#!/usr/bin/env bash set -eu DESC="Test de la configuration de base du TP DMZ." SYSTEMS="bigboss lambda nomade societe tiny web" config() { IP_SOCIETE_PUBLIC=$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) vdn-ssh -t root@societe " # net.ipv4.ip_forward=1 sed -i -re 's/#(net.ipv4.ip_forward=1)/\1/g' /etc/sysctl.conf sysctl -p cat << EOF > vide.sh #!/bin/sh iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F POSTROUTING -t nat iptables -F PREROUTING -t nat EOF chmod 755 vide.sh cat << EOF > local-1.sh #!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE EOF chmod 755 local-1.sh cat << EOF > fermeDehors.sh #!/bin/sh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # ssh iptables -A INPUT -p tcp --dport 53 -j ACCEPT # DNS iptables -A INPUT -p tcp --dport 25 -j ACCEPT # Mail iptables -A INPUT -p tcp --dport 993 -j ACCEPT # Imap sur ssl iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state RELATED -j ACCEPT iptables -A INPUT -i eth0 -j REJECT EOF chmod 755 fermeDehors.sh cat << EOF > forward.sh iptables -t nat -A PREROUTING -p tcp -d $IP_SOCIETE_PUBLIC --dport 80 -j DNAT --to 192.168.1.2 EOF chmod 755 forward.sh cat << EOF > local.sh #!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward iptables -s 192.168.30.0/24 -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -s 192.168.1.2 -p tcp --dport 80 -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -s 192.168.1.2 -p tcp --dport 53 -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -s 192.168.1.2 -p tcp --dport 25 -t nat -A POSTROUTING -o eth0 -j MASQUERADE EOF chmod 755 local.sh cat << EOF > fw-on.sh #!/bin/sh /root/vide.sh /root/fermeDehors.sh /root/local.sh /root/forward.sh if [ -x /root/dns.sh ]; then /root/dns.sh fi EOF chmod 755 fw-on.sh /root/fw-on.sh " } run() { setErrorHandler echoStart requireSshGuests $SYSTEMS config #sleep 1 #parallelDisablePause #vdn-scripts testFirewall unsetErrorHandler echoDone }