Index

5.3 Configure DNS Server

6.1 Create DHCP Server virtual machine


5.4 Configure Firewall for DNS service


• Make sure that the "Firewall" virtual machine is running (see 4.2 Startup Firewall virtual machine)




Now you could log in directly in the virtual machine as user root, but connecting through SSH from your host PC, makes it possible to copy and paste text into the console window


• Open "Command Prompt" on your host computer




Write what is highlighted in red


Because the ip address on the firewall has changed since the last time you ssh connected to it, you need to update the ssh key:

C:\Users\teddy>ssh-keygen -R 192.168.0.254

# Host 192.168.0.254 found: line 3

C:\Users\teddy/.ssh/known_hosts updated.

Original contents retained as C:\Users\teddy/.ssh/known_hosts.old


Instead of writing "teddy", then write the username you have created on the master virtual machine:

C:\Users\teddy>ssh teddy@192.168.0.254

The authenticity of host '192.168.0.254 (192.168.0.254)' can't be established.

ECDSA key fingerprint is SHA256:xxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxx/xxxxxxxx.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.254' (ECDSA) to the list of known hosts.

teddy@192.168.0.254's password:write your user's password here

Last login: Wed Jan 1 10:05:00 2020 from 192.168.0.192


[teddy@firewall ~]$ su

Password:write the root password here


Edit the firewall bash file:

[root@firewall teddy]# cd /var/firewall

[root@firewall firewall]# vim firewall.sh


Add these lines to the end of the document:

# Open ports for the DNS service in the dmz zone

firewall-cmd -–zone=dmz --add-service=dns

firewall-cmd -–zone=dmz --add-service=mdns

# Forward DNS traffic from the external zone to the DNS server

firewall-cmd --zone=external --add-forward-port=port=53:proto=udp:toport=53:toaddr=192.168.255.2

firewall-cmd --zone=external --add-forward-port=port=53:proto=tcp:toport=53:toaddr=192.168.255.2

# Forward SSH traffic from the external zone to the DNS server using a dedicated port

firewall-cmd --zone=external --add-forward-port=port=22002:proto=tcp:toport=22:toaddr=192.168.255.2


Save the document and quit vim


Shutdown the system, and exit "Command Prompt":

[root@firewall firewall]# shutdown -h now

Connection to 192.168.0.254 closed by remote host.

Connection to 192.168.0.254 closed.


C:\Users\teddy>exit


Return to the "Firewall" virtual machine



Click "X" to close the virtual machine