SlideShare a Scribd company logo

Configure Proxy and Firewall (Iptables)

Tola LENG
Tola LENG
1 of 21
Download to read offline
NETWORK ADMINISTRATINETWORK ADMINISTRATINETWORK ADMINISTRATINETWORK ADMINISTRATIONONONON Firewall (Iptables on SuSE11) 2013-2015 PASSERELLES NUMERIQEUS CAMBODIA Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 1 CONTENTS lAB INstruCtion.......................................................................................................................................................2 WindowsWindowsWindowsWindows .................................................................................................................................................................2 I.I.I.I. Configure iptabConfigure iptabConfigure iptabConfigure iptables fileles fileles fileles file.....................................................................................................................................3 a. Set the variables or Declarations for every interface and policy...............................................................3 • Ping allow..................................................................................................................................................4 1. Allow Only SRV1 can remote SSH into Firewall Server.....................................................................................5 2. Allow LAN-Client Request IP address...............................................................................................6 3. Allow DNS......................................................................................................................................................7 A. Firewall Request DNS from ISP.........................................................................................................7 B. Firewall Request DNS in Local...........................................................................................................8 C. SRV1 Request DNS from ISP ............................................................................................................9 D. LAN-Client request DNS in Local ...................................................................................................9 4. Allow LAN-client Join domain and Access file share.................................................................10 Let us join and access file share.................................................................................................10 User access file share from server.............................................................................................12 5. Allow Only PC2 can remote Desktop into SRV1 Server ...........................................................14 6. Allow LAN-Client access webserver in SRV1 (local) ................................................................15 7. Enable POSTROUTING by using Masquerading type...................................................................17 8. Allow access internet...............................................................................................................................17 A. Firewall Server.......................................................................................................................................17 B. LAN-Server...........................................................................................................................................19 C. LAN-Client.............................................................................................................................................19
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 2 LAB INSTRUCTION WINDOWSWINDOWSWINDOWSWINDOWS SERVERSERVERSERVERSERVER LAN ServerLAN ServerLAN ServerLAN Server Network Address: 192.168.25Network Address: 192.168.25Network Address: 192.168.25Network Address: 192.168.25.0/24.0/24.0/24.0/24 192.168.25192.168.25192.168.25192.168.25.1 Router/Default.1 Router/Default.1 Router/Default.1 Router/Default GatewayGatewayGatewayGateway 192.168.25.2192.168.25.2192.168.25.2192.168.25.2 DNS ServerDNS ServerDNS ServerDNS Server 192.168.25.3192.168.25.3192.168.25.3192.168.25.3 –––– 192.168.25.150192.168.25.150192.168.25.150192.168.25.150 Address pool/scopeAddress pool/scopeAddress pool/scopeAddress pool/scope 192.168.25.3192.168.25.3192.168.25.3192.168.25.3----192.168.25192.168.25192.168.25192.168.25.20 Address Exclusive.20 Address Exclusive.20 Address Exclusive.20 Address Exclusive LAN ClientLAN ClientLAN ClientLAN Client Network address: 172.16.25Network address: 172.16.25Network address: 172.16.25Network address: 172.16.25.0/24.0/24.0/24.0/24 172.16.25172.16.25172.16.25172.16.25.1 Router/Default Gateway.1 Router/Default Gateway.1 Router/Default Gateway.1 Router/Default Gateway 192.16192.16192.16192.168888.25.2.25.2.25.2.25.2 DNS ServerDNS ServerDNS ServerDNS Server 172.16.120.3172.16.120.3172.16.120.3172.16.120.3 –––– 172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope 172.16.120.10172.16.120.10172.16.120.10172.16.120.10 –––– 172.16.120.20172.16.120.20172.16.120.20172.16.120.20 Address ExclusiveAddress ExclusiveAddress ExclusiveAddress Exclusive InternetInternetInternetInternet 172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 3 Relay/RouterRelay/RouterRelay/RouterRelay/Router(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales) 192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface eth1eth1eth1eth1 172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface eht2eht2eht2eht2 172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet ethoethoethoetho * Note* Note* Note* Note1111: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server. *Note2: Makure*Note2: Makure*Note2: Makure*Note2: Makure Sure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router is reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible. I.I.I.I. Configure iptables fileConfigure iptables fileConfigure iptables fileConfigure iptables file by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables. a. Set the variables or Declarations for every interface and policy.
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 4 • Ping allow
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 5 1. Allow Only SRV1 can remote SSH into Firewall Server Run SH fileRun SH fileRun SH fileRun SH file Let Server remote to Firewall.Let Server remote to Firewall.Let Server remote to Firewall.Let Server remote to Firewall.
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 6 2. ALLOW LAN-CLIENT REQUEST IP ADDRESS
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 7 3. ALLOW DNS A. FIREWALL REQUEST DNS FROM ISP
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 8 B. FIREWALL REQUEST DNS IN LOCAL
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 9 C. SRV1 REQUEST DNS FROM ISP D. LAN-CLIENT REQUEST DNS IN LOCAL
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 10 4. ALLOW LAN-CLIENT JOIN DOMAIN AND ACCESS FILE SHARE Let us join and access file share
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 11
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 12 User access file share from server
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 13
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 14 5. ALLOW ONLY PC2 CAN REMOTE DESKTOP INTO SRV1 SERVER => Let client remote
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 15 6. ALLOW LAN-CLIENT ACCESS WEBSERVER IN SRV1 (LOCAL)
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 16 Test Client * I have two different template for point to domain and ip address. => Access by Domain name of server
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 17 Access by IP address 7. ENABLE POSTROUTING BY USING MASQUERADING TYPE 8. ALLOW ACCESS INTERNET A. FIREWALL SERVER
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 18
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 19 B. LAN-SERVER C. LAN-CLIENT
PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 20 9. Enable PREROUTING by using Destination NAT. (optional) A. Make sure PC3 (your real machine) can access Webserver in SRV1. The End!The End!The End!The End!

