Merge branch 'main' of https://git.vascoalves.xyz/vasco/FSI

DMZ.sh

@@ -17,6 +17,10 @@ mailPort=888
 vpn_gwPort=443
 wwwPort=587
 smtpPort=80
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
 
 sudo iptables -F
 sudo ifconfig enp0s8 $ip netmask $mask25

INTERNAL.sh

@@ -10,7 +10,10 @@ mask24=255.255.255.0
 ftp=192.168.10.2
 datastore=192.168.10.3
 dhcpClient=192.168.10.4
-
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
 sudo iptables -F
 sudo ifconfig enp0s8 $ip netmask $mask24
 sudo ip route add 23.214.219.128/25 via $routerIp

ROUTER.sh

@@ -19,8 +19,7 @@ eden="193.138.212.1"
 # ==============================
 # DMZ /25
 # IP:
-# - dns : 23.214.219.129
+# - dns : 23.214.219.130
-# - dns2 : 23.214.219.130
 # - smtp : 23.214.219.131
 # - www : 23.214.219.132
 # - vpn-gw: 23.214.219.133
@@ -38,7 +37,11 @@ sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
 sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.0
 sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
 
-
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
 sudo iptables -F
 sudo iptables -t nat -F
 sudo iptables -t mangle -F
@@ -55,13 +58,13 @@ sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHE
 sudo iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
 sudo iptables -A FORWARD -i enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
 #The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
 #The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.129 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -i enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
 #The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
 sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -d 193.137.16.75 -p tcp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.129 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.130 -p tcp --dport 53 -j ACCEPT
 #SMTP connections to the smtp server and returns
 sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
 sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
@@ -74,7 +77,10 @@ sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state
 sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
 sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
 #VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.1 -p tcp --dport ftp -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.2 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -j ACCEPT
 # Apartir daqui foi só para testar se as conecções funcionavam
-sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 
+sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.130 -p tcp --sport 22 
 # Unsure these will work
 sudo iptables -A FORWARD -i enp0s9 -d 23.214.219.131

relatorio.tex

@@ -16,6 +16,7 @@
 \section{Introduction}
 
 \section{Firewall}
+Sigmasigmaboy123
 \subsection{Packet fileter with NAT}
 \subsection{Packet filtering without NAT}
 \subsection{External Network}