From a6ad9873b71c63e703ac94dd78c0f64aa6530600 Mon Sep 17 00:00:00 2001 From: vascoalvesxyz Date: Mon, 16 Mar 2026 11:31:13 +0000 Subject: [PATCH] Internal config --- DMZ.sh | 19 +++++++++---- INTERNAL.sh | 79 ++++++++++++++++++----------------------------------- 2 files changed, 41 insertions(+), 57 deletions(-) diff --git a/DMZ.sh b/DMZ.sh index ca08177..52fde7b 100644 --- a/DMZ.sh +++ b/DMZ.sh @@ -4,12 +4,21 @@ # ============================== ip=23.214.219.129 routerIp=23.214.219.254 -dns=23.214.219.129 -dns2=23.214.219.130 -smtp=23.214.219.131 -www=23.214.219.132 mask25=255.255.255.128 +dns=23.214.219.130 +mail=23.214.219.132 +vpn_nw=23.214.219.133 +www=23.214.219.134 +smtp=23.214.219.135 + sudo iptables -F -sudo ifconfig enp0s9 $ip netmask $mask25 +sudo ifconfig enp0s8 $ip netmask $mask25 sudo ip route add default via $routerIp + +nc -l -V $dns 53 +nc -l -V $mail 888 +nc -l -V $vpn_nw 443 +nc -l -V $smtp 587 +nc -l -V $www 80 +nc -l -V $www 443 diff --git a/INTERNAL.sh b/INTERNAL.sh index 87efd3e..36a62e6 100644 --- a/INTERNAL.sh +++ b/INTERNAL.sh @@ -1,58 +1,33 @@ -# NETWORKS: -# DMZ: 23.214.219.128/25 -# Internal: 192.168.10.0/24 -# -# MACHINES: -# DNS2: 192.137.16.75 -# EDEN 193.138.212.1 -dns2="192.137.16.75" -eden="193.138.212.1" - -# ============================== -# Router 1 -# INTERFACES: -# - Internet: 87.248.214.97 -# - DMZ: 23.214.219.254 -# - Internal: 192.168.10.254 -# ============================== - # ============================== -# DMZ -# IP: -# - dns : 23.214.219.129 -# - dns2 : 23.214.219.130 -# - smtp : 23.214.219.131 -# - www : 23.214.219.132 -# - -sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128 -sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128 -sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0 +# INTERNAL +# NETWORK: 192.168.10.0/24 +# ============================== +ip=192.168.10.1 +routerIp=192.168.10.254 +mask24=255.255.255.0 + +ftp=192.168.10.2 +datastore=192.168.10.3 +dhcpClient=192.168.10.4 sudo iptables -F -sudo iptables -t nat -F -sudo iptables -t mangle -F -sudo sysctl -w net.ipv4.ip_forward=1 -iptables -P INPUT DROP -iptables -P FORWARD DROP -iptables -P OUTPUT ACCEPT -sudo iptables -A INPUT -i lo -j ACCEPT -sudo iptables -A OUTPUT -o lo -j ACCEPT -sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE -#DNS name resolution requests sent to outside servers and want a response: //O ip ainda tem de mudar -sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT -#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn -sudo iptables -A FORWARD -p tcp -dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT -#The dns server should be able to resolve names using the internet (and others???) -sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT -sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT -# Apartir daqui foi só para testar se as conecções funcionavam -sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 -# Unsure these will work -sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131 +sudo ifconfig enp0s8 $ip netmask $mask24 +sudo ip route add default via $routerIp +# Dummy Services +nc -l -V $ftp 53 +nc -l -V $datastore 888 -#There might be a need to foward and input to, because of the nat? -#Dont use static ip address for internet related rules -sudo ifconfig enp0s8 23.214.219.129 netmask 255.255.255.128 -sudo ip route add default via 23.214.219.254 \ No newline at end of file +# Test DMZ +dns=23.214.219.130 +mail=23.214.219.132 +vpn_nw=23.214.219.133 +www=23.214.219.134 +smtp=23.214.219.135 +nc -N -V $dns 53 +nc -N -V $mail 888 +nc -N -V $vpn_nw 443 +nc -N -V $smtp 587 +nc -N -V $www 80 +nc -N -V $www 443