# Project 1 - Network Redundancy

## Base Configurations:

### Xubuntu-WAN and LAN

Set Hostname:

<figure><img src="/files/vGpPD1Ggi8LIh7HGIJob" alt=""><figcaption></figcaption></figure>

Change champuser Passwd and add paul user:

<figure><img src="/files/cSQMBDaPFXR1WHFiFoQN" alt=""><figcaption></figcaption></figure>

Make paul user sudoer:

<figure><img src="/files/KkXj8OxRtCZwH0JKKp74" alt=""><figcaption></figcaption></figure>

Setup Networking WAN:

<figure><img src="/files/lMuvUQNCEXl6mUFc9755" alt=""><figcaption></figcaption></figure>

Setup Networking LAN:

<figure><img src="/files/Jb1sfw0mCCncSB1ag3Qt" alt=""><figcaption><p>LAN setup</p></figcaption></figure>

### Web01 Setup:

<figure><img src="/files/zxWBXJPLB72bshRWmGNf" alt=""><figcaption><p>Network Config</p></figcaption></figure>

<figure><img src="/files/zS38V7EuTM4LS64m8Xgk" alt=""><figcaption><p>Set Hostname</p></figcaption></figure>

Add Paul user:

```bash
adduser paul
passwd paul
usermod -aG wheel paul
```

Allow ssh and http

<figure><img src="/files/uuiTX5oTqTu7wxqgie6z" alt=""><figcaption></figcaption></figure>

### Vyos1 and 2

Set Hostnames:

```bash
set system host-name <HOSTNAME>
```

Change vyos user password:

```bash
set system login user vyos authentication plaintext-password
```

Make a new paul user:

```bash
set system login user <name> full-name “<string>”
```

```bash
set system login user <name> authentication plaintext-password <password>
```

Set Interfaces:

```bash
set interfaces ethernet eth0 description WAN
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth2 description OPT
```

Vyos 1 Interfaces Addresses:

```bash
set interfaces ethernet eth0 address 10.0.17.16/24
set interfaces ethernet eth1 address 10.0.5.2/24
set interfaces ethernet eth2 address 10.0.6.2/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
```

Vyos 2 Interfaces Addresses:

```bash
set interfaces ethernet eth0 address 10.0.17.76/24
set interfaces ethernet eth1 address 10.0.5.3/24
set interfaces ethernet eth2 address 10.0.6.3/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
```

## Setup DNS

LAN to WAN:

```bash
set service dns forwarding allow-from 10.0.5.0/24
set service dns forwarding listen-address 10.0.5.1
set service dns forwarding system
```

## Setup NAT

LAN to WAN:

```bash
set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outband-interface eth0
set nat source rule 10 source address 10.0.5.0/24
set nat source rule 10 translation address masquerade
```

## Setup VRRP

WAN Config:

```bash
set high-availability vrrp group wangroup6 vrid 156
set high-availability vrrp group wangroup6 interface eth0
set high-availability vrrp group wangroup6 address 10.0.17.106/24
```

```bash
# For vyos01
set high-availability vrrp group wangroup6 priority 200
# For vyos02
set high-availability vrrp group wangroup6 priority 100
```

LAN Config:

```bash
set high-availability vrrp group langroup0 vrid 10
set high-availability vrrp group langroup0 interface eth1
set high-availability vrrp group langroup0 address 10.0.5.1/24
```

```bash
# For vyos01
set high-availability vrrp group langroup0 priority 200
# For vyos02
set high-availability vrrp group langroup0 priority 100
```

OPT Config:

```bash
set high-availability vrrp group optgroup0 vrid 20
set high-availability vrrp group optgroup0 interface eth2
set high-availability vrrp group optgroup0 address 10.0.6.1/24
```

```bash
# For vyos01
set high-availability vrrp group optgroup0 priority 200
# For vyos02
set high-availability vrrp group optgroup0 priority 100
```

## Setup Port Forwarding

Below is done on both vyos boxes!

