Auftrag 7.5: Projekt Proxmox realisieren
LAN Switch und DMZ Switch
Install OVS
apt update
apt install openvswitch-switchKonfigurieren
VYOS VM Erstellen
Anmelden mit den folgenden Anmeldedaten:
Username: vyos
Password: vyos
install image
Interface Konfiguration
WAN, DMZ und LAN herausfinden und Konfigurieren
Kontrollieren welches Interface wohin geht (Mit Proxmox abgleichen):
show interfaces
configure
set interface ethernet eth0 address '213.167.226.172/24'
set interface ethernet eth0 description 'WAN'
set interface ethernet eth1 address '192.168.1.1/24'
set interface ethernet eth1 description 'LAN'
set interface ethernet eth1 address '192.168.2.1/24'
set interface ethernet eth1 description 'DMZ'
set protocols static route 0.0.0.0/0 next-hop 213.167.226.1
commit
saveNAT
configure
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.1.0/24'
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name 'eth0'
set nat source rule 101 source address '192.168.2.0/24'
set nat source rule 101 translation address masquerade
commit
saveSSH
configure
set service ssh port 22
commit
saveFirewall
configure
# Erstellen der Firewall Regeln
set firewall ipv4 name local-lan default-action accept
set firewall ipv4 name local-wan default-action accept
set firewall ipv4 name local-dmz default-action accept
set firewall ipv4 name lan-local default-action drop
set firewall ipv4 name lan-local rule 10 action accept
set firewall ipv4 name lan-local rule 10 destination port 22
set firewall ipv4 name lan-local rule 10 protocol tcp
set firewall ipv4 name lan-wan default-action accept
set firewall ipv4 name lan-dmz default-action accept
set firewall ipv4 name wan-local default-action drop
set firewall ipv4 name wan-lan default-action drop
set firewall ipv4 name wan-lan rule 10 action accept
set firewall ipv4 name wan-lan rule 10 state established
set firewall ipv4 name wan-lan rule 10 state related
set firewall ipv4 name wan-dmz default-action drop
set firewall ipv4 name wan-dmz rule 10 action accept
set firewall ipv4 name wan-dmz rule 10 state established
set firewall ipv4 name wan-dmz rule 10 state related
set firewall ipv4 name dmz-local default-action drop
set firewall ipv4 name dmz-lan default-action drop
set firewall ipv4 name dmz-wan default-action accept
commit
save
configure
# Erstellen der drei benötigten Zonen (LOCAL, LAN, WAN, DMZ)
set firewall zone local local-zone
set firewall zone local from wan firewall name wan-local
set firewall zone local from lan firewall name lan-local
set firewall zone local from dmz firewall name dmz-local
set firewall zone wan interface eth0
set firewall zone wan from local firewall name local-wan
set firewall zone wan from lan firewall name lan-wan
set firewall zone wan from dmz firewall name dmz-wan
set firewall zone lan interface eth1
set firewall zone lan from local firewall name local-lan
set firewall zone lan from wan firewall name wan-lan
set firewall zone lan from dmz firewall name dmz-lan
set firewall zone dmz interface eth2
set firewall zone dmz from local firewall name local-dmz
set firewall zone dmz from wan firewall name wan-dmz
set firewall zone dmz from lan firewall name lan-dmz
commit
save