Difference between revisions of "OPS345 Lab 2"

From CDOT Wiki
Jump to: navigation, search
(iptables setup)
(Port forwarding SSH)
Line 35: Line 35:
 
= Port forwarding SSH =
 
= Port forwarding SSH =
  
 +
* Create another VM the same way as "router" but without the elastic IP. Call it www.
 +
** We won't set it up as a web server in this lab, we just need something to forward SSH requests to.
 
* Port forwarding SSH
 
* Port forwarding SSH
 +
** Disable source/destination checks on router
 +
**

Revision as of 02:50, 20 September 2021

THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE

The current schedule for OPS345 is here: OPS335_Weekly_Schedule

AWS Networking

  • VPCs, subnets
  • Default dynamic public IP
  • Default static private network/IP
  • Reserving a static public IP under "Elastic IPs", cost of doing that
  • VPC dashboard:
    • https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
    • New VPC vpc-ops345 with CIDR block 10.3.45.0/24, no IPv6
    • Subnets: create a new one in vpc-ops345 named subnet-ops345, in us-east-1a, 10.3.45.0/24 (to fit inside the VPC)
    • Edit subnet, enable auto-assign public IPv4 addresses
    • Internet Gateway: Create ops345-internet-gateway, attach to vpc-ops345
    • Create new Route table ops345-route-table, add route for 0.0.0.0/0 through ops345-internet-gateway. Then add explicit subnet association to subnet-ops345
  • Create a new security group "ops345sg" in vpc-ops345 with only the SSH port open.
  • Create a new VM named "router", in the new vpc/subnet.
    • Follow the instructions in lab 1, except use the subnet-ops345 and ops345sg. Also create a new key called ops345-allmachines-key
    • Note that "Auto-assign Public IP" is enabled by default, but don't change it.
    • Wait till it starts, then go to "Elastic IPs" and associate elastic IP with router

Firewalls

  • The purpose of a firewall on a server on the internet
  • AWS Security Groups and iptables

iptables setup

  • Install iptables-services, then enable and start the service (same as you did in OPS245).
  • iptables fundamentals
  • Securing services that need to be publicly accessible

Port forwarding SSH

  • Create another VM the same way as "router" but without the elastic IP. Call it www.
    • We won't set it up as a web server in this lab, we just need something to forward SSH requests to.
  • Port forwarding SSH
    • Disable source/destination checks on router