Firewalld共享上网及本地yum仓库搭建步骤
导读 | 分享Firewalld共享上网及本地yum仓库搭建步骤 |
1.开启防火墙并加入开机自启动
[[email protected]linuxprobe ~]# systemctl start firewalld[[email protected] ~]# systemctl enable firewalld
2.移除默认所有人能访问ssh的规则
[[email protected] ~]# firewall-cmd --remove-service=ssh --permanent
3.添加只允许10.0.0.1这台主机访问
[[email protected] ~]# firewall-cmd --add-rich-rule='rule family=ipv4 source address=10.0.0.1/32 service name=ssh accept' --permanent
4.开启ip伪装,为后续主机提供共享上网【管理机】
[[email protected] ~]# firewall-cmd --add-masquerade --permanent
5.重启firewalld生效
[[email protected] ~]# firewall-cmd --reload
1.没有公网地址的内部服务器配置指向管理机的网关
[[email protected] ~]# /etc/sysconfig/network-scripts/ifcfg-eth1 #配置新增如下2条规则GATEWAY=172.16.1.61 #有外网的服务器内网ip
DNS1=223.5.5.5
2.重启网卡ping baidu.com(如果不通尝试重启服务器)
[[email protected] ~]# nmcli connection down eth1 && nmcli connection up eth1[[email protected] ~]# ping baidu.com
1.安装vsftpd服务
[[email protected] ~]# yum install vsftpd -y
2.开启yum缓存功能
[ro[email protected] ~]# sed -i '/^keepcache/c keepcache=1' /etc/yum.conf[[email protected] ~]# cat /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1 #这个原来是0 改成1即可
3.安装createrepo并创建 reopdata仓库
[[email protected] ~]# yum -y install createrepo[[email protected] ~]# createrepo /var/ftp/ops
#注意: 如果此仓库每次新增软件则需要重新生成一次
4.安装需要的服务
[[email protected] ~]# yum -y install
5.寻找已安装的rpm包,并移动到本地仓库
[[email protected] ~]# mkdir -p /var/ftp/ops[[email protected] ~]# find /var/cache/yum/x86_64/7/ -iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;
6.重新生成一次(createrepo /var/ftp/ops)
[[email protected] ~]# createrepo /var/ftp/ops
7.启动vsftp服务并加入开机自启
[[email protected] ~]# systemctl start vsftpd[[email protected] ~]# systemctl enable vsftpd
8.firewalld添加ftp服务通行
[[email protected] ~]# firewall-cmd --add-service=ftp --permanent
9.重启firewalld生效
[[email protected] ~]# firewall-cmd --reload
1.所有服务器(无外网)把原有源都打包
[[email protected] ~]#gzip /etc/yum.repos.d/*
2.配置一个本地源,目录与服务端的目录一致
[[email protected] ~]#cat /etc/yum.repos.d/ops.repo[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops #填写有外网的服务器内网ip地址
gpgcheck=0
enabled=1
以上是 Firewalld共享上网及本地yum仓库搭建步骤 的全部内容, 来源链接: utcz.com/a/120865.html