useradd -g netadm -d /home/rancid -m -s /bin/bash rancid
Команда ssh-keygen не создаёт директорию .ssh, надо сделать руками.
mkdir ~/.ssh chmod 700 ~/.ssh
https://wiki.debian.org/nftables
Еще раз подумать, или научиться работать с nft или работать через iptables-nft
https://arstech.net/install-iptables-in-debian-11-bullseye/
Останавливаем nftables.
apt remove --auto-remove nftables apt purge nftables
Ставим iptables
apt install iptables apt install iptables-persistent
Пишем первые правила в “/etc/iptables/rules.v4”
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT #SSH -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -s x.x.x.x/32 -j ACCEPT #LAST_RULES -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Пишем первые правила в “/etc/iptables/rules.v6”
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT #-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT #-A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT #LAST-RULES -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT
Запускаем iptables.
systemctl start iptables ip6tables systemctl status iptables ip6tables systemctl enable iptables ip6tables iptables -S
apt update apt install mc joe bind9-utils man traceroute htop iftop net-tools telnet tcpdump
apt update apt install openssh-server systemctl status ssh systemctl enable ssh
Если на этапе установки не дать ОС выход в интернет, то в списке репо будет только “cdrom:”.
После настройки ip-адреса не получится сделать “apt update”.
В “/etc/apt/sources.list” комментируем “deb cdrom:[De..” и раскомментируем и дописываем “deb http://deb.debian.org/debian/ bullseye main contrib non-free”
Приводим файл к виду:
root@swan1:~# cat /etc/apt/sources.list # deb cdrom:[Debian GNU/Linux 11.7.0 _Bullseye_ - Official amd64 NETINST 20230429-11:49]/ bullseye main #deb cdrom:[Debian GNU/Linux 11.7.0 _Bullseye_ - Official amd64 NETINST 20230429-11:49]/ bullseye main # Line commented out by installer because it failed to verify: deb http://security.debian.org/debian-security bullseye-security main # Line commented out by installer because it failed to verify: deb-src http://security.debian.org/debian-security bullseye-security main # bullseye-updates, to get updates before a point release is made; # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://deb.debian.org/debian/ bullseye main contrib non-free #deb-src http://deb.debian.org/debian/ bullseye-updates main
Поднимаем интерфейс.
# ip -c link show # ip link set dev ens18 up
Задаем ip-адрес и маршрут по умолчанию.
# ip addr add x.x.x.x/24 dev ens18 # ip route add 0.0.0.0/0 via x.x.x.1
DNS.
# echo 'nameserver 8.8.8.8' > /etc/resolv.conf
Правим /etc/network/interfaces.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto ens18 iface ens18 inet static address x.x.x.99 netmask 255.255.255.0 gateway x.x.x.1 dns-nameservers 8.8.8.8
Перезапускаем networking.
systemctl start networking systemctl enable networking
После первичной ручной настройки, networking через systemctl не запускаллся, ошибка на ifup ens18.
Доделать.