2024 NA HW1

HW1

Personal ID: 14
OS: Ubuntu 24.10

Add user into sudoer

sudo usermod -aG sudo username

sudo visudo
# username ALL=(ALL) NOPASSWD: ALL

VPN setting

sudo apt install wireguard
vim /etc/wireguard/wg0.conf
wg-quick up   wg0
wg-quick down wg0

sudo crontab -e
@reboot wg-quick up wg0

DHCP

Server

Install package

sudo apt install isc-dhcp-server

Setting static ip

sudo chmod 600 /etc/netplan/01-network-manager-all.yaml
sudo vim /etc/netplan/01-network-manager-all.yaml 
# network:
#   version: 2
#   renderer: NetworkManager
#   ethernets:
#     enp0s3:
#       dhcp4: yes
#       dhcp4-overrides:
#         use-dns: no
#       nameservers:
#         addresses:
#           - 8.8.8.8
#           - 1.1.1.1
#     enp0s8:
#       dhcp4: no
#       addresses: [192.168.14.254/24]

sudo netplan try

Setting /etc/dhcp/dhcpd.conf

option domain-name "cs.nycu.edu.tw";
option domain-name-servers 8.8.8.8;

authoritative;

subnet 192.168.14.0 netmask 255.255.255.0 {
        range 192.168.14.111 192.168.14.222;
        option routers 192.168.14.254;  
        option subnet-mask 255.255.255.0;
}

host aggent {
        hardware ethernet 08:00:27:e5:9a:dc;
        fixed-address 192.168.14.234;
}

Setting /etc/default/isc-dhcp-server

INTERFACESv4="enp0s8"

Restart service

systemctl status  isc-dhcp-server
systemctl restart isc-dhcp-server

cat /var/lib/dhcp/dhcpd.leases

Client

Install package

sudo apt install isc-dhcp-client

release & request ip

sudo dhclient -r enp0s3 
sudo dhclient enp0s3

Routing

Install iptables

sudo apt update
sudo apt install iptables iptables-persistent

sudo systemctl enable netfilter-persistent
sudo systemctl restart netfilter-persistent

Setting routing rules

sudo sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

sudo iptables -t nat -A POSTROUTING -s 192.168.14.0/24 -o enp0s3 -j MASQUERADE
sudo iptables -t nat -L

sudo netfilter-persistent save
sudo cat /etc/iptables/rules.v4

Firewall

sudo iptables -A FORWARD -p ICMP -j ACCEPT
sudo iptables -A FORWARD -s 192.168.14.0/24 -d 10.113.0.0/16 -p tcp --dport  80 -j ACCEPT
sudo iptables -A FORWARD -s 192.168.14.0/24 -d 10.113.0.0/16 -p tcp --dport 443 -j ACCEPT

sudo iptables -A FORWARD -d 192.168.14.234/32 -p tcp --dport 22 -j ACCEPT
sudo iptables -A FORWARD -s 192.168.14.234/32 -p tcp --sport 22 -j ACCEPT
sudo iptables -A INPUT   -s 10.113.0.0/16 -p tcp --dport 22 -j REJECT

sudo iptables -A FORWARD -s 192.168.14.0/24 -d 10.113.0.0/16 -j REJECT

sudo iptables -A FORWARD -i enp0s3 -d 192.168.14.0/24 -j REJECT
sudo iptables -A FORWARD -i enp0s3 -d 10.113.0.0/16   -j REJECT

HW1#

VPN setting#

DHCP#

Server#

Client#

Routing#

Firewall#

HW1

VPN setting

DHCP

Server

Client

Routing

Firewall