Thursday 24 December 2009

Vyatta as an Internet Gateway

Here is the lab:






In this video we use Vyatta to setup an Internet Gateway.
We set it up with the following features:
Firewall
DHCP Server
DNS forwarding+Cache
NAT
Web Cache
Web Filtering
Reverse NAT (Port Forwarding)


Vyatta Internet Gateway from Richard Vimeo on Vimeo.




As requested here is the config for the router in the video:

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
name WAN_IN {
default-action drop
rule 10 {
action accept
destination {
address 192.168.10.10
port 80
}
log enable
protocol tcp
}
rule 20 {
action accept
destination {
address 192.168.10.10
port 3389
}
log enable
protocol tcp
}
rule 30 {
action accept
destination {
address 192.168.10.0/24
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Outside
duplex auto
firewall {
in {
name WAN_IN
}
local {
name ALLOW_ESTABLISHED
}
}
hw-id 00:0c:29:7b:1a:29
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.10.1/24
description Inside
duplex auto
hw-id 00:0c:29:7b:1a:33
smp_affinity auto
speed auto
}
ethernet eth2 {
description DMZ
duplex auto
hw-id 00:0c:29:7b:1a:3d
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name POOL1 {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name Vyatta.local
lease 86400
start 192.168.10.10 {
stop 192.168.10.200
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
rule 20 {
destination {
address 192.168.0.84
port 80
}
inbound-interface eth0
inside-address {
address 192.168.10.10
port 80
}
protocol tcp
type destination
}
rule 30 {
destination {
address 192.168.0.84
port 3389
}
inbound-interface eth0
inside-address {
address 192.168.10.10
port 3389
}
protocol tcp
type destination
}
}
ssh {
allow-root true
port 22
protocol-version v2
}
webproxy {
cache-size 200
default-port 3128
listen-address 192.168.10.1 {
}
url-filtering {
squidguard {
auto-update daily
block-category malware
block-category porn
block-category warez
block-category proxy
default-action allow
local-block facebook.com
redirect-url http://www.google.com
}
}
}
}
system {
host-name vyatta
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository kenwood {
components main
distribution kenwood
password ""
url http://packages.vyatta.com/vyatta-dev/kenwood/unstable/
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@1:nat@3:quagga@1:system@1:vrrp@1:wanloadbalance@1:webgui@1" === */
/* Release version: VC6_a2 */
Posted by at 15 comments:
Labels: , , , , , , , ,

Microsoft ISA Server - Workgroup Array Setup

This is the practical of this lab here


Part 1 covers setting up the ISA server, creating and setting up the digital certificates as well as installing Configuration Storage Server and the first ISA Server within the workgroup array.

Microsoft ISA Server Array - Workgroup - Part1 from Richard Vimeo on Vimeo.



Part 2 Covers the installation of a second ISA Server, Service Pack 1 Install and running the BPA

Microsoft ISA Server - Workgroup Array - Part2 from Richard Vimeo on Vimeo.

Posted by at No comments:
Labels: , , , , ,

Tuesday 22 December 2009

Microsoft ISA Server - Workgroup Arrays

Here is the Next lab im going to be playing with:

Posted by at No comments:
Labels: , , ,

Sunday 6 December 2009

Setting up a Vyatta Cluster with VRRP and IPSec Site to Site VPN

Well seeing as we have done this with the closed source alternative (PIX here)
It was time to do the decent thing and do an open source version...so here we go..

Diagram of the lab:




Basic setup of the lab:

Vyatta Cluster Part 1 - Basic Setup from Richard Vimeo on Vimeo.



Part two of the setup:

Vyatta Cluster Part 2 - Basic Setup from Richard Vimeo on Vimeo.



This is the juicy bit, where we setup VRRP, then Clustering and finally, IPsec site to site VPN. (There is some NAT in there too!:)

Vyatta Cluster Part 3 - VRRP, Clustering,VPN etc from Richard Vimeo on Vimeo.





This is where I try and break it!

Vyatta Cluster Part 3 - Testing from Richard Vimeo on Vimeo.





As ever enjoy! and let me know what you think :)
Posted by at 21 comments:
Labels: , , , ,

Wednesday 2 December 2009

VMware VDR Appliance

VMware Data Recovery Appliance - What is it? How do I use it? How do I install it?!

Well with VMware's marketing refresh alot of their products seem a little well, redundant! (But they arent honestly!) and here we have VDR...a product that sits somewhere between VCB and vRanger Pro.

Anywho here is a nice little video I did to show you around:

VMware VDR from Richard Vimeo on Vimeo.

Posted by at 1 comment:
Labels: , , ,
Subscribe to: Posts (Atom)