Lab 6.1 Port Forwarding and Jump Boxes - FlameSpyro/Tech-Journal GitHub Wiki

Lab 6.1 Port Forwarding and Jump Boxes

  • Deliverable 1. Provide a screenshot from rw01 similar to the one below that no longer shows the route to the DMZ network.
sudo ip route show
sudo ip route del 172.16.50.0/29 via 10.0.17.117 dev ens160
ip route
sudo ip route show (or just ip route)

Port Forwarding

  • Add a NAT destination rule to make any port 80 traffic get forwarded to web01
    • The destination port refers to the port received by eth0 on fw1
    • The inbound interface is eth0/WAN
    • The address received is "translated" and forwarded to web01 port 80
  • On fw01
configure
show nat source
set nat destination rule 10 description "HTTP->WEB01"
set nat destination rule 10 destination port 80
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 172.16.50.3
set nat destination rule 10 translation port 80
commit
save
  • Deliverable 2. Provide a screenshot similar to the one below that shows a curl to your fw01's eth0 interface's IP address. curl HTTP://10.0.17.116

The Jump Box

  • Deliverable 3. Configure jump to have the following characteristics
    • Network: DMZ Network
    • IP Address: 172.16.50.4/29
    • hostname: jump
    • secure champuser by changing the default password
  • Provide a screenshot similar to the one below that shows the IP address, and a curl to jump's nextdoor neighbor, web01

image


sudo netplan apply
sudo passwd champuser
ip a
ping -c1 172.16.50.2
curl 172.16.50.3

Firewalls and SSH

  • Adjust the firewall rules from LAN-TO-DMZ such that mgmt01 can ssh into any server on the DMZ
configure
show firewall name LAN-to-DMZ 
set firewall name LAN-to-DMZ rule 20 destination address 172.16.50.1-172.16.50.6
commit
save

set firewall name LAN-to-DMZ rule 30 action accept
set firewall name LAN-to-DMZ rule 30 destination address 172.16.50.1-172.16.50.6
set firewall name LAN-to-DMZ rule 30 port 22
set firewall name LAN-to-DMZ rule 30 protocol tcp
set firewall name LAN-to-DMZ rule 30 source address 172.16.200.11
commit
save

Passwordless Account

image

  • I used SCP to send the public key over to jump!
  • On rw01 ssh -i .ssh/eric-jump [email protected]

Create an account for the internal admin

cd
sudo adduser eric
sudo usermod -aG sudo eric

Wazuh agent on Jump

  • Deliverable 5. Figure out how to install the wazuh agent on jump. Note, you can pull the deb package down to mgmt01, scp it to jump and then execute the installation command against the agent installation package. In this way, you don't have to open up the DMZ-to-WAN firewall. Provide a screenshot showing the successful registration of your jump server's agent.
  • On wazuh, add agent. Follow the instructions for the desired machine. Depending on the connection is best to SCP the files over to the desired machine.