Firewall Linux and window server
12/2/2014
Deadline: 16,01,2014
1
Contents 1. Allow Only SRV1 can remote SSH into Firewall Server ................................... 3 2. Allow LAN-Client Request IP address ............................................................... 9 3. Allow DNS .......................................................................................................10 A. Firewall Request DNS from ISP ..................................................................10 B. B. Firewall Request DNS in Local ...............................................................11 C. C. SRV1 Request DNS from ISP .................................................................13 D. D. LAN-Client request DNS in Local ..........................................................15 4. Allow LAN-client Join domain and Access file share .......................................16 5. Allow Only PC2 can remote Desktop into SRV1 Server ...................................17 6. Allow LAN-Client access webserver in SRV1 (local) .......................................19 7. Enable POSTROUTING by using Masquerading type ......................................20 8. Allow access internet ........................................................................................20 A. Firewall Server ............................................................................................20 B. B. LAN-Server ............................................................................................20 C. C. LAN-Client .............................................................................................21 A. Make sure PC3 (your real machine) can access Webserver in SRV1. .......22
12/2/2014
9. Enable PREROUTING by using Destination NAT. (optional) ..........................22
2
1. Allow Only SRV1 can remote SSH into Firewall Server We just go to yast lan for configure IP of ISP in Linux firewall
Below the IP address firewall configure
12/2/2014
Below IP address after we configure
3
Configure DNS ISP for firewall
Gateway isp assign for firewall
12/2/2014
We just use ifconfig for show ip address of firewall
4
Test nslookup on firewall get dns from isp
We go to yast -I for install DHCP RELAY for firewall
12/2/2014
We just install relay for firewall for configure two network
5
We can see the Ethernet each interface in firewall
We go to vi /etc/sysconfig/dhcrelay
We just assign each Ethernet
12/2/2014
We use below command for restart service
6
The first before SRV1 can remote to firewall we need to create one file for write IP tables. We just touch fortigat.sh
We just write vi fortigat.sh
Please follow role below
12/2/2014
Server test ping connect to firewall
7
Firewall ping connect to server
Server can remote to firewall after we ping together
12/2/2014
Just assign password of firewall for server SSH remote
8
Server can remote to firewall
2. Allow LAN-Client Request IP address We just vi fortigat.sh for go to configure role allow client request DHCP from server
Please follow ip tables Below is role in firewall
After we configure just run file that we configure
12/2/2014
We just restart service dhcrelay restart
9
Late client for request DHCP from server We use ipconfig /release for release old ip address
We use ipconfig /renew for renew new ip address for client
3. Allow DNS A. Firewall Request DNS from ISP
12/2/2014
Please follow all step
10
Test give firewall can nslookup request DNS from ISP
B. Firewall Request DNS in Local We just vi fortigat.sh for configure allow firewall can request dns from server local
Please follow role below
After we configure just run it by use sh fortigat.sh
12/2/2014
We just go to yast lan for configure IP address of server local
11
12
12/2/2014
C. SRV1 Request DNS from ISP
12/2/2014
Please follow role step below | IP is IP DNS of ISP
13
14
12/2/2014
D. LAN-Client request DNS in Local We just go to configure file by using vi fortigat.sh
12/2/2014
Please follow step below
15
Late client test request DNS from server in local
3. Allow LAN-client Join domain and Access file share Please follow step below
12/2/2014
Test client can join domain
16
Allow client can access file. Please follow step below
4. Allow Only PC2 can remote Desktop into SRV1 Server
12/2/2014
This IP address for assign specific IP address for client remote to server put it on firewall
17
We go to file vi fotigat.sh for configure it
Please follow step below is specific IP address when client remote
We just run service after we configure it
12/2/2014
We just write remote Desktop Connection
18
5. Allow LAN-Client access webserver in SRV1 (local)
12/2/2014
Please follow below step
19
6. Enable POSTROUTING by using Masquerading type Postrouting and IP Masquerading Accepting forwarded packets via the firewall's internal IP device allows LAN nodes to communicate with each other; however they still cannot communicate externally to the Internet.
8. Allow access internet A. Firewall Server Please follow step below
B. LAN-Server
12/2/2014
C. Please follow step below
20
D. LAN-Client
12/2/2014
Please follow step below
21
9. Enable PREROUTING by using Destination NAT. (optional)
12/2/2014
A. Make sure PC3 (your real machine) can access Webserver in SRV1.
22