From bbdaaca5eb1f893dd832de28cdb9dcb5c4320196 Mon Sep 17 00:00:00 2001 From: Winston Smith Date: Fri, 9 Apr 2021 11:34:47 +0200 Subject: [PATCH] Add firewall rules for ICMP and Comments --- Arc-CLI.conf | 13 ++++++++++ Arc-SRV.conf | 13 ++++++++++ DHCP.ps1 | 11 ++++++++- Routeur.ps1 | 69 +++++++++++++++++++--------------------------------- WAN.conf | 13 ++++++++++ 5 files changed, 74 insertions(+), 45 deletions(-) create mode 100644 Arc-CLI.conf create mode 100644 Arc-SRV.conf create mode 100644 WAN.conf diff --git a/Arc-CLI.conf b/Arc-CLI.conf new file mode 100644 index 0000000..b2834f6 --- /dev/null +++ b/Arc-CLI.conf @@ -0,0 +1,13 @@ +pushd routing ip relay + +Install + +set global loglevel = ERROR + +add dhcpserver 192.168.8.1 + +add interface name = "Arc-CLI" + +set interface name = "Arc-CLI" relaymode = enable maxhop = 6 minsecs = 6 + +popd diff --git a/Arc-SRV.conf b/Arc-SRV.conf new file mode 100644 index 0000000..b3d4461 --- /dev/null +++ b/Arc-SRV.conf @@ -0,0 +1,13 @@ +pushd routing ip relay + +Install + +set global loglevel = ERROR + +add dhcpserver 192.168.8.1 + +add interface name = "Arc-SRV" + +set interface name = "Arc-SRV" relaymode = enable maxhop = 6 minsecs = 6 + +popd diff --git a/DHCP.ps1 b/DHCP.ps1 index d04f124..a25932e 100644 --- a/DHCP.ps1 +++ b/DHCP.ps1 @@ -55,4 +55,13 @@ Add-DhcpServerv4Scope -name "Bou-LAN" -StartRange 192.168.128.1 -EndRange 192.16 Add-DhcpServerv4ExclusionRange -ScopeID 192.168.128.0 -StartRange 192.168.128.1 -EndRange 192.168.128.63 Add-DhcpServerv4ExclusionRange -ScopeID 192.168.128.0 -StartRange 192.168.128.240 -EndRange 192.168.128.254 Set-DhcpServerv4OptionValue -OptionID 3 -Value 192.168.128.254 -Set-DhcpServerv4OptionValue -DnsServer 9.9.9.9 \ No newline at end of file +Set-DhcpServerv4OptionValue -DnsServer 9.9.9.9 + +# Change ZoneAlarm rule to accept incoming ICMP ipv4 probes + +$Params = @{ + "Name" = 'vm-monitoring-icmpv4' + "Action" = 'Allow' +} + +Set-NetFirewallRule @Params \ No newline at end of file diff --git a/Routeur.ps1 b/Routeur.ps1 index 3b4212d..44f5ab1 100644 --- a/Routeur.ps1 +++ b/Routeur.ps1 @@ -1,53 +1,34 @@ +# Alexandre SIMAO +# GPLv3 + +# Script to install and configure a Fuckdows Server 2016 as a router + +# Change the poor machine name $name = Read-host "Nouveau nom d'hôte?" Rename-computer $name -Install-WindowsFeature Routing + +# Install Routing and necessary linked roles +Install-WindowsFeature RemoteAccess, RSAT-RemoteAccess-PowerShell, Routing +Install-remoteAccess -VpnType Vpn + +# Display interfaces and active forwarding for all of thm via Regedit netsh inter show inter Set-ItemProperty -path 'HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet` \Services\Tcpip\Parameters' -Name 'IPEnableRouter' -Value '0x00000001' Set-NetConnectionProfile -NetworkCategory Private -# IP address or DnsHostName of your Dhcp Server -$dhcpServer = '192.168.8.1' +# Activate NAT and DHCP Relay +netsh routing ip nat install +netsh routing ip nat add interface "WAN" +netsh routing ip nat set interface "WAN" mode = full +netsh routing ip nat add interface "Arc-CLI" +netsh routing ip nat add interface "Arc-SRV" +ntsh -f ./*.conf -# Name of the network adapter to enable DHCP on -$Inter1 = Read-Host "First interface name" -$Inter2 = Read-Host "Second interface name" +# Change ZoneAlarm rule to accept incoming ICMP ipv4 probes +$Params = @{ + "Name" = 'vm-monitoring-icmpv4' + "Action" = 'Allow' +} -$routerNetAdapterName1 = '$Inter1' -$routerNetAdapterName1 = '$Inter2' - - -$dhcpAddress = [Net.Dns]::GetHostEntry($dhcpServer) -if(!$dhcpAddress){ - Write-Warning "Unable to identify IP address of [$dhcpServer]" - break -}else{ - $dhcpServerIP = $dhcpAddress.AddressList[0] - } - -$netshDhcpRelay=@" -pushd routing ip relay -install -set global loglevel=ERROR -add dhcpserver $($dhcpServerIP.IPAddressToString) -add interface name="$routerNetAdapterName1" -set interface name="$routerNetAdapterName1" relaymode=enable maxhop=6 minsecs=6 -add interface name="$routerNetAdapterName2" -set interface name="$routerNetAdapterName2" relaymode=enable maxhop=6 minsecs=6 -popd -"@ - -$netshDhcpRelayPath="$ENV:TEMP\netshDhcpRelay" - -# Create netsh script file -New-Item -Path $netshDhcpRelayPath ` - -Type File ` - -ErrorAction SilentlyContinue | Out-Null - -# Populate contents of the script -Set-Content -Path $netshDhcpRelayPath ` - -Value $netshDhcpRelay.Split("`r`n") ` - -Encoding ASCII - -# run it -netsh -f $netshDhcpRelayPath \ No newline at end of file +Set-NetFirewallRule @Params \ No newline at end of file diff --git a/WAN.conf b/WAN.conf new file mode 100644 index 0000000..a77dfe7 --- /dev/null +++ b/WAN.conf @@ -0,0 +1,13 @@ +pushd routing ip relay + +Install + +set global loglevel = ERROR + +add dhcpserver 192.168.8.1 + +add interface name = "WAN" + +set interface name = "WAN" relaymode = enable maxhop = 6 minsecs = 6 + +popd