Skip to main content

Auftrag 4.3: Virtuelle Netzwerkumgebung realisieren

Aufgabenstellung

Bauen Sie das folgende virtuelle Netzwerk auf Ihrem ESXi Server auf:

image.png

Aufbau

ESXI Netzwerk anpassungen (Neuer vSwitch und dazugehörige Port Gruppe erstellen):

image.png

image.png

VM Konfiguration

Hardware

image.png

Permanente Installation

Username: vyos
Passwort: vyos

image.png

install image

image.png

image.png

Interface Konfiguration

WAN und LAN herausfinden und Konfigurieren

Kontrollieren welches Interface wohin geht (Mit ESXI abgleichen):

show interfaces

image.png

image.png

eth0 = WAN
eth1 = LAN

configure
set interface ethernet eth0 address '213.167.226.36.24'
set interface ethernet eth0 description 'OUTSIDE'
set interface ethernet eth1 address '10.1.1.1/24'
set interface ethernet eth1 description 'INSIDE'
set protocols static route 0.0.0.0/0 next-hop 213.167.226.1
commit 
save

image.png

NAT
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '10.1.1.0/24'
set nat source rule 100 translation address masquerade

image.png

Firewall (Optional)
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
set firewall name OUTSIDE-IN rule 10 state established 'enable'
set firewall name OUTSIDE-IN rule 10 state related 'enable'

set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable

set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'

commit
save
Port Forwarding (Optional)
# Public iface: eth0
# Public subnet: 213.167.226.0/24
# Private iface: eth1
# Private subnet: 10.1.1.0/24
set nat destination rule 70 description 'Port Forward public ssh port 22 to bastion 192.168.16.12 port 22'
set nat destination rule 70 inbound-interface 'eth0'
set nat destination rule 70 translation address '10.1.1.2'
set nat destination rule 70 destination port '3389'
set nat destination rule 70 translation port '3389'
set nat destination rule 70 protocol 'tcp'

# With Firewall
set firewall name OUTSIDE-IN rule 71 description 'Allow Port Forward public ssh port 22 to bastion 192.168.16.12 port 22'
set firewall name OUTSIDE-IN rule 71 action 'accept'
set firewall name OUTSIDE-IN rule 71 destination address '192.168.10.1.139'1.2'
set firewall name OUTSIDE-IN rule 71 destination port '22'3389'
set firewall name OUTSIDE-IN rule 71 protocol 'tcp'
set firewall name OUTSIDE-IN rule 71 state new 'enable'
 

 

Back to top