card, such as 192.168.0.100:
```
sudo ip addr add 192.168.0.100 dev eth0:0
```
4. Start the virtual network card:
Start the virtual network card using the following command:
```
sudo ip link set eth0:0 up
```
After completing the above steps, you can use the `ip a` command to view the network interface of the current system. You should be able to see the newly created virtual network card and IP address.
If you need to save the virtual IP permanently, you can add the commands to create a virtual network card and assign an IP address to the `/etc/network/interfaces` file, and restart the network service.
It should be noted that the virtual IP address is only valid on the current system, and the data packets transmitted in the network will not use the virtual IP. If you need to use virtual IP in the network, you also need to configure it in network routing.
PXE network installation
Introduction:
PXE (Preboot Execution Environment) is a computer network technology that allows the computer to boot and load the operating system without using local storage devices. It is usually used for large-scale device deployment or network management in enterprises, and allows administrators to remotely manage and update computers' software images through the network. PXE uses network protocols such as TCP/IP protocol stack, DHCP/DNS protocol, TFTP protocol, etc. to transfer the operating system or other software to the memory of the client computer through the network to realize remote automatic installation, deployment, maintenance and management of the computer.
PXE installation system operation process:
1. Install the PXE server on a server or computer, and configure network service protocols, such as DHCP and TFTP, on it.
2. Connect the computer on which the operating system needs to be installed to the LAN where the PXE server is located through a LAN cable.
3. Set up the DHCP service on the PXE server to provide IP addresses and other network configuration information to clients.
4. Set up the TFTP service on the PXE server, and copy the operating system installation program and related files to the default root directory of TFTP for client downloading.
5. Turn on the computer that needs to install the system, enter the BIOS interface when starting, set the PXE boot option as the first startup item, and save the settings.
6. After the computer restarts, it will initiate a request to the DHCP server to obtain network configuration information (IP address, default gateway, etc.), and ask the PXE server whether it has the startup files required to install the system.
7. When the PXE server receives the startup request, it will provide the necessary startup file (such as grub or syslinux), and the computer will download the file and other necessary files, such as the kernel (kernel) and the operating system image file (Image).
8. After the installation program is started, the user can follow the guidance of the installation process to set the partition, installation directory, operating system language, installation software package and other information of the target system until the installation of the operating system is completed.
9. Finally, restart the computer and enter the newly installed operating system environment.
It should be noted that the PXE installation system requires setting up a PXE server and corresponding configuration in the LAN, and ensuring that the network is smooth and the speed is stable, so as not to affect the installation process.
PXE basic steps
(1) Advantages of PXE batch deployment
(3) Requirements for deploying PXE network system
(4) Steps to build a PXE remote installation server
1. Install and enable TFTP service
2. Install and enable DHCP service
3. Prepare the Linux kernel and initialize the image file
5. Install FTP service and prepare CentOS 7 installation source
6. Configure the boot menu file
(5) Automatically install Linux system
1. Overview of PXE
(1) Advantages of PXE batch deployment
Scale: rig multiple servers simultaneously
Automation: Installing the system and configuring various services
Remote implementation: No installation media such as CDs and U disks required
PXE (Preboot eXcution Environment )
pre-start execution environment, runs before the operating system.
The server
runs the DHCP service to allocate addresses and locate the boot program.
Runs the TFTP service to provide boot program downloads.
The client
network card supports the PXE protocol.
The motherboard supports network booting.
(2) Basic deployment process
Prepare the CentOS 7 installation source (YUM repository)
to install and enable the TFTP service
. Provide the Linux kernel, PXE boot program, etc.
Install and enable the DHCP service
. Configure the boot menu.
(3) Requirements for deploying PXE network system
To build a PXE network system, the following prerequisites must be met:
Client:
1. The client's network card must support the PXE protocol (integrated BOOTROM chip), and the motherboard must support network boot. Generally, most server hosts support it. You just need to allow booting from Network or LAN in the BIOS settings.
Server:
2. There is a DHCP server in the network to automatically assign addresses and specify the boot file location to the client.
3. The server must provide the download of the system kernel and boot image files through the TFTP service (Trivial File Transfer Protocol)
(4) Steps to build a PXE remote installation server
The PXE remote installation server integrates the CentOS 7 installation source, TFTP service, DHCP service, and FTP service. It can send PXE boot program, Linux kernel, boot menu and other data to the client bare metal, as well as provide installation files.
TFTP (Trivial File Transfer Protocol) is a protocol based on UDP protocol for simple file transfer between client and server. It is suitable for small file transfer applications. The TFTP service is managed by the xinetd service by default, using UDP port 69.
xinetd is a new generation of network daemon service program, also called a super server, which is commonly used to manage a variety of lightweight Internet services.
