"Iptables" is default firewall that comes with most modern GNU / Linux distributions. It also has the capability to block some type of Denial of Service Attack. It has 4 built in Tables Filter Table NAT Table Mangle Table Raw table.
"Iptables" is default firewall that comes with most modern GNU / Linux distributions. It also has the capability to block some type of Denial of Service Attack. It has 4 built in Tables Filter Table NAT Table Mangle Table Raw table.
Direitos autorais:
Attribution Non-Commercial (BY-NC)
Formatos disponíveis
Baixe no formato PDF, TXT ou leia online no Scribd
"Iptables" is default firewall that comes with most modern GNU / Linux distributions. It also has the capability to block some type of Denial of Service Attack. It has 4 built in Tables Filter Table NAT Table Mangle Table Raw table.
Direitos autorais:
Attribution Non-Commercial (BY-NC)
Formatos disponíveis
Baixe no formato PDF, TXT ou leia online no Scribd
Introduction • “iptables” is default firewall that comes with most modern GNU/Linux distributions • It also has the capability to block some type of Denial of Service Attack. • Also Filter based on MAC Address. • IPTables perform Network Address Translation Tables And Chains Tables • It has 4 Built in Tables • Filter Table • NAT Table • Mangle Table • Raw table Filter Table • Filter is default table for iptables • Iptables’s filter table has the following built-in chains. • INPUT chain • Incoming to firewall. For packets coming to the local server. • OUTPUT chain • Outgoing from firewall. For packets generated locally and going out of the local server. • FORWARD chain • Packet for another NIC on the local server. For packets routed through the local server NAT Table • Iptable’s NAT table has the following built-in chains. • PREROUTING chain • Packet translation happens immediately after the packet comes to the system ( before routing). • Translate the destination ip address DNAT (destination NAT). • POSTROUTING chain • Packet translation happens when the packets are leaving the system. • Translate the source ip address SNAT (source NAT). • OUTPUT chain • NAT for locally generated packets on the firewall Mangle Table And Raw Table • Iptables’s Mangle table is for specialized packet alteration. • This alters QOS bits in the TCP header. • Mangle table has the following built-in chains. • PREROUTING chain • OUTPUT chain • FORWARD chain • INPUT chain • POSTROUTING chain • Iptable’s Raw table is for configuration exceptions. • Raw table has the following built-in chains. • PREROUTING chain • OUTPUT chain IPTables Rules • Rules contain a criteria and a target. • If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target. • If the criteria is not matched, it moves on to the next rule. • Some Target Values are:- • ACCEPT • DROP • LOG • REJECT • MASQUERADE Examples • Syntax: iptables –t <tablename> -A <chain> -j <target> Example: >>>iptables –F >>>iptables -L >>>iptables -A INPUT -p tcp -s 10.10.10.10 --dport 3306 -j ACCEPT >>>iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 -- dport 22 -m state --state NEW,ESTABLISHED -j DROP >>>iptables -A TCP_FLAGS -p tcp --tcp-flags ACK,FIN FIN -j REJECT NAT • DNAT • Destination NAT is always done before routing. • Done when the packet first comes off the wire. • Port forwarding, load sharing, and transparent proxy are all forms of DNAT. • SNAT • Source NAT is always done post-routing • Done Just before the packet goes out onto the wire. • Masquerading is a specialized form of SNAT. Example SNAT • iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE • MASQUERADE automatically chooses address • MASQUERADE forgets old connections when interface goes down • iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to- source 194.236.50.155-194.236.50.160:1024-32000 Example DNAT • iptables -t nat -A PREROUTING -d 10.10.20.99 -j DNAT --to- destination 10.10.14.2