8/3/2019 NITA 212 - Open Source Platform & Network Administration - Lab #11

http://slidepdf.com/reader/full/nita-212-open-source-platform-network-administration-lab-11 1/1

Lab #11 - Firewall Introduction + Extra Credit Assignment Stanislav

Lab Steps:I. Learning Basic Interaction with iptables 

A. Open a Terminal and become root.

B. Type /sbin/iptables -F to flush all current iptables chain rules.C. Type /sbin/iptables -L -v to verbosely see your iptables chains. There are no rules currently.D. Type cat /etc/sysconfig/iptables to view the currently saved iptables ruleset. While you have

flushed the live chains, the actual configuration for the system hasnʼt changed.E. Type /etc/init.d/iptables stop to flush all rules, set the default rules to accept all traffic, and

unload all kernel modules for iptables.F. Type /etc/init.d/iptables start to reload the iptables modules and load the existing

configuration file  /etc/sysconfig/iptables to the state it was prior to you flushing the chain rules.G. Type /sbin/iptables -L -v -n to verbosely show all iptables chains & rules, without resolving

IP addresses to hostnames (usually faster to show). This is the output of the default configurationthat the system is using for a firewall.

II. Using the GUI Firewall Configuration ToolA. Select System > Administration > Security Level and Firewall from the menu to open theFirewall Configuration tool. This is the same as if you typed system-config-securitylevel.

B. You will notice that the firewallʼs configuration dropdown is set as Enabled.

C. You will see that SSH is allowed to be connected to through your firewall. Go back to yourTerminal and type /sbin/ifconfig eth0 to find your IP address and share it with a classmate.

D. Once you get someone elseʼs IP Address try to ssh lrat@<their ip address> in your Terminal.You should be prompted to enter the lrat user password.

E. Once both of you have successfully been able to connect to the SSH server on each otherʼscomputers, go back to your respective Firewall Configuration windows, uncheck SSH, and clickApply at the top of the dialog. Click Yes when prompted to overwrite your current rules.

F. When both of you have completed the previous task, try to ssh again. You should not be able toconnect to each otherʼs SSH server anymore.

G. Reverse this step and re-enable SSH on your machine the same way you had just disabled it.H. Close the Firewall Configuration dialog.

III. Adding and Removing a Custom iptables Rule via the CLIA. Go back to your Terminal once again and become root if you already arenʼt.

B. Type /sbin/iptables -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 31337 -j ACCEPT toallow TCP connections to port 31337 on your machine

C. Type /sbin/iptables -L -n | grep 31337 and you will see a line showing the loaded rule.D. Type /sbin/iptables -D RH-Firewall-1-INPUT -m tcp -p tcp --dport 31337 -j ACCEPT to

delete it.E. Close your Terminal.

Extra Credit - Create Your Own Lab! (25 Points)Overview: Create a lab of a reasonable length and difficulty, similar to those we have done previously.Use a topic that we have not already covered during class or revisit a topic in a brand new way.

Restrictions: No more than two people may turn-in one lab. Labs must have an organized structure

similar to those you do in class each week. Your lab will be graded for content, structure, clarity, andquality. Partial credit will be awarded. This must be turned-in today and you must have already completedthe lab above to be able to participate in the extra credit.