征途服务器端架设完全攻略(1)
Õ?Í??þÎñÆ??Ë?ÜÉèÍêÈ???ÂÔ
ÓÎÏ??þÎñÆ?×?ÒâÊÂÏî
Ò???Ó??þµÄ??×?
1????Ö??þÎñÆ??çÉÈÕý??ת????
2????Ö??þÎñÆ????öÌáÊ?µÆÊÇ?ñÕý????
3???ª?ú?ì???þÎñÆ?ÓÐÎÞ????Çé?ö??
4???ª?ú?ì???þÎñÆ?ÄÜ?ñÕý??Æô???????åÊó?ê?üÅ̵ÄÇé?öÏÂ??
?þ??ϵÍ?µÄ??×?
??×?RHEL 4.1
Ñ?Ôñ×Ô???ÖÇø??
?Ö?ð?ø2?éÍø??ÅäÖÃip?????ãÒÔºóÅäÖÃ,ÆäÖÐeth0ÅäÄÚÍøip??eth1ÅäÍâÍøip??
??ÆôÓÃ?À?ðÇ???
Ôö?ÓÖÐÎÄÓïÑÔ?ü??
Ñ?ÔñÈí?þ?üÊ???Ö?Ñ?Ôñ?ª???ü.
Èý??ϵÍ?µÄ?òµ?ÉèÖÃ
1???À?ðÇ?µÄ?òµ?ÉèÖÃ?º
vi /etc/rc.d/forward
ÄÚÈÝ?º??Àý×Ó??
#!/bin/bash
echo 1 >/proc/sys/net/ipv4/ip_forward
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#/sbin/iptables -A INPUT -i eth0 -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -i eth0 -p udp -j REJECT --reject-with icmp-port-unreachable
#sshd
/sbin/iptables -A INPUT -s 218.80.198.234 -p tcp -m state --state NEW -m tcp --dport
22 -j ACCEPT
/sbin/iptables -A INPUT -s 218.80.198.250 -p tcp -m state --state NEW -m tcp --dport
22 -j ACCEPT
/sbin/iptables -A INPUT -s 210.22.188.21 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#ftp server
#/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#game server
/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 6020 -j ACCEPT
#db server
/sbin/iptables -t nat -A PREROUTING -s 218.80.198.234 -d 203.110.165.30 -p tcp --dport 3306 -j DNAT --to 192.168.102.158:3306
/sbin/iptables -t nat -A PREROUTING -s 218.80.198.234 -d 203.110.165.30 -p tcp --dport 3307 -j DNAT --to 192.168.102.159:3306
/sbin/iptables -P INPUT DROP
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.102.0/24 -j MASQUERADE ???æºóÍË?ö??
chmod 744 /etc/rc.d/forward
È?ºóÔËÐÐ?À?ðÇ??Å????ÒÔºó?ù?ÝÐèÇóÐÞ?Ä?Å????
ÔÙvi /etc/rc.d/only_forward
#!/bin/bash
echo 1 >/proc/sys/net/ipv4/ip_forward
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -A INPUT -i eth0 -p tcp -j REJECT --reject-with tcp-reset /sbin/iptables -A INPUT -i eth0 -p udp -j REJECT --reject-with icmp-port-unreachable
#sshd
/sbin/iptables -A INPUT -s 218.80.198.234 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -s 218.80.198.250 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -s 210.22.188.21 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#ftp server
#/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#game server
/sbin/iptables -A INPUT -s 218.80.198.234 -p tcp -m state --state NEW -m tcp --dport 6020 -j ACCEPT
#db server
/sbin/iptables -t nat -A PREROUTING -s 218.80.198.234 -d 203.110.165.30 -p tcp --dport 3306 -j DNAT --to 192.168.102.158
/sbin/iptables -t nat -A PREROUTING -s 218.80.198.234 -d 203.110.165.30 -p tcp --dport 3307 -j DNAT --to 192.168.102.159:3306
/sbin/iptables -P INPUT DROP
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.102.0/24 -j MASQUERADE
?Ë?À?ðÇ?Ö?ÔÊÐí??Ë?µÄµçÄÔ?ÉÒÔµÇÂ?ÓÎÏ???
2??ÉèÖÃϵÍ?×Ô??Æô???À?ðÇ?
vi /etc/rc.d/rc.local
Ôö?ÓÒ?ÐÐ
/etc/rc.d/forward
???æºóÍË?ö
3??ÉèÖÃÎÄ?þ?ò?ªÊý
1?? ÐÞ?Ä/etc/security/limits.conf Ôö?Ó2ÐÐ:
* soft nofile 4096
* hard nofile 65535
2?? ÐÞ?Ä/etc/pam.d/login Ôö?Ó1ÐÐ
session required pam_limits.so
?ÉÓÃ?º
echo ??* soft nofile 4096?? >>/etc/security/limits.conf echo ??* hard nofile 65535?? >>/etc/security/limits.conf echo ??session required pam_limits.so?? >>/etc/pam.d/login
4??ÐÞ?ÄÄ?ÈÏÓïÑÔ
vi /etc/sysconfig/i18n ÐÞ?Ä
LANG="zh_CN.GB2312"
ÐÂ??ÓÎÏ?ÔËÐÐÓÃ??ztgame,ÉèÖÃÃÜÂë
useradd ztgame
passwd ztgame
ÓÃztgameÓÃ??µÇÂ??þÎñÆ???ÐÞ?Ävi /home/ztgame/.bash_profileÔö?ÓÒ?ÐÐ ulimit ?Cc unlimited
???æºóÍË?ö??
