Lab 3 || Segmentation - Michaelfoop/SEC-350-01 GitHub Wiki
Full VyOS setup
| Desc |
Command |
| Setting Hostname |
set system host-name fw1-yourname |
| Setting interface ethx description |
set interfaces ethernet eth0 description something |
| Setting interface ethx address |
set interfaces ethernet eth0 address IPADDRESS/MASK |
| Setting gateway next-hop |
set protocols static route 0.0.0.0/0 next-hop GATEWAYADDRESS |
| Setting name server |
set system name-server NAMESERVERADDRESS |
| Setting dns forwarding service (where its going) |
set service dns forwarding listen-address LISTENINGADDRESS |
| Setting dns forwarding service (where its coming from) |
set service dns forwarding allow-from IPNETWORKADDRESS/MASK |
fw01 Config
set interfaces ethernet eth0 address '10.0.17.126/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'michael-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'michael-LAN'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface name 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set nat source rule 20 description 'NAT FROM LAN TO WAN'
set nat source rule 20 outbound-interface name 'eth0'
set nat source rule 20 source address '172.16.150.0/24'
set nat source rule 20 translation address 'masquerade'
set nat source rule 30 description 'NAT FROM MGMT to WAN'
set nat source rule 30 outbound-interface name 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding allow-from '172.16.150.0/24'
set service dns forwarding listen-address '172.16.50.0/29'
set service dns forwarding listen-address '172.16.150.0/24'
set service dns forwarding system
set system host-name 'fw1-michael'
set system name-server '10.0.17.2'
set system option reboot-on-upgrade-failure '5'
set system syslog local facility all level 'info'
set system syslog local facility local7 level 'debug'
fw-mgmt Config
set interfaces ethernet eth0 address '172.16.150.3/24'
set interfaces ethernet eth0 description 'SEC350-LAN'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth1 address '172.16.200.2/28'
set interfaces ethernet eth1 description 'SEC350-MGMT'
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set service dns forwarding allow-from '172.16.200.0/28'
set service dns forwarding listen-address '172.16.150.2'
set service dns forwarding listen-address '172.16.200.2'
set system host-name 'fw-mgmt-michael'
set system name-server '172.16.150.2'
set system option reboot-on-upgrade-failure '5'
set system syslog local facility all level 'info'
set system syslog local facility local7 level 'debug'