一、实现基于MYSQL验证的vsftpd虚拟用户访问
准备2台服务器:192.168.1.15(搭建ftp服务) 192.168.1.16(搭建Marisdb数据库)
1、首先搭建ftp服务,安装vsftpd和pam_mysql包
[root@centos7 ~]#yum install -y vsftpd
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
base | 3.9 kB 00:00:00
epel | 3.6 kB 00:00:00
zabbix | 2.9 kB 00:00:00
zabbix-non-supported | 2.9 kB 00:00:00
(1/6): base/group_gz | 55 kB 00:00:00
(2/6): base/primary_db | 1.5 MB 00:00:00
(3/6): zabbix-non-supported/x86_64/primary_db | 3.7 kB 00:00:00
(4/6): epel/group_gz | 153 kB 00:00:00
(5/6): zabbix/x86_64/primary_db | 146 kB 00:00:01
(6/6): epel/primary_db | 6.1 MB 00:00:03
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-28.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
vsftpd x86_64 3.0.2-28.el7 epel 172 k
Transaction Summary
=====================================================================================================================
Install 1 Package
Total download size: 172 k
Installed size: 353 k
Downloading packages:
vsftpd-3.0.2-28.el7.x86_64.rpm | 172 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : vsftpd-3.0.2-28.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-28.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-28.el7
Complete!
在服务器安装pam_mysql包
在centos6中,pam_mysql由epel提供;在centos7和centos8中需要手动编译安装
pam_mysql的源码编译安装
首先,安装相关包
yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
下载pam_mysql包
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
解压缩
tar xvf pam_mysql-0.7RC1.tar.gz
编译安装
cd pam_mysql-0.7RC1/
./configure --with-pam-mods-dir=/lib64/security
说明:
如果上面命令不指定 --with-pam-mods-dir=/lib64/security 会报以下错误
checking if the second argument of pam_conv.conv() takes const pointer... no
configure: error: Your system doesn't appear to be configured to use PAM.
Perhaps you need to specify the correct location where the PAM modules reside.
make install
[root@centos7 pam_mysql-0.7RC1]#ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Mar 19 10:22 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141768 Mar 19 10:22 /lib64/security/pam_mysql.so
2、在ftp服务器创建pam认证所需的文件
参考README文档创建
[root@centos7 pam.d]#pwd
/etc/pam.d
[root@centos7 pam.d]#vim vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=shenqiqi host=mysqlserver db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=shenqiqi host=mysqlserver db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
crypt 加密方式:
0表示不加密
1表示crypt(3)加密
2表示使用mysql password()函数加密
3表示md5加密
4表示sha1加密
配置字段说明
auth 表示认证
account 验证账号密码正常使用
required 表示认证要通过
pam_mysql.so模块是默认的相对路径,是相对/lib64/security/路径而言,也可以写绝对路径;后
面为给此模块传递的参数
user=vsftpd为登录mysql的用户
passwd=magedu 登录mysql的的密码
host=mysqlserver mysql服务器的主机名或ip地址
db=vsftpd 指定连接msyql的数据库名称
table=users 指定连接数据库中的表名
usercolumn=name 当做用户名的字段
passwdcolumn=password 当做用户名字段的密码
crypt=2 密码的加密方式为mysql password()函数加密
3、建立相应的用户和修改vsftpd配置文件
[root@centos7 ~]#useradd -s /sbin/nologin -d /data/ftproot -r vsftpuser
[root@centos7 ~]#mkdir /data/ftproot/upload -pv
mkdir: created directory ‘/data/ftproot’
mkdir: created directory ‘/data/ftproot/upload’
去掉ftp根目录的写权限
[root@centos7 ~]#setfacl -m u:vsftpuser:rwx /data/ftproot/upload/
修改配置文件
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
添加
guest_enable=YES
guest_username=vsftpuser
修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
启动vsftpd服务
systemctl enable --now vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
4、在ftp服务器上配置虚拟用户具有不同的访问权限
vsftpd可以在配置文件目录中为每个用户提供单独的配置文件以定义其ftp服务访问权限,每个虚拟用户
的配置文件名同虚拟用户的用户名。配置文件目录可以是任意未使用目录,只需要在vsftpd.conf指定其
路径及名称即可
#配置vsftpd为虚拟用户使用配置文件目录
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
#添加如下选项
user_config_dir=/etc/vsftpd/conf.d/
#创建所需要目录,并为虚拟用户提供配置文件
[root@centos7 ~]#mkdir /etc/vsftpd/conf.d/
#配置虚拟用户的访问权限
#虚拟用户对vsftpd服务的访问权限是通过匿名用户的相关指令进行的。如要让用户shen具有上传文件的权限,可修改/etc/vsftpd/vusers.d/ftp_shen文件,在里面添加如下选项并设置为YES即可,只读则设为NO
