# Lab 1.1: Routing and DMZ (VYOS/LOG) ### Summary During this lab we started to configure fw01, log01, rw01, web01. ### VYOS #### Version Control: To change VYOS rules and save: ```bash configure commit save ``` #### hostname: ```bash set system host-name ``` #### interfaces: Description: ```bash set interfaces ethernet description ``` Set IP: ```bash set interfaces ethernet address / ``` #### gateway/route: Command below will route all traffic to the gateway ip: ```bash set protocols static route 0.0.0.0/0 next-hop ``` #### dns: ```bash set system name-server ``` #### nat: ```bash set nat source rule 10 description set nat source rule 10 outbound-interface set nat source rule 10 source address / set nat source rule 10 translation address masquerade ``` #### dns forwarding: Below allows listening address to reslove requests from the allowed IP or Network ```bash set service dns forwarding listen-address set service dns forwarding allow-from / set service dns forwarding system ``` ### SYSLOG #### Server * Install syslog ```bash sudo yum install rsyslog ``` * Allow 514 tcp and udp. Example below if for firewalld systems ```bash firewall-cmd --permanent --zone=public --add-port=514/tcp firewall-cmd --permanent --zone=public --add-port=514/udp firewall-cmd --reload ``` * Now configure the rsyslog.conf ```bash sudo vi /etc/rsyslog.conf ```

/etc/rsyslog.conf

* Restart and enable rsyslog.service ```bash sudo systemctl restart rsyslog.service sudo systemctl enable rsyslog.service ``` * Once you setup the client you will be able to see the client test with: ```bash sudo tail -f /var/log/messages ``` #### Client * Install syslog ```bash sudo yum install rsyslog ``` * Allow 514 tcp and udp. Example below if for firewalld systems ```bash firewall-cmd --permanent --zone=public --add-port=514/tcp firewall-cmd --permanent --zone=public --add-port=514/udp firewall-cmd --reload ``` * Make/edit the file `/etc/rsyslog.d/sec350.conf` ```bash sudo vi /etc/rsyslog.d/sec350.conf ``` * Add the line ```bash user.notice @ ``` * To test the logger: ```bash logger -t test TESTTOLOG ``` * Now do step 5 of server and it should show a message like this:
### Notes #### VYOS Config after this lab: ```bash set interfaces ethernet eth0 address '10.0.17.127/24' set interfaces ethernet eth0 description 'SEC350-WAN' set interfaces ethernet eth1 address '172.16.50.2/29' set interfaces ethernet eth1 description 'PAUL-DMZ' set interfaces ethernet eth2 address '172.16.150.2/24' set interfaces ethernet eth2 description 'PAUL-LAN' set nat source rule 10 description 'NAT FROM DMZ to WAN' set nat source rule 10 outbound-interface 'eth0' set nat source rule 10 source address '172.16.50.0/29' set nat source rule 10 translation address 'masquerade' set protocols static route 0.0.0.0/0 next-hop 10.0.17.2 set service dns forwarding allow-from '172.16.50.0/29' set service dns forwarding listen-address '172.16.50.2' set service dns forwarding system set service ssh listen-address '0.0.0.0' set system host-name 'fw1-paul' set system name-server '10.0.17.2' ``` #### VYOS Change User passwd: ```bash set system login user vyos authentication plaintext-password ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://paul-gleason.gitbook.io/sec-350-enterprise-and-network-security-controls-1/labs/lab-1.1-routing-and-dmz-vyos-log.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.