SYS 255:Lab 5 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki
Cables
- set cables on vsphere
- FW- adapter 1 is WAN, 2 is LAN
- others- set to LAN
Network Diagram
FW setup
- upon bootup type 1 to enter interface setup
- set em0 to WAN and em1 to LAN
- type 2 to enter IP configuration for interfaces
- WAN: 10.0.17.118/24, upstream gateway 10.0.17.2
- LAN: 10.0.5.2/24, no upstream gateway
wks01 setup
- set up IP address, IP Address: 10.0.5.100, Netmask: 255.255.255.0, Gateway+DNS: 10.0.5.2
- go to browser and search http://10.0.5.2
- login is admin, pfsense
- set hostname and server name (fw01-charlie, charlie.local)
- primary DNS 8.8.8.8, secondary 1.1.1.1
- unblock RFC 1918
- change DNS to 10.0.5.5
AD01 setup
-
set up IP and name in server manager- IP Address: 10.0.5.5, Netmask: 255.255.255.0, Gateway+DNS: 10.0.5.2, name ad01-charlie
-
start ADDS in server manager- Manage, add features, Active Directory Domain Service
-
Set forest root domain controller to charlie.local when prompted
-
set up DSRM password from password list
-
go to DNS in server manager, right click the server name, and enter DNS manager
-
right click reverse lookup zone, new zone, set as 10.0.5
-
go to forward lookup zone, right click charlie.local, then create new A/AAAA host
-
fw01-charlie, 10.0.5.2, update associated ptr record
-
dhcp01-charlie, 10.0.5.3, update associated ptr record
-
edit ad01-charlie, unclick update associated ptr record apply, re-edit and click update
-
go to AD DS in server manager, right click the server name, and enter active directory users and computers
-
right click users, new, user
-
create charlie.ward-adm user and uncheck the option to force new password creation
-
right click charlie.ward-adm, add to group, domain admins
-
can do similar, and add organizational units in the same area if requested in assessment
-
if issues arise with previous point, see lab 5 notes
DHCP setup
-
useradd, passwd, and usermod -aG wheel charlie
-
nmtui and set up ip/device name
-
double check ping connections. If fail, mess with DNS server again
-
ssh in from wks01
-
sudo vi /etc/yum.repos.d/Rocky-BaseOS.repo
-
change all instancess of mirror and mirrorlist to vault
-
yum update
-
sudo dnf install dhcp-server
-
sudo nano /etc/dhcp/dhcpd.conf
-
paste config file (requires enter edit mode)
-
systemctl restart dhcpd
-
systemctl enable dhcpd
-
firewall-cmd --add-service=dhcp --permanent
-
firewall-cmd --reload
-
if edited lease time is requested, use lab 4 notes
dhcp server config file
DHCP Server Configuration file.
see /usr/share/doc/dhcp-server/dhcpd.conf.example
see dhcpd.conf(5) man page
subnet 10.0.5.0 netmask 255.255.255.0 { option routers 10.0.5.2; option subnet-mask 255.255.255.0; option domain-name "charlie.local"; option domain-name-servers 10.0.5.5; range 10.0.5.100 10.0.5.150; default-lease-time 3600; max-lease-time 14400; |