SlideShare ist ein Scribd-Unternehmen logo

Linux routing and firewall for beginners

Als PPTX, PDF herunterladen
n|u - The Open Security Community
n|u - The Open Security Community

null Banglaore Chapter - April 2014 Invite only session

BildungTechnologie
1 von 37
sriram@belenix.org @sriramnrn
• Introduction • What we will not be covering • Setup – 30 mins • Some network basics • Some VirtualBox basics • Routing (demo, troubleshooting and exercises) • Firewalls (demo, troubleshooting and exercises)
• On the whiteboard during the workshop. • To be added to the presentation to be made available for download
• This session is for beginners • Set up a router, and route between two networks • Set up a firewall, and understand basic firewall administration • What I haven’t tried in today’s infra • Asymmetric routing • We won’t be covering today: • LARTC (Linux Advanced Routing and Traffic Control) • QoS • Policy Based Routing • VPNs
• Are you connected to the wifi yet? twguest/d1srupt1ve • Do you have Vagrant installed and running? Vagrant 1.5.1 at least • Do you have Virtual Box installed and running? (Vbox 4.3 at least) • Download the iptables zip file • Do you have the vagrant.d zip file? (Separate from the Vagrant app) • Set VAGRANT_HOME to c:vagrant.d (where you extract vagrant.d to)
• Vagrant up, halt, destroy • Vagrant ssh • Restarting from scratch • About “office”, “router” and “dmz” • Saving your work via puppet
• Ethernet configuration files • service network restart • ping • traceroute • ssh • netstat
• From your laptop to the various individual boxes • Print the route table • Within each box • Print the route table • What have we discovered ? Draw a diagram • Explore the Virtual Box settings and validate the diagram • Which IPs are you able to ping? From where? • Why is the ping working? • Why is the traceroute working?
• ssh to “office” • From “office”, ssh to “router”. • From “router”, ssh to “dmz” • Why is this working?
• What should our routing look like? • Set up the routes • Are you able to get from office to dmz via the dmz IP? • If yes, why? • If no, what do you think is missing?
• One of the first lessons one learns ! • Set up a route • Set up a return route • Ping • from office to dmz • from dmz to office • Does the ping work ? • We’ll look at SSH and traceroute next • Persisting the route settings
• SSH and traceroute • from office to dmz • from dmz to office • Does the ssh and traceroute work ? • Coming up – packet forwarding
• What is packet forwarding? • How does it work? • About /proc • Ping, traceroute and SSH • from office to dmz • from dmz to office • Does the ping, traceroute, ssh work ? • What does netstat on the receiving side tell you? • Next: Persisting your packet forwarding setting
• /proc is temporary. Reboot and check ! ;) • Does the ping, traceroute, ssh work ? • Persisting your packet forwarding via /etc/sysctl.conf • Reloading /etc/sysctl.conf
• What if both the sides have the same IP address range? • A common scenario between customer-vendor organizations • Let’s see this during the firewalls section
• One “office”, two DMZs • Two “offices”, one DMZ
• Given that we have • One “office”, one “DMZ” • One “office”, two DMZs • Two “offices”, one DMZ When we have the current configuration Then is this “DMZ” a DMZ?
• Making a DMZ a DMZ
• Netfilter – the kernel module • Iptables – the command line tool • service iptables status • What do we see here?
• How and why does iptables startup? • Chkconfig • Where the service script is located • Turning iptables off • temporarily • permanently • flushing the tables • service iptables status • What do we see here?
• View the Wikipedia diagram
• What does a rule look like? • Add a rule • Delete a rule • View the rule • Persist the rule • What happens when you flush the tables? • How do we save the rules (service iptables save) • Where are the rules saved? • How are the rules loaded? • Is it safe to edit the file directly?
• What happens when you flush the tables? • How do we save the rules (service iptables save) • Where are the rules saved? • How are the rules loaded? • Is it safe to edit the file directly? • About iptables restarts and reloads
• Change the default INPUT and FORWARD policies • Edit the iptables files directly • What do you see? • Is an iptables service restart required?
• How do we log a packet?
• How do we log a packet?
• How do we drop a packet? • What does the sender experience with a drop rule? • How do we reject a packet? • What does the sender experience with a reject rule?
• What rules should we have?
• Exercise 1: Expose port 8080 on the DMZ via port 80 on the router IP. • Are we able to access port 8080 via the router IP?
• Create two DMZs • Expose an SSH service in each DMZ via the same IP but different ports
• Can • defend against specific IP level characteristics • Fast rate of packets • Permit from certain origins only • Won’t • Defend you from app vulnerabilities
• What is NAT? • A look at a basic NAT rule • Let’s NAT • Connections from office to DMZ via the router’s DMZ IP. • ssh • Python SimpleHTTPServer • What does netstat on the DMZ tell you about the remote IP? • What does the python SimpleHTTPServer log tell you about the remote IP?
• Checking the NAT table
• What if we have a pool of public IPs available for NAT?
• What should the solution be?
• Exposing one DMZ to another via routing and NAT • On the same laptop • Across laptops
www.sriramnarayanan.com www.belenix.org @sriramnrn

