Lab 1 Routing and DMZ - LosephCawtonJurtis/SEC-350 GitHub Wiki

Description:

Rw01: This is the “road warrior” linux laptop. A computer that sits outside your * organization's network

  • Add sudo user
  • Configure IP configuration (ip, mask, gateway etc.)
  • Configure IP route to direct certain traffic to the organization’s DMZ

Fw01: This is a vyos router/firewall that connects the SEC-350 (ISP), DMZ, and LAN networks

  • Add and set adapters in VSphere
  • Configure hostname
  • Configure ip address configuration per the 3 interfaces
  • Set default routing rules
  • Set DNS forwarding and forwarding rules
  • Set NAT rules

Web01: This is the organization's CENTOS web server in the DMZ

  • Add user, set password, add to sudo (wheel) group
  • Set hostname
  • Set ip configuration (static) including Gateway and DNS
  • Set firewall rules
  • Configure as a web server
  • Configure as rsyslog client

Log01: This is the organization’s CentOS log server (in DMZ for now)

  • Add user, set password, add to sudo (wheel) group
  • Set hostname
  • Set ip configuration (static) including Gateway and DNS
  • Set firewall rules
  • Configure as rsyslog server

RW01 setup

  • User: Champuser
  • Pass: Ch@mpl@1n!21
  • Create user
  • Adduser joseph
  • Usermod -aG sudo joseph
  • Hostnamectl set-hostname rw01-joseph

Nmtui

  • -edit connection
  • -ip: 10.0.17.117
  • -default gateway:10.0.17.2
  • -DNS: 10.0.17.2

FW01 setup

  • User: Vyos

  • Ch@mpl@1n!21

  • Configure hostname

  • Configure

  • Set system host-name fw1-joseph

  • Commit

  • Save

  • Exit

  • "exit until correct hostname displays"

  • Configure network interfaces (eth0 (WAN) eth1 (DMZ) and eth2 (LAN))

  • Configure

  • Delete interfaces ethernet eth0 address dhcp

  • Set interfaces ethernet eth0 address 10.0.17.117/24

  • Commit

  • Save

  • configure

  • Set interface ethernet eth0 description SEC350-WAN

  • Configure NAT and DNS forwarding on FW01

  • configure

  • set nat source rule 10 description "NAT FROM DMZ to WAN"

  • set nat source rule 10 outbound-interface eth0

  • set nat source rule 10 source address 172.16.50.0/29

  • set nat source rule 10 translation address masquerade

  • commit

  • save

DNS

  • set service dns forwarding listen-address 172.16.150.2
  • set service dns forwarding allow-from 172.16.50.0/29
  • set service dns forwarding allow-from 172.16.150.0/24
  • commit
  • save

WEB01 setup

Configure user and network

  • Adduser joseph
  • Usermod -aG wheel joseph
  • Passwd joseph ---
  • Nmtui
  • Set DNS and Gate way to DMZ interface on fw01(172.16.50.2) remember that the DMZ is a /29

Configure HTTPD

  • Sudo yum install httpd
  • sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
  • sudo firewall-cmd --reload

LOG01 setup

  • Allow udp and tcp traffic on port514