SYS440 Project 1: Network Redundancy - zacharylongo/Tech-Journals GitHub Wiki

Base Configurations: Xubuntu-WAN and LAN

Set Hostname / Initial User creation:

• This is assumed you know how to set a hostname on Xubuntu. Advanced network settings tab should give you what you need.

Change champuser Passwd and add zach user:

adduser zach
passwd zach
usermod -aG wheel zach

WAN Networking Settings:

LAN Networking Settings:

Web01 Setup:

• Insert NMtui Screenshot here

• Add Zach user

adduser zach
passwd zach
usermod -aG wheel zach

Permit SSH and HTTP:

Vyos Boxes: Vyos1 and Vyos2

Set Hostname:

set system host-name **Insert Hostname here**

Change password on default Vyos user:

set sytem login user vyos authentication plaintext-password

Make new user:

set sytem login user *Insert user here* full name "*Insert name as string here*"

• Ensure to use quotation marks.

Set Interfaces:

Vyos 1:

set interfaces ethernet eth0 address 10.0.17.21/24
set interfaces ethernet eth1 address 10.0.5.2/24
set interfaces ethernet eth2 address 10.0.6.2/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2

Vyos 2:

set interfaces ethernet eth0 address 10.0.17.81/24
set interfaces ethernet eth1 address 10.0.5.3/24
set interfaces ethernet eth2 address 10.0.6.3/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2

Both (Vyos1 and Vyos2)

set interfaces ethernet eth0 description WAN
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth2 description OPT

Configure DNS:

DNS Lan to WAN:

set service dns forwarding allow-from 10.0.5.0/24
set service dns forwarding listen-address 10.0.5.1
set service dns forwarding system

NAT LAN to WAN:

set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.5.0/24
set nat source rule 10 translation address masquerade

VRRP

VRRP LAN:

set high-availability vrrp group langroup0 vrid 10
set high-availability vrrp group langroup0 interface eth1
set high-availability vrrp group langroup0 address 10.0.5.1/24
# For vyos01
set high-availability vrrp group langroup0 priority 200
# For vyos02
set high-availability vrrp group langroup0 priority 100

VRRP WAN:

set high-availability vrrp group wangroup11 vrid 161
set high-availability vrrp group wangroup11 interface eth0
set high-availability vrrp group wangroup11 address 10.0.17.111/24
# For vyos01
set high-availability vrrp group wangroup11 priority 200
# For vyos02
set high-availability vrrp group wangroup11 priority 100

VRRP OPT:

set high-availability vrrp group optgroup0 vrid 20
set high-availability vrrp group optgroup0 interface eth2
set high-availability vrrp group optgroup0 address 10.0.6.1/24
# For vyos01
set high-availability vrrp group optgroup0 priority 200
# For vyos02
set high-availability vrrp group optgroup0 priority 100

Port Forwarding (Do this on both Vyos1 and Vyos2)

Port 80 for Web01

set nat destination rule 20 description 'HTTP->WEB01'
set nat destination rule 20 destination address 10.0.17.111
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.5.100
set nat destination rule 20 translation port 80

Port 22 for Web01

set nat destination rule 30 description 'SSH->WEB01'
set nat destination rule 30 destination address 10.0.17.111
set nat destination rule 30 destination port 22
set nat destination rule 30 inbound-interface eth0
set nat destination rule 30 protocol tcp
set nat destination rule 30 translation address 10.0.5.100
set nat destination rule 30 translation port 22

2FA

• Use this link (Creds to the Lads of CNCS)

Vyos1 Config:

• This config includes Eth2(Opt) which is non-essential for this lab. After talking with several others during the lab, I decided to do this config ahead of time

set high-availability vrrp group langroup0 address 10.0.5.1/24
set high-availability vrrp group langroup0 interface 'eth1'
set high-availability vrrp group langroup0 priority '200'
set high-availability vrrp group langroup0 vrid '10'
set high-availability vrrp group optgroup0 address 10.0.6.1/24
set high-availability vrrp group optgroup0 interface 'eth2'
set high-availability vrrp group optgroup0 priority '200'
set high-availability vrrp group optgroup0 vrid '20'
set high-availability vrrp group wangroup11 address 10.0.17.111/24
set high-availability vrrp group wangroup11 interface 'eth0'
set high-availability vrrp group wangroup11 priority '200'
set high-availability vrrp group wangroup11 vrid '161'
set interfaces ethernet eth0 address '10.0.17.21/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '10.0.5.2/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth2 address '10.0.6.2/24'
set interfaces ethernet eth2 description 'OPT'
set nat destination rule 20 description 'HTTP->WEB01'
set nat destination rule 20 destination address '10.0.17.111'
set nat destination rule 20 destination port '80'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '10.0.5.100'
set nat destination rule 20 translation port '80'
set nat destination rule 30 description 'SSH->WEB01'
set nat destination rule 30 destination address '10.0.17.111'
set nat destination rule 30 destination port '22'
set nat destination rule 30 inbound-interface 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '10.0.5.100'
set nat destination rule 30 translation port '22'
set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.0.5.0/24'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '10.0.5.0/24'
set service dns forwarding listen-address '10.0.5.1'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'vyos1-zach'
set system name-server '10.0.17.2'

Vyos2 Config:

set high-availability vrrp group langroup0 address 10.0.5.1/24
set high-availability vrrp group langroup0 interface 'eth1'
set high-availability vrrp group langroup0 priority '100'
set high-availability vrrp group langroup0 vrid '10'
set high-availability vrrp group optgroup0 address 10.0.6.1/24
set high-availability vrrp group optgroup0 interface 'eth2'
set high-availability vrrp group optgroup0 priority '100'
set high-availability vrrp group optgroup0 vrid '20'
set high-availability vrrp group wangroup11 address 10.0.17.111/24
set high-availability vrrp group wangroup11 interface 'eth0'
set high-availability vrrp group wangroup11 priority '100'
set high-availability vrrp group wangroup11 vrid '161'
set interfaces ethernet eth0 address '10.0.17.81/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '10.0.5.3/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth2 address '10.0.6.3/24'
set interfaces ethernet eth2 description 'OPT'
set nat destination rule 20 description 'HTTP->WEB01'
set nat destination rule 20 destination address '10.0.17.111'
set nat destination rule 20 destination port '80'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '10.0.5.100'
set nat destination rule 20 translation port '80'
set nat destination rule 30 description 'SSH->WEB01'
set nat destination rule 30 destination address '10.0.17.111'
set nat destination rule 30 destination port '22'
set nat destination rule 30 inbound-interface 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '10.0.5.100'
set nat destination rule 30 translation port '22'
set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.0.5.0/24'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '10.0.5.0/24'
set service dns forwarding listen-address '10.0.5.1'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'vyos2-zach'
set system name-server '10.0.17.2'