Jump to content
Kaspersky Support Forum

KWTS & Multi Homing

mokaz

By mokaz
in Kaspersky Security for Internet Gateway

 Share

Recommended Posts

mokaz

mokaz

Posted
Posted (edited)

Hi there KTeam,

I'm currently testing KWTS and honestly I'm very pleased with the appliance, stunning stuff!!
I've been a bit astonished that multi-homing or multiple Ethernet interfaces doesn't seems to be endorsed by default, simple stuff like "trusted/untrusted" interface was my goal.

Nevertheless, I found ways to enable KWTS in the layout I've wanted (perhaps not supported) and let me share that with you: 

----> You need a public/private key pair in order to be able to access the KWTS Technical Support Mode (SSH):
----> creating the key pair:
ssh-keygen -o
----> You then need to upload the public key on KWTS Web Admin for being able to connect over SSH:
ssh -i kwts root@10.1.1.250

----> Enabling ip_forward / reboot persistent:
[root@kwts ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
net.ipv4.ip_forward = 1

----> Adding interface based routing (if needed etc..)
[root@kwts ~]# cat /etc/sysconfig/network-scripts/route-eth0
10.0.0.0/8 via 10.1.1.1 dev eth0

----> A few iptables rules in order to DROP anything except ICMP messages inbounding on eth1 (my untrusted interface):
[root@kwts ~]# cp /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.ORG
[root@kwts ~]# iptables -F 
[root@kwts ~]# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -p icmp -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -j DROP
[root@kwts ~]# iptables-save > /etc/sysconfig/iptables-config

Finally, I've setup the KWTS on a KVM Host which worked flawlessly using the ISO file.
 

Thanks,
Cheers,
m.

 

Edited by mokaz

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...