Ce script configure automatiquement le serveur SRV-LIN1-01 en mettant en place les interfaces réseau, en activant le routage IP, en configurant le DNS et DHCP avec dnsmasq, et en configurant la traduction d'adresses réseau (NAT) avec iptables.
⚙️ Caractéristiques du script
Renomme le serveur en SRV-LIN1-01.
Configure les interfaces Host-Only et NAT.
Active le routage IP pour permettre au serveur d'agir comme routeur.
Configure dnsmasq pour les services DNS et DHCP.
Met en place le NAT avec iptables pour permettre la communication externe.
Modifie les fichiers de configuration réseau pour assurer que les paramètres sont persistants après redémarrage.
Modifie le fichier /etc/hosts avec l'IP correcte pour SRV-LIN1-01.
🚀 Commande d'exécution rapide
Pour exécuter ce script de manière automatisée sur votre serveur Debian, utilisez la commande suivante. Cela installera curl si nécessaire, puis téléchargera et exécutera le script en une seule étape :
#!/bin/bash
############################################################################################################
# Script Name : cpnv_lin1_srv01_network_setup.sh
# Author : Rui Monteiro (rui.monteiro@eduvaud.ch)
# Created : 2024-09-28
# Last Updated : 2024-11-08
#
# Version : 1.4
#
# Description : This script automates the network configuration of SRV-LIN1-01, including setting up
# network interfaces, enabling IP forwarding for routing, configuring DNS and DHCP
# with dnsmasq, setting up NAT using iptables, and renaming the server hostname to SRV-LIN1-01.
#
# Features : - Configures both Host-Only and NAT interfaces.
# - Enables IP routing to allow the server to act as a router.
# - Sets up NAT using iptables for external network communication.
# - Configures dnsmasq for DNS and DHCP services on the internal network.
# - Renames the server to SRV-LIN1-01.
#
# Usage : Run the script with sudo privileges:
# sudo bash -c "$(curl -fsSL https://gitlab.com/Ruimmp/cpnv-es/-/raw/LIN1/1.%20Param%C3%A9trage%20du%20R%C3%A9seau%20et%20Services%20Syst%C3%A8mes/cpnv_lin1_srv01_network_setup.sh)"
# The script will automatically configure the network interfaces and services.
# After completion, check the network and DNS configurations as per the system output.
#
# System Tested : Debian 12.6.4
#
# Prerequisites : - Debian 12.6.4 or compatible Debian-based distribution.
# - Sudo privileges for system configuration.
# - Internet connection for package installations.
#
# Dependencies : This script requires the following packages:
# - iptables (For NAT configuration).
# - dnsmasq (For DNS and DHCP services).
# - iptables-persistent (To save iptables rules across reboots).
#
# Return Values : On successful completion, the script:
# - Configures the network interfaces (Host-Only and NAT).
# - Enables IP forwarding and configures NAT.
# - Sets up DNS and DHCP with dnsmasq.
# - Renames the server hostname to SRV-LIN1-01.
# - Provides the system's current network configuration.
#
# Notes : - Ensure that IP forwarding is enabled for proper routing between networks.
# - The dnsmasq configuration assumes a basic internal network setup.
# - Be cautious when modifying firewall rules; incorrect iptables configurations can
# affect network connectivity.
############################################################################################################
# Global variables
DNS_SERVER="10.10.10.11"
HOST_ONLY_INTERFACE=$(ip -o link show | awk -F: '$2 ~ /ens/ && $2 !~ /lo/ {gsub(/ /, "", $2); print $2}' | head -n 1)
NAT_INTERFACE=$(ip -o -4 route show to default | awk '{print $5}' | grep 'ens' || echo "")
# Network configuration variables
LOCAL_DOMAIN="lin1.local"
SRV1_IP="10.10.10.11"
SRV2_IP="10.10.10.22"
NAS1_IP="10.10.10.33"
DNS_CPNV_SERVER="10.229.60.22"
DHCP_RANGE_START="10.10.10.110"
DHCP_RANGE_END="10.10.10.119"
DHCP_LEASE_TIME="12h"
GATEWAY_IP="$SRV1_IP"
DNS_EXTERNAL="1.1.1.1"
SUBNET_MASK="255.255.255.0"
# Server names
SRV1_HOSTNAME="SRV-LIN1-01"
SRV2_HOSTNAME="SRV-LIN1-02"
NAS1_HOSTNAME="NAS-LIN1-01"
# Function to update the system
update_system() {
echo "Updating system packages..."
apt-get update && apt-get upgrade -y
}
# Function to rename the machine to SRV1_HOSTNAME
rename_machine() {
echo "Renaming the machine to $SRV1_HOSTNAME..."
