Lab 6.1 Port Forwarding And Jump Boxes
💣rw01 has a bit too much information about our internal DMZ network. Specifically, rw01 knows the internal routing for our DMZ and used this information to create a static route from SEC350-WAN to the DMZ. A better alternative is to mask the presence of the DMZ altogether with NAT destination rules.
List out any commands that were used or found to be helpful during the process.
Document any notes that were taken while working on the assignment.
Please refer to the lab documentation, as well as the submission documentation, linked below.
Include any additional notes or observations made while working on the assignment.
Configs:
set nat destination rule 10 description HTTP->WEB01
set nat destination rule 10 destination port 80
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 172.16.50.3
set nat destination rule 10 translation port 80
set service ssh listen-address 172.16.150.2
del service ssh listen-address 0.0.0.0
set nat destination rule 20 description WAN->JUMP
set nat destination rule 20 destination port 22
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 172.16.50.4
set nat destination rule 20 translation port 22
set firewall name WAN-to-DMZ rule 20 description 'SSH from WAN-2-DMZ'
set firewall name WAN-to-DMZ rule 20 action 'accept'
set firewall name WAN-to-DMZ rule 20 destination address '172.16.50.4'
set firewall name WAN-to-DMZ rule 20 destination port 22
set firewall name WAN-to-DMZ rule 20 protocol 'tcp'
**List out any issues that were encountered while working on the assignment. **
- Passwordless ssh
If any issues were solved, list out the resolutions for each problem.
List out any questions that arose while working on the assignment.
N/A