Lab 1 - skyleroriordan/my-tech-journal GitHub Wiki

Notes

vyos

To set vyos hostname: configure set system host-name fw1-skyler commit save exit

To set interface description: set interfaces ethernet eth0 description SEC350-WAN

To set interface ip: set interfaces ethernet ethX address IP/MASK

to set gateway: set protocols static route 0.0.0.0/0 next-hop 10.0.17.2

to set dns: set system name-server 10.0.17.2

to configure NAT and DNS forwarding: set nat source rule 10 description "NAT FROM DMZ to WAN set nat source rule 10 outbound-interface eth0 set nat source rule 10 source address 172.16.50.0/29 set nat source rule 10 translation address masquerade Use show nat source rule 10 to see changes

To get fw01 to forward DNS to DMZ use: set service dns forwarding listen-address 172.16.50.2 set service dns forwarding allow-from 172.150.0/29 and set service dns forwarding system

rsyslog

made sure rsyslog was running on web01 and log01. If it wasn't used I used sudo yum install rsyslog to install it.

had to allow port 514 through on web01 and log01 used the command: sudo firewall-cmd --add-port=514/udp --permanent and udo firewall-cmd --add-port=514/tcp --permanent

On log01 edited the config file /etc/ryslog.conf by uncommenting out the lines associated with providing UDP and TCP syslog reception

On web01 I created the file /etc/rsyslog.d/sec350.conf with the text: user.notice @172.16.50.5