[go: up one dir, main page]
Scribd
Upload
51 views13 pages

Experiment 8

Uploaded by

mohammed.ansari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views13 pages

Experiment 8

Uploaded by

mohammed.ansari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Experiment - 8

Name: Ansari Mohammed Shanouf Valijan


Class: B.E. Computer Engineering, Semester - VII
UID: 2021300004
Batch: VII

Aim:
To configure firewall rules using IP tables.

Theory:
IPTables is a powerful utility in Linux used to configure and manage firewall rules. It allows
administrators to control incoming and outgoing traffic based on various criteria such as IP
address, port number, protocol type, and more. The firewall operates at the network layer
and helps secure the system by filtering packets, enabling only authorized traffic while
blocking potentially harmful or unauthorized connections. IPTables works by defining a set of
rules that are processed in a sequential manner; if a packet matches a rule, the associated
action (ACCEPT, DROP, REJECT, etc.) is taken.

To configure firewall rules using IPTables, you need to define rules for specific chains: INPUT,
OUTPUT, and FORWARD. The INPUT chain handles incoming traffic, the OUTPUT chain
manages outgoing traffic, and the FORWARD chain deals with packets that are routed through
the system. Rules are applied to these chains to either allow or block traffic based on
conditions you specify. For example, you can use iptables -A INPUT -p tcp --dport 22 -j ACCEPT
to allow incoming SSH connections on port 22, or iptables -A INPUT -p tcp --dport 80 -j DROP
to block HTTP traffic.

IPTables provides fine-grained control over firewall policies. You can define rules based on a
variety of factors, such as IP addresses, network interfaces, or even time of day. This flexibility
allows administrators to tailor their security posture to the specific needs of the network.
Additionally, the use of states in rules (like NEW, ESTABLISHED, RELATED) provides an easy
way to manage the flow of traffic in complex network environments. For instance, you can
allow established connections while blocking new ones, enhancing the security of the system.

Once you configure the desired rules, they can be saved to ensure they persist across reboots.
On most systems, the rules are stored in /etc/iptables/rules.v4 or a similar location. However,
it's important to test any changes in a controlled manner to avoid accidentally blocking
necessary traffic, which could lead to losing remote access or disrupting essential services.
Understanding and managing IPTables rules requires practice and careful planning, as a
poorly configured firewall can expose a system to security risks.

Implementation:
Following are the screenshots demonstrating all the steps that were performed to carry out
the tasks provided in the lab manual-
Task 1] Set the default policy for the INPUT chain to DROP. The firewall should only allow
incoming packets from the network prefix 143.132.0.0/16. The default policy for the OUTPUT
chain is ACCEPT. So, the user working on the machine could visit any website like
www.google.com. Given the above policy for incoming packets, can the web pages visited by
the user be displayed in the browser? Explain

Setting the Default policy for INPUT to DROP (unable to visit google.com as traffic from
sources other than defined are dropped)

Task 2] Set the default policy for the INPUT chain be DROP and the default policy for the
OUTPUT chain be ACCEPT. Configure the INPUT chain to accept all incoming web traffic to
port 80 and drop any other incoming traffic. Can you visit the website: www.hotmail.com?
Why or why not? If you cannot visit the website, what aspect of this website is preventing
you from visiting it, given that your default OUTPUT policy is ACCEPT and the firewall has
been configured to accept traffic coming to port 80? Also, if you cannot visit the website,
configure the firewall to let you be able to visit websites of such type. What
changes/deletions/additions to the rules had to be done to facilitate this?

Setting INPUT to DROP and performing further configurations as required


Sites with https protocol do not load as they require port 443. Thus, to allow packets from
such sites, ports 443 and 53 (DNS Resolution) must be enabled and accepted as follows-
Task 3] The previous question permitted only incoming packets related to web traffic. Do an
insertion to the rules in the INPUT chain to permit SSH traffic. Show that you can connect to
the SSH server running on the Ubuntu VM by connecting to it from another VM (centos or
anything) or from the physical host machine (Windows). Include appropriate screenshots. You
can get the IP address of a Linux machine by running the ifconfig command in the terminal.
Refer to the screenshots (for example, under scenarios S5, S8) in the tutorial to see how you
could SSH to a machine under a particular username.

Allowing SSH traffic

Connecting the system from a remote Ubuntu machine


Task 4] Configure your IPtables filter table on your Ubuntu VM such that sessions/packet
exchange originating from the Ubuntu VM (as the source) are successful; on the other hand,
sessions/packet exchange originating from a remote machine to the Ubuntu VM (as the
destination) are not successful. You need to implement this scenario with the minimal
number of rules and policy changes, if any. Also, explain why your set of rules and policies
implementing the stated scenario will work.

Configuring

Pinging google.com
Unable to ping on the local machine

Task 5] Configure your IPtables filter table to limit the number of active SSH connections to
the Ubuntu VM(hosting the SSH server) is 2. Test the working of this rule by attempting to
open three SSH connections, each in separate terminals, from another VM (like a CentOS
VM) or from the host machine itself. Show appropriate screenshots.

Configuration step

Being able to connect two SSH sessions, but not more


Task 6] Set the default policy of the INPUT and OUTPUT chains of your filter table of iptables
is to DROP using an appropriate command (show a screenshot executing the command and
the output of the iptables- L command). You could use the Ubuntu VM and CentOS VM in
your virtual environment to implement this scenario. Now configure your iptables on the
Ubuntu VM to (do parts a and b independently): (a) Only allow remote machines to ping the
local machine and block the local machine from pinging others. (b) Only allow the local
machine to ping the remote machines and block the remote machines from pinging the local
machine. (c) Allow ping communication in both directions (from the local machine to remote
machine and vice versa). Note that you have to use the--icmp-type echo-request and--icmp-
type echo-reply options appropriately. Show appropriate screenshots executing the iptables
commands to realize the above for (a), (b) and (c) and the structure of the iptables. Also,
capture the successful or unsuccessful execution of the ping command from the local
machine and remote machine (in either direction) for each of the three cases (a), (b), (c).
General configuration as per the task

Updating the configuration for part a


Pinging the VM from remote machine

The VM unable to ping the machine

Setting up the configurations for part b

VM being able to ping another machine


Pinging VM from remote machine

Configuring steps for part c


Being able to ping another machine from VM

Being able to ping VM from remote machine


Conclusion:
By performing this experiment, I was able to get familiar with IP tables. I was able to follow
the tutorial on the same provided in the lab manual and was able to successfully carry out
the mentioned tasks. This experiment helped me in improving my understanding of computer
networks and how IP tables can be used for configurations required for a specific behaviour
thereby enhancing system security.

You might also like