環境
sslo@proxy102:/etc/netplan$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.3 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.3 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
sslo@proxy102:/etc/netplan$
Ubuntu基本設定
まっさらなUbuntuをセットアップしていく。
IPアドレスの確認
ip ad
ルーティングテーブルの確認
route -n
SSH設定
sshサーバインストール
sudo apt install openssh-server
Keygen
クライアント側(接続元、今回はBIG-IP)で実施。
[root@ltm-i2600-1:Active:Standalone] .ssh # ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2qCT5XRzmmNKnCJKwRZNFc5PkDsKnGHPjOlfniEfWs8 root@ltm-i2600-1.com
The key's randomart image is:
+---[RSA 2048]----+
| ..+o |
| oo o.. |
|o.O. o.. |
|.*.+ oo |
|.+. . =.S . |
|...o % * = |
| .o % % * |
|.. + B E . |
|. . |
+----[SHA256]-----+
authorized_keys登録
公開鍵(id_rsa.pub)をホスト側(接続先、今回はUbuntu)に登録する。
~/.ssh/authorized_keys (なければ作る)に公開鍵を追記します。
sslo@proxy102:~$ cd ~/.ssh
sslo@proxy102:~/.ssh$ ls
authorized_keys id_rsa id_rsa.pub
sslo@proxy102:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMLkVjXtc3QAm4ON7rSGIatLqT8ZI6inRPj3q3ulxWD5BI1dY+UnjsX9oxc7dIfYHhAt8TOajtjO3qz7p6pqaE5Y1RCofBfLz1W+gYSszi2ISpD9sCSvGtH63qAi5rzIJfqn3NyHgZnpNicWxdXkTx4tnaqZJ5oR+HqktkLRpHrTCQrsHolim+N1NMFchas9tM6xxmOIx2OxHy/oWxXLQ9+RPpzeykw2HTvI7OZhgRGAMBfRugKLX6hIqUxxhadkiFRic9xhXFi/OqXDguJH5c7nxaHZRBJspvCzKZpnnl97idRm0yMRARxkbqikoMPJZgH+7llmpFJKVBxBscu6rH root@ltm-i2600-1.com
これでSSH接続できるようになります。
[root@ltm-i2600-1:Active:Standalone] .ssh # ssh sslo@172.22.2.102
The authenticity of host '172.22.2.102 (172.22.2.102)' can't be established.
RSA key fingerprint is SHA256:/z+KfLg3oLvSb/mQT9ntx+DqYjNC5277cHPrQdS5mFk.
RSA key fingerprint is MD5:33:64:5e:c6:bd:11:f2:b2:fe:42:04:46:81:35:30:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.2.102' (RSA) to the list of known hosts.
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-118-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu Oct 15 06:50:58 UTC 2020
System load: 0.0 Users logged in: 1
Usage of /: 13.2% of 15.68GB IP address for ens160: 192.168.199.102
Memory usage: 4% IP address for ens192: 172.22.2.102
Swap usage: 0% IP address for ens256: 10.1.92.102
Processes: 192 IP address for ens224: 10.1.82.102
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
105 packages can be updated.
50 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
*** System restart required ***
Last login: Thu Oct 15 06:37:00 2020 from 172.22.100.124
sslo@proxy102:~$
IPアドレス設定
・YAML形式。
・50-cloud-init.yamlの数字部分を変えて複数ファイル保存した場合、MECEで採用される。
・重複なる設定は数字部分の大きい数が上書き優先される。
root@proxy102:~# cat /etc/netplan/52-cloud-init.yaml
network:
ethernets:
ens160:
addresses:
- 192.168.199.102/24
nameservers:
addresses:
- 8.8.8.8
routes:
- to: 8.8.8.8
via: 192.168.199.40
ens192:
addresses:
- 172.22.2.102/16
ens224:
addresses:
- 10.1.82.102/24
ens256:
addresses:
- 10.1.92.102/24
gateway4: 10.1.92.21
version: 2
Network Restart
sudo netplan apply
これでIPアドレスが反映される。
Routing Table
root@proxy102:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.92.21 0.0.0.0 UG 0 0 0 ens256
8.8.8.8 192.168.199.40 255.255.255.255 UGH 0 0 0 ens160
10.1.82.0 0.0.0.0 255.255.255.0 U 0 0 0 ens224
10.1.92.0 0.0.0.0 255.255.255.0 U 0 0 0 ens256
172.22.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens192
192.168.199.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
DNS設定
vi /etc/systemd/resolved.conf
root@proxy102:~# cat /etc/systemd/resolved.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
DNS=10.1.92.53
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes
root@proxy102:~#
Fiwewalld
root@proxy102:~# apt install firewalld
root@proxy102:~# firewall-cmd --add-port=3128/tcp
success
名前解決できることを確認
root@proxy102:~# ping yahoo.co.jp
PING yahoo.co.jp (182.22.59.229) 56(84) bytes of data.
参考
以下のサイトを参考にしました。
- IPアドレス設定など
Ubuntu18.04で複数ネットワーク+Static Routeの設定
- SSH設定
- ポート開放など