User Tools

Site Tools

Trace:
iscsi_centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
iscsi_centos7 [2015/08/22 10:38] herwarthiscsi_centos7 [2015/08/22 10:46] (current) herwarth
Line 6: Line 6:
  
 <code> <code>
-yum install targetcli net-tools wget chrony+rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm 
 +yum install targetcli net-tools wget chrony check-mk-agent xinetd 
 + 
 wget https://downloads.linux.hp.com/SDR/add_repo.sh wget https://downloads.linux.hp.com/SDR/add_repo.sh
 sh ./add_repo.sh spp -d rhel -r 7 sh ./add_repo.sh spp -d rhel -r 7
Line 70: Line 72:
 /> />
 </code> </code>
 +  saveconfig
 +  exit
 +  systemctl enable target
 +  systemctl start target
 +
 +=====Firewalld=====
 +Remove default crap
 +<code>
 +firewall-cmd --permanent --zone=home --remove-service=dhcpv6-client
 +firewall-cmd --permanent --zone=home --remove-service=ipp-client
 +firewall-cmd --permanent --zone=home --remove-service=mdns
 +firewall-cmd --permanent --zone=home --remove-service=samba-client
 +firewall-cmd --permanent --zone=home --remove-service=ssh
 +firewall-cmd --permanent --zone=internal --remove-service=dhcpv6-client
 +firewall-cmd --permanent --zone=internal --remove-service=ipp-client
 +firewall-cmd --permanent --zone=internal --remove-service=mdns
 +firewall-cmd --permanent --zone=internal --remove-service=samba-client
 +firewall-cmd --permanent --zone=internal --remove-service=ssh
 +firewall-cmd --permanent --zone=work --remove-service=dhcpv6-client
 +firewall-cmd --permanent --zone=work --remove-service=ipp-client
 +firewall-cmd --permanent --zone=work --remove-service=ssh
 +firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
 +firewall-cmd --permanent --zone=public --remove-service=ssh
 +firewall-cmd --permanent --zone=external --remove-service=ssh
 +firewall-cmd --permanent --zone=external --remove-masquerade
 +firewall-cmd --permanent --zone=dmz --remove-service=ssh
 +</code>
 +Create new zones
 +<code>
 +firewall-cmd --permanent --new-zone=management
 +firewall-cmd --permanent --new-zone=local
 +firewall-cmd --permanent --new-zone=iscsi1
 +firewall-cmd --permanent --new-zone=iscsi2
 +</code>
 +Put subnets in zones
 +<code>
 +firewall-cmd --permanent --zone=public --add-source=0.0.0.0/0
 +firewall-cmd --permanent --zone=public --add-source=::/0
 +
 +firewall-cmd --permanent --zone=dmz --add-source=5.200.9.240/28
 +firewall-cmd --permanent --zone=dmz --add-source=2a00:1630:59::/64
 +firewall-cmd --permanent --zone=dmz --add-source=46.44.183.176/28
 +firewall-cmd --permanent --zone=dmz --add-source=2a02:22a0:bbb7:400::/64
 +firewall-cmd --permanent --zone=dmz --add-source=94.142.242.32/28
 +firewall-cmd --permanent --zone=dmz --add-source=2a02:898:126::/64
 +
 +firewall-cmd --permanent --zone=local --add-source=172.16.3.0/24
 +firewall-cmd --permanent --zone=local --add-source=2a02:22a0:bbb7:403::/64
 +firewall-cmd --permanent --zone=local --add-source=172.16.5.0/24
 +firewall-cmd --permanent --zone=local --add-source=2a00:1630:59:5::/64
 +firewall-cmd --permanent --zone=local --add-source=172.16.7.0/24
 +firewall-cmd --permanent --zone=local --add-source=2a02:898:126:7::/64
 +
 +firewall-cmd --permanent --zone=management --add-source=172.16.2.0/24
 +firewall-cmd --permanent --zone=management --add-source=2a02:22a0:bbb7:402::/64
 +firewall-cmd --permanent --zone=management --add-source=172.16.4.0/24
 +firewall-cmd --permanent --zone=management --add-source=2a00:1630:59:4::/64
 +firewall-cmd --permanent --zone=management --add-source=172.16.6.0/24
 +firewall-cmd --permanent --zone=management --add-source=2a02:898:126:6::/64
 +
 +firewall-cmd --permanent --zone=iscsi1 --add-source=192.168.0.0/24
 +firewall-cmd --permanent --zone=iscsi2 --add-source=192.168.1.0/24
 +</code>
 +Add services
 +<code - /etc/firewalld/services/check-mk-agent.xml>
 +<?xml version="1.0" encoding="utf-8"?>
 +<service>
 +  <short>check-mk-agent</short>
 +  <description>Check_MK Agent</description>
 +  <port protocol="tcp" port="6556"/>
 +</service>
 +</code>
 +<code - /etc/firewalld/services/iscsi-target.xml>
 +<?xml version="1.0" encoding="utf-8"?>
 +<service>
 +  <short>iscsi-target</short>
 +  <description>iSCSI target</description>
 +  <port protocol="tcp" port="3260"/>
 +</service>
 +</code>
 +Add services to zones
 +<code>
 +firewall-cmd --permanent --zone=management --add-service=ssh
 +firewall-cmd --permanent --zone=local --add-service=ssh
 +
 +firewall-cmd --permanent --zone=iscsi1 --add-service=iscsi-target
 +firewall-cmd --permanent --zone=iscsi2 --add-service=iscsi-target
 +
 +firewall-cmd --permanent --zone=management --add-rich-rule="rule family="ipv4" \
 +source address="172.16.4.14" service name="check-mk-agent" accept"
 +firewall-cmd --permanent --zone=management --add-rich-rule="rule family="ipv6" \
 +source address="2a00:1630:59:4::14" service name="check-mk-agent" accept"
 +</code>
 +
 +Make sure all interfaces are set to public as default!
 +  firewall-cmd --set-default-zone=public
 +  firewall-cmd --reload
 +
 {{tag>centos}} {{tag>centos}}
iscsi_centos7.1440239920.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki