실습> UTM1 인터페이스 설정하기
1. 인터페이스 정보
VM 이름 : UTM1
HDD : 20G
RAM : 1G
NIC : 3개
- NIC1 eth0 : NAT 192.168.108.150
- NIC2 eth1 : VMnet1 192.168.101.254
- NIC3 eth2 : VMnet2 192.168.102.254 <-- admin
메뉴 -> Interfaces & Routing -> Interfaces
utm1:/root # ifconfig
eth2 Link encap:Ethernet HWaddr 00:0C:29:99:EC:80
inet addr:192.168.102.254 Bcast:192.168.102.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6001 errors:0 dropped:0 overruns:0 frame:0
TX packets:8462 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1509298 (1.4 Mb) TX bytes:6538913 (6.2 Mb)
Interrupt:17 Base address:0x2424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:407807 errors:0 dropped:0 overruns:0 frame:0
TX packets:407807 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:84939252 (81.0 Mb) TX bytes:84939252 (81.0 Mb)
2. External 설정
New interface 를 클릭해서 외부망 연결 인터페이스를 설정한다.
Name: External
Type: Ethernet
Hardware: eth0 Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Dynamic IP: x
IPv4 address: 192.168.108.150
Netmask: /24 (255.255.255.0)
IPv4 default GW: v (반드시 체크)
Default GW IP: 192.168.108.2
Comment: 외부망 연결 인터페이스
저장 후 인터페이스를 활성화 시킨다.
메뉴 -> Dashboard -> 인터페이스 부분의 eth0 State Link 부분의 Up을 확인한다.
콘솔에서는 ip a or ifconfig 명령어로 확인하면 아래처럼 eth0 부분에 해당 IP주소가 활성화된 것을 확인할 수 있다.
활성화 된 후에는 외부로 ping으로 통신이 되는지 확인한다.
utm1:/root # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:99:ec:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.108.150/24 brd 192.168.108.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:99:ec:76 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:99:ec:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.254/24 brd 192.168.102.255 scope global eth2
valid_lft forever preferred_lft forever
utm1:/root # ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=38.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=38.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=38.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=128 time=38.3 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 38.167/38.522/38.960/0.381 ms
3. DMZ 설정
New interface 를 클릭해서 DMZ망 연결 인터페이스를 설정한다.
Name: DMZ
Type: Ethernet
Hardware: eth1 Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Dynamic IP: x
IPv4 address: 192.168.101.254
Netmask: /24 (255.255.255.0)
IPv4 default GW: x
Comment: DMZ망 연결 인터페이스
저장 후 인터페이스를 활성화 시킨다.
메뉴 -> Dashboard -> 인터페이스 부분의 eth1 State Link 부분의 Up을 확인한다.
콘솔에서는 ip a or ifconfig 명령어로 확인하면 아래처럼 eth1 부분에 해당 IP주소가 활성화된 것을 확인할 수 있다.
utm1:/root # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:99:ec:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.108.150/24 brd 192.168.108.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:99:ec:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.254/24 brd 192.168.101.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:99:ec:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.254/24 brd 192.168.102.255 scope global eth2
valid_lft forever preferred_lft forever
utm1:/root # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:99:EC:6C
inet addr:192.168.108.150 Bcast:192.168.108.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1672265 errors:0 dropped:0 overruns:0 frame:0
TX packets:510611 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2496464017 (2380.8 Mb) TX bytes:27609577 (26.3 Mb)
Interrupt:19 Base address:0x2024
eth1 Link encap:Ethernet HWaddr 00:0C:29:99:EC:76
inet addr:192.168.101.254 Bcast:192.168.101.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:60 (60.0 b) TX bytes:84 (84.0 b)
Interrupt:16 Base address:0x20a4
eth2 Link encap:Ethernet HWaddr 00:0C:29:99:EC:80
inet addr:192.168.102.254 Bcast:192.168.102.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8114 errors:0 dropped:0 overruns:0 frame:0
TX packets:10781 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2121482 (2.0 Mb) TX bytes:7707953 (7.3 Mb)
Interrupt:17 Base address:0x2424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:433476 errors:0 dropped:0 overruns:0 frame:0
TX packets:433476 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:91953349 (87.6 Mb) TX bytes:91953349 (87.6 Mb)
Host OS 192.168.101.1 에 ping을 보내고 arp -n 으로 MAC주소를 확인한다.
ping이 안되는 이유는 UTM에서 all DROP으로 설정되어 있기 때문이다.
utm1:/root # ping -c 1 -W 1 192.168.101.1
PING 192.168.101.1 (192.168.101.1) 56(84) bytes of data.
--- 192.168.101.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
utm1:/root # arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.108.2 ether 00:50:56:e2:02:72 C eth0
192.168.101.1 ether 00:50:56:c0:00:01 C eth1 <-- MAC주소가 올라와야 한다.
192.168.102.10 ether 00:50:56:c0:00:02 C eth2
실습> UTM2 인터페이스 설정하기
1. 인터페이스 정보
VM 이름 : UTM2
HDD : 20G
RAM : 1G
NIC : 3개
- NIC1 eth0 : NAT 192.168.108.200
- NIC2 eth1 : VMnet1 192.168.101.253
- NIC3 eth2 : VMnet2 192.168.102.253 <-- admin
메뉴 -> Interfaces & Routing -> Interfaces
utm2:/root # ifconfig
eth2 Link encap:Ethernet HWaddr 00:0C:29:32:82:0A
inet addr:192.168.102.253 Bcast:192.168.102.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7101 errors:0 dropped:0 overruns:0 frame:0
TX packets:8810 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1861748 (1.7 Mb) TX bytes:5693190 (5.4 Mb)
Interrupt:17 Base address:0x2424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:64610 errors:0 dropped:0 overruns:0 frame:0
TX packets:64610 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18835893 (17.9 Mb) TX bytes:18835893 (17.9 Mb)
utm2:/root # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:0c:29:32:82:f6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:32:82:00 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:32:82:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.102.253/24 brd 192.168.102.255 scope global eth2
valid_lft forever preferred_lft forever
2. External 설정
New interface 를 클릭해서 외부망 연결 인터페이스를 설정한다.