ËÄ??ÓÎÏ?????µÄ?î??????ÕÕ4Ì?Íø?Ø?þÎñÆ???5Ì??????þÎñÆ???1Ì?Êý?Ý?â?þÎñÆ?µÄ???Ü?? 1???þÎñÆ?IPÉèÖÃ
4Ì?Íø?Ø?þÎñÆ?ÅäÖÃÍâÍøipºÍÄÚÍøip??5Ì??????þÎñÆ?ºÍÊý?Ý?â?þÎñÆ?Ö?ÅäÖÃÄÚÍøip????ÇÒ?þÎñÆ?Ä?ÈÏÍø?ØΪµÚÒ?Ì?Íø?Ø?þÎñÆ?µÄÄÚÍøip??
?þÎñÆ?ÒÔ?þÎñÆ?Ó?ÓÃ-ÐòºÅ-?ú??ÐòºÅÃüÃû??ÀýGWServer01-CHJ01???? ÐÞ?Ä/etc/hosts??
Àý×Ó?º
127.0.0.1 GWServer01-CHJ01 localhost.localdomain localhost 192.168.100.101 GWServer02-CHJ01
?,?,?,
192.168.100.104 ScenServer01-CHJ01
?,?,?,
192.168.100.109 DBServer-CHJ01
2????Ô?µÄÉú?É
ÔÚztgameµÄÓÃ??ϵÇÂ?µÚÒ?Ì?Íø?Ø?þÎñÆ???ÊäÈëssh-keygen -t dsa ?ÓÊÜ ~/.ssh/id_dsa
µÄÄ?ÈÏÎ?ÖÃ??ÊäÈëÒ??öÓëÄãµÄÕʺÅ?ÚÁî??Í?µÄ?ÚÁî?ä??ÔÙÊäÈëÒ??ÎÀ?È?ÈÏ????Ô???Ð?Èë ~/.ssh/id_dsa.pub??ÃÜÔ???Ð?Èë ~/.ssh/id_dsa??
Ê?ÓÃÒÔÏÂÃüÁî?Ä?äÄãµÄ .ssh Ä?Â?µÄÐí?ÉÈ?ÏÞ?º
chmod 755 ~/.ssh
?Ñ ~/.ssh/id_dsa.pubÓÃscpÃüÁî??µ?ÆäËüÊ?Óà9Ì??þÎñÆ?
scp~/.ssh/id_dsa.pub ztgame@192.168.102.108:~/.ssh/authorized_keys ÔÚÆäËü9Ì??þÎñÆ?ÏÂÊ?ÓÃÒÔÏÂÃüÁî?Ä?äÄãµÄ authorized_keys ÎÄ?þµÄÐí?ÉÈ?ÏÞ?º chmod 755 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
3??Êý?Ý?â?þÎñÆ?µÄ??×?
#Ê×ÏÈÈ???ÄãÊÇrootÓÃ??
#È???ÄãÓÐÒÔÏÂ?ü
perl-DBD-MySQL-2.9004-3.1
perl-DBI-1.40-5
mysql-4.1.7-4.RHEL4.1
?ñµÃmysql-4.1.*.tar?ü??ÓÃtar ?Czxvf
mysql-4.1.*tar?â?ªÑ?Ëõ?ü,È?ºó?øÈëmysql-4.1.*Ä?Â?
#?ù?ÝÌåÍ?ÀàÐÍÑ?Ôñ?àÒë??Ê?
#i386Ìåϵ?á??µÄ
CFLAGS="-O3 -mcpu=pentiumpro" CXX=gcc CXXFLAGS="-O3 -mcpu=pentiumpro -felide-constructors -fno-exceptions -fno-rtti" ./configure --with-raid --enable-thread-safe-client --enable-assembler --with-server-suffix =" for >>>MySQL Database of Zebra by Yhc<<<" --without-debug --with-extra-charsets=none --without-isam --disable-shared --with-mysqld-ldflags=-all-static --prefix=/usr/local/mysql --without-bench
#64Î?ϵÍ???x86_64
CFLAGS="-O3 -m64" CXX=gcc CXXFLAGS="-O3 -m64 -felide-constructors -fno-exceptions -fno-rtti" ./configure --with-raid --enable-thread-safe-client --enable-assembler --with-server-suffix =" for >>>MySQL Database of Zebra by Yhc<<<" --without-debug --with-extra-charsets=none --without-isam --disable-shared --with-mysqld-ldflags=-all-static --prefix=/usr/local/mysql --without-bench
#È?ºó?ù?ÝCPUÊýÁ??øÐÐ?àÒë
make -j 2 && make install
#Ìí?ÓÓÃ??
