lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/labs/week03/lab3.1-segmentation-1.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

80 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Lab 3.1 Segmentation 1
In this lab, we are going to segment our network by adding a new firewall and a new network (MGMT). We will retire our log01 server and replace it with a new server on the MGMT network.
___
# if you got this far...you can shutdown log01. this machine is no longer needed
- shutdown log01
- On web01, remove your rsyslog dropin configuration from `/etc/rsyslog.d` (comment out the `user.notice` and `authpriv.*` lines)
- On fw01, remove syslog host setting from configuration: `delete system syslog host 172.16.50.5`
___
## configure wks01 (LAN)
- IP Address: 172.16.150.50\24
- Gateway: 172.16.150.2
- DNS: 172.16.150.2
## fw01 - create a rule for NAT from MGMT to WAN
```
set nat source rule 30 description "NAT FROM MGMT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade
```
## fw-mgmt
![image](../../../assets/e9fe5785-ef2b-4efa-9cc2-f10c25cc9476.png) \
Configure your fw-mgmt firewall's hostname with interface descriptions and interface addresses:
- eth0: LAN- 172.16.150.3/24
- eth1: MGMT- 172.16.200.2/28 (NOTE: MGMT is using a /28!)
```
set interfaces ethernet eth0 description LAN
set interfaces ethernet eth1 description MGMT
set interfaces ethernet eth0 address 172.16.150.3/24
set interfaces ethernet eth1 address 172.16.200.2/28
```
![image](../../../assets/68f108b9-2a62-4575-9614-c2ec286093ad.png)
Set the following:
- gateway next-hop: `set protocols static route 0.0.0.0/0 next-hop 172.16.150.2`
- name server to your fw01s LAN interface address: `set system name-server 172.16.150.2`
- dns forwarding such that requests are allowed from your management subnet and management interface.
```
set service dns forwarding listen-address 172.16.200.2
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding system
```
## configure mgmt02 (MGMT)
- IP Address: 172.16.200.11/28
- Gateway: 172.16.200.2
- DNS: 172.16.200.2
## RIP on FW1 and FW-MGMT
fw01
```
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
```
fw-mgmt
```
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
```
## configure jump | wazuh-charlotte (MGMT)
- IP: 172.16.200.10/28
- Gateway: 172.16.200.2
- DNS: 172.16.200.2
### netplan configuration (an alternative to nmtui)
/etc/netplan/00-installer-config.yaml is the config file
![image](../../../assets/fee62fbf-d5a3-4564-a8a4-2c09ee5e3a9e.png)
`sudo netplan apply`
`sudo hostnamectl hostname wazuh-charlotte`
View git blame Copy permalink