Scribd
Upload
76 views

Advantage Pro: Enquiry@vectratech - in 91-44-28263529 /30

The document discusses configuring a firewall on a Linux system. It describes assigning IP addresses to interfaces, setting up static routing and gateways, and enabling IP forwarding to configure the system as a software router and firewall between two networks.

Uploaded by

Jai Ganesh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
76 views

Advantage Pro: Enquiry@vectratech - in 91-44-28263529 /30

The document discusses configuring a firewall on a Linux system. It describes assigning IP addresses to interfaces, setting up static routing and gateways, and enabling IP forwarding to configure the system as a software router and firewall between two networks.

Uploaded by

Jai Ganesh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 150

ADVANTAGE PRO – Networking With Success

[email protected] 91-44-28263529 /30


FIREWALL

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

• A system designed to prevent unauthorized


access to or from a private network.
• Firewalls are frequently used to prevent
unauthorized Internet users from accessing
private networks connected to the Internet,
especially intranets.
• All messages entering or leaving the Intranet pass
through the firewall, which examines each
message and blocks those that do not meet the
specified security criteria.
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

TYPES OF FIREWALL

>>Hardware Firewal
>>Software Firewall

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Theory Session Lab Session ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Theory Session Lab Session ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

HARDWARE FIREWALL:
Sonypix, Checkpoint, Cisco. Etc
SOFTWATE FIREWALL:

1. iptables
(Linux)
2. ipsec (Default in windows)
3 .ipchains (RedHat 8)

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

• IPFSWADM
ipfwadm firewall used in kernel 2.0

• IPCHAIN
ipchains firewall used in kernel 2.2

• IPTABLES
iptables firewall used in kernel 2.4

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Protocols will be available in


# /etc/protocols
Suported ports are available in
# /etc/services

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

BASIC SYNTAX FOR IPTABLES:

# iptables –t <tablename> <action>


<chain> <options> -j <target>

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

TABLE NAME

 Filter
 Nat
 Mangle

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL
ACTION
-A  Append a rule.
-P  To set default policy
-D  To delete a rule
-R  To replace a rule
-F  To flush all the rule
-L  To list all the rule
-I  To insert rule
-N  To print the line number

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

CHAIN
 INPUT
 OUTPUT
 FORWARD
 PREROUTING
 POSTROUTING

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

OPTIONS OR MATCHING CRITERIA


-s  source ip/netmask
-d  destination ip/netmask
--sport  source port
--dport  destination port
-p  protocol (tcp, udp, icmp, etc..)
-I  input interface (eth0,----)
-o  output interface (eth0,---)

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

TARGET
 ACCEPT
 DROP
 REJECT
 SNAT
 DNAT
 LOG
 MASQUERADE

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

TABLE INPUT OUPUT FORWARD PRE- POST-


ROUTIN ROUTING
G
FILTER    X X

NAT X  X  

MANGLE     

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
Static routing scenario.

100.0.0.1 200.0.0.1
ISP
eth0:1
eth0

eth0 eth0 200.0.0.2


10.0.0.1 100.0.0.2
NEW 192.168.0.1
CHENNAI
SERVER YORK eth0:1
eth0:1 SERVER

eth0
eth0

10.0.0.2 192.168.0.2
255.255.255.0 NEW
CHENNAI 255.0.0.0
192.168.0.1 YORK
CLIENT 10.0.0.1 CLIENT
(gw) (gw)

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Using netconifg
Assigninig ip- Netconfig
commandcommand
assignis
address in used to ip-address
assign multiple
chennaiserver . ipaddress

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Select yes to
assign ip-address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip-


address and
netmask value
Select ok

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ipaddress for eth0:1


is assigned using this
command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign ip-address
for eth0:1 here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon


service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

View the
ipaddress using ip
a command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Temporary gateway Route add command is


for particular network used to create the
is assigned. temporary routing table
.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Check the default


gateway using route –
Gateway assigned for n command
particular ip is
shown here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

type the gateway


information in static-routes
Create this file to configuration file.
add the permanent
routing table

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Permanent gateway is
added

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Open the sysctl.conf Changing the local machine


file into software router

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Change the value


ipforward = 1

Save and quit


the file

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To update the
ipforwarding use
sysctl –p command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip-


address in chennai
client

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Select eth0

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip, netmask,


default gw for cheenai The gateway ipaddress
client is chennai server ip
address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon


service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Check the gateway


using route –n
command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Using netconifg
command assign
ip-address
Assigninig ip-
address in ISPserver
.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip-


address, netmask in
ISP server

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assing ip address
for eth0:1

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

eth0:1 ip address is
assigned here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon


service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

View the
ipaddress using ip
a command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Temporary gateway Route add command is


for particular network used to create the
is assigned. temporary routing table
.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

View the routing


table & check the gw

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

type the gateway


information in static-routes
Create this file to configuration file.
add the permanent
routing table

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Permanent gw is
assigned here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To update the
ipforwarding use
sysctl –p command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Change the value


ipforward = 1

Save and quit


the file

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To update the
ipforwarding use
sysctl –p command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Use netconfig
Assign the ip-address command to assign
for newyork server ip-address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Click yes to assign ip-


address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip &


netmask here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip-address


for eth0:1

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign ip-address and


netmask

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon


service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

View the ip-address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Set temporary
raouting

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Create the permanent


routing table

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Permanent gw is
added

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To enable ip-forwarding
open sysctl.conf file

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Enable ipforward =1

Save and quit the file

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To update the
ipforwarding use
sysctl –p command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Use system-config-
Assign the ip-address network-tui
for newyork client command

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Click eth0

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Assign the ip-address Set the default gw ip


and netmask here. address as
NEWYORK server
ip.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon


service.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Check the ip-address

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Check default gw is
added or not.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

List all the rule using


iptables –L command.
Defaultly (all policy)
INPUT,FORWARD,
OUTPUT is accepted

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ping the chennai


server .
Packets will be
transmited and
At presently we are in received.
NEWYORKCLIENT
machine.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

From newyork server


ping the chennai
client.

Network connectivity
is there

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

List the ipatable rule,


all the policy is
accepted.

Writing the rule that,


all the input to drop
List the rule the INPUT
is drop..
INPUT DROP means
server will not connect
client will connect.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

From newyork client


ping the chennai
server
There is no network
connectivity

From newyork server


ping the chennai client

Network connectivity
will be available.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

In chennai server
Writing the rule to
writing rule to accept
accept the icmp input
the input
from 192.168.0.0/24
network

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

From newyork client


ping the chennai
There is a server
network
connectivity

Due to it accepts the


input from
192.168.0.0./24 network

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh will not connect


between newyork client
and chennai server

Due to chennai server


accept only icmp protocol
not an tcp protocol.ssh will
work on tcp protocol

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

To accept tcp protocol Writing rule from chennai


Start the daemon service
from 192.168.0.0/24 server.
network

List the rule

It accept icmp and tcp


protocol

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

At presently in newyork
client

Now the ssh will connect.


From newyork client to
Chennai server is chennai server
connected in remote.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

List the iptable rule in


chennai server

Both tcp and icmp from


192.168.0.0/24 network
is accepted.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

There is a network
connectivity between
newyork client and chennai
client

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

List the rule


Writng the rule as
forward to drop.
If the forward drop means
The forward policy is server will connect and client
droped. will not connect

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Start the daemon service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ping the chennai server


from newyork client
There is a network
connectivity.

But chennai client will


not connect due to
forward is drop.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Writing the rule to Accept


Source is 192.168.0.0/24 & the forward rule (icmp)
destination is 10.0.0.0/8 from 192.168.0.0/24
forward will accept network

The reply from 10.0.0.0/8 to


192.168.0.0/24 also accept .

Save the iptables rule.

Start the daemon service.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

List the iptable rules.

The (forward rule) icmp


protocol from 192.168.0.0/24
and 10.0.0.0/8 is accepted

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

We are in new york Ping the chennai client


client It will communicate.