Web Server on port 80 (web01)

```bash
set nat destination rule 20 destination address 10.0.17.106
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.5.100
set nat destination rule 20 translation port 80
set nat destination rule 20 description HTTP->WEB01
```

SSH on port 22 (web01)

```bash
set nat destination rule 30 destination address 10.0.17.106
set nat destination rule 30 destination port 22
set nat destination rule 30 inbound-interface eth0
set nat destination rule 30 protocol tcp
set nat destination rule 30 translation address 10.0.5.100
set nat destination rule 30 translation port 22
set nat destination rule 30 description SSH->WEB01
```

## Adding 2fa to SSH

Follow this guide and stop at the end of step 2 <https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7><br>

The ssh prompt will now look like:

<figure><img src="/files/zMkUJBE93hCVqAahSnBj" alt=""><figcaption></figcaption></figure>

### VYOS01 Config

```bash
set high-availability vrrp group langroup0 address 10.0.5.1/24
set high-availability vrrp group langroup0 interface 'eth1'
set high-availability vrrp group langroup0 priority '200'
set high-availability vrrp group langroup0 vrid '10'
set high-availability vrrp group optgroup0 address 10.0.6.1/24
set high-availability vrrp group optgroup0 interface 'eth2'
set high-availability vrrp group optgroup0 priority '200'
set high-availability vrrp group optgroup0 vrid '20'
set high-availability vrrp group wangroup6 address 10.0.17.106/24
set high-availability vrrp group wangroup6 interface 'eth0'
set high-availability vrrp group wangroup6 priority '200'
set high-availability vrrp group wangroup6 vrid '156'
set interfaces ethernet eth0 address '10.0.17.16/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '10.0.5.2/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth2 address '10.0.6.2/24'
set interfaces ethernet eth2 description 'OPT'
set nat destination rule 20 description 'HTTP->WEB01'
set nat destination rule 20 destination address '10.0.17.106'
set nat destination rule 20 destination port '80'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '10.0.5.100'
set nat destination rule 20 translation port '80'
set nat destination rule 30 description 'SSH->WEB01'
set nat destination rule 30 destination address '10.0.17.106'
set nat destination rule 30 destination port '22'
set nat destination rule 30 inbound-interface 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '10.0.5.100'
set nat destination rule 30 translation port '22'
set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.0.5.0/24'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '10.0.5.0/24'
set service dns forwarding listen-address '10.0.5.1'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'vyos1-paul'
set system name-server '10.0.17.2'
```

### VYOS02 Config

```bash
set high-availability vrrp group langroup0 address 10.0.5.1/24
set high-availability vrrp group langroup0 interface 'eth1'
set high-availability vrrp group langroup0 priority '100'
set high-availability vrrp group langroup0 vrid '10'
set high-availability vrrp group optgroup0 address 10.0.6.1/24
set high-availability vrrp group optgroup0 interface 'eth2'
set high-availability vrrp group optgroup0 priority '100'
set high-availability vrrp group optgroup0 vrid '20'
set high-availability vrrp group wangroup6 address 10.0.17.106/24
set high-availability vrrp group wangroup6 interface 'eth0'
set high-availability vrrp group wangroup6 priority '100'
set high-availability vrrp group wangroup6 vrid '156'
set interfaces ethernet eth0 address '10.0.17.76/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '10.0.5.3/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth2 address '10.0.6.3/24'
set interfaces ethernet eth2 description 'OPT'
set nat destination rule 20 description 'HTTP->WEB01'
set nat destination rule 20 destination address '10.0.17.106'
set nat destination rule 20 destination port '80'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '10.0.5.100'
set nat destination rule 20 translation port '80'
set nat destination rule 30 description 'SSH->WEB01'
set nat destination rule 30 destination address '10.0.17.106'
set nat destination rule 30 destination port '22'
set nat destination rule 30 inbound-interface 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '10.0.5.100'
set nat destination rule 30 translation port '22'
set nat source rule 10 description 'NAT FROM LAN to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.0.5.0/24'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '10.0.5.0/24'
set service dns forwarding listen-address '10.0.5.1'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'vyos2-paul'
set system name-server '10.0.17.2'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://paul-gleason.gitbook.io/champlain-college-classes/sec-440-systems-security/labs/project-1-network-redundancy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.