iptables -L nat
iptables -t nat -A PREROUTING -p tcp -d 172.20.30.110 --dport 443 -j DNAT --to-destination 10.0.0.254:443
iptables -L nat
iptables -L nat
iptables -t nat -A PREROUTING -p tcp -d 172.20.30.110 --dport 443 -j DNAT --to-destination 10.0.0.254:443
iptables -L nat
以下設定在DDNS的Server
apt install bind9
建立一個 ddns 帳號
tsig-keygen -a hmac-sha512 ddns >> /tmp/ddns.key cat /tmp/ddns.key
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};
將上面的key貼在下面的設定檔, named.yourddnsdomain.com必須已經預先設定好
vi /etc/bind/named.conf.default-zones
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};
zone “yourddnsdomain.com" IN {
type master;
file “/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant ddns name subdomain.yourddnsdomain.com. A; };
};
以下設定在DDNS的Client
apt install bind9
Copy剛才在Server產生的ddns.key到Client /root/ddns.key
vi /root/do-nsupdate
#!/bin/bash updateServer=ns1.masterdns.com updateDomain=subdomain.yourddnsdomain.com encryptKeyPath="/root/ddns.key" checkIPWeb="http://checkip.amazonaws.com/" CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v “#53") CURRENT_IP=$(echo ${CURRENT_IP:9}) EXT_IP=$(curl $checkIPWeb) if [ $CURRENT_IP != $EXT_IP ]; then KEY=$encryptKeyPath cat <<EOF | nsupdate -k “$KEY" server $updateServer update delete $updateDomain. A update add $updateDomain. 3600 A $EXT_IP send EOF fi
chmod 755 /root/do-nsupdate
vi /etc/crontab
*/5 * * * * root /root/do-nsupdate
sudo add-apt-repository ppa:gns3/ppa sudo apt update sudo apt install gns3-gui gns3-server
sudo dpkg --add-architecture i386 sudo apt update sudo apt install gns3-iou
wget http://www.ipvanquish.com/download/CiscoIOUKeygen3f.py python3 CiscoIOUKeygen3f.py
https://docs.gns3.com/docs/getting-started/installation/linux/
How to generate Cisco IOURC licence key on GNS3 VM with Python 3
Nginx Web server
192.168.0.214
WordPress
192.168.0.211
Zimbra web email
192.168.0.213
apt install nginx
vi /etc/nginx/conf.d/local_domains.conf
server {
listen 80;
server_name mail.yourdomain2.com;
location / {
set $target http://192.168.0.213:80;
proxy_pass $target;
}
}
server {
listen 80;
server_name yourdomain1.com www.yourdomain1.com;
location / {
set $target http://192.168.0.211:80;
proxy_pass $target;
}
}
server {
listen 443 ssl http2;
server_name yourdomain1.com www.yourdomain1.com;
ssl_certificate /etc/nginx/certs/yourdomain1.com.crt;
ssl_certificate_key /etc/nginx/certs/yourdomain1.com.key;
location / {
set $target https://192.168.0.211:443;
proxy_pass $target;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
}
server {
listen 443 ssl http2;
server_name mail.yourdomain2.com;
ssl_certificate /etc/nginx/certs/Cert.txt;
ssl_certificate_key /etc/nginx/certs/Private.txt;
location / {
proxy_pass https://192.168.0.213:443;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_read_timeout 5m;
}
}
由於家用ISP會Block 25 port而無發外寄郵件, 所以改用外部SMTP, 一個月2000封對於本人已經很足夠
https://cp.socketlabs.com/
一定要先Add sending domain, 沒有驗證的domain寄不出的
其實只需要Verify via Email已經可以運作, 但是如果有使用DKIM和SPF的話, 寄到其他大型Email server比較不會當作垃圾郵件
按SMTP Credentials取得SMTP資料
su - zimbra
# List current settings for backup
zmprov gs mail.youdomain.com zimbraMtaRelayHost
postconf smtp_sasl_password_maps
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps
postconf smtp_sasl_auth_enable
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslAuthEnable
postconf smtp_cname_overrides_servername
zmprov gs mail.youdomain.com zimbraMtaSmtpCnameOverridesServername
postconf smtp_tls_security_level
zmprov gs mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel
# Start modify settings
zmprov ms mail.youdomain.com zimbraMtaRelayHost smtp.socketlabs.com
echo smtp.socketlabs.com {username}:{password} > /opt/zimbra/conf/relay_password
postmap /opt/zimbra/conf/relay_password
postmap -q smtp.socketlabs.com /opt/zimbra/conf/relay_password
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password
postconf -e smtp_sasl_auth_enable=yes
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslAuthEnable yes
因為以下4句和預設一樣, 所以我沒有使用
#postconf -e smtp_cname_overrides_servername=no
#zmprov ms mail.youdomain.com zimbraMtaSmtpCnameOverridesServername no
#postconf -e smtp_tls_security_level=may
#zmprov ms mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel may
最後還要設定port
zmcontrol restart
Can't receive self domain email behind NAT
status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[202.xx.xx.xx]:7025: Connection timed out)
su - zimbra
zmdnscachectl stop
zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
zmprov ms `zmhostname` -zimbraServiceInstalled dnscache
CTRL + D
apt install dnsmasq
vi /etc/dnsmasq.d/mydomain.com.conf
server=8.8.8.8
domain=mydomain.com
mx-host=mydomain.com,mail.mydomain.com,5
listen-address=127.0.0.1
systemctl start dnsmasq
systemctl enable dnsmasq
vi /etc/hosts
192.168.xx.xx mail.mydomain.com
dig -t MX @127.0.0.1 mydomain.com
mydomain.com. 0 IN MX 5 mail.mydomain.com.
;; ADDITIONAL SECTION:
mail.mydomain.com. 0 IN A 192.168.xx.xx
vi /etc/netplan/00-installer-config.yaml
nameservers:
addresses:
- 127.0.0.1
su - zimbra
zmcontrol restart
sysctl net.ipv4.ip_forward
sysctl -w net.ipv4.ip_forward=1
vi /lib/systemd/system/rc-local.service
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
vi /etc/rc.local
#!/bin/sh -e
sysctl -w net.ipv4.ip_forward=1
chmod +x /etc/rc.local
systemctl enable rc-local
systemctl start rc-local
NAT
vi /etc/rc.local
iptables -t nat -A POSTROUTING -j MASQUERADE