groupadd mysql && useradd -g mysql mysql
#????Ä?Â?
mkdir /usr/local/mysql/data && mkdir /usr/local/mysql/run && mkdir /usr/local/mysql/log && mkdir /usr/local/mysql/var
#?ü?ÄmysqlÄ?Â?ËùÓÐÕß
chgrp mysql -R /usr/local/mysql && chown mysql -R /usr/local/mysql
#Ôö?Ó?ò?ªÎÄ?þÊýÁ?
ulimit -n 4096
#Ìí?ÓPATH
echo " ATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile && export PATH="/usr/local/mysql/binPATH"
#strip?ÉÖ?ÐÐÎÄ?þ
strip /usr/local/mysql/libexec/mysqld
#Ìí?ÓLIB PATH
echo "/usr/local/mysql/lib" >> /etc/ld.so.conf && ldconfig
#??my.cnfÎÄ?þcpµ?/etcÄ?Â?ÏÂ
cp support-files/my-huge.cnf /etc/my.cnf
#ÐÞ?Ämy.cnf
datadir=/db/mysql
#????Êý?Ý?â?æ?ÅÂ???
mkdir /db
chown mysql.mysql /db -R
#?õÊ???Mysql?í
su - mysql -c "mysql_install_db"
#Æô???þÎñÆ?
su - mysql -c "mysqld_safe --skip-name-resolve --open-files-limit=4096&"
#????Êý?Ý?âºÍÓÃ??
GRANT ALL PRIVILEGES ON *.* TO ztgame@'192.168.104.%' IDENTIFIED BY '' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO ztgame@'localhost' IDENTIFIED BY '' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO ztgame@'218.80.198.234' IDENTIFIED BY '' WITH GRANT OPTION;
4??Êý?Ý?âÅäÖÃ
ÓÃmysql?øÈë??È?ºóÓÃcreate database
dbname????Êý?Ý?â???Ö?ð????SuperServer??RecordServer??BillÊý?Ý?â??È?ºóÓÃ??×??üÄ?Â?ϵÄ*.sqlµÄÎÄ?þ??Á?ÏàÓ?µÄ?í????SessionServer.sqlÒ?µ?Èëµ?RecordServer?âÖÐ???? ÔÚSuperServerÊý?Ý?âSERVERLIST?íÄÚÌí?Ó?þÎñÆ?ÅäÖÃÐÅÏ???
Àý×Ó?º
INSERT INTO `SERVERLIST` VALUES
(1,1,'SuperServer','192.168.104.109',10000,'192.168.104.109',10000); INSERT INTO `SERVERLIST`
VALUES(20,20,'SessionServer','192.168.104.109',6000,'192.168.104.109',6000); INSERT INTO `SERVERLIST`
VALUES(21,21,'SceneServer','192.168.104.104',6010,'192.168.104.104',6010); INSERT INTO `SERVERLIST`
VALUES(22,21,'SceneServer','192.168.104.105',6011,'192.168.104.105',6011); INSERT INTO `SERVERLIST`
VALUES(23,21,'SceneServer','192.168.104.106',6012,'192.168.104.106',6012); INSERT INTO `SERVERLIST`
VALUES(24,21,'SceneServer','192.168.104.107',6013,'192.168.104.107',6013); INSERT INTO `SERVERLIST`
VALUES(25,21,'SceneServer','192.168.104.108',6014,'192.168.104.108',6014);
INSERT INTO `SERVERLIST`
VALUES(2200,22,'GatewayServer','192.168.104.100',6020,'210.51.23.132',6020); INSERT INTO `SERVERLIST`
VALUES(2201,22,'GatewayServer','192.168.104.101',6020,'210.51.23.133',6020); INSERT INTO `SERVERLIST`
VALUES(2202,22,'GatewayServer','192.168.104.102',6020,'210.51.23.134',6020); INSERT INTO `SERVERLIST`
VALUES(2203,22,'GatewayServer','192.168.104.103',6020,'210.51.23.135',6020); INSERT INTO `SERVERLIST`
VALUES(11,11,'RecordServer','192.168.104.109',7010,'192.168.104.109',7010); INSERT INTO `SERVERLIST`
VALUES(12,12,'BillServer','192.168.104.109',7020,'192.168.104.109',7020); ÔÚRecordServerÊý?Ý?âÉÏ?õÊ???Ä?Ð??í?ñ??Ä?Ç?ÓÐANSWER??TECH??COUNTRY??NPCDARE??ACCPRIV??
Êý?Ý?â?þÎñÆ?ÉÏÅÜSuperServer??SessionServer??RecordServer??BillServerËÄ?ö?þÎñ??4?öÍø?Ø?þÎñÆ??Ö?ðÅÜ4?öÍø?Ø?þÎñ??5?ö?????þÎñÆ??Ö?ðÅÜ5?ö?????þÎñ???????þÎñÆ??ÔÓ?µÄID?ÍÊÇ?ú?ÒÅäÖõÄIDºÅ??Õâ?öIDºÅ?ö???????þÎñÆ?ÉÏÃæÅÜ???ö?ú?Ò??