iptables - PowerPoint PPT Presentation

About This Presentation

Title:

iptables

Description:

iptables firewall – PowerPoint PPT presentation

Number of Views:275

Slides: 45

Provided by: mennazz

Category: How To, Education & Training

Tags:

more less

Transcript and Presenter's Notes

Title: iptables

1
IP Tables In Ubunto

Prepared by Ghaidaa Ahmed
Amira Ahmed
Reham Hassan
Menna Sakr Enjy essam el
deen

2
Presentation Index

Introduction
What Is Firewall
What Is IP Tables
IP Tables structure
How IPTables works
IP Tables Configurations

3
Introduction

A firewall is basically the first line of defense
for your network. The basic purpose of a firewall
is to keep uninvited guests from browsing your
network. A firewall can be a hardware device or a
software application and generally is placed at
the perimeter of the network to act as the
gatekeeper for all incoming and outgoing traffic.
A firewall allows you to establish certain rules
to determine what traffic should be allowed in or
out of your private network..

4
Cont.

Depending on the type of firewall implemented
you could restrict access to only certain IP
addresses or domain names, or you can block
certain types of traffic by blocking
the TCP/IP ports they use

5
So What Is Firewall?
6
Cont.

Firewall is a part of computer network which is
designed to block unauthorized packets and allow
authorized ones. It handles traffic over ports
and depending upon certain rule-sets, it allows
or blocks the packet flow. We can easily find
these firewalls in many institutes and
organizations, where access to social networking
sites is not permitted for the users.
We can say that is? Network barrier
? Packet
filtering
? Packet Mangling (NAT)

7
Firewall Usage

Personal Firewall
Multi-homed (DMZ) Firewall
Router Firewall
Internet connection sharing (NAT)
Transparent Proxying
Content filtering
Poor-mans load balancer
Internet Hotspots

8
What is iptables?
9
Cont.

The most popular firewall / NAT package running
on Linux was ipchains . It had a number of
limitations, the primary one being that it ran as
a separate program and not as part of the kernel.
The Netfilter organization decided to create a
new product called iptables in order to rectify
this shortcoming. As a result of this, iptables
is considered a faster and more secure
alternative. iptables has now become the default
firewall package installed under RedHat and
Fedora Linux.

10
Cont.

The Linux kernel has the built-in ability to
filter packets, allowing some of them into the
system while stopping others. The 2.4 kernel's
netfilter has three built-in tables or rules
lists . They are as follows
Filter The default table for handling network
packets.
NAT Used to alter packets that create a new
connection.
Mangle Used for specific types of packet
alteration.

11
IPTables Structure
Filter Tables
Nat Tables
Mangle Table
INPUT CHAIN
OUTPUT CHAIN
INPUT CHAIN
OUTPUT CHAIN
OUTPUT CHAIN
PREROUTING CHAIN
FORWARD CHAIN
FORWARD CAHIN
POSTROUTING CHAIN
PREROUTING CHAIN
POSTROUTING CHAIN
12
Filter table

It is the default table and includes three
chains
INPUT Chain For packets coming into the system
or destined for the system.
FORWARD Chain For packets travelling (being
routed) through the system.
OUTPUT Chain For packets leaving the system or
originating from the system.

13
NAT table

It has three chains
PREROUTING Chain For altering the packets just
after they enter the system
OUTPUT Chain For packets which are leaving the
system.
POSTROUTING Chain For altering the packets
which are about to leave the system.

14
MANGLE Table

This table contains five chains
PREROUTING
OUTPUT
INPUT
FORWARD
POSTROUTING

15
How Iptables works

The iptables firewall operates by comparing
network traffic against a set of rules. The rules
define the characteristics that a packet must
have to match the rule, and the action that
should be taken for matching packets.
When the defined pattern matches, the action that
takes place is called a target. A target can be a
final policy decision for the packet, such as
accept, or drop.

16
Cont.

ACCEPT means to let the packet through.
DROP means to drop the packet on the floor.
QUEUE means to pass the packet to userspace.
(How the packet can be received by a userspace
process differs by the particular queue handler.

17
Cont.

These rules are organized into groups
called chains
A user can create chains as needed. There are
three chains defined by default. They are
INPUT This chain handles all packets that are
addressed to your server.
OUTPUT This chain contains rules for traffic
created by your server.

18
Cont.

FORWARD This chain is used to deal with traffic
destined for other servers that are not created
on your server. This chain is basically a way to
configure your server to route requests to other
machines.
Each chain can contain zero or more rules, and
has a default policy. The policy determines what
happens when a packet drops through all of the
rules in the chain and does not match any rule.

19
IPTables Configration

Functionally , IP tables discards network "
packets " according to CHAINS of rulesstored in
the PC 's memory . These chains organize the
rules and determine the order in which they are
binding

20
IP Address for Vm 1
21
IP Address fo Vm2 Firewall
22
IP Address of windows mashine if config
23
Ping the firewall VM
24
Cont.
25
Check Defult IPTables.No Rules yet
26
Allow established session to receive traffice
27
Rule added to the inpuy chain
28
Allow SSh(port 22) traffic
29
Rule add to chain
30
Telnet from vm1 to firewall vm
31
SSH from vm1 to firewall vm
32
Telnet from Windows to firewall vm
Telnet connection established
33
SHH to firewall from windows
34
Enter firewall credentials .SHH connection
Established
35
Reject icmp and rule added
36
Ping requsted are blocked by firewall
37
Cont.
38
Block port 23 and rule add
39
Firewall refuse telnet connections
40
Delete rule 4 for example from chain
41
Block particular IP rule
42
Packets now dropped from vm
43
Final IPTABLE configration
44
Now we have