SlideShare a Scribd company logo

Linux firewall

chanmyaeag
chanmyaeag

A firewall monitors incoming and outgoing network traffic and filters packets based on rules. A Linux firewall uses iptables to define rules for inbound and outbound traffic. Rules can allow or deny traffic by source, destination, and protocol. Network address translation (NAT) with iptables performs IP masquerading to hide private IP addresses and enable outbound internet access.

1 of 25
Download to read offline
LINUX FIREWALL SHAR THU 1
WHAT IS FIREWALL? • Firewall is anything, hardware or software, that monitors transmission of packets of digital information that attempt to pass the perimeter of a network. • Firewalls perform two basic security functions: • (Network Traffics) Packet filtering • Application proxy 2
3 FIREWALL SECURITY FEATURES Some firewall manufacturers add features like:  Logging unauthorized accesses into/out of a network  Providing VPN link to another network  Authenticating users  Shielding hosts inside the network from hackers  Caching data  Filtering content considered inappropriate or dangerous
4 FIREWALL COMPONENTS • Packet filter • Proxy server • Authentication system • Software that performs Network Address Translation (NAT) • Some firewalls: • Can encrypt traffic • Help establish VPNs • Come packaged in a hardware device that also functions as a router • Make use of a bastion host
TYPES OF FIREWALL • Client Firewall • Windows firewall • For a computer • Network firewall • Between private network & public network • VPN, Routing, . . . . • For each network by its rules 5
NETWORK TRAFFIC • Inbound traffic • Outbound traffic 6 Source Destination (Requester) (Replier) Ping 192.168.0.1 ICMP Outbound Inbound My Service (My internal network or my PC His service
FILTER NETWORK TRAFFIC • ACL (Access Control List) • Allow (accept) • Deny (drop or reject) 7
FIREWALL RULES (OR) POLICIES • Rule Name • Action (allowed or deny) • Traffic (inbound or outbound protocols) • Source • Destination 8 source destination Traffic Action 1.1.1.1 192.1.1.1 ICMP Allow Default Rule in Network Firewall >> All Traffic Deny (last priority)
NETWORK FIREWALL 9 WHERE DOES USE A NETWORK FIREWALL? Public Private Private Private BETWEEN PRIVATE & PUBLIC NETWORK!
NETWORK FIREWALL • Front End • Back End 10 Internet LAN SW SW LAN SVR ROOM Private DMZ Front EndBack End
FIREWALLS 11 SOHO FIREWALL DEVICES
FIREWALLS 12 NETWORK FIREWALL DEVICES
LINUX FIREWALL 13
LINUX IPTABLES FIREWALL 14 Client Firewall (iptables) #iptables –L INPUT (for input chain type or Inbound) #iptables –L OUTPUT (for output chain type or outbound) List
LINUX IPTABLES FIREWALL 15 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p ICMP –j DROP # iptables –A INPUT –s 192.168.0.0/24 –d 192.168.0.254/32 –p ICMP –j DROP # iptables –L INPUT # service iptables save # service iptables start Append INBOUND Rules in iptables ( Client Firewall ) Append Source Destination Protocol Jump # iptables –D INPUT 1 Delete Line Number
LINUX IPTABLES FIREWALL 16 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --sport xxx --dport 22 –j DROP # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --dport 443 –j ACCEPT # iptables –A INPUT –s 0.0.0.0/0 –d 192.168.0.254 –p ICMP –j DROP # iptables –A OUTPUT –s 192.168.0.254 –d 192.168.0.1 –p ICMP –j DROP Append INBOUND Rules in iptables ( Client Firewall ) # iptables –D OUTPUT 1
PRIORITY OF FIREWALL RULE Rule Name Action Rule 1 ACCEPT Rule 2 ACCEPT Rule 3 ACCEPT Rule 4 DROP All Traffic Deny 17
NAT WITH IPTABLE 18 • Post Routing • snat • Pre Routing • dnat • Masquerade (Port Address Translation (PAT)) • Port Address Table • IP Translation
NAT WITH IPTABLE 19 • Masquerade (Port Address Translation (PAT)) 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 20000 203.203.203.203 20000
NAT WITH IPTABLE 20 • IP Translation 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 203.203.203.203 10000 Requester
NAT WITH IPTABLES 21 Internet Web :80 SW IP= 200.200.200.1 GW=200.200.200.254 IP= 192.168.0.254 IP= 192.168.0.1 GW=192.168.0.254 IP= 192.168.0.100 GW=192.168.0.254
SNAT (POSTROUTING) WITH IPTABLES 22 Stap 1 Open Routing Function Stap 2 Set Static IP (LAN/WAN)
SNAT (POSTROUTING) WITH IPTABLES 23 One to One # iptables -t nat -A POSTROUTING -s 192.168.1.2(LAN) -j SNAT --to 200.200.200.1(WAN-Public IP) Many to One # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 200.200.200.1 Many to Many # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -j SNAT --to 200.200.200.1-200.200.200.6 Many to One(PAT) # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0(WAN) -j MASQUERADE # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Port (1 to 65535) # iptables –t nat –L # iptables –t nat –L POSTROUTING # iptables –t nat –F
DNAT (PREROUTING) WITH IPTABLES 24 Port Forwarding
THANKS!! 25

