diff --git a/DMZ.sh b/DMZ.sh index faedec3..252e151 100644 --- a/DMZ.sh +++ b/DMZ.sh @@ -7,10 +7,10 @@ routerIp=23.214.219.254 mask25=255.255.255.128 dns=23.214.219.130 -mail=23.214.219.132 -vpn_gw=23.214.219.133 -www=23.214.219.134 -smtp=23.214.219.135 +mail=23.214.219.131 +vpn_gw=23.214.219.132 +www=23.214.219.133 +smtp=23.214.219.134 dnsPort=53 mailPort=888 @@ -26,7 +26,7 @@ sudo systemctl enable iptables sudo iptables -F sudo ifconfig enp0s8 $ip netmask $mask25 sudo ip route add 192.168.10.0/24 via $routerIp - +sudo add default gw $routerIp # alias dos ips sudo ip addr add $dns dev enp0s8 sudo ip addr add $mail dev enp0s8 diff --git a/INTERNAL.sh b/INTERNAL.sh index bc068dd..960488a 100644 --- a/INTERNAL.sh +++ b/INTERNAL.sh @@ -18,7 +18,7 @@ sudo systemctl enable iptables sudo iptables -F sudo ifconfig enp0s8 $ip netmask $mask24 sudo ip route add 23.214.219.128/25 via $routerIp - +sudo add default gw $routerIp # aliasing sudo ip addr add $ftp dev enp0s8 sudo ip addr add $datastore dev enp0s8 diff --git a/ROUTER.sh b/ROUTER.sh index 24305d0..46875ee 100644 --- a/ROUTER.sh +++ b/ROUTER.sh @@ -29,9 +29,9 @@ eden="193.138.212.1" # ============================== # Internal # IP: -# ftp: 192.168.10.1 -# datastore : 192.168.10.2 -# DHCP Client : 192.168.10.3-5 +# ftp: 192.168.10.2 +# datastore : 192.168.10.3 +# DHCP Client : 192.168.10.4-5 # ============================== sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128 @@ -60,14 +60,14 @@ sudo iptables -A INPUT -i enp0s10 -p udp --sport 53 -j ACCEPT sudo iptables -A INPUT -i enp0s9 -p tcp --sport 22 -j ACCEPT #TESTED sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --sport 22 -j ACCEPT #TESTED #The dns server should be able to resolve names using the internet (and others???) -sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --sport 53 -j ACCEPT #NEED to test +sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --sport 53 -j ACCEPT #NEED to test !! #The internal network should be able to send and recieve dns name resolutions to the dns server (1!) sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --sport 53 -j ACCEPT #CORRECT AND TESTED WILL ACTIVATE WHEN YOU SEND FROM ENP0S9 to ENP0S8 sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US #The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53) -sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --sport 53 -j ACCEPT +sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --sport 53 -j ACCEPT #NEED to test !! #SMTP connections to the smtp server and returns -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --sport 587 -j ACCEPT #Changed +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --sport 587 -j ACCEPT #Doesnt work because we didnt change the dmz file #sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT #POP and IMAP connections to the www server sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --sport 143 -j ACCEPT #Changed @@ -81,14 +81,14 @@ sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --sport 44 sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --sport 1194 -j ACCEPT #Changed #sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT #VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore -sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.1 -j ACCEPT sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT +sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT #FTP da internet WORRIED -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.1 -p tcp --sport 21 -j ACCEPT #Changed +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --sport 21 -j ACCEPT #Changed sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED #SSH CONNECTIONS datastore server but only from eden or dn2 -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -s $dns2 -p tcp --sport 22 -j ACCEPT -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -s $eden -p tcp --sport 22 -j ACCEPT +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --sport 22 -j ACCEPT +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --sport 22 -j ACCEPT #enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --sport 53 -j ACCEPT sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 80 -j ACCEPT