Milestone 3

Overview 🌍

• Create DMZ & MGMT Networks
• Deploy A webserver in DMZ
• Deploy Backup Server on MGMT
• Configure firewall for new networks

Network Diagram

Creating Networks and Deploying VMs 🛜

This is covered in a previous milestone:

• Milestone 1 Virtual Networking

Allow Firewall Rule for DMZ

• a rule will have be be created in pfsense to allow DMZ hosts to have a connection.

1. In pfsense web dashboard go to firewall/rules
2. Select New DMZ interface
3. Add a new rule with the following:

Action:      Pass
Interface:   DMZ
Protocol:    Any
Source:      DMZ net
Destination: Any

This is a must if you want DMZ hosts to reach the gateway (these rules might change later).

Deploying a webserver

Full Configurtaion files for this machine can be found here

Since we have configured a webserver before I will lay out the steps here, however the setup can be found above.

• Configure networking
• Install apache
• Start Services
• Allow apache through firewall

Quick firewalld refresher for allowing http:

firewall-cmd --permanent --add-service=http
firewall-cmd --reload

Configuring Ubuntu Server

Ubuntu networking is done through netplan, which we have done is the past, here

The full netplan file for this sytem can be found here: backup01-netplan

Add default pass rule for MGMT

Action:      Pass
Interface:   MGMT
Protocol:    Any
Source:      MGMT net
Destination: Any

Firewall & Testing

• Drop Everything from DMZ to LAN
• Drop Everything from DMZ to MGMT

This is an example of what there rules should look like: