iptables and Outbound Traffic

Loading...

From the course by University of Colorado System

Secure Networked System with Firewall and IDS

5 ratings

University of Colorado System

Secure Networked System with Firewall and IDS

5 ratings

Course 4 of 4 in the Specialization Fundamentals of Computer Network Security

In this MOOC, we will focus on learning how network systems are secured using firewalls and IDS. This will include understanding the basic components of network security, constructing a dual-firewall DMZ, and defining security policies to implement and enforce these rules. Building upon these lessons we will go in-depth on the popular Linux firewall. Finally we will learn about Network IDS and Host IDS, including a deep dive into Snort.

From the lesson

Implement Firewall with Linux IPTable

In this module, we will learn how to use Linux iptables to implement firewall rules for filtering packets, and SNAPT or DNAT address port translation, and the security policies.

iptables and Outbound Traffic7:04

Meet the Instructors

Edward Chow
Professor
Computer Science

In this lesson we show how Linux IP table processing packet

outbound to internet on the outer firewall.

Any packet outbound to internet will be sent in from

the demilitarized subnet to the either one in the face of the outer interface.

Which we configure with 190 to 168.10.1 gateway address.

If we would like to block a machines in internet with the IP address 10.1.2.3,

from sending out any packet to the Internet can insert an IP table rule.

To the forward chain of the outer firewall with the classify as -s

10.1.2.3 and with the action as -j REJECT.

Showing in the middle of this view graph, the packet come from

the machine will then be block and send back ICMP echo packet.

Remember that security path in number three, try to

restrict certain Internet subnet from connecting to the Internet.

Here we're just showing you how to use the IP table rule.

To implement thus security policy, we simply replace

-s option with a specific internet subnet address.

For all Internet traffic that goes to Internet we insert an IP

table rule to the port routing chain.

Which classify is a zero which matching any traffic

try to come out to the Internet through the either zero interface.

[COUGH] And with action -j MASQUERADE.

MASQUERADE specify an operation call Snapped.

So then work address and port translation.

It substitutes a source IP address

with typically all private land address in our system configuration.

To the one of the share public IP address.

For example one of those 128.198.60.11 to 14, those 4 IP address and

potentially with different port number.

It also insert an IP address and TCP port translation

entry into mapping table maintained in the outer firewall.

So that the future return traffic or

the future outbound traffic of the same session can be translated.

For example a packet with source IP address 10.0.1.2 and

TCP source port 2000, and also TCP destination port 80.

We'll be modify a source IP 128.190.60-13.

13 is used for the outgoing public IP address.

And source port will be chosen by the system r squared [INAUDIBLE] When it's

a HTTP respond messages coming back from the web server,

it's destination address will be transferred back

through the mapping table lookup to 10.0.1.2 and

destination poll 2000 or original poll and sent back to the inside.

Based on the mapping table entries saved in the outer firewall.

Note that another packet with a source IP address 1 92

160 10.3 and the TCP source IP address 2000.

Also 2000.

Maybe a sign with MASQUERADE with the source of IP address.

The same IP address 128.198.16.13 but

here the poll number will be assigned with 4444 and

that's the previous post 3333 has been reclaimed and when the session terminate.

To protect traffic to the servers inside the outer Firewall,

incoming packet will first go through the t-net translation similar to before.

Here we assume the management server is running on port 8000.

In the outer firewall, the IP table rule will perform

the nat translation by modifying the IP address from

128.198.60.11 which is specific design for

outer Firewall to 192.168.10.1.

Routing module is then routing the packet upward to the application layer.

The packet sends upward to the local processes will be

examined by the IPA table rule in the input channels.

It's not in the forward channels.

Input channel.

Here we insert two IP table rules.

One drop packet incoming from any machine in Internet

except 1381696.1.

It is perhaps the system administrations home IP address.

The other one reject all packet except the one from Internet machine 10.0.1.2.

Know that here we use and

negate operator in the -s, source IP address options.

And that edges maybe the system is through Office.

Once all the IP table rules in the input chain are processed and the packet is

handed over back to the corresponding local process based on the port number.

Note that here we may want to open additional connections.

To certain machines in the internet so that we can bring in service patch.

Here we show the outgoing packets from local out of firewall.

Can be regulated by inserting IP table rule

to guard against their final destinations.

Perhaps the evaluation should be logged try to add

the rules like minus j log dash dash log dash prefix via

a code variation access rule before reject and drop.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play