Lab 06: Packet filter with iptables

1. Overview
Firewalls can either be configured on network devices (routers) that filter traffic between two networks or
on individual machines to filter traffic to and from a single machine. In this lab, we will configure a personal
firewall on a Ubuntu VM

The Linux firewall is called netfilter, while the fundamental command to configure it is iptables. While
different Linux distributions have a variety of high-level firewall configuration tools, iptables is the foundation
on which such higher level tools are built and is available in almost all Linux distributions. You must be root
to configure the firewall.

2. Lab Environment
For this lab, each student will need 2 clients and a server. We will use the following VMs:
1. Server (Guest): Ubuntu (SEEDUbuntu)
2. Client 1 (Guest): Ubuntu (with scapy
installed)
3. Client 2 (Host): Windows 7 or 10
These VMs must be on the same subnet which is
VMNet8 (NAT) in this scenario.
Hint:
Go to Menu VM > Settings… , make sure that NAT
is on the right of Network Adapter. If not, change
accordingly.
At the command prompt of each machine:
- Use ipconfig (Windows) or ifconfig (Linux) command and write down the IP address of them,
- Use ping to make sure that each machine can communicate with the others.
On the Ubuntu VM, make sure that these 3 services are running:
Service Port Test procedure
Web 80 From either client machines:
1. Open browser,
2. Enter IP address of the Ubuntu machine on address bar
3. The contents of the index.html page should be displayed
Ftp 20,21 From either client machines:
1. Open command prompt
2. Issue command: ftp <ip address of Ubuntu machine>
The banner of ftp server should be displayed
3. Login with username: anonymous, password: any
ssh 22 On Windows client machines:
1. Download and install PuTTY from http://www.putty.org/
2. Start and establish connection with Ubuntu machine
3. Make sure that you can log in with username: root, password:
seedubuntu
By default, you will find no rules configured on the server, so if you use the -L option to list the firewall
rules you will see output like this:
# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

The Linux firewall allows the administrator to define chains (lists) of rules that describe how to filter packets.
The origin of the packet determines which chain of rules is used. In the output above, three default chains
are displayed, each for a different origin. The INPUT chain is for packets that are sent to the host on which
the firewall is configured. The OUTPUT chain is for packets that are sent from the host on which the firewall
is configured. The FORWARD chain determines which packets are routed to the next hop on hosts
configured as routers or firewalls between two networks. As the server is not configured as a router, we
will not use the FORWARD chain.

If your firewall configuration causes problems, you can wipe all iptables rules with the -F (flush) option to
start with a fresh state:

# iptables -F

3. Tasks
Use google to learn various rules/options of iptables
a. Change the default policy to DROP all access to Ubuntu server,
Check the result from either client machines (cannot ping, web access, ftp connect..)
b. Enable web and ftp access only for both clients
c. Enable ping only from client 1 by:
+ Config DROP packets from client 2 only or
+ Config DROP packets from subnet where client 2 machine resides by setting up blacklist option.
d. Create a rule that allows SSH only from a specific IP address.
e. Create the rules that block any HTTP and HTTPS browsing
f. Create a rules to rate-limit ICMP(Ping) traffic to 5 packets per second, the packets are crafted and
sent within scapy. Find a way to validate that this rule works.
g. Allow only incoming SSH connections.
h. Block all incoming TCP traffic. Validate this rule by sending packet from scapy.
i. Block all incoming UDP traffic. Validate this rule by sending packet from scapy.
4. Tasks
You need to submit a detailed lab report to describe what you have done and what you have observed.
Please provide details using screen shots and code snippets.