[KEDUIT] 클라우드 컴퓨팅과 보안솔루션을 활용한 DC 엔지니어 양성교육 - Day49

1. 서론

    오늘은 방화벽 설정에 대하여 배워보았다.

2. 본론

1. Practice

//R1
# enable
!
# conf t
# hostname R1
!
# int s1/0
# no sh
# encap fram
# no fram inverse
# clock rate 64000
!
# int lo 0
# ip add 1.1.1.1 255.255.255.0
# ip ospf network point-to-point
!
# show frame-relay pvc | include DLCI
!
# int s1/0.1 m
# ip add 1.1.11.1 255.255.255.0
# ip ospf netowrk point-to-multi
# ip ospf hello-interval 10
# fram map ip 1.1.11.2 102 br
# fram map ip 1.1.11.3 103 br
!
# int f0/0
# no sh
# ip add 1.1.17.1 255.255.255.0
!
# int f0/1
# no sh
# ip add 1.1.18.1 255.255.255.0
!
# router ospf 13
# router-id 1.1.1.1
# network 1.1.11.1 0.0.0.0 area 11
# network 1.1.1.1 0.0.0.0 area 0
# network 1.1.17.1 0.0.0.0 area 0
# network 1.1.18.1 0.0.0.0 area 0
# area 11 stub no-summary

//R2
# enable
!
# conf t
# hostname R2
!
# int s1/0
# no sh
# encap fram
# no fram inverse
# clock rate 64000
!
# show frame-relay pvc | include DLCI
!
# int s1/0.2 p
# ip add 1.1.11.2 255.255.255.0
# fram inter 201
!
# int lo0
# ip add 1.1.2.2 255.255.255.0
# ip ospf network point-to-point
!
# router ospf 13
# rotuer-id 1.1.2.2
# network 1.1.2.2 0.0.0.0 area 11
# network 1.1.11.2 0.0.0.0 area 11
# area 11 stub

//R3
# enable
!
# conf t
# hostname R3
!
# int s1/0
# no sh
# encap frma
# no fram inverse
# clock rate 64000
!
# show frame-relay pvc | include DLCI
!
# int s1/0.3 p
# ip add 1.1.11.3 255.255.255.0
# fram inter 301
!
# int lo0
# ip add 1.1.3.3 255.255.255.0
# ip ospf network point-to-point
!
# router ospf 13
# rotuer-id 1.1.3.3
# network 1.1.3.3 0.0.0.0 area 11
# network 1.1.11.3 0.0.0.0 area 11
# area 11 stub
!
# sh logging
# logging buffered 8192 3
# service timestamps log datetime localtime

//SW1
# enable
!
# conf t
# hostname SW1
!
# vlan 100
!
# int range f1/1 - 2
# sw tr en do
# sw mo tr
# channel-group 1 mode on
!
# sh eth summary
!
# int vlan 100
# ip add 1.1.79.7 255.255.255.0
!
# int lo0
# ip add 1.1.7.7 255.255.255.0
# ip ospf network point-to-point
!
# int f1/0
# no switchport
# ip add 1.1.17.7 255.255.255.0
!
# int f1/10
# no switchport
# ip add 1.1.78.7 255.255.255.0
!
# router ospf 13
# router-id 1.1.7.7
# network 1.1.7.7 0.0.0.0 area 0
# network 1.1.17.7 0.0.0.0 area 0
# network 1.1.78.7 0.0.0.0 area 0
# network 1.1.79.7 0.0.0.0 aea 78
!
# bridge 1 protocol vlan-bridge
!
# int vlan 100
# bridge-group 1
!
# int f1/10
# bridge-group 1

//SW3
# enable
!
# conf t
# hostname SW3
!
# vlan 100
!
# int range f1/1 - 2
# sw tr en do
# sw mo tr
# channel-group 1 mode on
!
# sh eth summary
!
# int lo0
# ip add 1.1.9.9 255.255.255.0
# ip ospf network point-to-point
!
# int vlan 100
# ip add 1.1.79.9 255.255.255.0
!
# router ospf 13
# router-id 1.1.9.9
# network 1.1.9.9 0.0.0.0 area 78
# network 1.1.79.9 0.0.0.0 area 78

//SW2
# enable
!
# conf t
# hostname SW2
!
# vlan 100
!
# int range f1/1 - 2
# sw mo ac
# sw ac vlan 100
# channel-group 2 mode on
!
# sh eth summary
!
# int vlan 100
# ip add 1.1.108.8 255.255.255.0
!
# int lo0
# ip add 1.1.8.8 255.255.255.0
# ip ospf network point-to-point
!
# int f1/0
# no switchport
# ip add 1.1.18.8 255.255.255.0
!
# int f1/10
# no switchport
# ip add 1.1.78.8 255.255.255.0
!
# router ospf 13
# router-id 1.1.8.8
# network 1.1.18.8 0.0.0.0 area 0
# network 1.1.78.8 0.0.0.0 area 0
# network 1.1.8.8 0.0.0.0 area 0
# network 1.1.108.8 0.0.0.0 area 108

//SW4
# enable
!
# conf t
# hostname SW4
!
# vlan 100
!
# int range f1/1 - 2
# sw mo ac
# sw ac vlan 100
# channel-group 2 mode on
!
# sh eth summary
!
# int vlan 100
# ip add 1.1.108.10 255.255.255.0
!
# int lo0
# ip add 1.1.10.10 255.255.255.0
# ip ospf network point-to-point
!
# router ospf 13
# router-id 1.1.10.10
# netowrk 1.1.10.10 0.0.0.0 area 108
# network 1.1.108.10 0.0.0.0 area 108

//SW1,2
# int vlan 100
# bnadwidth 200000
//SW1-4
# router ospf 13
# auto-cost reference-bandwidth 1000

2. UTM

1. in -> out
- 모든 트래픽 허용
2. in -> dmz
- DNS, HTTP, HTTPs, POP3, SMTP, IMAP, FTP
3. dmz -> in
- 모두 차단
4. dmz -> out
- DNS, SMTP
5. out -> in
- 모두 차단
6. out -> dmz
- DNS, HTTP, HTTPs, SMTP, FTP

Network Protection
-> Firewall
1. Sources(Internal) + Services(Any) + Destinations(Any)
2. Sources(Internal) + Services(DNS, FTP, HTTP, HTTPS, IMAP, POP3, SMTP) + Destinations(DMZ)
3. Sources(DMZ) + Services(DNS, SMTP) + Destinations(Any)
4. Sources(Any) + Services(DNS, FTP, HTTP, HTTPS, SMTP) + Destinations(DMZ)
-> NAT
1. Network(Internal) + Interface(External)
2. Network(DMZ) + Interface(External)

3. 결론

    한주가 벌써 끝났다.

4. 참고자료

1. Cisco Docs

1. ARP
2. CDP / VLAN
3. Frame Relay
4. Static Routing
5. VLAN
6. VTP
7. Routed Port
8. AD
9. Route Selection
10. FHRP
11. HSRP
12. DHCP
13. DNS
14. STP
15. NAT
16. EtherChannel
17. DTP
18. RIP
19. NTP
20. Offset List
21. Password Encryption
22. ACL
23. CAR Attack
24. Broadcast
25. Port Assignments
26. IPv6 Static Routing
27. HSRP for IPv6
28. Clock Rate
29. DHCPv6 Guard
30. EIGRP
31. Express Forwarding
32. Routing and Switching
33. Load Balancing
34. Ping, Traceroute
35. Load Balancing
36. Fast Switching
37. CEF
38. DNS
39. SSH
40. Regular Expression
41. OSPF
42. EIGRP’s SIA
43. NSSA

2. Linux

1. rhel9’s docs
2. Linux Directory Structure
3. File Types in Linux
4. fstab
5. Vim Cheat Sheet
6. Protecting GRUB with a password
7. SELinux
8. DNS
9. Samba as a server
10. DHCP
11. NFS
12. SSH
13. VNC

3. Web

1. HTML’s Elements
2. Emmet
3. JavaScript
4. Anchor Tag
5. Post, Get
6. Block, Inline Elements
7. Semantic Web
8. Semantic Elements
9. CSS
10. Viewport_meta_tag
11. Media_queries
12. JavaScript

---

클라우드 엔지니어를 꿈꾸며 공부를 시작한 초보 엔지니어입니다. 틀린점 또는 조언해주실 부분이 있으시면 친절하게 댓글 부탁드립니다. 방문해 주셔서 감사합니다 :)

---