...
Imported ~/Documents/Debian9-base.ova into Virtual Box as Debian9-base_8021x, re-initializing all MAC addresses. The description for this virtual machine template is:
Code Block |
---|
Debian 9 amd64 installation - Hostname: debian9-base - User accounts (username password): ls last root last - Partitioning: --- Physical: ------ 1GB RAID boot flag ------ 29GB RAID --- RAID: ------ md0: ext3 /boot ------ md1: LVM - part of volume group debian9-base --- LVM (VG/LV): ------ debian9-base/root: 18.6GB ext4 / ------ debian9-base/swap: 3.72GB swap area - Up to date as of 2017-09-27 - sources.list includes: Sections: main contrib non-free Additional repository: backports - Apt-cacher configured as per Last School site (Proxy credentials will need to be entered in /etc/apt/apt.conf.d/02proxy by user) - SSH access installed and enabled - Gnome and Firefox configured to auto-detect proxy settings - Extra software installed: vlc gimp emacs fonts-indic tcpdump iperf exfat-utils wireshark - One network interface as bridged adapter, cable connected. |
Added a second ethernet adapter in settings, connected to "Not attached", re-initialized its MAC address
Increased the allocated CPUs to 2
The network configuration is now as follows:
enp0s3 - Adapter 1 - Bridged adapter
...
Installed my ssh public key in root's .ssh/authorized_keys file.
Installation of relevant services:
Shorewall (based on LASTSCHL-207):
Code Block |
---|
apt-get install shorewall apt-get install ipset mv /etc/shorewall{,-orig} mkdir /etc/shorewall root@server.lastschl:~# scp /etc/shorewall/* root@192.168.10.52:/etc/shorewall/ #commented all entries related to loc and vpn zones (including dynamic zone man) in all files #removed all MAC addresses of wifi clients |
Code Block |
---|
cp -r shorewall{,-remove-loc-vpn-man-wifimac} updated interface names in interfaces, masq cp -r shorewall{,-updated-interfaces} /etc/default/shorewall startup=1 removed postfix, proxy rules (did not update config backups) root@debian9-base:/etc/shorewall# for i in `ls`; do echo "========= $i ========="; cat $i | grep -v "^#" | grep -v "^$"; echo "========= $i ========="; echo ""; done ========= hosts ========= wifi1 enp0s8:dynamic ========= hosts ========= ========= interfaces ========= net enp0s3 detect tcpflags,dhcp,nosmurfs,routefilter,logmartians wifi enp0s8 detect tcpflags,nosmurfs,routefilter,logmartians ========= interfaces ========= ========= masq ========= enp0s3 192.168.9.0/24 ========= masq ========= ========= policy ========= $FW net REJECT INFO(uid) $FW wifi ACCEPT INFO(uid) wifi all REJECT wifi1 net ACCEPT INFO wifi1 $FW ACCEPT INFO(uid) $FW wifi1 ACCEPT INFO(uid) net all DROP INFO all all REJECT info ========= policy ========= ========= routestopped ========= ========= routestopped ========= ========= rules ========= Invalid(DROP) net all ACCEPT:INFO(uid) net $FW tcp 22 ACCEPT:INFO(uid) net $FW udp 123 ACCEPT:INFO(uid) net $FW icmp ACCEPT:INFO(uid) $FW net tcp 465,587,995,993 ACCEPT:INFO(uid) $FW net udp 53,123 ACCEPT:INFO(uid) $FW net icmp ACCEPT:INFO(uid) $FW net tcp - - - - root ACCEPT:INFO(uid) $FW net udp - - - - root ACCEPT:INFO(uid) $FW net icmp - - - - root ACCEPT:INFO(uid) $FW net tcp - - - - _apt ACCEPT:INFO(uid) $FW net udp - - - - _apt ACCEPT:INFO(uid) $FW net icmp - - - - _apt ========= rules ========= ========= shorewall.conf ========= STARTUP_ENABLED=Yes .... SAVE_IPSETS=Yes .... ========= shorewall.conf ========= ========= zones ========= fw firewall net ipv4 wifi ipv4 wifi1:wifi ipv4 dynamic_shared ========= zones ========= |
In /etc/default/shorewall, set
Code Block |
---|
startup=1 |
Code Block |
---|
root@server.lastschl:~# scp /etc/rsyslog.d/40-shorewall.conf 192.168.10.52:/etc/rsyslog.d/
root@server.lastschl:~# scp /etc/logrotate.d/shorewall 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.d/rsyslog 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.conf 192.168.10.52:/etc/
systemctl enable shorewall.service
added shorewall rules _apt |
Configure network and DHCP (based on LASTSCHL-212):
...