More Related Content

Linux firewall

  • 2. WHAT IS FIREWALL? • Firewall is anything, hardware or software, that monitors transmission of packets of digital information that attempt to pass the perimeter of a network. • Firewalls perform two basic security functions: • (Network Traffics) Packet filtering • Application proxy 2
  • 3. 3 FIREWALL SECURITY FEATURES Some firewall manufacturers add features like:  Logging unauthorized accesses into/out of a network  Providing VPN link to another network  Authenticating users  Shielding hosts inside the network from hackers  Caching data  Filtering content considered inappropriate or dangerous
  • 4. 4 FIREWALL COMPONENTS • Packet filter • Proxy server • Authentication system • Software that performs Network Address Translation (NAT) • Some firewalls: • Can encrypt traffic • Help establish VPNs • Come packaged in a hardware device that also functions as a router • Make use of a bastion host
  • 5. TYPES OF FIREWALL • Client Firewall • Windows firewall • For a computer • Network firewall • Between private network & public network • VPN, Routing, . . . . • For each network by its rules 5
  • 6. NETWORK TRAFFIC • Inbound traffic • Outbound traffic 6 Source Destination (Requester) (Replier) Ping 192.168.0.1 ICMP Outbound Inbound My Service (My internal network or my PC His service
  • 7. FILTER NETWORK TRAFFIC • ACL (Access Control List) • Allow (accept) • Deny (drop or reject) 7
  • 8. FIREWALL RULES (OR) POLICIES • Rule Name • Action (allowed or deny) • Traffic (inbound or outbound protocols) • Source • Destination 8 source destination Traffic Action 1.1.1.1 192.1.1.1 ICMP Allow Default Rule in Network Firewall >> All Traffic Deny (last priority)
  • 9. NETWORK FIREWALL 9 WHERE DOES USE A NETWORK FIREWALL? Public Private Private Private BETWEEN PRIVATE & PUBLIC NETWORK!
  • 10. NETWORK FIREWALL • Front End • Back End 10 Internet LAN SW SW LAN SVR ROOM Private DMZ Front EndBack End
  • 14. LINUX IPTABLES FIREWALL 14 Client Firewall (iptables) #iptables –L INPUT (for input chain type or Inbound) #iptables –L OUTPUT (for output chain type or outbound) List
  • 15. LINUX IPTABLES FIREWALL 15 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p ICMP –j DROP # iptables –A INPUT –s 192.168.0.0/24 –d 192.168.0.254/32 –p ICMP –j DROP # iptables –L INPUT # service iptables save # service iptables start Append INBOUND Rules in iptables ( Client Firewall ) Append Source Destination Protocol Jump # iptables –D INPUT 1 Delete Line Number
  • 16. LINUX IPTABLES FIREWALL 16 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --sport xxx --dport 22 –j DROP # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --dport 443 –j ACCEPT # iptables –A INPUT –s 0.0.0.0/0 –d 192.168.0.254 –p ICMP –j DROP # iptables –A OUTPUT –s 192.168.0.254 –d 192.168.0.1 –p ICMP –j DROP Append INBOUND Rules in iptables ( Client Firewall ) # iptables –D OUTPUT 1
  • 17. PRIORITY OF FIREWALL RULE Rule Name Action Rule 1 ACCEPT Rule 2 ACCEPT Rule 3 ACCEPT Rule 4 DROP All Traffic Deny 17
  • 18. NAT WITH IPTABLE 18 • Post Routing • snat • Pre Routing • dnat • Masquerade (Port Address Translation (PAT)) • Port Address Table • IP Translation
  • 19. NAT WITH IPTABLE 19 • Masquerade (Port Address Translation (PAT)) 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 20000 203.203.203.203 20000
  • 20. NAT WITH IPTABLE 20 • IP Translation 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 203.203.203.203 10000 Requester
  • 21. NAT WITH IPTABLES 21 Internet Web :80 SW IP= 200.200.200.1 GW=200.200.200.254 IP= 192.168.0.254 IP= 192.168.0.1 GW=192.168.0.254 IP= 192.168.0.100 GW=192.168.0.254
  • 22. SNAT (POSTROUTING) WITH IPTABLES 22 Stap 1 Open Routing Function Stap 2 Set Static IP (LAN/WAN)
  • 23. SNAT (POSTROUTING) WITH IPTABLES 23 One to One # iptables -t nat -A POSTROUTING -s 192.168.1.2(LAN) -j SNAT --to 200.200.200.1(WAN-Public IP) Many to One # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 200.200.200.1 Many to Many # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -j SNAT --to 200.200.200.1-200.200.200.6 Many to One(PAT) # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0(WAN) -j MASQUERADE # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Port (1 to 65535) # iptables –t nat –L # iptables –t nat –L POSTROUTING # iptables –t nat –F
  • 24. DNAT (PREROUTING) WITH IPTABLES 24 Port Forwarding