Auftrag 7.5: Projekt Proxmox realisieren

LAN Switch und DMZ Switch

Install OVS

apt update
apt install openvswitch-switch

Konfigurieren

VYOS VM Erstellen

Anmelden mit den folgenden Anmeldedaten:

Username: vyos
Password: vyos

install image

Interface Konfiguration

WAN, DMZ und LAN herausfinden und Konfigurieren

Kontrollieren welches Interface wohin geht (Mit Proxmox abgleichen):

show interfaces

configure
set interface ethernet eth0 address '213.167.226.172/24'
set interface ethernet eth0 description 'WAN'
set interface ethernet eth1 address '192.168.1.1/24'
set interface ethernet eth1 description 'LAN'
set interface ethernet eth1 address '192.168.2.1/24'
set interface ethernet eth1 description 'DMZ'
set protocols static route 0.0.0.0/0 next-hop 213.167.226.1
commit 
save

NAT

configure
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.1.0/24'
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name 'eth0'
set nat source rule 101 source address '192.168.2.0/24'
set nat source rule 101 translation address masquerade
commit
save

SSH

configure
set service ssh port 22
commit
save

Firewall

configure
# Erstellen der Firewall Regeln
##############################################################
## LOCAL --> LAN
set firewall ipv4 name local-lan default-action accept

## LOCAL --> WAN
set firewall ipv4 name local-wan default-action accept

## LOCAL --> DMZ
set firewall ipv4 name local-dmz default-action accept
##############################################################
## LAN --> LOCAL
set firewall ipv4 name lan-local default-action drop
set firewall ipv4 name wan-local rule 10 action accept
set firewall ipv4 name wan-local rule 10 state established
set firewall ipv4 name wan-local rule 10 state related
set firewall ipv4 name lan-local rule 11 action accept
set firewall ipv4 name lan-local rule 11 destination port 22
set firewall ipv4 name lan-local rule 11 protocol tcp

## LAN --> WAN
set firewall ipv4 name lan-wan default-action accept

## LAN --> DMZ
set firewall ipv4 name lan-dmz default-action accept
##############################################################
## WAN --> LOCAL
set firewall ipv4 name wan-local default-action drop
set firewall ipv4 name wan-local rule 10 action accept
set firewall ipv4 name wan-local rule 10 state established
set firewall ipv4 name wan-local rule 10 state related
set firewall ipv4 name wan-local rule 11 action accept
set firewall ipv4 name wan-local rule 11 destination port 22
set firewall ipv4 name wan-local rule 11 protocol tcp

## WAN --> LAN
set firewall ipv4 name wan-lan default-action drop
set firewall ipv4 name wan-lan rule 10 action accept
set firewall ipv4 name wan-lan rule 10 state established
set firewall ipv4 name wan-lan rule 10 state related

## WAN --> DMZ
set firewall ipv4 name wan-dmz default-action drop
set firewall ipv4 name wan-dmz rule 10 action accept
set firewall ipv4 name wan-dmz rule 10 state established
set firewall ipv4 name wan-dmz rule 10 state related
##############################################################
## DMZ --> LOCAL
set firewall ipv4 name dmz-local default-action drop
set firewall ipv4 name dmz-local rule 10 action accept
set firewall ipv4 name dmz-local rule 10 state established
set firewall ipv4 name dmz-local rule 10 state related

## DMZ --> LAN
set firewall ipv4 name dmz-lan default-action drop
set firewall ipv4 name dmz-lan rule 10 action accept
set firewall ipv4 name dmz-lan rule 10 state established
set firewall ipv4 name dmz-lan rule 10 state related

## DMZ --> WAN
set firewall ipv4 name dmz-wan default-action accept
set firewall ipv4 name dmz-wan rule 10 action accept
set firewall ipv4 name dmz-wan rule 10 state established
set firewall ipv4 name dmz-wan rule 10 state related
##############################################################

# Erstellen der drei benötigten Zonen (LOCAL, LAN, WAN, DMZ)
set firewall zone local local-zone
set firewall zone local from wan firewall name wan-local
set firewall zone local from lan firewall name lan-local
set firewall zone local from dmz firewall name dmz-local

set firewall zone wan interface eth0
set firewall zone wan from local firewall name local-wan
set firewall zone wan from lan firewall name lan-wan
set firewall zone wan from dmz firewall name dmz-wan

set firewall zone lan interface eth1
set firewall zone lan from local firewall name local-lan
set firewall zone lan from wan firewall name wan-lan
set firewall zone lan from dmz firewall name dmz-lan

set firewall zone dmz interface eth2
set firewall zone dmz from local firewall name local-dmz
set firewall zone dmz from wan firewall name wan-dmz
set firewall zone dmz from lan firewall name lan-dmz

commit
save