Recommended

Open vpn server_linux
Open vpn server_linuxOpen vpn server_linux
Open vpn server_linuxTola LENG
 
Basic security & info
Basic security & infoBasic security & info
Basic security & infoTola LENG
 
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file serverTola LENG
 
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseConfigure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayTola LENG
 
How to configure IPA-Server & Client-Centos 7
How to configure IPA-Server & Client-Centos 7How to configure IPA-Server & Client-Centos 7
How to configure IPA-Server & Client-Centos 7Tola LENG
 
Tola.leng mail server (sq_mail & rcmail)_q5_
Tola.leng mail server (sq_mail & rcmail)_q5_Tola.leng mail server (sq_mail & rcmail)_q5_
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
 

Recommended

Open vpn server_linux
Open vpn server_linuxOpen vpn server_linux
Open vpn server_linuxTola LENG
 
Basic security & info
Basic security & infoBasic security & info
Basic security & infoTola LENG
 
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file serverTola LENG
 
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseConfigure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayTola LENG
 
How to configure IPA-Server & Client-Centos 7
How to configure IPA-Server & Client-Centos 7How to configure IPA-Server & Client-Centos 7
How to configure IPA-Server & Client-Centos 7Tola LENG
 
Tola.leng mail server (sq_mail & rcmail)_q5_
Tola.leng mail server (sq_mail & rcmail)_q5_Tola.leng mail server (sq_mail & rcmail)_q5_
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3Sophan Nhean
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerTola LENG
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configurationMario Tabuada Mussio
 
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...Mohd Khairulazam
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarWalid Umar
 
Nova HA
Nova HANova HA
Nova HAOpen Stack
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Kaan Aslandağ
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsBootcamp SCL
 
Modul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osModul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osEen Pahlefi
 
Huawei switch configuration commands
Huawei switch configuration commandsHuawei switch configuration commands
Huawei switch configuration commandsHuanetwork
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LABKaan Aslandağ
 
Kickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateKickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateLuca Viscomi
 
Setting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsingSetting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsingimanariepin24
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Een Pahlefi
 
Configure active directory & trust domain
Configure active directory & trust domainConfigure active directory & trust domain
Configure active directory & trust domainTola LENG
 