#注意:需确保对应的映射用户对于文件系统有写权限
[root@centos7 ~]#vim /etc/vsftpd/conf.d/ftp_shen
anon_upload_enable={YES|NO}
anon_mkdir_write_enable={YES|NO}
anon_other_write_enable={YES|NO}
#登录目录改变至指定的目录
local_root=/data/ftproot2
5、在数据库服务器安装mariadb数据库
注意:MySQL8.0由于取消了PASSWORD()函数不支持,因此选择Mariadb
编译安装数据库:
tar xvf mariadb-10.6.5-linux-systemd-x86_64.tar.gz -C /usr/local/src
cd /usr/local/src
创建软连接
ln -s src/mariadb-10.6.5-linux-systemd-x86_64 mysql
chown -R root:root /usr/local/mysql/
创建MySQL数据存放目录
getent passwd mysql
groupadd -r -g mysql
groupadd -r -g 306 mysql
useradd -r -g 306 -s /sbin/nologin -u 306 mysql
chown -R mysql:mysql /data/mysql/
修改配置文件
vim /etc/my.cnf
添加PATH变量
echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
初始化数据库
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
创建systemctl启动的service文件
[root@centos_7 systemd]#ls
mariadb-extra@.socket mariadb.service mariadb@.service mariadb@.socket mysqld.service mysql.service use_galera_new_cluster.conf
[root@centos_7 systemd]#pwd
/usr/local/mysql/support-files/systemd
[root@centos_7 systemd]#cp mariadb.service /usr/lib/systemd/system
安全初始化脚本
[root@centos_7 ~]#ln -s /data/mysql/mysql.sock /tmp
[root@centos_7 ~]#ll /ymp
ls: cannot access /ymp: No such file or directory
[root@centos_7 ~]#ll /tmp
total 8
-rwx------. 1 root root 686 Mar 16 06:29 ks-script-68lfhJ
-rwx------. 1 root root 836 Mar 16 06:29 ks-script-IErBFd
lrwxrwxrwx 1 root root 22 Mar 19 14:25 mysql.sock -> /data/mysql/mysql.sock
drwx------. 2 root root 6 Mar 16 06:31 vmware-root
-rw-------. 1 root root 0 Mar 16 06:25 yum.log
需要创建软连接,否则会报错
[root@centos_7 ~]#mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local server through socket '/tmp/mysql.sock' (2)
执行安全初始化
[root@centos_7 ~]#mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
测试
在192.168.1.71安装ftp客户端
yum install -y ftp
服务器端目录如下
[root@centos7 data]#ll
total 0
dr-xr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 11:29 ftproot
dr-xr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 15:12 ftproot1
drwxr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 15:34 ftproot2
[root@centos7 data]#tree /etc/vsftpd/conf.d/
/etc/vsftpd/conf.d/
├── ftp_guo
└── ftp_shen
0 directories, 2 files
[root@centos7 data]#tree
.
├── ftproot
│ └── upload
│ └── ftp.txt
├── ftproot1
│ └── upload
│ ├── hosts
│ └── shen.txt
└── ftproot2
└── upload
├── guo.txt
└── hosts
6 directories, 5 files
在192.168.1.71下访问192.168.1.15
[root@agent-web01 ~]#ftp 192.168.1.15
Connected to 192.168.1.15 (192.168.1.15).
220 (vsFTPd 3.0.2)
Name (192.168.1.15:root): ftp_shen
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,15,162,193).
150 Here comes the directory listing.
drwxr-xr-x 2 995 993 6 Mar 19 07:12 upload
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> ls
227 Entering Passive Mode (192,168,1,15,147,210).
150 Here comes the directory listing.
drwxr-xr-x 2 995 993 6 Mar 19 07:12 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,1,15,195,51).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 19 07:29 shen.txt
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> put hosts
local: hosts remote: hosts
227 Entering Passive Mode (192,168,1,15,20,5).
150 Ok to send data.
226 Transfer complete.
158 bytes sent in 5.4e-05 secs (2925.93 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,1,15,145,200).
150 Here comes the directory listing.
-rw------- 1 995 993 158 Mar 19 07:29 hosts
-rw-r--r-- 1 0 0 0 Mar 19 07:29 shen.txt
226 Directory send OK.
在数据库添加新的用户
MariaDB [vsftpd]> insert into user(name,password) values('alice',password('12345678'));
Query OK, 1 row affected (0.002 sec)
在数据库添加新的账户,看到的是默认目录
[root@agent-web01 ~]#ftp 192.168.1.15
Connected to 192.168.1.15 (192.168.1.15).
