Skip to main content

Auftrag 4.3: Virtuelle Netzwerkumgebung realisieren

Aufgabenstellung

Bauen Sie das folgende virtuelle Netzwerk auf Ihrem ESXi Server auf:

image.png

Aufbau

ESXI Netzwerk anpassungen (Neuer vSwitch und dazugehörige Port Gruppe erstellen):

image.png

image.png

VM Konfiguration

Hardware

image.png

Permanente Installation

Username: vyos
Passwort: vyos

image.png

install image

image.png

image.png

Interface Konfiguration

WAN und LAN herausfinden und Konfigurieren

Kontrollieren welches Interface wohin geht (Mit ESXI abgleichen):

show interfaces

image.png

image.png

eth0 = WAN
eth1 = LAN

configure
set interface ethernet eth0 address '213.167.226.36/24'
set interface ethernet eth0 description 'OUTSIDE'
set interface ethernet eth1 address '10.1.1.1/24'
set interface ethernet eth1 description 'INSIDE'
set protocols static route 0.0.0.0/0 next-hop 213.167.226.1
commit 
save

image.png

NAT
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '10.1.1.0/24'
set nat source rule 100 translation address masquerade

image.png

Firewall (Optional)
setconfigure
firewall# ipv4Erstellen nameder OUTSIDE-INFirewall default-action 'drop'Regeln
set firewall ipv4 name OUTSIDE-INlocal-lan rule 10 default-action 'accept'accept
set firewall ipv4 name OUTSIDE-INlocal-wan default-action accept

set firewall ipv4 name lan-local default-action drop
set firewall ipv4 name lan-local rule 10 action accept
set firewall ipv4 name lan-local rule 10 destination port 22
set firewall ipv4 name lan-local rule 10 protocol tcp
set firewall ipv4 name lan-wan default-action accept

set firewall ipv4 name wan-local default-action drop
set firewall ipv4 name wan-lan default-action drop
set firewall ipv4 name wan-lan rule 10 action accept
set firewall ipv4 name wan-lan rule 10 state established
'enable'set firewall ipv4 name wan-lan rule 10 state related
set firewall ipv4 name OUTSIDE-INwan-lan rule 1020 stateaction related 'enable'accept
set firewall ipv4 name OUTSIDE-LOCALwan-lan default-actionrule 'drop'20 destination port 3389
set firewall ipv4 name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall ipv4 name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall ipv4 name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall ipv4 name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall ipv4 name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall ipv4 name OUTSIDE-LOCALwan-lan rule 20 protocol 'icmp'
set firewall ipv4 name OUTSIDE-LOCAL rule 20 state new 'enable

set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'tcp
commit
save
Port Forwarding (Optional)
# Public iface: eth0
# Public subnet: 213.167.226.0/24
# Private iface: eth1
# Private subnet: 10.1.1.0/24
set nat destination rule 70 description 'Port Forward public ssh port 22 to bastion 192.168.16.12 port 22'
set nat destination rule 70 inbound-interface name 'eth0'
set nat destination rule 70 translation address '10.1.1.2'
set nat destination rule 70 destination port '3389'
set nat destination rule 70 translation port '3389'
set nat destination rule 70 protocol 'tcp'

# With Firewall
set firewall ipv4 name OUTSIDE-IN rule 71 description 'Allow Port Forward public ssh port 22 to bastion 192.168.16.12 port 22'
set firewall ipv4 name OUTSIDE-IN rule 71 action 'accept'
set firewall ipv4 name OUTSIDE-IN rule 71 destination address '10.1.1.2'
set firewall ipv4 name OUTSIDE-IN rule 71 destination port '3389'
set firewall ipv4 name OUTSIDE-IN rule 71 protocol 'tcp'
set firewall ipv4 name OUTSIDE-IN rule 71 state new 'enable'

Back to top