Project 1 - RichardSwierk/SEC-440 GitHub Wiki

vyos1 configure

richard.swierk@vyos1-richard:~$ config
richard.swierk@vyos1-richard# set system host-name vyos1-richard
richard.swierk@vyos1-richard# set interfaces ethernet eth0 description 'WAN'
richard.swierk@vyos1-richard# set interfaces ethernet eth0 address 10.0.17.28/24
richard.swierk@vyos1-richard# set interfaces ethernet eth1 description 'LAN'
richard.swierk@vyos1-richard# set interfaces ethernet eth1 address 10.0.5.2/24
richard.swierk@vyos1-richard# set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
richard.swierk@vyos1-richard# set high-availability vrrp group wangroup18 vrid 168
richard.swierk@vyos1-richard# set high-availability vrrp group wangroup18 interface eth0
richard.swierk@vyos1-richard# set high-availability vrrp group wangroup18 virtual-address 10.0.17.88/24
richard.swierk@vyos1-richard# set high-availability vrrp group langroup18 vrid 10
richard.swierk@vyos1-richard# set high-availability vrrp group langroup18 interface eth1
richard.swierk@vyos1-richard# set high-availability vrrp group langroup18 virtual-address 10.0.5.1/24
richard.swierk@vyos1-richard# set nat destination rule 10 description "port forward: ssh to 10.0.5.100"
richard.swierk@vyos1-richard# set nat destination rule 10 destination port 22
richard.swierk@vyos1-richard# set nat destination rule 10 inbound-interface eth1
richard.swierk@vyos1-richard# set nat destination rule 10 protocol tcp
richard.swierk@vyos1-richard# set nat destination rule 10 translation address 10.0.5.100
richard.swierk@vyos1-richard# set nat destination rule 10 translation port 22
richard.swierk@vyos1-richard# set nat destination rule 20 description "port forward: http to 10.0.5.100"
richard.swierk@vyos1-richard# set nat destination rule 20 destination port 80
richard.swierk@vyos1-richard# set nat destination rule 20 inbound-interface eth1
richard.swierk@vyos1-richard# set nat destination rule 20 protocol tcp
richard.swierk@vyos1-richard# set nat destination rule 20 translation address 10.0.5.100
richard.swierk@vyos1-richard# set nat destination rule 20 translation port 80
richard.swierk@vyos1-richard# set nat destination rule 30 destination port 22,80
richard.swierk@vyos1-richard# set nat destination rule 30 inbound-interface eth0
richard.swierk@vyos1-richard# set nat destination rule 30 protocol tcp
richard.swierk@vyos1-richard# set nat destination rule 30 translation address 10.0.5.100
richard.swierk@vyos1-richard# set nat source rule 1 outbound-interface eth1
richard.swierk@vyos1-richard# set nat source rule 1 source address 10.0.5.0/24
richard.swierk@vyos1-richard# set nat source rule 1 translation masquerade
richard.swierk@vyos1-richard# set nat source rule 10 description "ubuntu-lan to WAN"
richard.swierk@vyos1-richard# set nat source rule 10 outbound-interface eth0
richard.swierk@vyos1-richard# set nat source rule 10 source address 10.0.5.6
richard.swierk@vyos1-richard# set nat source rule 10 translation address masquerade
richard.swierk@vyos1-richard# set nat source rule 20 outbound-interface eth1
richard.swierk@vyos1-richard# set nat source rule 20 source address 10.0.17.0/24
richard.swierk@vyos1-richard# set nat source rule 20 translation address masquerade
richard.swierk@vyos1-richard# commit
richard.swierk@vyos1-richard# save

