MYANMAR ING SECOND CAMP

SECURING SERVERS WITH LINUX FIREWALL

PRESENTED BY

MISS. MAY THU THU HTUN

OUTLINE OF PRESENTATION

Abstract

Aim and Objectives

Linux Firewall

Iptables

Filtering table (state table) and Network Address

Translation

2
ABSTRACT

Creating a firewall script called rc.firewall

That script is saved at location /etc/rc.d

The firewall will operate according to the rules written
in this script file

3
AIM AND OBJECTIVES

To study Linux open source operation system

To know network security threats

To study the concepts of firewall

4
LINUX FIREWALL

Linuxis open source operating system and any

firewall in Linux is also open source

Low cost

World wide support

5
FIREWALL

referto a piece of hardware or software

prevent some communications forbidden defined
by network policy

can be distinguished

personal firewall – filter traffic entering or

leaving a single computer

network firewall – filter all traffics entering or
leaving a connected network

6
FIREWALL BASIC STRUCTURE

7
TYPES OF NETWORK FIREWALL

Proxy based firewall

Circuit level proxy

Application level proxy

Packet filtering firewall

Stateless packet filtering firewall

Stateful packet filtering firewall

8
BENEFITS OF FIREWALL

Firewall are effective to
 Protect the local system
 Protect the network based security
 Provide secured and controlled access to Internet
 Provide restricted and controlled access from the Internet to
local servers

Highly customizable and versatile

Robust and reliable

9
TOOLS FOR WRITING RULES

Ipf for various OS

Ipfw for FreeBSD/Mac OS X

Pf for OpenBSD and other BSDs

Ipchain for Linux kernel 2.2

Iptable for Linux kernel 2.4 or 2.6

10
IPTABLES

Used to set up, maintain and inspect the table of

IP packet filtering rules

Can define several different tables

Each table contain a number of built in chain and

may contain user defined chain

Contain three default tables

Filter table

NAT table

Mangle table
11
CONFIGURING FIREWALL FOR PRIVATE
NETWORK

192.168.1.0/24
Network

eth1
192.168.1.1
255.255.255.0 eth0
10.10.1.1
255.255.255.252

Switch Internet

Linux firewall

12
CONFIGURING FIREWALL WITH IPTABLES

Restrict the users’ access other than web access:

#iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -m tcp -p tcp --dport 80 -
mstate --state NEW -j ACCEPT

• web server access to Internet (connection tracking)

#iptables –A FORWARD –i eth0 –d 192.168.1.1 –m tcp –p tcp –dport 80 –
mstate –state NEW –j ACCEPT

Mail server access to Internet (connection tracking)

#iptables –A FORWARD –i eth0 –d 192.168.1.1 –m tcp –p tcp –dport 25 –
mstate –state NEW –j ACCEPT

13
CONFIGURING FIREWALL WITH IPTABLES
(CON’T)

SNAT WEB server
iptables –t nat –A POSTROUTING- -ieth1 –d 10.0.1.1 –p tcp –dport 80 –j SNAT
– to 192.168.1.3

SNATMail server
#Iptables-t nat -A POSTROUTING -i eth1 -d 10.10.1.1 -m tcp -p tcp --dport 80
-j SNAT --to-destination 192.168.1.2

DNAT Mail server

#iptables–A FORWARD –i eth0 –d 192.168.1.1 –m tcp –p tcp –dport 80 –mstate –state
NEW –j ACCEPT

DNAT web server:

iptables –t nat –d 10.0.1.5 –p tcp –dport 80 –j DNAT – to
192.168.120.100
14
CONCLUSION

By building NAT firewall, the whole network
can connect to Internet with single public IP
address

By limiting access, local servers can be secured
and it can keep connection state

It can conceal the internal configuration from
external observers

It can reduce the VPN configuration option

15
16