Server/haruka: Unterschied zwischen den Versionen
Aus Opennet
(→Besonderheiten) |
(→Besonderheiten) |
||
(25 dazwischenliegende Versionen von einem Benutzer werden nicht angezeigt) | |||
Zeile 17: | Zeile 17: | ||
|- | |- | ||
| '''IP / DNS''' | | '''IP / DNS''' | ||
− | | 192.168.5.23 - haruka.on (Opennet IPv4, ether1) <br/> 46.4.100.206 - haruka.opennet-initiative.de (WAN IPv4, ether2) <br/> 2a01:4f8:140:9250::206 - haruka.opennet-initiative.de (WAN IPv6, ether2) | + | | 192.168.5.23 - haruka.on (Opennet IPv4, ether1) <br/> fd32:d8d3:87da::10:16 - haruka.on (Opennet IPv6, ether1) <br/> 46.4.100.206 - haruka.opennet-initiative.de (WAN IPv4, ether2) <br/> 2a01:4f8:140:9250::206 - haruka.opennet-initiative.de (WAN IPv6, ether2) |
|- | |- | ||
| '''Ausstattung''' | | '''Ausstattung''' | ||
Zeile 34: | Zeile 34: | ||
=== Dienste === | === Dienste === | ||
− | * Amateurfunk | + | * Amateurfunk Router/VPN: https://hamnetdb.net/?q=dm0hro |
=== Status === | === Status === | ||
− | * | + | * RouterOS WebFig: https://haruka.on |
− | + | ||
=== Besonderheiten === | === Besonderheiten === | ||
* eth1 MAC ist "00:50:56:00:b0:f5", wurde von Hetzner zugewiesen | * eth1 MAC ist "00:50:56:00:b0:f5", wurde von Hetzner zugewiesen | ||
− | * Kein | + | * Kein OLSRv1 Betrieb, daher IPv4 HNA via [[AP2.230]] |
+ | * Kein OLSRv2 Betrieb, daher keine IPv6 Mesh Erreichbarkeit | ||
* Erstinstallation: | * Erstinstallation: | ||
lvcreate --name haruka-root --size 512M lvm-akito | lvcreate --name haruka-root --size 512M lvm-akito | ||
Zeile 56: | Zeile 56: | ||
vncviewer rdp://localhost:5906 | vncviewer rdp://localhost:5906 | ||
... | ... | ||
− | > ip address add address=192.168.5.23 netmask=255.255.0.0 | + | > ip address add address=192.168.5.23 network=192.168.2.230 interface=ether1 |
− | > ip dns set | + | > ip route add dst-address=192.168.0.0/16 gateway=192.168.2.230 |
+ | > ip dns set servers=192.168.2.230 | ||
+ | > ip address add address=46.4.100.206 netmask=255.255.255.192 interface=ether2 | ||
+ | > ip route add dst-address=0.0.0.0/0 gateway=46.4.100.225 | ||
+ | > ip dhcp-client remove ether1 | ||
+ | > ip ssh set strong-crypto=yes | ||
+ | > ip neighbor discovery-settings set discover-interface-list=none | ||
+ | > system identity set name=haruka | ||
+ | > system note set show-at-login=yes note= | ||
+ | _ | ||
+ | ___ _ __ ___ _ __ _ __ ___| |_ | ||
+ | / _ \| '_ \ / _ \ '_ \| '_ \ / _ \ __| | ||
+ | | (_) | |_) | __/ | | | | | | __/ |_ | ||
+ | \___/| .__/ \___|_| |_|_| |_|\___|\__| | ||
+ | |_| | ||
+ | Willkommen auf haruka! | ||
+ | > system ntp client set server-dns-names=pool.ntp.org | ||
+ | > system clock set time-zone-name=Europe/Berlin | ||
+ | > tool bandwidth-server set enabled=no | ||
+ | > certificate add name=haruka-CA common-name=haruka-CA key-usage=key-cert-sign,crl-sign | ||
+ | > certificate add name=haruka common-name=haruka.on key-usage=key-encipherment,tls-server | ||
+ | > certificate sign haruka-CA | ||
+ | > certificate sign haruka ca=haruka-CA | ||
+ | > ip service set 4 certificate=haruka # www-ssl | ||
+ | > ip service set 7 certificate=haruka # api-ssl | ||
+ | > ip service set 0 address=192.168.0.0/16 # telnet | ||
+ | > ip service set 1 address=192.168.0.0/16 # ftp | ||
+ | > ip service set 2 address=192.168.0.0/16 # www | ||
+ | > ip service set 3 address=192.168.0.0/16 # ssh | ||
+ | > ip service set 4 address=192.168.0.0/16 # www-ssl | ||
+ | > ip service set 5 address=192.168.0.0/16 # api | ||
+ | > ip service set 6 address=192.168.0.0/16 # winbox | ||
+ | > ip service set 7 address=192.168.0.0/16 # api-ssl | ||
+ | > ip service set 0 disabled=yes # telnet | ||
+ | > ip service set 1 disabled=yes # ftp | ||
+ | > ip service set 2 disabled=yes # www | ||
+ | > ip service set 4 disabled=no # www-ssl | ||
+ | > ip service set 5 disabled=yes # api | ||
+ | > ip service set 6 disabled=yes # winbox | ||
+ | > system package enable ipv6 | ||
+ | > system reboot | ||
+ | > ipv6 address add address=fd32:d8d3:87da::10:16/64 interface=ether1 | ||
+ | > ipv6 address add address=2a01:4f8:140:9250::206/64 interface=ether2 | ||
+ | > ipv6 route add dst-address=::/0 gateway=fe80::1%ether2 | ||
+ | > system backup save | ||
__NOTOC__ | __NOTOC__ | ||
[[Category:Server]] | [[Category:Server]] |
Aktuelle Version vom 2. November 2022, 06:27 Uhr
Haruka ist ein Opennet Server.