Empfohlen

Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
Vp ns
Vp nsVp ns
Vp nsAyano Midakso
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkGreater Noida Institute Of Technology
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 

Empfohlen

Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
Vp ns
Vp nsVp ns
Vp nsAyano Midakso
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkGreater Noida Institute Of Technology
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Microsoft TechNet - Belgium and Luxembourg
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software DeploymentGong Haibing
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack SecuredJohn Kinsella
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService ArchitectureMd. Hasan Basri (Angel)
 
Migrating It Infrastructure To Open Source
Migrating It Infrastructure To Open SourceMigrating It Infrastructure To Open Source
Migrating It Infrastructure To Open Sourceashu_21
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Battle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSBattle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSCloudVillage
 
2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)NAIM Networks, Inc.
 
Soal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 BinangunSoal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 BinangunRudi AdiTia
 
Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Sriram Narayanan
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software DeploymentGong Haibing
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
Migrating It Infrastructure To Open Source
Migrating It Infrastructure To Open SourceMigrating It Infrastructure To Open Source
Migrating It Infrastructure To Open Sourceashu_21
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Battle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSBattle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSCloudVillage
 
2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)NAIM Networks, Inc.
 

Was ist angesagt? (20)

Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
A Byte of Software Deployment
A Byte of Software DeploymentA Byte of Software Deployment
A Byte of Software Deployment
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
 
Migrating It Infrastructure To Open Source
Migrating It Infrastructure To Open SourceMigrating It Infrastructure To Open Source
Migrating It Infrastructure To Open Source
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talk
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Battle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSBattle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWS
 
2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)2nd sdn interest group session2 (121218)
2nd sdn interest group session2 (121218)
 

Andere mochten auch

Soal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 BinangunSoal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 BinangunRudi AdiTia
 
Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Sriram Narayanan
 
Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Stephen Hemminger
 
Linux Based DiffServ. Router
Linux Based DiffServ. RouterLinux Based DiffServ. Router
Linux Based DiffServ. RouterTarek Amr
 
Lession3 Routing
Lession3 RoutingLession3 Routing
Lession3 Routingleminhvuong
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
Tugas 1 analisa transaksi
Tugas 1 analisa transaksiTugas 1 analisa transaksi
Tugas 1 analisa transaksiDicky Alejandro
 
Pembahasansoallks2013
Pembahasansoallks2013Pembahasansoallks2013
Pembahasansoallks2013dedd_simbolon
 
Ketika cinta berbuah surga
Ketika cinta berbuah surgaKetika cinta berbuah surga
Ketika cinta berbuah surgaWalid Umar
 
Cowok Rasa Apel
Cowok Rasa ApelCowok Rasa Apel
Cowok Rasa ApelWalid Umar
 
Soal lks-smk-jateng2015
Soal lks-smk-jateng2015Soal lks-smk-jateng2015
Soal lks-smk-jateng2015George Kartutu
 
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4Ringkasan Pengalamatan Internet Protocol (IP) Versi 4
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4I Putu Hariyadi
 
Tugas 1 analisa transaksi
Tugas 1 analisa transaksiTugas 1 analisa transaksi
Tugas 1 analisa transaksiDicky Alejandro
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
 
Handbook : Kria Tekstil | Kelas XII Kria Tekstil
Handbook : Kria Tekstil | Kelas XII Kria TekstilHandbook : Kria Tekstil | Kelas XII Kria Tekstil
Handbook : Kria Tekstil | Kelas XII Kria TekstilWalid Umar
 
Pembahasan NETCOM Beginner Level Skill Pretest
Pembahasan NETCOM Beginner Level Skill PretestPembahasan NETCOM Beginner Level Skill Pretest
Pembahasan NETCOM Beginner Level Skill PretestI Putu Hariyadi
 
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)I Putu Hariyadi
 

Andere mochten auch (20)

Soal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 BinangunSoal lks networking support 2013 SMK N 1 Binangun
Soal lks networking support 2013 SMK N 1 Binangun
 
Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0Linux – routing and firewall for beginners v 1.0
Linux – routing and firewall for beginners v 1.0
 
Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™
 
6 networking
6 networking6 networking
6 networking
 
Linux Based DiffServ. Router
Linux Based DiffServ. RouterLinux Based DiffServ. Router
Linux Based DiffServ. Router
 
