Firewall Switch

From wiki
Revision as of 15:36, 1 February 2020 by imported>Jacob
Jump to navigation Jump to search

Previous ZFS Backup Return Freebsd Knowledge Base

Synopsis

To identify the firewall hardware the 2 firewall each have a file in their root directory called either "firewall1" or "firewall2". The active firewall has always dns name "fire" and the inactive firewall has dns name "firebox".

Active firewall start point is: 

Green	em0	10.0.0.1
Red	em1	192.168.9.10

To switch firewall use this sequence.

Connect to firebox

Chance the rc.conf file to make this the active firewall 

>$ cd ~/conf/etc
>$ vim rc.conf_v013
	hostname="fire.sjakio.com"
	ifconfig_em1="inet 192.168.9.10 netmask 255.255.255.0"
	ifconfig_em0="inet 10.0.0.1 netmask 255.255.255.0"
>$ sudo cp rc.conf_v013 /etc/rc.conf

Then change the DHCP values for their respective network cards. There are 2 files in the configuration directory one for each firewall copy the name of the active firewall to /usr/local/etc/. 

>$ cd ../isc-dhcpd/

For firewall1 active this will be: 

>$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf

For firewall2 active this will be 

>$ sudo cp dhcpd-firewall2.conf_v001 /usr/local/etc/dhcpd-firewall.conf

Connect to fire

Chance the rc.conf file to make this the inactive firewall 

>$ cd ~/conf/etc
>$ vim rc.conf_v013
	hostname="firebox.sjakio.com"
	ifconfig_em1="inet 192.168.9.20 netmask 255.255.255.0"
	ifconfig_em0="inet 10.0.0.20 netmask 255.255.255.0"
>$ sudo cp rc.conf_v013 /etc/rc.conf

>$ cd ../isc-dhcpd/
>$ sudo cp dhcpd-firewall1.conf_v001 /usr/local/etc/dhcpd-firewall.conf

Restart firewalls

Restart firebox first. 

>$ sudo shutdown -r now && exit

Then when the ssh connection is broken restart fire. 

>$ sudo shutdown -r now && exit

The hosts certificates are changed so the knohosts files on workstations have to be adapted. On the workstation edit ~/.ssh/known_hosts and remiove entries for fire, firebox, 10.0.0.1 and 10.0.0.20 

>$ vim ~/.ssh/known_hosts

Note: 

Important the only 2 ip addresses open for ssh are 10.0.0.1 and 10.0.0.20. So each of the 2 fire walls need to have one of these ip addresses, otherwise no ssh connection can be made.

Previous ZFS Backup Return Freebsd Knowledge Base

Up Freebsd Knowledge Base
Retrieved from "https://wiki.sjakio.com:443/index.php?title=Firewall_Switch&oldid=466"