Lab05 Web Proxy - Henryisgreat/TechJournal GitHub Wiki
FW1-henry
- Configure firewall to deny traffic using the kern facility at debug level.
Configure
Set system syslog host 172.16.200.10 facility kern level debug
Commit
Save
- Create a rule to allow web01 to update network time (udp/123) via the WAN (DMZ-to-WAN)
Set firewall name DMZ-to-WAN rule 10 action accept
Set firewall name DMZ-to-WAN rule 10 protocol udp
Set firewall name DMZ-to-WAN rule 10 destination port 123
Commit
Save
PROXY-henry
- Configure machine
- Download syslog config file into the rsyslog.d folder AND configure the file
Cd /etc/rsyslog.d/
Wget 10.0.17.3/sec350/03-sec350.conf
- Install squid proxy on proxy01
- Enable squid service on the firewall
Firewall-cmd --zone=public --add-service=http --permanent
Firewall-cmd --reload
- Modify the /etc/squid/squid.conf file to configure squid
- **MAKE A COPY OF THE ORIGINAL **
Cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
- SEE Bn.txt for configuration
WKS1-henry
- Go to proxy settings on WKS1 and configure to use proxy01 as proxy
- Manual configuration
- Proxy IP: 172.16.50.4
- Proxy port: 3128
FW1-henry
- Add a firewall rule to LAN-DMZ that
- Destination address is the Proxy Server 's IP
- Destination port is the TCP port associated with SQUID
- SEE Bn.txt for configuration
- Add a firewall rule to replace the temporary one from earlier that states that the proxy is allowed to access the WAN using tcp
- SEE Bn.txt for configuration
- Lock Down LAN-WAN FIREWALL
- SEE Bn.txt for configuration
Web01-henry
- Configure yum to go through proxy
- On /etc/yum.repos.d/CentOS-Base.repo comment all mirror lists and uncomment all baseurls