Map.ppt
Map.pptMap.ppt
Map.pptwebhostingguy
 
Install linux suse(sless11)
Install linux suse(sless11)Install linux suse(sless11)
Install linux suse(sless11)Tola LENG
 
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
 

More Related Content

What's hot

Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3Sophan Nhean
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerTola LENG
 
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...Mohd Khairulazam
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarWalid Umar
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Kaan Aslandağ
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsBootcamp SCL
 
Modul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osModul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osEen Pahlefi
 
Huawei switch configuration commands
Huawei switch configuration commandsHuawei switch configuration commands
Huawei switch configuration commandsHuanetwork
 
Kickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateKickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateLuca Viscomi
 
Setting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsingSetting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsingimanariepin24
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Een Pahlefi
 

What's hot (18)

Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
 
Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3Dhcp & dhcp relay agent in cent os 5.3
Dhcp & dhcp relay agent in cent os 5.3
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba Server
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
 
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
Mail server on Ubuntu Server 12.04 (Postfix, Courier, SSL, SpamAssassin, Clam...
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
 
Nova HA
Nova HANova HA
Nova HA
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
 
Network configuration
Network configurationNetwork configuration
Network configuration
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
 
Modul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osModul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik os
 
Huawei switch configuration commands
Huawei switch configuration commandsHuawei switch configuration commands
Huawei switch configuration commands
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
 
Kickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_TemplateKickstat File_Draft_ESXI5.1_Template
Kickstat File_Draft_ESXI5.1_Template
 
Setting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsingSetting mikrotik untuk game online campur browsing
Setting mikrotik untuk game online campur browsing
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
 

Viewers also liked

Configure active directory & trust domain
Configure active directory & trust domainConfigure active directory & trust domain
Configure active directory & trust domainTola LENG
 
Install linux suse(sless11)
Install linux suse(sless11)Install linux suse(sless11)
Install linux suse(sless11)Tola LENG
 
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
 
Advance C++notes
Advance C++notesAdvance C++notes
Advance C++notesRajiv Gupta
 
How to be a good presentor by tola
How to be a good presentor by tolaHow to be a good presentor by tola
How to be a good presentor by tolaTola LENG
 
Tola.leng sa nagios
Tola.leng sa nagiosTola.leng sa nagios
Tola.leng sa nagiosTola LENG
 
Java Logging discussion Log4j,Slf4j
Java Logging discussion Log4j,Slf4jJava Logging discussion Log4j,Slf4j
Java Logging discussion Log4j,Slf4jRajiv Gupta
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
File Share Server, FTP server on Linux SuSE and Windows
File Share Server, FTP server on Linux SuSE and WindowsFile Share Server, FTP server on Linux SuSE and Windows
File Share Server, FTP server on Linux SuSE and WindowsTola LENG
 
Lab work servlets and jsp
Lab work servlets and jspLab work servlets and jsp
Lab work servlets and jspRajiv Gupta
 
Linux and Samba in 75 Minutes
Linux and Samba in 75 MinutesLinux and Samba in 75 Minutes
Linux and Samba in 75 Minuteswebhostingguy
 
Introduction to jsf2
Introduction to jsf2Introduction to jsf2
Introduction to jsf2Rajiv Gupta
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...webhostingguy
 
A Project Report on Linux Server Administration
A Project Report on Linux Server AdministrationA Project Report on Linux Server Administration
A Project Report on Linux Server AdministrationAvinash Kumar
 

Viewers also liked (20)

Configure active directory & trust domain
Configure active directory & trust domainConfigure active directory & trust domain
Configure active directory & trust domain
 
Map.ppt
Map.pptMap.ppt
Map.ppt
 
Install linux suse(sless11)
Install linux suse(sless11)Install linux suse(sless11)
Install linux suse(sless11)
 
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
 
Network Diagram
Network DiagramNetwork Diagram
Network Diagram
 
Advance C++notes
Advance C++notesAdvance C++notes
Advance C++notes
 
jsf2 Notes
jsf2 Notesjsf2 Notes
jsf2 Notes
 
How to be a good presentor by tola
How to be a good presentor by tolaHow to be a good presentor by tola
How to be a good presentor by tola
 
