Auftrag 7.5: Projekt Proxmox realisieren
LAN Switch und DMZ Switch
Install OVS
apt update
apt install openvswitch-switchKonfigurieren
VYOS VM Erstellen
Anmelden mit den folgenden Anmeldedaten:
Username: vyos
Password: vyos
install image
Interface Konfiguration
WAN, DMZ und LAN herausfinden und Konfigurieren
Kontrollieren welches Interface wohin geht (Mit Proxmox abgleichen):
show interfaces
configure
set interface ethernet eth0 address '213.167.226.172/24'
set interface ethernet eth0 description 'WAN'
set interface ethernet eth1 address '192.168.1.1/24'
set interface ethernet eth1 description 'LAN'
set interface ethernet eth2 address '192.168.2.1/24'
set interface ethernet eth2 description 'DMZ'
set protocols static route 0.0.0.0/0 next-hop 213.167.226.1
commit
saveNAT
configure
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.1.0/24'
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name 'eth0'
set nat source rule 101 source address '192.168.2.0/24'
set nat source rule 101 translation address masquerade
commit
saveSSH
configure
set service ssh port 22
commit
saveFirewall
configure
# Erstellen der Firewall Regeln
##############################################################
## LOCAL --> LAN
set firewall ipv4 name local-lan default-action accept
## LOCAL --> WAN
set firewall ipv4 name local-wan default-action accept
## LOCAL --> DMZ
set firewall ipv4 name local-dmz default-action accept
##############################################################
## LAN --> LOCAL
set firewall ipv4 name lan-local default-action drop
set firewall ipv4 name lan-local rule 10 action accept
set firewall ipv4 name lan-local rule 10 state established
set firewall ipv4 name lan-local rule 10 state related
set firewall ipv4 name lan-local rule 11 action accept
set firewall ipv4 name lan-local rule 11 destination port 22
set firewall ipv4 name lan-local rule 11 protocol tcp
## LAN --> WAN
set firewall ipv4 name lan-wan default-action accept
## LAN --> DMZ
set firewall ipv4 name lan-dmz default-action accept
##############################################################
## WAN --> LOCAL
set firewall ipv4 name wan-local default-action drop
set firewall ipv4 name wan-local rule 10 action accept
set firewall ipv4 name wan-local rule 10 state established
set firewall ipv4 name wan-local rule 10 state related
set firewall ipv4 name wan-local rule 11 action accept
set firewall ipv4 name wan-local rule 11 destination port 22
set firewall ipv4 name wan-local rule 11 protocol tcp
## WAN --> LAN
set firewall ipv4 name wan-lan default-action drop
set firewall ipv4 name wan-lan rule 10 action accept
set firewall ipv4 name wan-lan rule 10 state established
set firewall ipv4 name wan-lan rule 10 state related
## WAN --> DMZ
set firewall ipv4 name wan-dmz default-action drop
set firewall ipv4 name wan-dmz rule 10 action accept
set firewall ipv4 name wan-dmz rule 10 state established
set firewall ipv4 name wan-dmz rule 10 state related
##############################################################
## DMZ --> LOCAL
set firewall ipv4 name dmz-local default-action drop
set firewall ipv4 name dmz-local rule 10 action accept
set firewall ipv4 name dmz-local rule 10 state established
set firewall ipv4 name dmz-local rule 10 state related
## DMZ --> LAN
set firewall ipv4 name dmz-lan default-action drop
set firewall ipv4 name dmz-lan rule 10 action accept
set firewall ipv4 name dmz-lan rule 10 state established
set firewall ipv4 name dmz-lan rule 10 state related
## DMZ --> WAN
set firewall ipv4 name dmz-wan default-action accept
set firewall ipv4 name dmz-wan rule 10 action accept
set firewall ipv4 name dmz-wan rule 10 state established
set firewall ipv4 name dmz-wan rule 10 state related
##############################################################
# Erstellen der vier benötigten Zonen (LOCAL, LAN, WAN, DMZ)
set firewall zone local local-zone
set firewall zone local from wan firewall name wan-local
set firewall zone local from lan firewall name lan-local
set firewall zone local from dmz firewall name dmz-local
set firewall zone wan interface eth0
set firewall zone wan from local firewall name local-wan
set firewall zone wan from lan firewall name lan-wan
set firewall zone wan from dmz firewall name dmz-wan
set firewall zone lan interface eth1
set firewall zone lan from local firewall name local-lan
set firewall zone lan from wan firewall name wan-lan
set firewall zone lan from dmz firewall name dmz-lan
set firewall zone dmz interface eth2
set firewall zone dmz from local firewall name local-dmz
set firewall zone dmz from wan firewall name wan-dmz
set firewall zone dmz from lan firewall name lan-dmz
commit
savePort Forwarding
############################################################################################################
set nat destination rule 70 description 'Port Forward public HTTP to 192.168.2.10'
set nat destination rule 70 inbound-interface name 'eth0'
set nat destination rule 70 translation address '192.168.2.10'
set nat destination rule 70 destination port '80'
set nat destination rule 70 translation port '80'
set nat destination rule 70 protocol 'tcp'
set firewall ipv4 name wan-local rule 70 description 'Allow Port Forward public HTTP to 192.168.2.10'
set firewall ipv4 name wan-local rule 70 action 'accept'
set firewall ipv4 name wan-local rule 70 destination port '80'
set firewall ipv4 name wan-local rule 70 protocol 'tcp'
############################################################################################################
set nat destination rule 71 description 'Port Forward public HTTP to 192.168.2.11'
set nat destination rule 71 inbound-interface name 'eth0'
set nat destination rule 71 translation address '192.168.2.11'
set nat destination rule 71 destination port '80'
set nat destination rule 71 translation port '81'
set nat destination rule 71 protocol 'tcp'
set firewall ipv4 name wan-local rule 71 description 'Allow Port Forward public HTTP to 192.168.2.11'
set firewall ipv4 name wan-local rule 71 action 'accept'
set firewall ipv4 name wan-local rule 71 destination port '81'
set firewall ipv4 name wan-local rule 71 protocol 'tcp'
############################################################################################################
commit
save