Lab 6.1 Port Forwarding and Jump Box - Cyber-JL/SEC-350-01 GitHub Wiki

Remove your static route from rw01

  • simply go to network connections

  • choose wired connection 1

  • go to the IPv4 tab

  • click routes

  • and then delete the route, click ok, and then click save

  • or run the following

     sudo ip route delete 172.16.50.0/29

Port Forwarding

  • On fw01 run the following:

NAT Destination

   set nat destination rule 10 description 'HTTP->WEB01'
   set nat destination rule 10 destination port '80'
   set nat destination rule 10 inbound-interface 'eth0'
   set nat destination rule 10 protocol 'tcp'
   set nat destination rule 10 translation address '172.16.50.3'
   set nat destination rule 10 translation port '80'

The Jump Box

Netplan config https://github.com/jude-lindale/Wiki/wiki/Docker-Lab

  • Network: DMZ Network

  • IP Address: 172.16.50.4/29

  • Gateway: 172.16.50.2

  • nameserver: 172.16.50.2

  • hostname: jump-jude

     sudo nano /etc/hostname

  • secure champuser by changing the default password

  • after the netplan has been configured run:

      sudo netplan try

Create an account for the internal admin on jump

  • create user jude

     Sudo adduser jude
 Sudo usermod -aG sudo jude
 Sudo reboot

Firewalls and SSH

  • On fw01 run the following

LAN-to-DMZ

   set firewall name LAN-to-DMZ rule 20 destination address '172.16.50.0/29'

Port Forward TCP/22 -> Jump

  • on fw01

SSH Service

   set service ssh listen-address '172.16.150.2'
   del service ssh listen-address 0.0.0.0

SSH WAN to JUMP

   set nat destination rule 20 description 'ssh->jump'
   set nat destination rule 20 destination port '22'
   set nat destination rule 20 inbound-interface 'eth0'
   set nat destination rule 20 protocol 'tcp'
   set nat destination rule 20 translation address '172.16.50.4'
   set nat destination rule 20 translation port '22'

SSH WAN-to-DMZ

WAN-to-DMZ

   set firewall name WAN-to-DMZ rule 20 action 'accept'
   set firewall name WAN-to-DMZ rule 20 description 'allow ssh'
   set firewall name WAN-to-DMZ rule 20 destination address '172.16.50.4'
   set firewall name WAN-to-DMZ rule 20 destination port '22'
   set firewall name WAN-to-DMZ rule 20 protocol 'tcp'

Key Generation on rw01

  • create a folder called keys and go into it

  • then to generate the key run the following:

     ssh-keygen -C "rw01 jump keys"

  • set the save key location to /home/jude/keys/jump-jude

Passwordless User on jump

  • On jump run the following

     sudo useradd -mk /etc/skel -s /bin/bash -d /home/jude-jump jude-jump
 Sudo -i
 Cd /home/jude-jump
 Mkdir .ssh

Copy pub key from rw01 to jump

   sftp [email protected]:/home/jude/keys/jump-jude.pub jump-jude.pub
   scp ./jump-jude.pub [email protected]:

On jump:

   sudo -i
   cd /home/jude/
   cat jump-jude.pub > /home/jude-jump/.ssh/authorized_keys
   chown jude-jump:jude-jump -R /home/jude-jump/.ssh/

Wazuh agent on Jump

mgmt01:

   curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb 
   Scp wazuh-agent-4.3.10.deb [email protected]:

jump:

   sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' dpkg -i ./wazuh-agent-4.3.10.deb
   sudo systemctl daemon-reload
   sudo systemctl enable wazuh-agent
   sudo systemctl start wazuh-agent

Reflection:

There were two major things that gave me trouble creating the passwordless user and getting the ssh key over to Jump. To overcome the passwordless user I ended up doing research for about an hour doing trial and error until it finally worked. It ended up that I hadn't done the passwordless user quite properly and that was causing issues with the ssh aspect of the lab.