vyos2 Configure

richard.swierk@vyos2-richard:~$ config
richard.swierk@vyos2-richard# set system host-name vyos1-richard
richard.swierk@vyos2-richard# set interfaces ethernet eth0 description 'WAN'
richard.swierk@vyos2-richard# set interfaces ethernet eth0 address 10.0.17.68/24
richard.swierk@vyos2-richard# set interfaces ethernet eth1 description 'LAN'
richard.swierk@vyos2-richard# set interfaces ethernet eth1 address 10.0.5.3/24
richard.swierk@vyos2-richard# set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
richard.swierk@vyos2-richard# set high-availability vrrp group wangroup18 vrid 168
richard.swierk@vyos2-richard# set high-availability vrrp group wangroup18 interface eth0
richard.swierk@vyos2-richard# set high-availability vrrp group wangroup18 virtual-address 10.0.17.88/24
richard.swierk@vyos2-richard# set high-availability vrrp group langroup18 vrid 10
richard.swierk@vyos2-richard# set high-availability vrrp group langroup18 interface eth1
richard.swierk@vyos2-richard# set high-availability vrrp group langroup18 virtual-address 10.0.5.1/24
richard.swierk@vyos2-richard# set nat destination rule 10 description "port forward: ssh to 10.0.5.100"
richard.swierk@vyos2-richard# set nat destination rule 10 destination port 22
richard.swierk@vyos2-richard# set nat destination rule 10 inbound-interface eth1
richard.swierk@vyos2-richard# set nat destination rule 10 protocol tcp
richard.swierk@vyos2-richard# set nat destination rule 10 translation address 10.0.5.100
richard.swierk@vyos2-richard# set nat destination rule 10 translation port 22
richard.swierk@vyos2-richard# set nat destination rule 20 description "port forward: http to 10.0.5.100"
richard.swierk@vyos2-richard# set nat destination rule 20 destination port 80
richard.swierk@vyos2-richard# set nat destination rule 20 inbound-interface eth1
richard.swierk@vyos2-richard# set nat destination rule 20 protocol tcp
richard.swierk@vyos2-richard# set nat destination rule 20 translation address 10.0.5.100
richard.swierk@vyos2-richard# set nat destination rule 20 translation port 80
richard.swierk@vyos2-richard# set nat destination rule 30 destination port 22,80
richard.swierk@vyos2-richard# set nat destination rule 30 inbound-interface eth0
richard.swierk@vyos2-richard# set nat destination rule 30 protocol tcp
richard.swierk@vyos2-richard# set nat destination rule 30 translation address 10.0.5.100
richard.swierk@vyos2-richard# set nat source rule 1 outbound-interface eth1
richard.swierk@vyos2-richard# set nat source rule 1 source address 10.0.5.0/24
richard.swierk@vyos2-richard# set nat source rule 1 translation masquerade
richard.swierk@vyos2-richard# set nat source rule 10 description "ubuntu-lan to WAN"
richard.swierk@vyos2-richard# set nat source rule 10 outbound-interface eth0
richard.swierk@vyos2-richard# set nat source rule 10 source address 10.0.5.6
richard.swierk@vyos2-richard# set nat source rule 10 translation address masquerade
richard.swierk@vyos2-richard# set nat source rule 20 outbound-interface eth1
richard.swierk@vyos2-richard# set nat source rule 20 source address 10.0.17.0/24
richard.swierk@vyos2-richard# set nat source rule 20 translation address masquerade
richard.swierk@vyos2-richard# commit
richard.swierk@vyos2-richard# save

web01 Configure

richard.swierk@web01-richard:~$ sudo nmtui
ip=10.0.5.100
gateway=10.0.5.1
richard.swierk@web01-richard:~$ sudo yum install httpd
richard.swierk@web01-richard:~$ sudo echo "PermitRootLogin no" >> /etc/ssh/sshd_config
richard.swierk@web01-richard:~$ sudo firewall-cmd --permanent --add-servoce=ssh
richard.swierk@web01-richard:~$ sudo firewall-cmd --permanent --add-service=http
richard.swierk@web01-richard:~$ sudo firewall-cmd --reload
richard.swierk@web01-richard:~$ sudo systemctl httpd start
richard.swierk@web01-richard:~$ sudo systemctl sshd start

Reflection

• Had to remember how to use vyos
• Needed help to be able to connect to the internet (needed gatway setup on vyos)