KWTS & Multi Homing

[mokaz]

Hi there KTeam,

I'm currently testing KWTS and honestly I'm very pleased with the appliance, stunning stuff!!
I've been a bit astonished that multi-homing or multiple Ethernet interfaces doesn't seems to be endorsed by default, simple stuff like "trusted/untrusted" interface was my goal.

Nevertheless, I found ways to enable KWTS in the layout I've wanted (perhaps not supported) and let me share that with you:

----> You need a public/private key pair in order to be able to access the KWTS Technical Support Mode (SSH):
----> creating the key pair:
ssh-keygen -o
----> You then need to upload the public key on KWTS Web Admin for being able to connect over SSH:
ssh -i kwts root@10.1.1.250

----> Enabling ip_forward / reboot persistent:
[root@kwts ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
net.ipv4.ip_forward = 1

----> Adding interface based routing (if needed etc..)
[root@kwts ~]# cat /etc/sysconfig/network-scripts/route-eth0
10.0.0.0/8 via 10.1.1.1 dev eth0

----> A few iptables rules in order to DROP anything except ICMP messages inbounding on eth1 (my untrusted interface):
[root@kwts ~]# cp /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.ORG
[root@kwts ~]# iptables -F 
[root@kwts ~]# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -p icmp -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -j DROP
[root@kwts ~]# iptables-save > /etc/sysconfig/iptables-config

Finally, I've setup the KWTS on a KVM Host which worked flawlessly using the ISO file.
 

Thanks,
Cheers,
m.

 

Edited October 30, 2022 by mokaz