1. Install and enable TFTP service
yum -y install tftp-server
yum -y install xinetd
Install two software
#Modify the configuration file of the TFTP service
vim /etc/xinetd.d/tftp
protocol = udp #TFTP uses the UDP protocol by default
wait = no #no means that multiple clients can connect together, yes means that the client can only connect one at a time
server_args = -s /var/lib/tftpboot #Specify the TFTP root directory (the storage path of the boot file)
disable = no #no means turning on the TFTP service
Restart and set up auto-start:
systemctl start tftp
systemctl enable tftp
systemctl start xinetd
systemctl enable xinetd
2. Install and enable DHCP service
yum -y install dhcp
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
Modify the DHCP service configuration file
vim /etc/dhcp/dhcpd.conf
ddns-update-style none; #Disable DNS dynamic update
next-server 192.168.80.10; #Specify the address of the TFTP server (this needs to be entered manually)
filename "pxelinux .0"; #Specify the PXE boot program file to be downloaded (this needs to be entered manually)
subnet 192.168.80.0 netmask 255.255.255.0 { #Declare the network segment address to be allocated range 192.168.80.100 192.168.80.200; #Set the address pool option routers 192.168.80.10; #The default gateway address points to the IP address of the TFTP server
Restart the service and set up automatic startup
systemctl start dhcpd
systemctl enable dhcpd
3. Prepare the Linux kernel and initialize the image file
mount /dev/cdrom /mnt
#First mount the CD image `cd /mnt/images/pxeboot ` cp vmlinuz /var/lib/tftpboot/ #Copy the kernel file of the Linux system to the TFTP root directory `cp initrd.img mount /dev/cdrom /mnt cp vmlinuz /var/lib/tftpboot/
#Copy the kernel file of the Linux system to the TFTP root directory cp initrd.img /var/lib/tftpboot/
#Copy the initialization image file (linux boot loader module) to the TFTP root directory
#Copy the initialization image file (linux boot loader module) to the TFTP root directory`
Here you need to copy two important files to /var/lib/tftpboot/ (vmlinuz, initrd.img)
4. Prepare PXE bootloader
yum -y install syslinux #The PXE boot program is provided by the software package syslinux
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ #Copy the PXE boot program to the TFTP root directory
5. Install FTP service and prepare CentOS 7 installation source
yum -y install vsftpd #Install vsftpd service
mkdir /var/ftp/centos7 cp -rf /mnt/* /var/ftp/centos7/ #Create a new centos7 directory and copy all files under the CD image to the centos7 directory
6. Configure the boot menu file
The default boot menu file is in the pxelinux.cfg subdirectory of the TFTP root directory, and the file name is default
mkdir /var/lib/tftpboot/pxelinux.cfg #You need to create pxelinux.cfg in the ftfpboot directory
vim /var/lib/tftpboot/pxelinux.cfg/default #Create default in the pxelinux.cfg directory and edit the configuration file
7. Turn off the firewall and verify the PXE network installation
systemctl stop firewalld.service
setenforce 0
Use a virtual machine created by VMware for testing. The virtual machine memory must be at least 2GB, otherwise an error may be reported when starting the installation.
Turn on the virtual machine and press Enter directly after the prompt string "boot:" (or execute the "auto" command). The installation file will be automatically downloaded through the network and the default graphical installation entrance will be entered; if you execute the "linux text"
command , then enter the text installation entrance; if you execute the "linux rescue" command, you enter the rescue mode.
Batch installation can already be achieved here. The following method is to implement Kickstart unattended installation, a truly unattended automatic installation. Let’s continue.
(5) Automatically install Linux system
8. Prepare the installation answer file
(1) Install the system-config-kickstart tool
yum install -y system-config-kickstart
(2) Open the "Kickstart Configuration Program" window
through the desktop menu "Applications" --> "System Tools" --> "Kickstart"
or
execute the "system-config-kickstart" command to open it
(3) Configure kickstart options.
Basic configuration:
Set the default language to "Chinese (Simplified)" and
the time zone to "Asia/Shanghai"
. Set the root password
. Check "Restart after installation" in the advanced configuration.
Installation method:
Select FTP
FTP server: ftp://192.168.80.10
FTP directory: centos7
Boot loader options:
"Installation type": Install a new boot loader
"Installation option": Install the boot loader in the master boot record (MBR)
Partition information: (Partition size is configured according to your actual situation)
Master boot record: Clear master boot record
Partition: Delete all existing partitions
Disk label: Initialize disk label
Layout: Add partition
mount point: /boot, file system type: xfs, fixed Size: 500M
File system type: swap, fixed size: 4096M
Mount point: /home, file system type: xfs, fixed size: 4096M
Mount point: /, file system type: xfs, uses all unused space on the disk
Network configuration:
Add network device "ens33"
and set the network type to "DHCP"
Firewall configuration:
disable SELinux, disable firewall
Post-installation script:
Check "Use interpreter": /bin/bash
rm -rf /etc/yum.repos.d/*
echo '[local]
name=local
baseurl=ftp://192.168.80.10/centos7
enabled= 1
gpgcheck=0' > /etc/yum.repos.d/local.repo
Keep other options at their default settings
(4) Save the automatic response file.
Select the "File" --> "Save" command in the "Kickstart Configuration Program" window and select the specified save location. The file name is ks.cfg and is
saved in /root/ks.cfg by default.
After saving, copy /root/ks.cfg to /var/ftp/ks.cfg
cp /root/ks.cfg /var/ftp/ks.cfg
(5) To configure the software packages that need to be installed,
you can copy the software package installation script of /root/anaconda-ks.cfg to the /var/ftp/ks.cfg file as needed. You only need to copy the %packages to the %end part. . If you require minimal installation, you can copy the following content: vim ks.cfg
%packages
@^minimal
%end
(6) Edit the boot menu file default and add the ks boot parameter
vim /var/lib/tftpboot/pxelinux.cfg/default
default auto
prompt 0 #Set whether to wait for user selection, "0" means not to wait for user control
label auto
kernel vmlinuz #kernel and append are used to define boot parameters
append initrd=initrd.img method=ftp://192.168.80.10/centos7 ks=ftp://192.168.80.10/ks.cfg
#Add ks boot parameters to specify ks.cfg URL path of the answer file
7. Verify unattended installation.
Each time the client boots in PXE mode, it will automatically download the ks.cfg response configuration file, and then install the CentOS 7 system according to the settings in it without manual intervention.
cat /etc/yum.repos.d/local.repo`` (verify the local yum source installation)