Lession3 Routing
Lession3 RoutingLession3 Routing
Lession3 Routing
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
Route Summarization
Route SummarizationRoute Summarization
Route Summarization
 
Tugas 1 analisa transaksi
Tugas 1 analisa transaksiTugas 1 analisa transaksi
Tugas 1 analisa transaksi
 
Pembahasansoallks2013
Pembahasansoallks2013Pembahasansoallks2013
Pembahasansoallks2013
 
Ketika cinta berbuah surga
Ketika cinta berbuah surgaKetika cinta berbuah surga
Ketika cinta berbuah surga
 
Cowok Rasa Apel
Cowok Rasa ApelCowok Rasa Apel
Cowok Rasa Apel
 
Soal lks-smk-jateng2015
Soal lks-smk-jateng2015Soal lks-smk-jateng2015
Soal lks-smk-jateng2015
 
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4Ringkasan Pengalamatan Internet Protocol (IP) Versi 4
Ringkasan Pengalamatan Internet Protocol (IP) Versi 4
 
Tugas 1 analisa transaksi
Tugas 1 analisa transaksiTugas 1 analisa transaksi
Tugas 1 analisa transaksi
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ Zone
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
 
Handbook : Kria Tekstil | Kelas XII Kria Tekstil
Handbook : Kria Tekstil | Kelas XII Kria TekstilHandbook : Kria Tekstil | Kelas XII Kria Tekstil
Handbook : Kria Tekstil | Kelas XII Kria Tekstil
 
Pembahasan NETCOM Beginner Level Skill Pretest
Pembahasan NETCOM Beginner Level Skill PretestPembahasan NETCOM Beginner Level Skill Pretest
Pembahasan NETCOM Beginner Level Skill Pretest
 
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)
Password Recovery Untuk Cisco 2900 Integrated Service Router (isr)
 

Ähnlich wie Linux routing and firewall for beginners

Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshootingSkillspire LLC
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_monTomas Doran
 
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of Ohio
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of OhioNagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of Ohio
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of OhioNagios
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Controlindiver
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
Automation & Programmability.pptx
Automation & Programmability.pptxAutomation & Programmability.pptx
Automation & Programmability.pptxSajjadAhmad879503
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioDevOps4Networks
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)Balazs Bucsay
 
Technicalinterviewquestions networking-110511035112-phpapp01
Technicalinterviewquestions networking-110511035112-phpapp01Technicalinterviewquestions networking-110511035112-phpapp01
Technicalinterviewquestions networking-110511035112-phpapp01sumit upadhyay
 
'Intro to Infrastructure as Code' - DevOps Belfast
'Intro to Infrastructure as Code' - DevOps Belfast'Intro to Infrastructure as Code' - DevOps Belfast
'Intro to Infrastructure as Code' - DevOps BelfastJohn Fitzpatrick
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...ConSol Consulting & Solutions Software GmbH
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...ConSol Consulting & Solutions Software GmbH
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)Balazs Bucsay
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Monitoring with sensu
Monitoring with sensuMonitoring with sensu
Monitoring with sensumiquelruizm
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudyJohn Adams
 

Ähnlich wie Linux routing and firewall for beginners (20)

Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_mon
 
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of Ohio
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of OhioNagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of Ohio
Nagios Conference 2014 - Bryan Heden - 10,000 Services Across The State of Ohio
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
 
Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnel
 
Automation & Programmability.pptx
Automation & Programmability.pptxAutomation & Programmability.pptx
Automation & Programmability.pptx
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
 
Technicalinterviewquestions networking-110511035112-phpapp01
Technicalinterviewquestions networking-110511035112-phpapp01Technicalinterviewquestions networking-110511035112-phpapp01
Technicalinterviewquestions networking-110511035112-phpapp01
 
'Intro to Infrastructure as Code' - DevOps Belfast
'Intro to Infrastructure as Code' - DevOps Belfast'Intro to Infrastructure as Code' - DevOps Belfast
'Intro to Infrastructure as Code' - DevOps Belfast
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
 
Zero mq logs
Zero mq logsZero mq logs
Zero mq logs
 
Monitoring with sensu
Monitoring with sensuMonitoring with sensu
Monitoring with sensu
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 

Kürzlich hochgeladen (20)

