Firewall iptables linux & server

Page 1

Firewall Linux and window server

12/2/2014

Deadline: 16,01,2014

1

Contents 1. Allow Only SRV1 can remote SSH into Firewall Server ................................... 3 2. Allow LAN-Client Request IP address ............................................................... 9 3. Allow DNS .......................................................................................................10 A. Firewall Request DNS from ISP ..................................................................10 B. B. Firewall Request DNS in Local ...............................................................11 C. C. SRV1 Request DNS from ISP .................................................................13 D. D. LAN-Client request DNS in Local ..........................................................15 4. Allow LAN-client Join domain and Access file share .......................................16 5. Allow Only PC2 can remote Desktop into SRV1 Server ...................................17 6. Allow LAN-Client access webserver in SRV1 (local) .......................................19 7. Enable POSTROUTING by using Masquerading type ......................................20 8. Allow access internet ........................................................................................20 A. Firewall Server ............................................................................................20 B. B. LAN-Server ............................................................................................20 C. C. LAN-Client .............................................................................................21 A. Make sure PC3 (your real machine) can access Webserver in SRV1. .......22

12/2/2014

9. Enable PREROUTING by using Destination NAT. (optional) ..........................22

2

1. Allow Only SRV1 can remote SSH into Firewall Server We just go to yast lan for configure IP of ISP in Linux firewall

Below the IP address firewall configure

12/2/2014

Below IP address after we configure

3

Configure DNS ISP for firewall

Gateway isp assign for firewall

12/2/2014

We just use ifconfig for show ip address of firewall

4

Test nslookup on firewall get dns from isp

We go to yast -I for install DHCP RELAY for firewall

12/2/2014

We just install relay for firewall for configure two network

5

We can see the Ethernet each interface in firewall

We go to vi /etc/sysconfig/dhcrelay

We just assign each Ethernet

12/2/2014

We use below command for restart service

6

The first before SRV1 can remote to firewall we need to create one file for write IP tables. We just touch fortigat.sh

We just write vi fortigat.sh

Please follow role below

12/2/2014

Server test ping connect to firewall

7

Firewall ping connect to server

Server can remote to firewall after we ping together

12/2/2014

Just assign password of firewall for server SSH remote

8

Server can remote to firewall

2. Allow LAN-Client Request IP address We just vi fortigat.sh for go to configure role allow client request DHCP from server

Please follow ip tables Below is role in firewall

After we configure just run file that we configure

12/2/2014

We just restart service dhcrelay restart

9

Late client for request DHCP from server We use ipconfig /release for release old ip address

We use ipconfig /renew for renew new ip address for client

3. Allow DNS A. Firewall Request DNS from ISP

12/2/2014

Please follow all step

10

Test give firewall can nslookup request DNS from ISP

B. Firewall Request DNS in Local We just vi fortigat.sh for configure allow firewall can request dns from server local

Please follow role below

After we configure just run it by use sh fortigat.sh

12/2/2014

We just go to yast lan for configure IP address of server local

11

12

12/2/2014

C. SRV1 Request DNS from ISP

12/2/2014

Please follow role step below | IP is IP DNS of ISP

13

14

12/2/2014

D. LAN-Client request DNS in Local We just go to configure file by using vi fortigat.sh

12/2/2014

Please follow step below

15

Late client test request DNS from server in local

3. Allow LAN-client Join domain and Access file share Please follow step below

12/2/2014

Test client can join domain

16

Allow client can access file. Please follow step below

4. Allow Only PC2 can remote Desktop into SRV1 Server

12/2/2014

This IP address for assign specific IP address for client remote to server put it on firewall

17

We go to file vi fotigat.sh for configure it

Please follow step below is specific IP address when client remote

We just run service after we configure it

12/2/2014

We just write remote Desktop Connection

18

5. Allow LAN-Client access webserver in SRV1 (local)

12/2/2014

Please follow below step

19

6. Enable POSTROUTING by using Masquerading type Postrouting and IP Masquerading Accepting forwarded packets via the firewall's internal IP device allows LAN nodes to communicate with each other; however they still cannot communicate externally to the Internet.

8. Allow access internet A. Firewall Server Please follow step below

B. LAN-Server

12/2/2014

C. Please follow step below

20

D. LAN-Client

12/2/2014

Please follow step below

21

9. Enable PREROUTING by using Destination NAT. (optional)

12/2/2014

A. Make sure PC3 (your real machine) can access Webserver in SRV1.

22

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.