During this lab we started to configure fw01, log01, rw01, web01.
VYOS
Version Control:
To change VYOS rules and save:
configure
<Enter Commands>
commit
save
hostname:
set system host-name <HOSTNAME>
interfaces:
Description:
set interfaces ethernet <ADAPTER> description <DESCRIPTION>
Set IP:
set interfaces ethernet <ADAPTER> address <IP ADDRESS>/<SUBNET>
gateway/route:
Command below will route all traffic to the gateway ip:
set protocols static route 0.0.0.0/0 next-hop <GATEWAY>
dns:
set system name-server <NAME SERVER IP>
nat:
set nat source rule 10 description <DESCRIPTION>
set nat source rule 10 outbound-interface <ADAPTER>
set nat source rule 10 source address <IP OR NETWORK>/<SUBNET>
set nat source rule 10 translation address masquerade
dns forwarding:
Below allows listening address to reslove requests from the allowed IP or Network
set service dns forwarding listen-address <LISTENING IP>
set service dns forwarding allow-from <IP OR NETWORK>/<SUBNET>
set service dns forwarding system
SYSLOG
Server
Install syslog
sudo yum install rsyslog
Allow 514 tcp and udp. Example below if for firewalld systems
Now do step 5 of server and it should show a message like this:
Notes
VYOS Config after this lab:
set interfaces ethernet eth0 address '10.0.17.127/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'PAUL-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'PAUL-LAN'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding listen-address '172.16.50.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw1-paul'
set system name-server '10.0.17.2'