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

Linux routing and firewall for beginners

  • 2. • Introduction • What we will not be covering • Setup – 30 mins • Some network basics • Some VirtualBox basics • Routing (demo, troubleshooting and exercises) • Firewalls (demo, troubleshooting and exercises)
  • 3. • On the whiteboard during the workshop. • To be added to the presentation to be made available for download
  • 4. • This session is for beginners • Set up a router, and route between two networks • Set up a firewall, and understand basic firewall administration • What I haven’t tried in today’s infra • Asymmetric routing • We won’t be covering today: • LARTC (Linux Advanced Routing and Traffic Control) • QoS • Policy Based Routing • VPNs
  • 5. • Are you connected to the wifi yet? twguest/d1srupt1ve • Do you have Vagrant installed and running? Vagrant 1.5.1 at least • Do you have Virtual Box installed and running? (Vbox 4.3 at least) • Download the iptables zip file • Do you have the vagrant.d zip file? (Separate from the Vagrant app) • Set VAGRANT_HOME to c:vagrant.d (where you extract vagrant.d to)
  • 6. • Vagrant up, halt, destroy • Vagrant ssh • Restarting from scratch • About “office”, “router” and “dmz” • Saving your work via puppet
  • 7. • Ethernet configuration files • service network restart • ping • traceroute • ssh • netstat
  • 8. • From your laptop to the various individual boxes • Print the route table • Within each box • Print the route table • What have we discovered ? Draw a diagram • Explore the Virtual Box settings and validate the diagram • Which IPs are you able to ping? From where? • Why is the ping working? • Why is the traceroute working?
  • 9. • ssh to “office” • From “office”, ssh to “router”. • From “router”, ssh to “dmz” • Why is this working?
  • 10. • What should our routing look like? • Set up the routes • Are you able to get from office to dmz via the dmz IP? • If yes, why? • If no, what do you think is missing?
  • 11. • One of the first lessons one learns ! • Set up a route • Set up a return route • Ping • from office to dmz • from dmz to office • Does the ping work ? • We’ll look at SSH and traceroute next • Persisting the route settings
  • 12. • SSH and traceroute • from office to dmz • from dmz to office • Does the ssh and traceroute work ? • Coming up – packet forwarding
  • 13. • What is packet forwarding? • How does it work? • About /proc • Ping, traceroute and SSH • from office to dmz • from dmz to office • Does the ping, traceroute, ssh work ? • What does netstat on the receiving side tell you? • Next: Persisting your packet forwarding setting
  • 14. • /proc is temporary. Reboot and check ! ;) • Does the ping, traceroute, ssh work ? • Persisting your packet forwarding via /etc/sysctl.conf • Reloading /etc/sysctl.conf
  • 15. • What if both the sides have the same IP address range? • A common scenario between customer-vendor organizations • Let’s see this during the firewalls section
  • 16. • One “office”, two DMZs • Two “offices”, one DMZ
  • 17. • Given that we have • One “office”, one “DMZ” • One “office”, two DMZs • Two “offices”, one DMZ When we have the current configuration Then is this “DMZ” a DMZ?
  • 18. • Making a DMZ a DMZ
  • 19. • Netfilter – the kernel module • Iptables – the command line tool • service iptables status • What do we see here?
  • 20. • How and why does iptables startup? • Chkconfig • Where the service script is located • Turning iptables off • temporarily • permanently • flushing the tables • service iptables status • What do we see here?
  • 21. • View the Wikipedia diagram
  • 22. • What does a rule look like? • Add a rule • Delete a rule • View the rule • Persist the rule • What happens when you flush the tables? • How do we save the rules (service iptables save) • Where are the rules saved? • How are the rules loaded? • Is it safe to edit the file directly?
  • 23. • What happens when you flush the tables? • How do we save the rules (service iptables save) • Where are the rules saved? • How are the rules loaded? • Is it safe to edit the file directly? • About iptables restarts and reloads
  • 24. • Change the default INPUT and FORWARD policies • Edit the iptables files directly • What do you see? • Is an iptables service restart required?
  • 25. • How do we log a packet?
  • 26. • How do we log a packet?
  • 27. • How do we drop a packet? • What does the sender experience with a drop rule? • How do we reject a packet? • What does the sender experience with a reject rule?
  • 28. • What rules should we have?
  • 29. • Exercise 1: Expose port 8080 on the DMZ via port 80 on the router IP. • Are we able to access port 8080 via the router IP?
  • 30. • Create two DMZs • Expose an SSH service in each DMZ via the same IP but different ports
  • 31. • Can • defend against specific IP level characteristics • Fast rate of packets • Permit from certain origins only • Won’t • Defend you from app vulnerabilities
  • 32. • What is NAT? • A look at a basic NAT rule • Let’s NAT • Connections from office to DMZ via the router’s DMZ IP. • ssh • Python SimpleHTTPServer • What does netstat on the DMZ tell you about the remote IP? • What does the python SimpleHTTPServer log tell you about the remote IP?
  • 33. • Checking the NAT table
  • 34. • What if we have a pool of public IPs available for NAT?
  • 35. • What should the solution be?
  • 36. • Exposing one DMZ to another via routing and NAT • On the same laptop • Across laptops