220 (vsFTPd 3.0.2)
Name (192.168.1.15:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,15,190,188).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 19 03:29 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,1,15,103,28).
150 Here comes the directory listing.
226 Directory send OK.
ftp> ls
227 Entering Passive Mode (192,168,1,15,147,206).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 19 07:41 ftp.txt
226 Directory send OK.
二、配置samba共享,实现/www目录共享
准备两台服务器:192.168.1.71安装samba-client客户端,192.168.1.72安装samba服务端
samba默认共享的是当前用户的家目录
1、在192.168.1.71安装客户端
yum install -y samba-client
2、在192.168.1.72安装服务端,并设置开机自启动
yum install -y samba
systemctl enable --now smb
添加samba用户,samba用户必须是linux用户,建议设置为/sbin/nologin
useradd smb1
useradd smb2
产看samba用户列表
pdbedit -L
smb1:1000:
smb2:1001:
编辑配置文件
vim /etc/samba/smb.conf
添加
[share]
path=/data/www/
write list =smb1,smb2
创建www目录,并且设置facl权限
mkdir /data/www
setfacl -m u:smb1:rwx /data/www/
setfacl -m u:smb2:rwx /data/www/
重启samba服务
systemctl restart smb
3、在192.168.1.71测试
查看共享服务列表
smbclient -L 192.168.1.72
Enter root's password:
Anonymous login successful
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share Disk
IPC$ IPC IPC Service (Samba 4.10.16)
Anonymous login successful
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
Server Comment
--------- -------
Workgroup Master
--------- -------
使用smb1登录,并上传测试文件
smbclient //192.168.1.72/share -U smb1%12345678
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
smb: \> ls
. D 0 Sun Mar 20 16:05:32 2022
.. D 0 Sun Mar 20 16:05:32 2022
63960 blocks of size 262144. 44714 blocks available
smb: \> !ls
anaconda-ks.cfg check.txt setup.sh
smb: \> put setup.sh
putting file setup.sh as \setup.sh (455.7 kb/s) (average 455.7 kb/s)
smb: \> ls
. D 0 Sun Mar 20 16:10:24 2022
.. D 0 Sun Mar 20 16:05:32 2022
setup.sh A 2333 Sun Mar 20 16:10:24 2022
63960 blocks of size 262144. 44714 blocks available
smb: \>
在服务器端创建文件
touch test.txt
ls
setup.sh test.txt
在客户端下载
smb: \> get test.txt
getting file \test.txt of size 0 as test.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \> ls
. D 0 Sun Mar 20 16:11:19 2022
.. D 0 Sun Mar 20 16:05:32 2022
setup.sh A 2333 Sun Mar 20 16:10:24 2022
test.txt 0 Sun Mar 20 16:11:19 2022
63960 blocks of size 262144. 44714 blocks available
smb: \> quit
ls
下载的文件在根目录下面
setup.sh test.txt
三、使用rsync+inotify实现/www目录实时同步
准备两台服务器:
192.168.1.71 安装inotify-tools,监控共享的目录的变化 192.168.1.72 安装rsync,用来备份共享文件
1、192.168.1.71安装inotify-tools
[root@data ~]#yum install -y inotify-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.163.com
Resolving Dependencies
--> Running transaction check
---> Package inotify-tools.x86_64 0:3.14-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================
Package Arch Version
===============================================================================================
Installing:
inotify-tools x86_64 3.14-9.el7
Transaction Summary
===============================================================================================
Install 1 Package
Total download size: 51 k
Installed size: 111 k
Downloading packages:
inotify-tools-3.14-9.el7.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : inotify-tools-3.14-9.el7.x86_64
Verifying : inotify-tools-3.14-9.el7.x86_64
Installed:
inotify-tools.x86_64 0:3.14-9.el7
Complete!