# Update the hostname and the /etc/hostname file
hostnamectl set-hostname $SRV1_HOSTNAME
echo "$SRV1_HOSTNAME" >/etc/hostname
echo "Machine renamed to $SRV1_HOSTNAME."
}
# Function to configure network interfaces
configure_network_interfaces() {
echo "Configuring network interfaces..."
cat <<EOF >/etc/network/interfaces
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# Interface (Host-Only)
auto $HOST_ONLY_INTERFACE
allow-hotplug $HOST_ONLY_INTERFACE
iface $HOST_ONLY_INTERFACE inet static
address 10.10.10.11/24
# Interface (NAT)
auto $NAT_INTERFACE
allow-hotplug $NAT_INTERFACE
iface $NAT_INTERFACE inet dhcp
EOF
echo "Restarting networking service..."
systemctl restart networking.service
}
# Function to enable IP routing
enable_ip_routing() {
echo "Enabling IP routing..."
# Overwrite the sysctl.conf file to enable IP forwarding only
echo "net.ipv4.ip_forward=1" >/etc/sysctl.conf
sysctl -p
}
# Function to configure NAT with iptables
configure_nat() {
echo "Configuring NAT using iptables..."
# Predefine the debconf selections for iptables-persistent
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | debconf-set-selections
apt-get install iptables iptables-persistent -y
iptables -t nat -A POSTROUTING -o $NAT_INTERFACE -j MASQUERADE
# Save iptables rules persistently
netfilter-persistent save
}
# Function to reverse an IP address for PTR records
reverse_ip() {
echo "$1" | awk -F. '{print $4"."$3"."$2"."$1}'
}
# Function to configure DNS and DHCP using dnsmasq
configure_dns_dhcp() {
echo "Installing and configuring dnsmasq..."
apt-get install dnsmasq -y
# Overwrite the dnsmasq configuration file with the desired settings
cat <<EOF >/etc/dnsmasq.conf
# Configuration DNS
# Associe les noms de domaine locaux aux adresses IP
address=/$SRV1_HOSTNAME.$LOCAL_DOMAIN/$SRV1_IP
address=/$SRV2_HOSTNAME.$LOCAL_DOMAIN/$SRV2_IP
address=/$NAS1_HOSTNAME.$LOCAL_DOMAIN/$NAS1_IP
# Enregistrements PTR pour la résolution inverse
ptr-record=$(reverse_ip $SRV1_IP).in-addr.arpa.,$SRV1_HOSTNAME.$LOCAL_DOMAIN
ptr-record=$(reverse_ip $SRV2_IP).in-addr.arpa.,$SRV2_HOSTNAME.$LOCAL_DOMAIN
ptr-record=$(reverse_ip $NAS1_IP).in-addr.arpa.,$NAS1_HOSTNAME.$LOCAL_DOMAIN
# Configuration d'un serveur DNS externe (dans ce cas, le serveur du CPNV)
server=$DNS_CPNV_SERVER
# Configuration DHCP
# Activer le DHCP sur l'interface $HOST_ONLY_INTERFACE
interface=$HOST_ONLY_INTERFACE
# Définir la plage d'adresses IP à distribuer (entre $DHCP_RANGE_START et $DHCP_RANGE_END)
dhcp-range=$DHCP_RANGE_START,$DHCP_RANGE_END,$DHCP_LEASE_TIME
# Spécifier la passerelle (serveur $SRV1_HOSTNAME)
dhcp-option=option:router,$GATEWAY_IP
# Spécifier les serveurs DNS (local et externe)
dhcp-option=option:dns-server,$SRV1_IP,$DNS_EXTERNAL
# Définir le nom de domaine local
dhcp-option=option:domain-name,"$LOCAL_DOMAIN"
# Définir le masque de sous-réseau
dhcp-option=option:netmask,$SUBNET_MASK
EOF
echo "Restarting dnsmasq service..."
systemctl restart dnsmasq
}
# Function to configure resolv.conf and prevent auto-updates
configure_resolv_conf() {
echo "Configuring resolv.conf..."
# Overwrite the resolv.conf file with the desired nameserver
echo "domain localdomain" >/etc/resolv.conf
echo "search localdomain" >>/etc/resolv.conf
echo "nameserver 1.1.1.1" >>/etc/resolv.conf
echo "nameserver $DNS_SERVER" >>/etc/resolv.conf
# Mark /etc/resolv.conf as immutable to prevent automatic updates
echo "Preventing automatic updates to resolv.conf..."
chattr +i /etc/resolv.conf
}
# Function to configure dhclient.conf with only the necessary settings
configure_dhclient_conf() {
echo "Configuring dhclient.conf with necessary settings..."
cat <<EOF >/etc/dhcp/dhclient.conf
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
EOF
echo "dhclient.conf configured."
