SYS 255:Lab 5 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

Cables

  • set cables on vsphere
  • FW- adapter 1 is WAN, 2 is LAN
  • others- set to LAN

Network Diagram


FW setup

  • upon bootup type 1 to enter interface setup
  • set em0 to WAN and em1 to LAN
  • type 2 to enter IP configuration for interfaces
  • WAN: 10.0.17.118/24, upstream gateway 10.0.17.2
  • LAN: 10.0.5.2/24, no upstream gateway

wks01 setup

  • set up IP address, IP Address: 10.0.5.100, Netmask: 255.255.255.0, Gateway+DNS: 10.0.5.2
  • go to browser and search http://10.0.5.2
  • login is admin, pfsense
  • set hostname and server name (fw01-charlie, charlie.local)
  • primary DNS 8.8.8.8, secondary 1.1.1.1
  • unblock RFC 1918
  • change DNS to 10.0.5.5

AD01 setup

  • set up IP and name in server manager- IP Address: 10.0.5.5, Netmask: 255.255.255.0, Gateway+DNS: 10.0.5.2, name ad01-charlie

  • start ADDS in server manager- Manage, add features, Active Directory Domain Service

  • Set forest root domain controller to charlie.local when prompted

  • set up DSRM password from password list

  • go to DNS in server manager, right click the server name, and enter DNS manager

  • right click reverse lookup zone, new zone, set as 10.0.5

  • go to forward lookup zone, right click charlie.local, then create new A/AAAA host

  • fw01-charlie, 10.0.5.2, update associated ptr record

  • dhcp01-charlie, 10.0.5.3, update associated ptr record

  • edit ad01-charlie, unclick update associated ptr record apply, re-edit and click update

  • go to AD DS in server manager, right click the server name, and enter active directory users and computers

  • right click users, new, user

  • create charlie.ward-adm user and uncheck the option to force new password creation

  • right click charlie.ward-adm, add to group, domain admins

  • can do similar, and add organizational units in the same area if requested in assessment

  • if issues arise with previous point, see lab 5 notes


DHCP setup

  • useradd, passwd, and usermod -aG wheel charlie

  • nmtui and set up ip/device name

  • double check ping connections. If fail, mess with DNS server again

  • ssh in from wks01

  • sudo vi /etc/yum.repos.d/Rocky-BaseOS.repo

  • change all instancess of mirror and mirrorlist to vault

  • yum update

  • sudo dnf install dhcp-server

  • sudo nano /etc/dhcp/dhcpd.conf

  • paste config file (requires enter edit mode)

  • systemctl restart dhcpd

  • systemctl enable dhcpd

  • firewall-cmd --add-service=dhcp --permanent

  • firewall-cmd --reload

  • if edited lease time is requested, use lab 4 notes


dhcp server config file


DHCP Server Configuration file.

see /usr/share/doc/dhcp-server/dhcpd.conf.example

see dhcpd.conf(5) man page

subnet 10.0.5.0 netmask 255.255.255.0 { option routers 10.0.5.2; option subnet-mask 255.255.255.0; option domain-name "charlie.local"; option domain-name-servers 10.0.5.5; range 10.0.5.100 10.0.5.150; default-lease-time 3600; max-lease-time 14400; |