Tola.leng sa nagios
Tola.leng sa nagiosTola.leng sa nagios
Tola.leng sa nagios
 
Java Logging discussion Log4j,Slf4j
Java Logging discussion Log4j,Slf4jJava Logging discussion Log4j,Slf4j
Java Logging discussion Log4j,Slf4j
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modules
 
Jsp Notes
Jsp NotesJsp Notes
Jsp Notes
 
Struts2 notes
Struts2 notesStruts2 notes
Struts2 notes
 
File Share Server, FTP server on Linux SuSE and Windows
File Share Server, FTP server on Linux SuSE and WindowsFile Share Server, FTP server on Linux SuSE and Windows
File Share Server, FTP server on Linux SuSE and Windows
 
Lab work servlets and jsp
Lab work servlets and jspLab work servlets and jsp
Lab work servlets and jsp
 
Auxiliary : Tomcat
Auxiliary : TomcatAuxiliary : Tomcat
Auxiliary : Tomcat
 
Linux and Samba in 75 Minutes
Linux and Samba in 75 MinutesLinux and Samba in 75 Minutes
Linux and Samba in 75 Minutes
 
Introduction to jsf2
Introduction to jsf2Introduction to jsf2
Introduction to jsf2
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
 
A Project Report on Linux Server Administration
A Project Report on Linux Server AdministrationA Project Report on Linux Server Administration
A Project Report on Linux Server Administration
 

Similar to Configure Proxy and Firewall (Iptables)

Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design GuideJoel W. King
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in KubernetesMinhan Xia
 
Starter Tutorials on Reliable Lan Switching
Starter Tutorials on Reliable Lan SwitchingStarter Tutorials on Reliable Lan Switching
Starter Tutorials on Reliable Lan SwitchingS Khawaja
 
Networking For Application Developers by Roy Kim
Networking For Application Developers by Roy KimNetworking For Application Developers by Roy Kim
Networking For Application Developers by Roy KimRoy Kim
 
DNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerDNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerShovonKumar1
 
Latihan soal
Latihan soalLatihan soal
Latihan soaljoko
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterPaulo Freitas
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterbigwalker
 

Similar to Configure Proxy and Firewall (Iptables) (20)

N at
N atN at
N at
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design Guide
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 
Rhel4
Rhel4Rhel4
Rhel4
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
 
Starter Tutorials on Reliable Lan Switching
Starter Tutorials on Reliable Lan SwitchingStarter Tutorials on Reliable Lan Switching
Starter Tutorials on Reliable Lan Switching
 
Networking For Application Developers by Roy Kim
Networking For Application Developers by Roy KimNetworking For Application Developers by Roy Kim
Networking For Application Developers by Roy Kim
 
DNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerDNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracer
 
Latihan soal
Latihan soalLatihan soal
Latihan soal
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Kwfsbs67 en-v1
Kwfsbs67 en-v1Kwfsbs67 en-v1
Kwfsbs67 en-v1
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
 

Configure Proxy and Firewall (Iptables)

