CS392/CS682 Lab 2



CS393/CS682

Lab: Firewalls

Introduction:

In this assignment, you will explore how to configure a packet filter. As usual, you will be using Linux as your base operating system. You’ll use iptables to make Linux act as a packet filter.

First get acquainted with some iptables. To this end, review the lecture notes and examined some of the online documentation for iptables. For example, see the linux man page on iptables and/or the following tutorials:

• (chapter 6 mainly)





• You may also want to google iptables and read the various descriptions for beginners that various people have introduced into the Web.

Your Task:

Part A:

Configure NAT in m2 using NAT table with POSTROUTING chain:

• MASQUERADE packets so that internal IP addresses are hidden from external network

• This NAT configuration will remain in force throughout the lab

Part B:

Configure m2 to meet the following requirements:

• Allow for ssh connections originating from m2 and destined to m2.

• Allow pings originating from m2 and destined to m2.

• Block all other traffic to or from m2.

• Hint: Part B requires INPUT and OUTPUT chains

• Test your configuration by sending traffic from your m2 to the m2 and m3 of another group.

Part C:

Flush the filter table in m2. Configure m2 to meet the following requirements:

• Allow only m1 (and not m2 and m3) to initiate an ssh session to hosts in the external network

• Reject/Drop all other traffic

• Hint: Part C requires FORWARD, INPUT and OUTPUT chains

• Perform tests.

Part D:

Answer the following questions:

1) In your own words describe how iptables work?

2) Why does iptables need kernel support?

3) What is the difference between input, output and forward chains?

4) What is the difference between drop, reject, and accept?

5) What are the advantages with iptables in terms of robustness, speed and functionality?

6) What are the other alternative packages that can be used instead of iptables in Linux?

What to Submit?

1) iptables rules for both parts A, B, and C. Include relevant screenshots and packet captures.

2) Answers for part D

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.