1、配置SELINUX
server [root@server0 ~]# getenforce Enforcing [root@server0 ~]# vim /etc/sysconfig/selinux SELINUX=enforcing desktop [root@desktop0 ~]# getenforce [root@desktop0 ~]# vim /etc/sysconfig/selinux SELINUX=enforcing
2、配置防火墙对SSH的限制
server [root@server0 ~]# firewall-cmd --list-all [root@server0 ~]# firewall-cmd --permanent --add-service=ssh [root@server0 ~]# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.25.0.0/24 service name=ssh accept" [root@server0 ~]# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.17.10.0/24 service name=ssh reject" [root@server0 ~]# firewall-cmd --reload [root@server0 ~]# firewall-cmd --list-all
desktop [root@desktop0 ~]# firewall-cmd --list-all [root@desktop0 ~]# firewall-cmd --permanent --add-service=ssh [root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.25.0.0/24 service name=ssh accept" [root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.17.10.0/24 service name=ssh reject" [root@desktop0 ~]# firewall-cmd --reload [root@desktop0 ~]# firewall-cmd --list-all
3、配置IPv6地址
另:图形界面 # nmtui
另:图形界面2
另:修改配置文件,重启服务(不推荐)
[root@server0 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 [root@server0 ~]# systemctl restart network
另:goto ipv6
server [root@server0 ~]# nmcli conn show [root@server0 ~]# nmcli device show eth0 [root@server0 ~]# nmcli conn edit eth0 nmcli> goto ipv6 nmcli ipv6> set addresses fddb:fe2a:ab1e::c0a8:1/64 nmcli ipv6> save nmcli ipv6> activate eth0 nmcli ipv6> quit [root@server0 ~]# nmcli device show eth0 desktop [root@desktop0 ~]# nmcli conn show [root@desktop0 ~]# nmcli device show eth0 [root@desktop0 ~]# nmcli conn edit eth0 nmcli> goto ipv6 nmcli ipv6> set addresses fddb:fe2a:ab1e::c0a8:2/64 nmcli ipv6> save nmcli ipv6> activate eth0 nmcli ipv6> quit [root@desktop0 ~]# nmcli device show eth0
另:nmcli
server0 [root@server0 ~]# nmcli conn show [root@server0 ~]# nmcli device show eth0 [root@server0 ~]# nmcli conn modify eth0 ipv6.method manual ipv6.addresses fddb:fe2a:ab1e::c0a8:1/64 [root@server0 ~]# nmcli conn up eth0 [root@server0 ~]# nmcli device show eth0 desktop0 [root@desktop0 ~]# nmcli conn modify eth0 ipv6.method manual ipv6.addresses fddb:fe2a:ab1e::c0a8:2/64 [root@desktop0 ~]# nmcli conn up eth0 [root@desktop0 ~]# nmcli device show eth0
配置错误,如何删除ipv6 ip???
测试 [root@server0 ~]# ping6 fddb:fe2a:ab1e::c0a8:1 [root@server0 ~]# ping6 fddb:fe2a:ab1e::c0a8:2 [root@server0 ~]# ping 172.25.0.10 [root@server0 ~]# ping 172.25.0.11 [root@desktop0 ~]# ping6 fddb:fe2a:ab1e::c0a8:1 [root@desktop0 ~]# ping6 fddb:fe2a:ab1e::c0a8:2 [root@desktop0 ~]# ping 172.25.0.11 [root@desktop0 ~]# ping 172.25.0.10
原文:http://www.cnblogs.com/venicid/p/7614489.html