1.通过dns分离技术解析www.qq.com主机ip地址,实现通过内网主机解析为内网服务主机,外网主机解析到外网主机。
需要两台主机和一个DNS服务器
dns服务器配置
1.关闭防火墙
关闭su linux
systemctl stop firewalld
setenforce 0
yum install bind -y 安装dns服务安装包
vim /etc/named.conf 编辑配置文件
options选择 {
listen-on port 53 { 192.168.243.129; };53端口侦听
directory “/var/named”;主目录
allow-query { “any”; };允许任何人访问
};
acl"Intranet"定义参数可随机定义{ 192.168.243.132; };控制列表
acl"extranet"{ 192.168.243.133; };
view"Intranet"{
match-clients{ “Intranet”; };链接上面参数
zone “qq.com” IN {
type master;主服务器
file “named.qq.com”;文件名
};
};
view"extranet"{
match-clients { “extranet”; };
zone “qq.com” IN {
type master;
file “named1.qq.com”;
};
};
cp /var/named/named.localhost /var/named/named.qq.com
54 cp /var/named/named.localhost /var/named/named1.qq.com
修改文件权限
59 chmod o+rwx named.qq.com
60 chmod o+rwx named1.qq.com
vim /var/named/named.qq.com
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qq.com.
dns IN A 192.168.243.129
www IN A 192.168.243.50
vim /var/named/named1.qq.com
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ( 本地服务器) dns.qq.com"."(要加根域)
dns IN A 192.168.243.129
www IN (internet) A 192.168.243.10
重启服务 systemctl restart named
测试
在192.168.243.132上
nslookup>空格
server 192.168.243.129
Default server: 192.168.243.129
Address: 192.168.243.129#53
www.qq.com
Server: 192.168.243.129
Address: 192.168.243.129#53
Name: www.qq.com
Address: 192.168.243.50
2.主机192.168.243.133 和192.168.243.132
2.配置A和B主机实现免密登录
让192.168.243.132(客户端访问到192.168.243.133(服务器)
客户端配置
ssh-keygen -t RSA 生成私钥文件
第二种发送公钥文件
ssh-copy-id -i 192.168.243.133
重启服务
systemctl restart sshd
测试
ssh 192.168.243.133
若免密登录则测试成功