}
# Function to update /etc/hosts with the correct hostname and IP for SRV1
update_local_hostname() {
echo "Updating /etc/hosts with the correct hostname and IP for $SRV1_HOSTNAME..."
# Check if there is an existing entry for SRV1's IP and FQDN, and update or add it
if grep -q "$SRV1_IP" /etc/hosts; then
sed -i "s/$SRV1_IP.*/$SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN/g" /etc/hosts
else
# If not present, add the new entry
echo "$SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN" >>/etc/hosts
fi
echo "/etc/hosts updated with 127.0.0.1 localhost and $SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN."
}
# Function to update /etc/hosts with the static IP and FQDN for SRV1
update_static_ip_hostname() {
echo "Updating /etc/hosts with the correct IP and FQDN for $SRV1_HOSTNAME..."
# Check if there is an existing entry for SRV1's static IP and update or add it
if grep -q "$SRV1_IP" /etc/hosts; then
sed -i "s/$SRV1_IP.*/$SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN/g" /etc/hosts
else
# If not present, add the new entry
echo "$SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN" >>/etc/hosts
fi
echo "/etc/hosts updated with $SRV1_IP $SRV1_HOSTNAME.$LOCAL_DOMAIN."
}
# Function to display final information
display_info() {
echo "#######################################"
echo "# Network Setup Summary #"
echo "#######################################"
# Check if the machine hostname is correctly set
echo ""
echo "Hostname Verification:"
if [ "$(hostname)" = "$SRV1_HOSTNAME" ]; then
echo " Hostname is set to $SRV1_HOSTNAME (configured correctly)"
else
echo " Error: Hostname is not set correctly"
fi
# Check Host-Only Interface configuration
echo ""
echo "Host-Only Interface (ens33):"
if ip addr show ens33 | grep -q "10.10.10.11"; then
echo " IP Address: 10.10.10.11/24 (configured correctly)"
else
echo " Error: IP Address not configured correctly on ens33"
fi
# Check NAT Interface configuration
echo ""
echo "NAT Interface (ens34):"
if ip addr show ens34 | grep -q "inet"; then
echo " NAT Interface is configured and has an IP address."
else
echo " Error: NAT Interface ens34 is not configured or doesn't have an IP."
fi
# Check if IP Forwarding is enabled
echo ""
echo "IP Forwarding:"
if sysctl net.ipv4.ip_forward | grep -q "1"; then
echo " Enabled (configured correctly)"
else
echo " Error: IP Forwarding is not enabled"
fi
# Check DNS configuration in resolv.conf
echo ""
echo "DNS Server Configuration:"
if grep -q "nameserver 10.10.10.11" /etc/resolv.conf; then
echo " DNS Server: 10.10.10.11 (configured correctly)"
else
echo " Error: DNS Server not correctly configured in /etc/resolv.conf"
fi
# Check DHCP Range in dnsmasq configuration
echo ""
echo "DHCP Range:"
if grep -q "dhcp-range=10.10.10.110,10.10.10.119" /etc/dnsmasq.conf; then
echo " DHCP Range: 10.10.10.110 - 10.10.10.119 (configured correctly)"
else
echo " Error: DHCP Range not configured correctly"
fi
# Check if NAT is configured with iptables
echo ""
echo "iptables NAT Configuration:"
if iptables -t nat -L POSTROUTING | grep -q "MASQUERADE"; then
echo " NAT is configured and active"
else
echo " Error: NAT is not configured with iptables"
fi
# Check the status of dnsmasq service
echo ""
echo "dnsmasq Status:"
if systemctl is-active --quiet dnsmasq; then
echo " dnsmasq is running (configured correctly)"
else
echo " Error: dnsmasq service is not running"
fi
echo ""
echo "############################################################"
echo "# Network configuration completed with the results above #"
echo "############################################################"
}
# Main function to run all configurations
main() {
rename_machine
update_local_hostname
update_static_ip_hostname
configure_network_interfaces
enable_ip_routing
configure_nat
configure_dns_dhcp
configure_resolv_conf
configure_dhclient_conf
display_info
}
# Execute the script
main
#######################################
# Network Setup Summary #
#######################################
Hostname Verification:
Hostname is set to SRV-LIN1-01 (configured correctly)
Host-Only Interface (ens33):
IP Address: 10.10.10.11/24 (configured correctly)
NAT Interface (ens34):
NAT Interface is configured and has an IP address.
IP Forwarding:
Enabled (configured correctly)
DNS Server Configuration:
DNS Server: 10.10.10.11 (configured correctly)
DHCP Range:
DHCP Range: 10.10.10.110 - 10.10.10.119 (configured correctly)
iptables NAT Configuration:
NAT is configured and active
dnsmasq Status:
dnsmasq is running (configured correctly)
############################################################
# Network configuration completed with the results above #
############################################################
