Labtainers 1 IPTABLES 1 Overview This Labtainer exercise illustrates the use of iptables on a firewall to limit network

[answerhappygod]

Labtainers 1 IPTABLES 1 Overview This Labtainer exerciseillustrates the use of iptables on a firewall to limit networkaccess to a server from a client, as illustrated in figure 1 Whenproperly configured, the firewall will only allow selected trafficfrom the client to the server. 1.1 Background Limiting the types ofnetwork traffic sent to a server can help to protect the serverfrom unauthorized access. For example, if the server contains anunsecured service available through its network interface,exploitation of that service is more difficult if something blockstraffic destined for that service. A variety of differenttechniques and products exist for the purpose of limiting IPnetwork traffic between computers. In this lab, you will limit IPtraffic through use of Linux iptables. The student is expected tohave separately learned about the use of iptables to selectivelyblock network traffic. The firewall component includes an examplefirewall setting script that you can reference. The manpage foriptables can be viewed on the firewall component using: maniptables man iptables-extensions Students are expected to have abasic familiarity with the Linux command line, and the ability toedit files and run simple shell scripts. Some experience withWireshark is presumed, e.g., performance of the wireshark-introlab. 2 Lab Environment This lab runs in the Labtainer framework,available at http://my.nps.edu/web/c3o/labtainers. That siteincludes links to a pre-built virtual machine that has Labtainersinstalled, however Labtainers can be run on any Linux host thatsupports Docker containers. From your labtainer-student directorystart the lab using: labtainer iptables2 A link to this lab manualwill be displayed. Figure 1: Network topology for the iptables labLabtainers 2 3 Lab Tasks 3.1 Explore The Wireshark utility isinstalled on the firewall. Use it to view network traffic throughthe firewall, and to debug your firewall rules. Start it from thefirewall terminal: wireshark & Then select the eth0 interface.On the client terminal use the nmap utility to list (some of the)open ports on the server: nmap server Use wget to confirm that theserver response to HTTP requests: wget server & Confirm an sshservice if offered – you need not login when prompted, just usectrl C to exit once you get a response from the server. ssh serverFinally, confirm that telnet is offered (again, no need to login):telnet server Observe the traffic in wireshark, making note thesource IP addresses and the destination ports used by the clientswhen connecting to the server 3.2 Use iptables to limit traffic Theiptables utility is installed on the “firewall” component. Use itto prevent the firewall from forwarding any traffic to the serverother than SSH and HTTP. You may reference and experiment with theexample firewall script that is on the firewall component in thehome directory. To run the example fw.sh script, use: sudo./example_fw.sh View the content of the script to understand whatit does. Consider putting your iptables commands in a script so itis easy to test and reconfigure the iptables if you restart thelab. Note the last line in the example fw.sh script directsiptables to log dropped packets. You can view these from one of thefirewall terminal tabs via: tail -f /var/log/iptables.log Aftermodifying your iptables configuration, use the applications on theclient to demonstrate that the firewall only allows the desiredtraffic. Watch the traffic in wireshark to see that the TCPhandshake fails when attempting to connect to filtered ports. Usenmap to confirm the proper configuration: nmap server Labtainers 33.3 Open new service port The client computer includes a wizbangprogram that you must now allow to send traffic to the server. Runthe program from the client, and observe which port it attempts touse within wireshark: ./wizbang Then alter your iptables to allowthis service. After adjusting your iptables, confirm that you canrun the wizbang program successfully. Also, again use nmap toconfirm the proper configuration nmap server 4 Submission Afterfinishing the lab, go to the terminal on your Linux system that wasused to start the lab and type: stoplab When you stop the lab, thesystem will display a path to the zipped lab results on your Linuxsystem. Provide that file to your instructor, e.g., via the Sakaisite. This lab was developed for the Labtainer framework by theNaval Postgraduate School, Center for Cybersecurity and CyberOperations. This work is in the public domain, and cannot becopyrighted