Last active
April 23, 2022 17:34
-
-
Save thomasstxyz/8caf20c181da1cb6c3dcc7dfaf1c3e45 to your computer and use it in GitHub Desktop.
FHB-MCCE-INENI-PT-Network-Router-exercise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
cat << EOF > /etc/netplan/50-cloud-init.yaml | |
# This file is generated from information provided by | |
# the datasource. Changes to it will not persist across an instance. | |
# To disable cloud-init's network configuration capabilities, write a file | |
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: | |
# network: {config: disabled} | |
network: | |
ethernets: | |
enp0s3: | |
addresses: [] | |
dhcp4: true | |
enp0s8: | |
addresses: [10.111.0.1/24] | |
dhcp4: false | |
version: 2 | |
EOF | |
netplan apply | |
# iptables -A INPUT -p icmp -j ACCEPT | |
# iptables -A INPUT -i enp0s8 -j ACCEPT | |
# iptables-save > my_iptables.rules | |
# iptables -F | |
# iptables-restore < my_iptables.rules | |
apt install netfilter-persistent iptables-persistent -y | |
iptables-restore < /root/infos/iptables.rules | |
iptables -L -v | |
netfilter-persistent save | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
sed -i 's/#net.ipv4.ip_forward=1/net\.ipv4\.ip_forward=1/g' /etc/sysctl.conf | |
sysctl -p | |
apt install -y isc-dhcp-server | |
DHCP_CONF=/etc/dhcp/dhcpd.conf | |
sed -i 's/#option domain-name-servers ns1.example.org, ns2.example.org;/option domain-name-servers 10\.111\.0\.1;/g' $DHCP_CONF | |
grep 'subnet 10.111.0.0' $DHCP_CONF || | |
cat << EOF >> $DHCP_CONF | |
subnet 10.111.0.0 netmask 255.255.255.0 { | |
range 10.111.0.100 10.111.0.200; | |
option broadcast-address 10.111.0.255; | |
option routers 10.111.0.1; | |
} | |
EOF | |
systemctl restart isc-dhcp-server | |
apt install -y bind9 | |
cat << EOF > /etc/bind/named.conf.options | |
options { | |
directory "/var/cache/bind"; | |
// If there is a firewall between you and nameservers you want | |
// to talk to, you may need to fix the firewall to allow multiple | |
// ports to talk. See http://www.kb.cert.org/vuls/id/800113 | |
// If your ISP provided one or more IP addresses for stable | |
// nameservers, you probably want to use them as forwarders. | |
// Uncomment the following block, and insert the addresses replacing | |
// the all-0's placeholder. | |
forwarders { | |
1.1.1.1; | |
}; | |
//======================================================================== | |
// If BIND logs error messages about the root key being expired, | |
// you will need to update your keys. See https://www.isc.org/bind-keys | |
//======================================================================== | |
dnssec-validation auto; | |
auth-nxdomain no; # conform to RFC1035 | |
listen-on-v6 { any; }; | |
}; | |
EOF | |
systemctl restart bind9 | |
dig @localhost www.fh-burgenland.at | |
apt install -y openvpn | |
cd /etc/openvpn/ | |
mkdir -p CA/private | |
/bin/sh /root/infos/ssl.sh | |
/bin/bash /root/createCA.sh | |
/bin/bash /root/createCert.sh server | |
/bin/bash /root/createCert.sh user | |
cp /root/infos/openvpn.conf /etc/openvpn/myserver.conf | |
WAN_IP=$(ip address show enp0s3 | grep -E 'inet ' | awk '{print $2}' | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}') | |
sed -i "s/local 10.0.0.142/local $WAN_IP/g" /etc/openvpn/myserver.conf | |
systemctl enable --now openvpn@myserver | |
systemctl restart openvpn | |
ps ax |grep vpn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment