1. Outside 구역
라우터 설정
R1
config t
hostname HR
interface fastethernet0/0
ip address 100.100.0.254 255.255.255.0
no shutdown
exit
interface serial1/0
ip address 1.1.1.1 255.255.255.252
no shutdown
exit
router rip
version 2
network 100.100.0.0
network 1.1.1.0
R2
config t
hostname ST
interface fastethernet0/0
ip address 125.246.95.254 255.255.255.0
no shutdown
exit
interface serial1/0
ip address 1.1.1.2 255.255.255.252
no shutdown
exit
router rip
version 2
network 125.246.95.0
network 1.1.1.0
칼리 설정
100.100.100.1/24 100.100.100.254
dns 125.246.95.253
2. inside 구역
Manager
IP : 192.168.0.1/24
Dns : 10.10.10.1
3. DMZ 구역
서버 설정
10.10.10.1
10.10.10.254
168.126.63.1
Monitor(selk+splunk)
IP : 10.10.10.3/24
Dns : 10.10.10.1
ids
10.10.10.253/24
Dns : 10.10.10.1
winAD
10.10.10.2/24
Dns : 10.10.10.1
UTM 설정(외부접속시 https://192.168.56.100:4444 로 접속)
인터페이스
= inside : 192.168.0.254
= outside : 125.246.95.253
= Dmz : 10.10.10.254
방화벽
AnytoOutside : Any -> Any -> Outside(Address)
InsidetoAny : inside() -> Any -> Any
마스커레이딩
inside(Network) -> outside
DHCP
inside > choice
Dns : 10.10.10.1로 변경
NAT
OuttoDmz
Any -> (port number : ftp, ssh, http .etc) -> outside(address)