Lab05 Web Proxy - Henryisgreat/TechJournal GitHub Wiki

FW1-henry

  • Configure firewall to deny traffic using the kern facility at debug level.
    • Configure
    • Set system syslog host 172.16.200.10 facility kern level debug
    • Commit
    • Save
  • Create a rule to allow web01 to update network time (udp/123) via the WAN (DMZ-to-WAN)
    • Set firewall name DMZ-to-WAN rule 10 action accept
    • Set firewall name DMZ-to-WAN rule 10 protocol udp
    • Set firewall name DMZ-to-WAN rule 10 destination port 123
    • Commit
    • Save

PROXY-henry

  • Configure machine
    • Nmtui - etc
  • Download syslog config file into the rsyslog.d folder AND configure the file
    • Cd /etc/rsyslog.d/
    • Wget 10.0.17.3/sec350/03-sec350.conf
  • Install squid proxy on proxy01
    • Yum install squid -y
  • Enable squid service on the firewall
    • Firewall-cmd --zone=public --add-service=http --permanent
    • Firewall-cmd --reload
  • Modify the /etc/squid/squid.conf file to configure squid
  • **MAKE A COPY OF THE ORIGINAL **
    • Cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
    • SEE Bn.txt for configuration

WKS1-henry

  • Go to proxy settings on WKS1 and configure to use proxy01 as proxy
    • Manual configuration
    • Proxy IP: 172.16.50.4
    • Proxy port: 3128

FW1-henry

  • Add a firewall rule to LAN-DMZ that
    • Destination address is the Proxy Server 's IP
    • Destination port is the TCP port associated with SQUID
    • SEE Bn.txt for configuration
  • Add a firewall rule to replace the temporary one from earlier that states that the proxy is allowed to access the WAN using tcp
    • SEE Bn.txt for configuration
  • Lock Down LAN-WAN FIREWALL
    • SEE Bn.txt for configuration

Web01-henry

  • Configure yum to go through proxy
  • On /etc/yum.repos.d/CentOS-Base.repo comment all mirror lists and uncomment all baseurls