FIREWALL DEBIAN

1. FIREWALL DEBIAN

Marcus Aurelio da Silva
quinhoquente

(usa Debian)

Enviado em 29/01/2020 - 22:40h

Bom dia!

Antes de fazer a pergunta vou informa o cenário que estou utilizando, 3 firewall Debian de teste, para fazer uma conexão matriz e 2 filiais, eu a principio eu instalei o Openvpn, pois alguns tutorias que eu vi, usavam openswan porem não consegui instalar não consegui encontra o pacote, então iniciei com openvpn. então vou passar as minha configurações dos firewalls de teste;
firewallmatriz
enp0s3 enp0s8
address 10.1.10.5 address 192.168.101.1
netmask 255.255.255.248 netmask 255.255.255.0
gateway 10.1.10.1 network 192.168.101.0

firewallfilial1
enp0s3 enp0s8
address 10.1.10.4 address 192.168.102.1
netmask 255.255.255.248 netmask 255.255.255.0
gateway 10.1.10.1 network 192.168.102.0

firewallfilial2
enp0s3 enp0s8
address 10.1.10.6 address 192.168.103.1
netmask 255.255.255.248 netmask 255.255.255.0
gateway 10.1.10.1 network 192.168.103.0

A principio eu fiz usando vpn criando uma conexão SITE-TO-SITE porem eu consegui deixa funcionando Firewallmatriz com o Firewallfilial1, nas configurações abaixo;

# CONFIGURAÇÃO FIREWALL MATRIZ
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.
float
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun0

# Our OpenVPN peer is the office gateway.
remote 10.1.10.4

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig 10.0.0.1 10.0.0.2

# Our up script will establish routes
# once the VPN is alive.
; up ./home.up

# Our pre-shared static key
secret static.key

# Cipher to use
cipher AES-256-CBC

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 1194

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
user nobody
group nogroup

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.

# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

route 192.168.102.0 255.255.255.0


##############################################################################################


# CONFIGURAÇÃO FIREWALL FILIAL1
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.
float
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun0

# Our OpenVPN peer is the office gateway.
remote 10.1.10.4

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig 10.0.0.2 10.0.0.1

# Our up script will establish routes
# once the VPN is alive.
; up ./home.up

# Our pre-shared static key
secret static.key

# Cipher to use
cipher AES-256-CBC

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 1194

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
user nobody
group nogroup

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.

# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

route 192.168.101.0 255.255.255.0

##############################################################################################

A pergunta é como faço pra adicionar a outra Firewallfilial2 conectar se com o FirewallMatriz sem derrubar Firewallfilial1?
fico imensamente grato com ajuda de vocês desde de já, agradeço muito!!


  


2. Re: FIREWALL DEBIAN

Carlos Alberto de Souza Barbosa
souzacarlos

(usa Outra)

Enviado em 05/02/2020 - 13:02h

Boa tarde.
Dá uma olhada no conceito de porta lógica que vc vai entender o que precisa ser feito.
Isso de uma forma resumida, não parei para ler todo teu script

Network Analyst - Consultor para empresas
contact skype: carlossouzainfo
21 99180-8165 (WhattsApp)






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts