Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    Linux Assignment Aqeel Ahmad Mit4 10109 Final Project Network Security

    Uploaded by

    Adeel Ahmad Bhatti

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Linux Assignment Aqeel Ahmad Mit4 10109 Final Project Network Security

    Uploaded by

    Adeel Ahmad Bhatti
    4 views11 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views11 pages

    Linux Assignment Aqeel Ahmad Mit4 10109 Final Project Network Security

    Uploaded by

    Adeel Ahmad Bhatti

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    AQEEL ABNAB

    CUURS NIT-
    ith
    SENESTER
    RULLU 9
    U SIR N0STAFA BASSAN
    SSIC To Configuie IPTables Rules on Linux 0peiating System (Reu Bat .)
    O INP0T
    O 00TP0T
    O F0RWARB
    O PRE-R00TINu
    O P0ST-R00TINu
    SYS
    Bell Laptop B
    Intel! Coie" Buo
    Intel uN9 Expiess chipset foi integiateu giaphics
    uB RAN.


    Introduct|on
    1hls ls Lhe asslgnmenL of 8ed PaL 3 ln Lhls asslgnmenL we undersLand how Lo apply l 1able
    8ules ln Llnux lnpuL CuLpuL rerouLlng osLrouLlng and forwardlng eLc conflgure ln 8ed PaL 3
    A||ow Incom|ng n11 Connect|on
    1hls ls Lo allow P11 connecLlon from ouLslde Lo your server le ?ou can vlew your webslLe
    runnlng on Lhe server from ouLslde llrsL we need Lo allow lncomlng new P11 connecLlon Cnce Lhe
    lncomlng P11 connecLlon ls allowed we need Lo allow Lhe response back for LhaL lncomlng P11
    connecLlon
    lor Allow lncomlng P11 connecLlon requesL as command here
    |ptab|es A INU1 | eth0 p tcp dport 80 m state state LS1A8LISnLD [ ACCL1
    O |ptab|es A INU1 Append Lhe new rule Lo Lhe lnu1 chaln
    O | eth0 1hls refers Lhe lnpuL lnLerface
    O p tcp lndlcaLes LhaL Lhls ls for 1C proLocol
    O dport 80 1hls refers Lo Lhe desLlnaLlon porL for Lhe lncomlng connecLlon
    O m state 1hls lndlcaLes LhaL Lhe sLaLe" maLchlng module ls used
    O state LS1A8LISnLD 1hls referes Lo ConnecL LsLabllshed


    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es L (for show lpLables LlsL)
    ?ou can see ln Lhe INU1 Chaln ollcy connecLlon ls esLabllshed of tcp dpthttp state LS1A8LISnLD










    A||ow Cutgo|ng SSn Connect|on kesponse
    |ptab|es A INU1 | eth0 p tcp sport 22 m state state LS1A8LISnLD [ ACCL1
    O sport 22 1hls refers Lo Lhe source porL for Lhe ouLgolng connecLlon


    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es L (for show lpLables LlsL)
    ?ou can see ln Lhe INU1 Chaln ollcy connecLlon ls esLabllshed of tcp sptssh state LS1A8LISnLD





    Iorward a|| Incom|ng n11 kequests
    lf you have a defaulL pollcy of DkC ln your ICkWAkD chaln you musL append a rule Lo Lhls so
    LhaL desLlnaLlon NA1 rouLlng ls posslble

    Iptab|es A ICkWAkD | eth0 p tcp dport 80 d 17231023 [ ACCL1

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es L (for show lpLables LlsL)
    ?ou can see ln Lhe ICkWAkD Chaln ollcy connecLlon ls esLabllshed of
    dest|nat|on 17231023 tcp dpthttp



    A||ow outgo|ng n11 connect|on response
    Iptab|es A CU1U1 o eth0 p tcp sport 80 m state state LS1A8LISnLD [ ACCL1

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es L (for show lpLables LlsL)
    ?ou can see ln Lhe CU1U1 Chaln ollcy connecLlon ls esLabllshed of tcp spthttp state
    LS1A8LISnLD






    A||ow |ncom|ng SSn connect|on
    Iptab|es A CU1U1 o eth0 p tcp sport 22 m state state LS1A8LISnLD [ ACCL1

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es L (for show lpLables LlsL)
    ?ou can see ln Lhe CU1U1 Chaln ollcy connecLlon ls esLabllshed of tcp sptssh state
    LS1A8LISnLD



    ostrout|ng and I Masquerad|ng
    1hls rule uses Lhe nA1 packeL maLchlng Lable (L naL) and speclfles Lhe bullLln CS18Cu1lnC
    chaln for nA1 (A CS1kCU1ING) on Lhe flrewalls exLernal neLworklng devlce (o eth0)
    Iptab|es t nat A CS1kCU1ING o eth0 [ MASULkADL

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es t nat L (for show naL lpLables LlsL)
    ?ou can see ln Lhe CS1kCU1ING Chaln ollcy connecLlon ls accepL all MASULkADL



    Iptab|es t nat A CS1kCU1ING s 19216821 p udp dport 1863 [ DkC

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es t nat L (for show naL lpLables LlsL)
    ?ou can see ln Lhe CS1kCU1ING Chaln ollcy DkC connecLlon ls esLabllshed of udp dptmsnp








    kLkCU1ING
    lf you have a server on your lnLernal neLwork LhaL you wanL make avallable exLernally you can
    use Lhe [ DNA1 LargeL of Lhe kLkCU1ING chaln ln NA1 Lo speclfy a desLlnaLlon l address and porL
    where lncomlng packeLs requesLlng a connecLlon Lo your lnLernal servlce can be forwarded

    Iptab|es t nat A kLkCU1ING | eth0 p tcp dport 80 [ DNA1 to 1723102380

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es t nat L (for show naL lpLables LlsL)
    ?ou can see ln Lhe 8L8Cu1lnC Chaln ollcy DNA1 connecLlon ls esLabllshed of tcp dpthttp
    to1723102380



    Iptab|es t nat A kLkCU1ING | eth0 p tcp dport 80 [ DNA1 to 192168211922

    Cpen 1he 1ermlnal and 1ype Lhe command glven above and ress LnLer
    And Lhe Lype |ptab|es t nat L (for show naL lpLables LlsL)
    ?ou can see ln Lhe 8L8Cu1lnC Chaln ollcy DNA1 connecLlon ls esLabllshed of tcp dptar|e|3
    to192168211922

    You might also like