Firewall Switch: Difference between revisions

Latest revision as of 15:14, 6 March 2020

Previous ZFS Backup Return Freebsd Knowledge Base

Synopsis

To identify the firewall hardware the 2 firewalls each have a file in their root directory called either "firewall1" or "firewall2". The active firewall has always dns name "aap" and the inactive firewall has dns name "noot".

Active firewall start point is:

Green	em0	10.9.9.1
Red	em1	192.168.99.10

To switch firewall use this sequence.

Connect to noot

Chance the rc.conf file to make this the active firewall

>$ cd ~/conf/etc
>$ vim rc.conf_v013
	hostname="aap.example.com"
	ifconfig_em1="inet 192.168.99.10 netmask 255.255.255.0"
	ifconfig_em0="inet 10.9.9.1 netmask 255.255.255.0"
>$ sudo cp rc.conf_v013 /etc/rc.conf

Then change the DHCP values for their respective network cards. There are 2 files in the configuration directory one for each firewall copy the name of the active firewall to /usr/local/etc/.

>$ cd ../isc-dhcpd/

For firewall1 active this will be:

>$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf

For firewall2 active this will be

>$ sudo cp dhcpd-firewall2.conf_v001 /usr/local/etc/dhcpd-firewall.conf

Connect to aap

Chance the rc.conf file to make this the inactive firewall

>$ cd ~/conf/etc
>$ vim rc.conf_v013
	hostname="noot.example.com"
	ifconfig_em1="inet 192.168.99.20 netmask 255.255.255.0"
	ifconfig_em0="inet 10.9.9.20 netmask 255.255.255.0"
>$ sudo cp rc.conf_v013 /etc/rc.conf

>$ cd ../isc-dhcpd/
>$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf

Restart firewalls

Restart noot first.

>$ sudo shutdown -r now && exit

Then when the ssh connection is broken restart aap.

>$ sudo shutdown -r now && exit

Adapt workstations

The hosts certificates are changed so the knownhosts files on workstations have to be adapted. On the workstation edit ~/.ssh/known_hosts and remove entries for aap, noot, 10.9.9.1 and 10.9.9.20

>$ vim ~/.ssh/known_hosts

Note:

Important the only 2 ip addresses open for ssh are 10.9.9.1 and 10.9.9.20. So each of the 2 fire walls need to have one of these ip addresses, otherwise no ssh connection can be made.

Previous ZFS Backup Return Freebsd Knowledge Base

Up Freebsd Knowledge Base

Firewall Switch: Difference between revisions

Latest revision as of 15:14, 6 March 2020

Contents

Synopsis

Connect to noot

Connect to aap

Restart firewalls

Adapt workstations

Navigation menu

@@ Line 4: / Line 4: @@
 <hr>
-The 2 firewalls have a file in their root directory called either firewall1 or firewall2. The active firewall has always dns name fire and the inactive firewall has dns name firebox.
+== Synopsis ==
+To identify the firewall hardware the 2 firewalls each have a file in their root directory called either "firewall1" or "firewall2". The active firewall has always dns name "aap" and the inactive firewall has dns name "noot".
 Active firewall start point is:
-  Green	em0	10.0.0.1
+  Green	em0	10.9.9.1
-  Red	em1	192.168.9.10
+  Red	em1	192.168.99.10
 To switch firewall use this sequence.
-Connect to firebox
+== Connect to noot ==
 Chance the rc.conf file to make this the active firewall
   >$ cd ~/conf/etc
   >$ vim rc.conf_v013
-	hostname="fire.sjakio.com"
+ 	hostname="aap.example.com"
-	ifconfig_em1="inet 192.168.9.10 netmask 255.255.255.0"
+ 	ifconfig_em1="inet 192.168.99.10 netmask 255.255.255.0"
-	ifconfig_em0="inet 10.0.0.1 netmask 255.255.255.0"
+ 	ifconfig_em0="inet 10.9.9.1 netmask 255.255.255.0"
+ >$ sudo cp rc.conf_v013 /etc/rc.conf
->$ sudo cp rc.conf_v013 /etc/rc.conf
+Then change the DHCP values for their respective network cards. There are 2 files in the configuration directory one for each firewall copy the name of the active firewall to /usr/local/etc/.
+ >$ cd ../isc-dhcpd/
->$ cd ../isc-dhcpd/
+For firewall1 active this will be:
->$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf
+ >$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf
+For firewall2 active this will be
-Connect to fire
+ >$ sudo cp dhcpd-firewall2.conf_v001 /usr/local/etc/dhcpd-firewall.conf
->$ cd ~/conf/etc
->$ vim rc.conf_v013
-Make active
-hostname="firebox.sjakio.com"
-ifconfig_em1="inet 192.168.9.20 netmask 255.255.255.0"
-ifconfig_em0="inet 10.0.0.20 netmask 255.255.255.0"
->$ sudo cp rc.conf_v013 /etc/rc.conf
->$ cd ../isc-dhcpd/
->$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf
+== Connect to aap ==
+Chance the rc.conf file to make this the inactive firewall
+ >$ cd ~/conf/etc
+ >$ vim rc.conf_v013
+ 	hostname="noot.example.com"
+ 	ifconfig_em1="inet 192.168.99.20 netmask 255.255.255.0"
+ 	ifconfig_em0="inet 10.9.9.20 netmask 255.255.255.0"
+ >$ sudo cp rc.conf_v013 /etc/rc.conf
-In both execute.
+ >$ cd ../isc-dhcpd/
->$ sudo shutdown -r now && exit
+ >$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf
+== Restart firewalls ==
+Restart noot first.
+ >$ sudo shutdown -r now && exit
+Then when the ssh connection is broken restart aap.
+ >$ sudo shutdown -r now && exit
-On the workstation edit ~/.ssh/known_hosts and remiove entries for fire, firebox, 10.0.0.1 and 10.0.0.20
+==Adapt workstations==
->$ vim ~/.ssh/known_hosts
+The hosts certificates are changed so the knownhosts files on workstations have to be adapted.
+On the workstation edit ~/.ssh/known_hosts and remove entries for aap, noot, 10.9.9.1 and 10.9.9.20
+ >$ vim ~/.ssh/known_hosts
 Note:
-  Important the only 2 ip addresses open for ssh are 10.0.0.1 and 10.0.0.20. So each of the 2 fire walls need to have one of these ip addresses, otherwise no ssh connection can be made.
+  Important the only 2 ip addresses open for ssh are 10.9.9.1 and 10.9.9.20. So each of the 2 fire walls need to have one of these ip addresses, otherwise no ssh connection can be made.
 <hr>

Firewall Switch: Difference between revisions

Latest revision as of 15:14, 6 March 2020

Synopsis

Connect to noot

Connect to aap

Restart firewalls

Adapt workstations

Navigation menu

Search