diff --git a/Problem1/README.problem_1_troubleshooting b/Problem1/README.problem_1_troubleshooting new file mode 100644 index 0000000..5ba6dab --- /dev/null +++ b/Problem1/README.problem_1_troubleshooting @@ -0,0 +1,29 @@ +Steps taken for intermittent browser connectivity issue: + +1) Logged into amazon ec2 instance with the certificate pem key provided + +2) I had to orient myself to understand what was configured in terms of connectivity, ips, subnets, dns resolv files +etc. + +3) I used ifconfig -a to check the interfaces and verified that the subnets, broadcast, ip address were all proper + +4) From there I also checked the resolv.conf file to understand the name servers config; as wrong ip addressing, +subnetting, gateway address, and dns resolvers are the usual culprits when it comes to connectivity issues, especially +with browsers when we need name resolution + +5) I then proceeded to check the logs in /var/log directory and noticed DHCP renewal is happening every 1800 seconds or +30 minutes + +6) I also checked the /var/lib/dhclient directory for the dhcp leases, ( I'm use to the dhclient leases being +kept in a different directory) so i had to verify which directory it was on the ec2 instance + +7) From there I checked all the leases assigned to eth 0 in (cat dhclient--eth0.lease) +and noticed they were renewing every 30 minutes or so + +8) So based on those two files and assuming this is the server that the clients are browsing the renewal of the lease +every 30 minutes, involving the DHCP DORA process which is discovery, offer, request, accept the IP address of the +webserver was changing or in this case being renewed which would start the process of binding all over again which +would cause disruption and hence the time out on the webpages every 30 minutes for a few seconds till the server got +it's IP again through the DHCP server + +9) General practice is to keep the IPs static in this case and exclude it from the DHCP pool diff --git a/Problem1/README.problem_3_troubleshooting b/Problem1/README.problem_3_troubleshooting new file mode 100644 index 0000000..64f31be --- /dev/null +++ b/Problem1/README.problem_3_troubleshooting @@ -0,0 +1,10 @@ +Steps taken for problem 3 Zyxel firewall config + +1) I do not have experience in Zyxel firewalls but after looking at the configuration, it was very similar to Cisco +routers configuration + +2) I leveraged the standard configuration and some preliminary searches to make sure I get the syntax right for the +DHCP lease time + +3) Once I configure VLAN 5 DHCP pool and the interface vlan settings, I added the VLAN 5 to the DMZ considering that is +the standard internet access \ No newline at end of file diff --git a/docker/dns_server/files/bind/db.testroot.local b/docker/dns_server/files/bind/db.testroot.local index a302edb..2edaa71 100644 --- a/docker/dns_server/files/bind/db.testroot.local +++ b/docker/dns_server/files/bind/db.testroot.local @@ -20,3 +20,4 @@ ns3.testroot.local. IN A 10.0.0.12 printer1.testroot.local. IN A 10.0.1.200 printer2.testroot.local. IN A 10.1.4.147 printer3.testroot.local. IN A 10.9.7.34 +printer4.testroot.local. IN A 10.4.7.19 diff --git a/network_config/firewall.conf b/network_config/firewall.conf index e5c2007..66a8937 100644 --- a/network_config/firewall.conf +++ b/network_config/firewall.conf @@ -69,6 +69,18 @@ ip dhcp pool Network_Pool_VLAN4 lease 3 0 0 dhcp-option 42 NTP_Server ip 10.0.0.15 10.0.0.16 10.0.0.17 ! + +! +ip dhcp pool Network_Pool_VLAN5 + network 10.0.5.0 255.255.255.0 + default-router 10.0.5.1 + starting-address 10.0.5.100 pool-size 100 + first-dns-server 10.0.0.10 + second-dns-server 10.0.0.11 + third-dns-server 10.0.0.12 + lease 1 0 0 + dhcp-option 42 NTP_Server ip 10.0.0.15 10.0.0.16 10.0.0.17 +! interface ge1 type external upstream 1048576 @@ -188,6 +200,22 @@ interface vlan4 ip ospf cost 10 description 80:Voice: 5th floor ip dhcp-pool Network_Pool_VLAN4 + ! +interface vlan5 + port lag1 + vlan-id 5 + ip address 10.0.5.1 255.255.255.0 + upstream 1048576 + downstream 1048576 + mtu 1500 + type internal + ip rip send version 2 + ip rip receive version 2 + ip ospf priority 1 + ip ospf cost 10 + description 80:Internet: schhabra + ip dhcp-pool Network_Pool_VLAN5 + interface ge1_ppp account GE1_PPPoE_ACCOUNT ! @@ -1408,6 +1436,7 @@ zone WAN interface ge2_ppp ! zone DMZ +interface vlan5 ! zone SSL_VPN !