[Bearbeiten] Technische Daten
Name | haruka |
---|---|
Hardware | Virtualisiert, KVM VM (Server/akito) |
Betriebsystem | MikroTik CHR |
Anbindung | siehe Server/akito |
IP / DNS | 192.168.5.23 - haruka.on (Opennet IPv4, ether1) fd32:d8d3:87da::10:16 - haruka.on (Opennet IPv6, ether1) 46.4.100.206 - haruka.opennet-initiative.de (WAN IPv4, ether2) 2a01:4f8:140:9250::206 - haruka.opennet-initiative.de (WAN IPv6, ether2) |
Ausstattung | 256 MB RAM (virtuell) 512 MB (/) |
Dienste | Dienste der Funkamateure Rostock (DARC e.V.) |
Backup | (kein Backup derzeit) |
[Bearbeiten] Verantwortlichkeiten
- Zugang/Hosting: siehe Server/akito
- Administration: Christoph Kottke, Mathias Mahnke
[Bearbeiten] Dienste
- Amateurfunk Router/VPN: https://hamnetdb.net/?q=dm0hro
[Bearbeiten] Status
- RouterOS WebFig: https://haruka.on
[Bearbeiten] Besonderheiten
- eth1 MAC ist "00:50:56:00:b0:f5", wurde von Hetzner zugewiesen
- Kein OLSRv1 Betrieb, daher IPv4 HNA via AP2.230
- Kein OLSRv2 Betrieb, daher keine IPv6 Mesh Erreichbarkeit
- Erstinstallation:
lvcreate --name haruka-root --size 512M lvm-akito dd if=chr-6.49.7.img of=/dev/lvm-akito/haruka-root bs=1M virt-install --connect qemu:///system -n "haruka" --memory=2048 --vcpus=1 \ --import --disk "path=/dev/lvm-akito/haruka-root,format=raw,bus=sata" \ --graphics vnc,keymap=de --serial pty --noautoconsole \ --os-type generic --network=bridge:br-wan,model=e1000,mac=00:50:56:00:b0:f5 --hvm ... virsh autostart haruka virsh start haruka ssh -L 5906:localhost:5906 <virt-server> vncviewer rdp://localhost:5906 ... > ip address add address=192.168.5.23 network=192.168.2.230 interface=ether1 > ip route add dst-address=192.168.0.0/16 gateway=192.168.2.230 > ip dns set servers=192.168.2.230 > ip address add address=46.4.100.206 netmask=255.255.255.192 interface=ether2 > ip route add dst-address=0.0.0.0/0 gateway=46.4.100.225 > ip dhcp-client remove ether1 > ip ssh set strong-crypto=yes > ip neighbor discovery-settings set discover-interface-list=none > system identity set name=haruka > system note set show-at-login=yes note= _ ___ _ __ ___ _ __ _ __ ___| |_ / _ \| '_ \ / _ \ '_ \| '_ \ / _ \ __| | (_) | |_) | __/ | | | | | | __/ |_ \___/| .__/ \___|_| |_|_| |_|\___|\__| |_| Willkommen auf haruka! > system ntp client set server-dns-names=pool.ntp.org > system clock set time-zone-name=Europe/Berlin > tool bandwidth-server set enabled=no > certificate add name=haruka-CA common-name=haruka-CA key-usage=key-cert-sign,crl-sign > certificate add name=haruka common-name=haruka.on key-usage=key-encipherment,tls-server > certificate sign haruka-CA > certificate sign haruka ca=haruka-CA > ip service set 4 certificate=haruka # www-ssl > ip service set 7 certificate=haruka # api-ssl > ip service set 0 address=192.168.0.0/16 # telnet > ip service set 1 address=192.168.0.0/16 # ftp > ip service set 2 address=192.168.0.0/16 # www > ip service set 3 address=192.168.0.0/16 # ssh > ip service set 4 address=192.168.0.0/16 # www-ssl > ip service set 5 address=192.168.0.0/16 # api > ip service set 6 address=192.168.0.0/16 # winbox > ip service set 7 address=192.168.0.0/16 # api-ssl > ip service set 0 disabled=yes # telnet > ip service set 1 disabled=yes # ftp > ip service set 2 disabled=yes # www > ip service set 4 disabled=no # www-ssl > ip service set 5 disabled=yes # api > ip service set 6 disabled=yes # winbox > system package enable ipv6 > system reboot > ipv6 address add address=fd32:d8d3:87da::10:16/64 interface=ether1 > ipv6 address add address=2a01:4f8:140:9250::206/64 interface=ether2 > ipv6 route add dst-address=::/0 gateway=fe80::1%ether2 > system backup save