Basic Network and Firewall Connectivity & Initial Testing

Title: Basic Network and Firewall Connectivity & Initial Testing

This exercise consists of building a virtual small-business network to support Beta Corp.’s international operations. Their network consists of an 1) administrative client, 2) a corporate client, 3) a pfSense firewall, and 4) a server. The “server” required for this exercise is simply an Ubuntu desktop VM for simplicity’s sake. If you can do this on an Ubuntu Desktop machine, you should be able to do it on a Linux-based server as well.

In this exercise, you will configure the pfSense router/firewall such that the administrative client is able to access the server’s administrative services across the network. The “normal” corporate client will have different permissions. Both will access the single, remote server – but in different ways. During this exercise, you will construct firewall rules for a pfSense router/firewall as part of a strategy to protect resources.

Beta Corp. is small software development consulting firm. Their regular corporate users are on one subnet and their IT department traffic is on another subnet. Both are routed through a FreeBSD (pfSense) router/firewall, and then to their multi-function server. As this small firm relies on a single server to provide all necessary services, security is of great importance. It is your job to properly configure the firewall such that the firm’s resources are properly protected and their critical services are functional.

Credentials:

The default credentials for the pfSense web interface are admin:pfsense (I recommend leaving them set this way for this exercise)
I strongly recommend that you set all other credentials to user:P@ssw0rd so that we won’t run into problems with forgotten passwords as part of this lab

This lab requires 3 Ubuntu Linux virtual machines and 1 pfSense virtual machine. Note that you will need

Internet access while you download software onto the Ubuntu machines. I recommend:

Downloading all required software into a single Ubuntu VM (see next page)

Creating a Snapshot

Make 2 full copies of the original Ubuntu VM for the 2nd &3rd Ubuntu VMs

Then… configure your NICs for the internal subnets used in the lab

Admin Client

Configure the Admin Client’s Network Settings:

Manually set the Admin Client’s IP address, netmask, and default gateway in the “interfaces” file using the following command:

sudo nano /etc/network/interfaces

Your file should look like this:

auto lo

iface lo inet loopback

auto enp0s3

iface enp0s3 inet static

address 7.7.7.7/28

post-up ip route add default via 7.7.7.1

Provide your completed Admin client interfaces file as Screenshot 1.

Restart the system! (to restart the networking processes) – don’t use the command to restart the networking service, it is unreliable

Use the ip a command to verify that your network settings are correct ip a

(you should see the network interface with the IP & netmask you set above)

Note that we have set a default gateway that has not yet been configured on the appropriate router (we will do that later). Also note the use of the post-up switch. Sometimes, if we don’t use this switch, the command to set the default gateway might execute before the network interface is up and running. That’s one of the wonders of multi-core, parallel processing. The post-up switch makes sure the interface is “up” prior to setting the default gateway. This is handy for a number of different networking processes.

Use the following command to view the routing table: ip route