Compare commits
3 Commits
73408146b3
...
e570e813d8
| Author | SHA1 | Date | |
|---|---|---|---|
|
e570e813d8 | ||
|
|
a980081af5 | ||
|
|
ad8af6170f |
4
DMZ.sh
4
DMZ.sh
@@ -17,6 +17,10 @@ mailPort=888
|
||||
vpn_gwPort=443
|
||||
wwwPort=587
|
||||
smtpPort=80
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s8 $ip netmask $mask25
|
||||
|
||||
@@ -10,7 +10,10 @@ mask24=255.255.255.0
|
||||
ftp=192.168.10.2
|
||||
datastore=192.168.10.3
|
||||
dhcpClient=192.168.10.4
|
||||
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s8 $ip netmask $mask24
|
||||
sudo ip route add 23.214.219.128/25 via $routerIp
|
||||
|
||||
22
ROUTER.sh
22
ROUTER.sh
@@ -19,8 +19,7 @@ eden="193.138.212.1"
|
||||
# ==============================
|
||||
# DMZ /25
|
||||
# IP:
|
||||
# - dns : 23.214.219.129
|
||||
# - dns2 : 23.214.219.130
|
||||
# - dns : 23.214.219.130
|
||||
# - smtp : 23.214.219.131
|
||||
# - www : 23.214.219.132
|
||||
# - vpn-gw: 23.214.219.133
|
||||
@@ -38,7 +37,11 @@ sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
|
||||
sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.0
|
||||
sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
|
||||
|
||||
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo systemctl enable iptables
|
||||
sudo iptables -F
|
||||
sudo iptables -t nat -F
|
||||
sudo iptables -t mangle -F
|
||||
@@ -55,13 +58,13 @@ sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHE
|
||||
sudo iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#The dns server should be able to resolve names using the internet (and others???)
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.129 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -i enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -d 193.137.16.75 -p tcp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.129 -p tcp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.130 -p tcp --dport 53 -j ACCEPT
|
||||
#SMTP connections to the smtp server and returns
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
@@ -74,7 +77,10 @@ sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
|
||||
#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.1 -p tcp --dport ftp -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.2 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -j ACCEPT
|
||||
# Apartir daqui foi só para testar se as conecções funcionavam
|
||||
sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22
|
||||
sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.130 -p tcp --sport 22
|
||||
# Unsure these will work
|
||||
sudo iptables -A FORWARD -i enp0s9 -d 23.214.219.131
|
||||
|
||||
BIN
relatorio.pdf
BIN
relatorio.pdf
Binary file not shown.
BIN
relatorio.synctex.gz
Normal file
BIN
relatorio.synctex.gz
Normal file
Binary file not shown.
@@ -16,6 +16,7 @@
|
||||
\section{Introduction}
|
||||
|
||||
\section{Firewall}
|
||||
Sigmasigmaboy123
|
||||
\subsection{Packet fileter with NAT}
|
||||
\subsection{Packet filtering without NAT}
|
||||
\subsection{External Network}
|
||||
|
||||
Reference in New Issue
Block a user