---------------------------------------ISP-----------------------------------------------------
root@isp:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet dhcp
    post-up iptables -t nat -I POSTROUTING -o ens18 -j MASQUERADE
    post-down iptables -t nat -F

auto ens19
iface ens19 inet static
    address 172.16.4.1/28

auto ens20
iface ens20 inet static
    address 172.16.5.1/28

systemctl restart networking
apt install iptables
hostnamectl set-hostname isp.au-team.irpo
timedatectl set-timezone Europe/Moscow
nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
reboot 
---------------------------------------HQ-RTR-----------------------------------------------------
root@hq-rtr:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet static
        address 172.16.4.2/28
        gateway 172.16.4.1
        post-up iptables -t nat -I POSTROUTING -o ens18 -j MASQUERADE
        post-down iptables -t nat -F

#auto ens19
#iface ens19 inet manual

auto ens19.100
iface ens19.100 inet static
        address 192.168.100.1/29
        vlan-raw-device ens19

auto ens19.200
iface ens19.200 inet static
        address 192.168.200.1/29
        vlan-raw-device ens19

auto ens19.999
iface ens19.999 inet static
        address 192.168.99.1/30
        vlan-raw-device ens19

auto gre1
iface gre1 inet static
    address 192.168.255.1
    netmask 255.255.255.252
    pre-up ip tunnel add gre1 mode gre remote 172.16.5.2 local 172.16.4.2 ttl 64 dev ens18
    up ip link set gre1 up
    post-down ip tunnel del gre1


systemctl restart networking
apt install iptables sudo frr dnsmasq
hostnamectl set-hostname hq-rtr.au-team.irpo
timedatectl set-timezone Europe/Moscow
nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p 
reboot

useradd -m -s /bin/bash net_admin
echo net_admin:P@$$word | chpasswd
nano /etc/sudoers
net_admin ALL=(ALL) NOPASSWD: ALL

nano /etc/frr/daemons
ospfd=yes
systemctl restart frr.service
vtysh
conf t
interface gre1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
ip ospf network point-to-point
exit
router ospf
passive-interface default
no passive-interface gre1
network 192.168.100.0/29 area 0
network 192.168.200.0/29 area 0
network 192.168.99.0/30 area 0
network 192.168.255.0/30 area 0
area 0 authentication message-digest
exit
do wr
exit

nano /etc/dnsmasq.conf
domain=au-team.irpo
interface=ens19.200
dhcp-range=192.168.200.2,192.168.200.6,24h
dhcp-option=1,255.255.255.248
dhcp-option=3,192.168.200.1
dhcp-option=6,192.168.100.2
dhcp-host=bc:24:11:84:40:b2,192.168.200.6

systemctl restart dnsmasq

---------------------------------------BR-RTR-----------------------------------------------------
root@br-rtr:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet static
        address 172.16.5.2/28
        gateway 172.16.5.1
        post-up iptables -t nat -I POSTROUTING -o ens18 -j MASQUERADE
        post-down iptables -t nat -F

auto ens19 
iface ens19 inet static
        address 192.168.3.1/29

auto gre1
iface gre1 inet static
    address 192.168.255.2
    netmask 255.255.255.252
    pre-up ip tunnel add gre1 mode gre remote 172.16.4.2 local 172.16.5.2 ttl 64 dev ens18
    up ip link set gre1 up
    post-down ip tunnel del gre1


systemctl restart networking
apt install iptables sudo frr
hostnamectl set-hostname br-rtr.au-team.irpo
timedatectl set-timezone Europe/Moscow
nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p 
reboot

useradd -m -s /bin/bash net_admin
echo net_admin:P@$$word | chpasswd
nano /etc/sudoers
net_admin ALL=(ALL) NOPASSWD: ALL

nano /etc/frr/daemons
ospfd=yes
systemctl restart frr.service
vtysh
conf t
interface gre1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
ip ospf network point-to-point
exit
router ospf
passive-interface default
no passive-interface gre1
network 192.168.3.0/29 area 0
network 192.168.255.0/30 area 0
area 0 authentication message-digest
exit
do wr
exit
---------------------------------------HQ_SRV-----------------------------------------------------
root@hq-srv:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet static
        address 192.168.100.2/29
        gateway 192.168.100.1

