SEC 350:Lab 3.1 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

fw-mgmt firewall configuration

  • set interfaces ethernet eth0 address 172.16.150.3/24
  • set interfaces ethernet eth0 description 'SEC350-LAN'
  • set interfaces ethernet ethl address '172.16.200.2/28'
  • set interfaces ethernet eth1 description 'SEC350-MGMT'
  • set protocols rip interface eth0
  • set protocols rip network '172.16.208.0/28'
  • set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
  • set service dns forwarding allow-from '172.16.200.0/28'
  • set service dus forwarding listen-address '172.16.200.2'
  • set service dns forwarding system
  • set service ssh listen-address '0.0.0.0'
  • set system host-name 'fw-mgmt'
  • set system name-server '172.16.150.2'

fw-01 firewall configuration

  • set firewall name WAN-to-DMZ rule 10 action 'accept'
  • set firewall name WAN-to-DMZ rule 10 destination address '172.16.50.3'
  • set firewall name WAN-to-DMZ rule 10 destination port '80'
  • set firewall name WAN-to-DMZ rule 10 protocol 'tcp'
  • set firewall name WAN-to-DMZ rule 10 source address '10.0.17.26'
  • set interfaces ethernet ethe address '10.0.17.126/24'
  • set interfaces ethernet etho description 'SEC350-WAN'
  • set interfaces ethernet ethl address '172.16.50.2/29'
  • set interfaces ethernet ethl description 'SEC350-DMZ'
  • set interfaces ethernet eth2 address '172.16.150.2/24'
  • set interfaces ethernet eth2 description 'SEC350- LAN'
  • set nat source rule 10 description 'NAT from DMZ to WAN'
  • set nat source rule 10 outbound-interface 'etho'
  • set nat source rule 10 source address '172.16.50.0/29'
  • set nat source rule 10 translation address 'masquerade'
  • set nat source rule 11 description 'NAT FROM LAN TO WAN'
  • set nat source rule 11 outbound-interface 'ethe'
  • set nat source rule 11 source address '172.16.150.0/24'
  • set nat source rule 11 translation address 'masquerade'
  • set nat source rule 12 description 'NAT FROM MGMT TO WAN'
  • set nat source rule 12 outbound-interface 'etho'
  • set nat source rule 12 source address '172.16.200.0/28'
  • set nat source rule 12 translation address 'masquerade'
  • set protocols rip interface eth2
  • set protocols rip network '172.16.50.0/29'
  • set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
  • set service dns forwarding allow-from '172.16.50.0/29'
  • set service dns forwarding allow-from '172.16.150.0/24'
  • set service dns forwarding listen-address '172.16.20.2'
  • set service dns forwarding Listen-address '172.16.50.2'
  • set service dns forwarding listen-address '172.16.150.2'
  • set service dns forwarding system
  • set service ssh listen-address '0.0.0.0'
  • set system host-name 'fwl-charlie' set
  • system name-server '10.0.17.2'
  • set system ntp server timel.vyos.net
  • set system ntp server time2.vyos.net
  • set system ntp server time3.vyos.net
  • set system syslog global facility all level 'info'
  • set system syslog global facility protocols level 'debug'