0% packet loss

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh from newyork client to


chennai client is not accepted.
so ,ssh will not connect

In the forward rule only


icmp protocol is
accepted & tcp is not
accepted

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

If theWriting
source the rule to
is 10.0.0.0/8
accept the tcp protocol
and destination is
Source is 192.168.0.0/24 192.168.0.0/24 (request)ssh
destination is 10.0.0.0/8 (tcp)will accept .
protocol(request) will
accept

The reply from


192.168.0.0/24 network
to 10.0.0.0/8 will also
accept
The reply from
10.0.0.0/8 to
192.168.0.0/24 (tcp) will
also accept.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Save the iptables rule.

Start the daemon service

List the iptable rule

Forward accept rule is


listed here

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh is connected from


newyork client to chennai
client
At presently in chennai
client

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
Connecting chennai client
from newyork server
connection refused

Due to it accept only


192.168.0.0/24 network.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Flush the rule, and list the


rule, all the policy is
accepted.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ping from newyork client to


chennai client it will connect
due to all the policy is flushed.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Network connectivity
between newyork server and
chennai server also
connected.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Reject the icmp input


except 192.168.0.0/24
network
List the iptable rule except
192.168.0.0/24 network is
rejected

If any network is rejected, that


network will receive
acknowledgement message
based on error message.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

So there is a connectivity
between chennai server and
newyork client

It accept the input from


192.168.0.2 which is a
newyork client

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

There is no network
connectivity between newyork
server and chennai server.

Due to newyork server has


two ip’s 192.168.0.1 and
200.0.0.2 so chennai server
accepts only 192.168.0.0/24
network.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh will connect from


newyork client to chennai
Chennai server is connected server bcz the rule is only for
icmp

Connecting from newyork


client to chennai server

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Chennai server allows the tcp


protocol so from new york
server we are connecting ssh to
chennai server it connects.

Due to we are writing the


rule only for icmp not for
tcp.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Writing the rule to reject


the tcp protocol except the
192.
List the iptable
List the iptable rule except rule except
168.0.0/24 network.
192.168.0.0/24
192.168.0.0/24 network (tcp) network
is rejected(icmp)is rejected

Start the daemon


service

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh from newyork client and


chennaiisserver is connected
Newyork client ipaddress
192.168.0.1due to it accepts 192.168.0.0/24
network

Ssh will connect for


newyork client and not
connect for newyork server

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh from newyork server is


rejected due to newyork server
has two ip’s 192.168.0.1 and
200.0.0.2 so it reject the newyork
server

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Flush all the rules and list


the rules

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Newyorkclient is connected
with chennai client
All the network can
communicate

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

New york server also


connected with chennai
client.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

Writing the rule to reject


the forward policy except
192.168.0.0/24 network
List the iptable rule except
192.168.0.0/24 network (tcp)
FORWARD is rejected

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Newyork client pinging the


chennai client it will
connect.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Newyork server pinging chennai


client. it will not connect due to
newyork server has two ip it will
not allow 200.0.0.0/24 .

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh will also connect from


newyork client to chennai
client.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ssh will connect due to we


restrict only the icmp protocol
so, the tcp protocol will work

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Writing rule to reject the tcp


protocol except 192.168.0.0/24 in
chennai server

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Rule accepts 192.168.0.0/24


network so chennai client is
connected to newyork client.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

But newyork server also has


200.0.0.2 ip so newyork server
not connected to chennai
client.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

If you connect from source


network 192.168.0.0/24 to
destination ip 100.0.0.2 it
will be redirected to 10.0.0.2

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Connecting to chennai
server from new york client

Now it is redirected to
chennai client

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Now we are in
chennai client.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30
FIREWALL

If the request come from


10.0.0.2
It hide internal and portoftcp means
ip address
change
10.0.0.2. through intoThe
internet. public ip
ip NAT’d to Public 100.0.0.2.
IP.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Connecting newyork server


from chennai client it
connects.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Connecting newyork server


from chennai client it
connects.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Any destination we can


connect from the source
100.0.0.2

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ping the newyork client


from chennai client it will
connects.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Our server ip is a dhcp ip it


may vary so, using
masquerade for eth0.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Ping the newyork server it


connects.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
FIREWALL

Iptable rules are saved in


/etc/sysconfig/iptables
configuration file.

ADVANTAGE PRO – Networking With Success


[email protected] 91-44-28263529 /30
ADVANTAGE PRO – Networking With Success
[email protected] 91-44-28263529 /30

You might also like