systemctl restart networking
apt install sudo ssh bind9
hostnamectl set-hostname hq-srv.au-team.irpo
timedatectl set-timezone Europe/Moscow
reboot

useradd -u 1010 -m -s /bin/bash sshuser
echo sshuser:P@ssw0rd | chpasswd
nano /etc/sudoers
sshuser ALL=(ALL) NOPASSWD: ALL

cat << EOF > /etc/ssh/banner.txt
Authorized access only
EOF

cat << EOF > /etc/ssh/sshd_config.d/demo.conf
Port 2024
AllowUsers sshuser
MaxAuthTries 2
Banner /etc/ssh/banner.txt
EOF

systemctl restart sshd.service

cat << EOF > /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
        allow-recursion { any; };
        forwarders { 8.8.8.8; };
        dnssec-validation auto;
        listen-on { 127.0.0.1; 192.168.100.2; };
};
EOF

cat << EOF > /etc/bind/named.conf.local
zone "au-team.irpo" {
        type master;
        file "/etc/bind/db.au-team.irpo";
};

zone "168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.168.192";
};
EOF

nano /etc/bind/db.au-team.irpo
$TTL    1d
$ORIGIN au-team.irpo.
@       IN      SOA     ns      admin (
        2025010100      ; Serial
        1h              ; Refresh
        1m              ; Retry
        1d              ; Expire
        1d              ; TTL
)
@       IN      NS      ns
ns      IN      A       192.168.100.2
hq-srv  IN      CNAME   ns
hq-rtr  IN      A       192.168.100.1
hq-rtr  IN      A       192.168.200.1
hq-rtr  IN      A       192.168.99.1
br-rtr  IN      A       192.168.3.1
hq-cli  IN      A       192.168.200.6
br-srv  IN      A       192.168.3.2
moodle  IN      CNAME   hq-rtr
wiki    IN      CNAME   hq-rtr

nano /etc/bind/db.168.192
$TTL    2d
$ORIGIN 168.192.in-addr.arpa.
@       IN      SOA     ns.au-team.irpo admin.au-team.irpo. (
                        2025020820      ; Serial
                        1d              ; Refresh
                        1h              ; Retry
                        1d              ; Expire
                        1d )            ; Negative Cache TTL
;
@       IN      NS      ns.au-team.irpo.
6.200   IN      PTR     hq-cli.au-team.irpo.
2.100   IN      PTR     hq-srv.au-team.irpo.
1.100   IN      PTR     hq-rtr.au-team.irpo.
1.200   IN      PTR     hq-rtr.au-team.irpo.
1.99    IN      PTR     hq-rtr.au-team.irpo.

named-checkconf
named-checkzone au-team.irpo /etc/bind/db.au-team.irpo
named-checkzone 168.192.in-addr.arpa /etc/bind/db.168.192
systemctl restart named


---------------------------------------BR-SRV-----------------------------------------------------
root@br-srv:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet static
        address 192.168.3.2/29
        gateway 192.168.3.1

systemctl restart networking
apt install sudo ssh
hostnamectl set-hostname br-srv.au-team.irpo
timedatectl set-timezone Europe/Moscow
reboot 

useradd -u 1010 -m -s /bin/bash sshuser
echo sshuser:P@ssw0rd | chpasswd
nano /etc/sudoers
sshuser ALL=(ALL) NOPASSWD: ALL

cat << EOF > /etc/ssh/banner.txt
Authorized access only
EOF

cat << EOF > /etc/ssh/sshd_config.d/demo.conf
Port 2024
AllowUsers sshuser
MaxAuthTries 2
Banner /etc/ssh/banner.txt
EOF

systemctl restart sshd.service

---------------------------------------HQ-CLI-----------------------------------------------------
root@br-srv:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto ens18
iface ens18 inet dhcp

systemctl restart networking
hostnamectl set-hostname hq-cli.au-team.irpo
timedatectl set-timezone Europe/Moscow
reboot

apt install systemd-resolv
nano /etc/systemd/system-resolv