Project 2 - CameronProvost/SEC440 GitHub Wiki

Web Redundancy

  1. Configure NAT and DNS for OPT

Project Plan

  1. VYOS OTP NAT & DNS Setup
  2. HA1 & HA2 Setup
  3. HAproxy Setup
  4. Keepalived Setup
  5. WEB02 Configuration
  6. VYOS Nat Changes

VYOS1 and VYOS2

NAT to OPT

set nat source rule 20 description 'NAT FROM OPT to WAN'
set nat source rule 20 outband-interface eth0
set nat source rule 20 source address 10.0.6.0/24
set nat source rule 20 translation address masquerade

DNS

set service dns forwarding allow-from 10.0.6.0/24
set service dns forwarding listen-address 10.0.6.1

HA1 and HA2 Configuration

New User

sudo hostanmectl set-hostname ha1-provost
sudo adduser cameron
sudo usermod -aG sudo cameron

Networking

sudo nano /etc/netplan/00-installer-config.yaml

HA1

ha1network HA2

h2network

sudo netplan apply

HAproxy

sudo apt install haproxy

Config File: Edit the config file

sudo nano /etc/default/haproxy

Make the following changes

proxy1

Start HAproxy

sudo systemctl enable haproxy
sudo systemctl start haproxy

HA1 & HA2 Keepalived Configuration

sudo apt install keepalived

Make the Following Configurations

HA1

ha1keepalived

HA2

ha2keepalived

Start keepalived

sudo systemctl enable keepalived
sudo systemctl start keepalived

WEB02

Network Settings

web02network

Hostname & User

sudo hostnamectl set-hostname web02-provost
sudo useradd cameron
sudo usermod -aG s cameron

Firewall Rules

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --permanent --zone-public --add-port=22/tcp
sudo firewall-cmd --reload

httpd

sudo yum install httpd
nano /var/www/html/index.html

VYOS NAT CHANGES

delete nat destination rule 20
set nat destination rule 20 description HTTPtoHaVrrp
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.6.10
set nat destination rule 20 translation port 80