防火墙综合实验
网络实验
防火墙综合实验
网络实验

防火墙综合实验

Net1

#Net1 准备工作

[root@Net1 sbin]#hostnamectl set-hostnamehostname Net1

[root@Net1 sbin]#apt install nginx
listen 9527 default_server;
listen [::]:9527 default_server;
[root@Net1 sbin]#systemctl restart nginx
[root@Net1 sbin]#ss -ntlp |grep nginx
LISTEN    0         511                0.0.0.0:9527             0.0.0.0:*        users:(("nginx",pid=23002,fd=6),("nginx",pid=23001,fd=6),("ngin",pid=23000,fd=6))
LISTEN    0         511                   [::]:9527                [::]:*        users:(("nginx",pid=23002,fd=7),("nginx",pid=23001,fd=7),("ngin",pid=23000,fd=7))
[root@Net1 sbin]#vim /var/www/html/index.nginx-debian.html 
welcome Net1

[root@Net1 sbin]#vim /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
      - 192.168.0.6/24
      gateway4: 192.168.0.8
      nameservers:
        addresses: [192.168.0.8]
[root@Net1 sbin]#netplan apply 


#Net1实现端口转发
[root@Net1 sbin]#iptables -t nat -R PREROUTING 1 -p tcp --dport 80 -j REDIRECT --to-ports 9527

Net2

#Net2 准备工作

[root@Net2 ~]#hostnamectl set-hostname Net2

[root@Net2 ~]#apt install nginx
[root@Net2 ~]#vim /etc/nginx/sites-enabled/default 
    listen 81 default_server;
    listen [::]:81 default_server;
[root@Net2 ~]#systemctl restart nginx
[root@Net2 ~]#ss -ntlp |grep nginx
LISTEN    0         511                0.0.0.0:81               0.0.0.0:*        users:(("nginx",pid=23246,fd=6),("nginx",pid=23245,fd=6),("ngin",pid=23244,fd=6))
LISTEN    0         511                   [::]:81                  [::]:*        users:(("nginx",pid=23246,fd=7),("nginx",pid=23245,fd=7),("ngin",pid=23244,fd=7))
[root@Net2 ~]#vim /var/www/html/index.nginx-debian.html 
welcome Net2

[root@Net2 ~]#vim /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
      - 172.16.0.7/24
      gateway4: 172.16.0.18
      nameservers:
        addresses: [172.16.0.18]
[root@Net2 ~]#netplan apply 




#Net2实现端口转发
[root@Net2 ~]#iptables -t nat -R PREROUTING 1 -p tcp --dport 80 -j REDIRECT --to-ports 81

firewall1

#firewall1准备工作
[root@firewall1 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.152
PREFIX=24
#GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.5.5.5
DNS3=119.29.29.29
ONBOOT=yes
[root@firewall1 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.0.8
PREFIX=24
#GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.5.5.5
DNS3=119.29.29.29
ONBOOT=yes
[root@firewall1 ~]#nmcli connection reload ;nmcli connection up eth0;nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)

[root@firewall1 ~]#route del default 

[root@firewall1 ~]#sysctl -a |grep ipv4.ip_forward
[root@firewall1 ~]#vim /etc/sysctl.conf 
net.ipv4.ip_forward =1
[root@firewall1 ~]#sysctl -p
net.ipv4.ip_forward = 1



#firewall1防火墙规则实现
[root@firewall1 ~]#iptables -t nat -A POSTROUTING -s  192.168.0.0/24     -j MASQUERADE
[root@firewall1 ~]#iptables -t nat -A PREROUTING -d 10.0.0.152 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.6

firewall2

[root@firewall2 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.153
PREFIX=24
#GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.5.5.5
DNS3=119.29.29.29
ONBOOT=yes
[root@firewall2 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=172.16.0.18
PREFIX=24
#GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.5.5.5
DNS3=119.29.29.29
ONBOOT=yes
[root@firewall2 ~]#nmcli connection reload ;nmcli connection up eth0;nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
[root@firewall2 ~]#route del default 

[root@firewall2 ~]#sysctl -a |grep ipv4.ip_forward
[root@firewall2 ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward =1
[root@firewall2 ~]#sysctl -p
net.ipv4.ip_forward = 1

 


#firewall2防火墙规则实现
[root@firewall2 ~]#iptables -t nat -A POSTROUTING -s  172.16.0.0/24   -j MASQUERADE
[root@firewall2 ~]#iptables -t nat -A PREROUTING -d 10.0.0.153 -p tcp --dport 80 -j DNAT --to-destination 172.16.0.7
Print Friendly, PDF & Email