Name: External
Type: Ethernet
Hardware: eth0 Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Dynamic IP: x
IPv4 address: 192.168.108.200
Netmask: /24 (255.255.255.0)
IPv4 default GW: v (반드시 체크)
Default GW IP: 192.168.108.2
Comment: 외부망 연결 인터페이스
저장 후 인터페이스를 활성화 시킨다.
메뉴 -> Dashboard -> 인터페이스 부분의 eth0 State Link 부분의 Up을 확인한다.
콘솔에서는 ip a or ifconfig 명령어로 확인하면 아래처럼 eth0 부분에 해당 IP주소가 활성화된 것을 확인할 수 있다.
활성화 된 후에는 외부로 ping으로 통신이 되는지 확인한다.
utm2:/root # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:32:82:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.108.200/24 brd 192.168.108.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:32:82:00 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:32:82:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.102.253/24 brd 192.168.102.255 scope global eth2
valid_lft forever preferred_lft forever
utm2:/root # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:32:82:F6
inet addr:192.168.108.200 Bcast:192.168.108.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:390 errors:0 dropped:0 overruns:0 frame:0
TX packets:428 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:89042 (86.9 Kb) TX bytes:30809 (30.0 Kb)
Interrupt:19 Base address:0x2024
eth2 Link encap:Ethernet HWaddr 00:0C:29:32:82:0A
inet addr:192.168.102.253 Bcast:192.168.102.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7815 errors:0 dropped:0 overruns:0 frame:0
TX packets:9641 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2030111 (1.9 Mb) TX bytes:6094497 (5.8 Mb)
Interrupt:17 Base address:0x2424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:72158 errors:0 dropped:0 overruns:0 frame:0
TX packets:72158 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:20879996 (19.9 Mb) TX bytes:20879996 (19.9 Mb)
utm2:/root # ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=44.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=41.5 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=42.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=128 time=42.1 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 41.530/42.565/44.134/0.983 ms
3. DMZ 설정
New interface 를 클릭해서 DMZ망 연결 인터페이스를 설정한다.
Name: DMZ
Type: Ethernet
Hardware: eth1 Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Dynamic IP: x
IPv4 address: 192.168.101.253
Netmask: /24 (255.255.255.0)
IPv4 default GW: x
Comment: DMZ망 연결 인터페이스
저장 후 인터페이스를 활성화 시킨다.
메뉴 -> Dashboard -> 인터페이스 부분의 eth1 State Link 부분의 Up을 확인한다.
콘솔에서는 ip a or ifconfig 명령어로 확인하면 아래처럼 eth1 부분에 해당 IP주소가 활성화된 것을 확인할 수 있다.
utm2:/root # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:32:82:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.108.200/24 brd 192.168.108.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:32:82:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.253/24 brd 192.168.101.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:32:82:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.102.253/24 brd 192.168.102.255 scope global eth2
valid_lft forever preferred_lft forever
utm2:/root # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:32:82:F6
inet addr:192.168.108.200 Bcast:192.168.108.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:97504 errors:0 dropped:0 overruns:0 frame:0
TX packets:32258 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:144052595 (137.3 Mb) TX bytes:1757431 (1.6 Mb)
Interrupt:19 Base address:0x2024
eth1 Link encap:Ethernet HWaddr 00:0C:29:32:82:00
inet addr:192.168.101.253 Bcast:192.168.101.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:84 (84.0 b)
Interrupt:16 Base address:0x20a4
eth2 Link encap:Ethernet HWaddr 00:0C:29:32:82:0A
inet addr:192.168.102.253 Bcast:192.168.102.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8039 errors:0 dropped:0 overruns:0 frame:0
TX packets:9896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2080557 (1.9 Mb) TX bytes:6204038 (5.9 Mb)
Interrupt:17 Base address:0x2424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:75536 errors:0 dropped:0 overruns:0 frame:0
TX packets:75536 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21972329 (20.9 Mb) TX bytes:21972329 (20.9 Mb)
Host OS 192.168.101.1 에 ping을 보내고 arp -n 으로 MAC주소를 확인한다.
ping이 안되는 이유는 UTM에서 all DROP으로 설정되어 있기 때문이다.
utm2:/root # ping -c 1 -W 1 192.168.101.1
PING 192.168.101.1 (192.168.101.1) 56(84) bytes of data.
--- 192.168.101.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
utm2:/root # arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.102.10 ether 00:50:56:c0:00:02 C eth2
192.168.108.2 ether 00:50:56:e2:02:72 C eth0
192.168.101.1 ether 00:50:56:c0:00:01 C eth1 <-- MAC주소가 올라와야 한다.
4. 시스템 종료
설정이 다 되었다면 UTM2는 나중에 다시 설정하는 것으로 하고 시스템을 종료한다.
utm2:/root # init 0
'Linux > 보안장비 운용' 카테고리의 다른 글
| 내부망 WinXP 설정하기 (0) | 2022.03.02 |
|---|---|
| DMZ 내부망 서버 설정하기 (0) | 2022.02.20 |
| Routing 경로 설정 (0) | 2022.02.20 |
| 쉘 접속 설정 (0) | 2022.02.20 |
| UTM 설치하기 (0) | 2022.02.20 |