2、在192.168.1.72安装rsync,本实验基于centos7.9,默认安装了rsync-daemon;
安装方法:yum install -y rsync
修改配置文件:
uid = root
gid = root
#port = 874 可指定非标准端口,默认873/tcp
##use chroot = no
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
[share]
path = /data/backup/
read only = no
comment = rsync export area
auth users = rsyncuser
secrets file = /etc/rsync.pas
创建密码存放文件并修改权限
[root@backup ~]#touch /etc/rsync.pas
[root@backup ~]#vim /etc/rsync.pas
rsyncuser:12345678
chmod 600 /etc/rsync.pas
重启服务
[root@backup ~]#systemctl restart rsyncd
3、在192.168.1.71创建密码配置文件
echo "12345678" > /etc/rsync.pas
chmod 600 /etc/rsync.pas
4、查看远程rsync服务器的模块信息
[root@data ~]#rsync rsync://rsyncuser@192.168.1.72
share rsync export area
5、测试
将192.168.1.71指定目录同步到192.168.1.72
rsync -azv --delete --password-file=/etc/rsync.pas /data/www/ rsync://rsyncuser@192.168.1.72/share
将192.168.1.72指定目录同步到192.168.1.71
rsync -azv --delete --password-file=/etc/rsync.pas rsync://rsyncuser@192.168.1.72/share /data/www/
6、使用脚本后台自动完成同步
#!/bin/bash
SRC='/data/www/' #注意最后的/
DEST='rsyncuser@192.168.1.72::share'
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e crea
te,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, f
ile $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
7、可以使用watch命令查看实时变化
四、LVS调度算法总结
分为两种:动态方法和静态方法
静态算法
1、RR:roundrobin。轮询,较常用
2、WRR:weighted RR。加权轮询,较常用
3、SH:source hashing,实现session sticky,源IP地址hash,将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定。
4、DH:destination hashing;目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景中的负载均衡,如:Web缓存
动态算法
主要根据每RS当前的负载状态及调度算法进行调度Overhead=value 较小的RS将被调用
1、LC:least connections适用于长连接应用
Overhead=activeconns256+inactiveconns
2、WLC:weighted LC ,默认调度算法,较常用
Overhead=(activeconns256+inactiveconns)/weight
3、SED:shortest expection delay,初始连接高权重优先,只检查活动连接,而不考虑非活动连接
Overhead=(activeconns+1)*256/weight
4、NQ:never queue,第一轮均匀分配,后续SED
5、LBLC:locality-based LC,动态的DH算法,使用场景:根据负载状态实现正向代理实现web cashe等
6、LBLCR:带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制到负载轻的RS,,实现Web Cache等
内核4.15之后新增的调度算法:FO和OVF
1、FO(Weighted Fail Over)调度算法,在此FO算法中,遍历虚拟服务所关联的真实服务器链表,找到还未过载(未设置IP_VS_DEST_F_OVERLOAD标志)的且权重最高的真实服务器,进行调度,属于静态算法
2、OVF(Overflow-connection)调度算法,基于真实服务器的活动连接数量和权重值实现。将新连接调度到权重值最高的真实服务器,直到其活动连接数量超过权重值,之后调度到下一个权重值最高的真实服务器,在此OVF算法中,遍历虚拟服务相关联的真实服务器链表,找到权重值最高的可用真实服务器,属于动态算法
五、LVS的跨网络DR实现
准备5台服务器:
rs1:ens33:NAT:192.168.1.71/24 GW :192.168.1.200 lo:VIP:172.16.0.100
rs2:ens33:NAT:192.168.1.72/24 GW :192.168.1.200 lo:VIP:172.16.0.100
LVS:ens33:NAT:DIP:192.168.1.73 /24 GW :192.168.1.200 lo:VIP:172.16.0.100
route:ens33:NAT:192.168.1.200/24 ens33:1:NAT:172.16.0.100/24
ens34:仅主机:10.10.10.200/24
client:ens33:仅主机:10.10.10.150/24 GW:10.10.10.200/24
rs1、rs2准备http服务
yum install -y httpd
systemctl enable --now httpd
echo '192.168.1.71' > /var/www/html/index.html
echo '192.168.1.72' > /var/www/html/index.html
修改网卡配置
GATEWAY=192.168.1.200
修改内核参数
[root@rs2 network-scripts]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 network-scripts]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 network-scripts]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 network-scripts]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
配置回环网卡
ifconfig lo:1 172.16.0.100/32
LVS网卡配置
IPADDR=192.168.1.73
NETMASK=255.255.255.0
GATEWAY=192.168.1.200
配置回环网卡
ifconfig lo:1 172.16.0.100/32
配置路由器
添加网卡ens34:仅主机模式
vim ifcfg-ens33
IPADDR=192.168.1.200
ifconfig ens33:1 172.16.0.100/32
vim ifcfg-ens34
IPADDR=10.10.10.200
配置仅主机模式的客户端
IPADDR=10.10.10.150
GATEWAY=10.10.10.200
curl 172.16.0.100
192.168.1.71
curl 172.16.0.100
192.168.1.72
