Sec350‐Routing&DMZ‐Lab - ConnorEast/Tech-Journal GitHub Wiki

Lab 1 - Routing & DMZ

Passwords and IPs can be located here:

RW01 Setup

  • Step 1: Change the root Password
  • Step 2: Add a new sudo User named Connor
  • Step 3: Set the Hostname of the device
  • Step 4: Configure the IP for the Linux box
Steps Commands Used
Step 1: Command 1: "passwd"
Step 2:
  • Command 1: "sudo -i"
  • Command 2: "adduser connor"
  • Command 3:"sudo usermod -aG sudo connor"
Step 3: Command 1: "sudo hostnamectl set-hostname rw01-East"
Step 4:
  • Command 1: "nmtui"
  • Set the data equal to the data in the Ip document

FW01 Setup

  • Step 1: Change Hostname
  • Step 2: Set Interface Descriptions for each interface
  • Step 3: SET IPs to interfaces
  • Step 4: Gateway And DNS
Steps Commands Used
Step 1:
  • configure
  • set system host-name fw1-yourname
  • commit
  • Save
  • Exit
Step 2:
  • configure
  • set interfaces ethernet eth0 description sec350-Wan
  • set interfaces ethernet eth1 description smz
  • set interfaces ethernet eth2 description lan
  • commit
  • Save
  • Exit
Step 3:
  • configure
  • set interfaces ethernet eth0 address 10.0.17.132/24
  • set interfaces ethernet eth1 address 172.16.50.2/29
  • set interfaces ethernet eth2 address 172.16.150.2/24
    		•
    Step 4:

    Web01 Setup

    • Step 1: Add sudo user
    • Step 2: Change Hostname
    • Step 3: Configure IP
    • Step 5:
    Steps Commands Used
    Step 1:
    • Command 1: "sudo -i"
    • Command 2: "adduser connor"
    • Command 3:"sudo usermod -aG wheel connor"
    Step 2: Command 1: "sudo hostnamectl set-hostname Web01-East"
    Step 3: Use the nmtui command to change networking config/td>

    Nat/DNS Setup on Firewall

    Nat Forwarding
    • "configure"
    • 'set nat source rule 10 description "NAT FROM DMZ to WAN"'
    • 'set nat source rule 10 outbound-interface eth0'
    • 'set nat source rule 10 source address 172.16.50.0/29'
    • 'set nat source rule 10 translation address masquerade'
    • 'commit save'
    DNS Forwarding
    • set service dns forwarding listen-address 172.16.50.2
    • set service dns forwarding allow-from 172.16.50.0/29
    • set service dns forwarding system
    • commit save

    WebServer Configuration

    General Commands [Web01]
    • "sudo systemctl status httpd"
    • "sudo yum httpd"
    • firewall-cmd -permanent --add-port 80/tcp
    • firewall-cmd -permanent --add-port 443/tcp
    Client Side Configuration [IE: Rw01]
    • Command 1: sudo ip route add 172.16.50.0/29 via 10.0.17.132
    • Command 2: Systemctl restart Network Manager

    Deliverables

    Deliverable 1: Champlain

    Deliverable 2: Ping google

    Deliverable 3:

    Deliverable 4

    Deliverable 5

    Deliverable 6: DMZ site accessible from WAN

    image

    Deliverable 7:

    Deliverable 8

    Deliverable 9: Vyos Article

    Deliverable 10: Syslog Article

    ⚠️ **GitHub.com Fallback** ⚠️