1 / 21

Linux Firewalls

Linux Firewalls. History of Linux Firewalls. Kernel Versions 2.0.X IP Masquerading 2.2.X IP Chains 2.4.X IP Tables 2.6.X IP Tables. Why use a firewall?. Firewalls are generally setup for one of 3 reasons. To keep people out of your network (Viruses, crackers)

rafal
Download Presentation

Linux Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Firewalls

  2. History of Linux Firewalls Kernel Versions • 2.0.X IP Masquerading • 2.2.X IP Chains • 2.4.X IP Tables • 2.6.X IP Tables

  3. Why use a firewall? • Firewalls are generally setup for one of 3 reasons. • To keep people out of your network (Viruses, crackers) • To keep people in your network (employees, children) • To share a public IP address.

  4. What is a firewall? • A firewall is a device that provides isolation between 2 or more networks. • They are generally used to protect a private network from the Internet. • There are two types of firewalls. • Packet Filtering firewalls • Proxy Servers

  5. What is a Proxy server? • A proxy is a firewall that acts as a middle-man. • When one device requests a network service the request is forwarded to a proxy. • The proxy will then make a request for the device, then relay the reply back.

  6. Features of Proxies • A proxy may cache a copy of the information for future requests. • Proxies support user authentication • Advanced logging can provide audit trails as to everything that is done on the network.

  7. Linux based proxies • Squid • TIS Firewall Toolkit (FWTK) • SOCKS • NOCAT

  8. Packet Filtering Firewalls • Packet filtering is the most common type of fire walling. • Every packet that is sent across the firewall is compared against a set of rules. • These rules will determine what will happen to any packet. • Rules are based on source, destination, ports type and some times contents.

  9. Overview of Packet Filtering

  10. Linux Based Packet Filtering • Packet filtering is built into the kernel and operates on the network layer. • The kernel starts with three lists that are called firewall chains or just chains. • The three chains are called INPUT, OUTPUT and FORWARD.

  11. Configuring a packet filtering firewall • Using the menuconfig tool add the following options. Then recompile the the kernel. • Networking Options • Packet socket • Socket filtering

  12. NAT,SNAT,DNAT • Most packet filtering firewalls are NAT Network Address Translation. This involes changing the source/destination Ips and/or port addresses.

  13. SNAT -Source Network Address Translation • This is used for changing the source address of packets. • It will hide the local networks • . An example is firewall that has a public side IP address, but need to substitute our local network's IP numbers whit that of our firewall. • The firewall will automatically SNAT and De-SNAT the packets, and make it possible to make connections from the LAN to the Internet.

  14. DNAT Destination Network Address Translation • This is used when the firewall has a public IP and you want to redirect accesses to the firewall to some other host. • In other words, we change the destination address of the packet and reroute it to the host.

  15. MASQUERADE • This is the same as SNAT, but the MASQUERADE takes a little bit more overhead to compute. because each time that the MASQUERADE receives a packet, it automatically checks for the IP address to use. • SNAT uses the single configured IP address. The MASQUERADE target makes it possible to work properly with Dynamic DHCP IP addresses that your ISP might provide for your PPP, PPPoE.

  16. Filter Table • This is the lookup table that is used to filter packets. • It can match packets and filter them in whatever way we want. • This is what determines whether to DROP or ACCEPT the packets.

  17. Rule All outgoing web to playboy.com incoming SMTP mail All outgoing to login.icq.com Incoming web requests to company website. Examples of filters • Action • Deny • Accept • Deny • redirect

  18. Creating Firewall Policies • iptables –L Lists all firewall rules. • iptables –F Flushes rules (removes all rules.) • iptables –D (rule) Removes a firewall rule • iptables –I (rule) Inserts a firewall rule • iptables –R (rule) replaces a firewall rule • iptables –A (rule) Appends a firewall rule

  19. Setting up a basic firewall

  20. A Sample rc.firewall • iptables -P INPUT ACCEPT • iptables -P OUTPUT ACCEPT • iptables -P FORWARD ACCEPT • iptables -F INPUT • iptables -F OUTPUT • iptables -F FORWARD • iptables -A FORWARD -i eth1 -j ACCEPT

  21. A Sample rc.firewall con’t iptables -A INPUT -p TCP -s 0/0 --dport 80 -j allowed iptables -A blocking -p tcp -d 0.0.0.0/0 --dport 0:1000 -j DROP iptables -A blocking -p udp -d 0.0.0.0/0 --dport 0:1000 -j DROP iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

More Related