  • 1. NETWORK ADMINISTRATINETWORK ADMINISTRATINETWORK ADMINISTRATINETWORK ADMINISTRATIONONONON Firewall (Iptables on SuSE11) 2013-2015 PASSERELLES NUMERIQEUS CAMBODIA Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia
  • 2. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 1 CONTENTS lAB INstruCtion.......................................................................................................................................................2 WindowsWindowsWindowsWindows .................................................................................................................................................................2 I.I.I.I. Configure iptabConfigure iptabConfigure iptabConfigure iptables fileles fileles fileles file.....................................................................................................................................3 a. Set the variables or Declarations for every interface and policy...............................................................3 • Ping allow..................................................................................................................................................4 1. Allow Only SRV1 can remote SSH into Firewall Server.....................................................................................5 2. Allow LAN-Client Request IP address...............................................................................................6 3. Allow DNS......................................................................................................................................................7 A. Firewall Request DNS from ISP.........................................................................................................7 B. Firewall Request DNS in Local...........................................................................................................8 C. SRV1 Request DNS from ISP ............................................................................................................9 D. LAN-Client request DNS in Local ...................................................................................................9 4. Allow LAN-client Join domain and Access file share.................................................................10 Let us join and access file share.................................................................................................10 User access file share from server.............................................................................................12 5. Allow Only PC2 can remote Desktop into SRV1 Server ...........................................................14 6. Allow LAN-Client access webserver in SRV1 (local) ................................................................15 7. Enable POSTROUTING by using Masquerading type...................................................................17 8. Allow access internet...............................................................................................................................17 A. Firewall Server.......................................................................................................................................17 B. LAN-Server...........................................................................................................................................19 C. LAN-Client.............................................................................................................................................19
  • 3. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 2 LAB INSTRUCTION WINDOWSWINDOWSWINDOWSWINDOWS SERVERSERVERSERVERSERVER LAN ServerLAN ServerLAN ServerLAN Server Network Address: 192.168.25Network Address: 192.168.25Network Address: 192.168.25Network Address: 192.168.25.0/24.0/24.0/24.0/24 192.168.25192.168.25192.168.25192.168.25.1 Router/Default.1 Router/Default.1 Router/Default.1 Router/Default GatewayGatewayGatewayGateway 192.168.25.2192.168.25.2192.168.25.2192.168.25.2 DNS ServerDNS ServerDNS ServerDNS Server 192.168.25.3192.168.25.3192.168.25.3192.168.25.3 –––– 192.168.25.150192.168.25.150192.168.25.150192.168.25.150 Address pool/scopeAddress pool/scopeAddress pool/scopeAddress pool/scope 192.168.25.3192.168.25.3192.168.25.3192.168.25.3----192.168.25192.168.25192.168.25192.168.25.20 Address Exclusive.20 Address Exclusive.20 Address Exclusive.20 Address Exclusive LAN ClientLAN ClientLAN ClientLAN Client Network address: 172.16.25Network address: 172.16.25Network address: 172.16.25Network address: 172.16.25.0/24.0/24.0/24.0/24 172.16.25172.16.25172.16.25172.16.25.1 Router/Default Gateway.1 Router/Default Gateway.1 Router/Default Gateway.1 Router/Default Gateway 192.16192.16192.16192.168888.25.2.25.2.25.2.25.2 DNS ServerDNS ServerDNS ServerDNS Server 172.16.120.3172.16.120.3172.16.120.3172.16.120.3 –––– 172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope172.16.120.254 Address pool/scope 172.16.120.10172.16.120.10172.16.120.10172.16.120.10 –––– 172.16.120.20172.16.120.20172.16.120.20172.16.120.20 Address ExclusiveAddress ExclusiveAddress ExclusiveAddress Exclusive InternetInternetInternetInternet 172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet172.16.1.135/23 IP Bypass for access to Internet
  • 4. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 3 Relay/RouterRelay/RouterRelay/RouterRelay/Router(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales)(Use SUSE 11 for run iptabales) 192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface192.168.25.1/24 For LAN Server by Interface eth1eth1eth1eth1 172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface172.16.25.1/24 For LAN Client by Interface eht2eht2eht2eht2 172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet172.16.1.135/23 For Channel to Internet ethoethoethoetho * Note* Note* Note* Note1111: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server: Make sure all the primary roles that should be used in Server there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server.there are: AD+DNS, DHCP, Webserver,FTP and File Server. *Note2: Makure*Note2: Makure*Note2: Makure*Note2: Makure Sure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router isSure the Configuration on relay(SUSE) or router is reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible.reliable in for LAN server and LAN Client is accessible. I.I.I.I. Configure iptables fileConfigure iptables fileConfigure iptables fileConfigure iptables file by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables.by touch and vim to configure and set the rule for iptables. a. Set the variables or Declarations for every interface and policy.
  • 5. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 4 • Ping allow
  • 6. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 5 1. Allow Only SRV1 can remote SSH into Firewall Server Run SH fileRun SH fileRun SH fileRun SH file Let Server remote to Firewall.Let Server remote to Firewall.Let Server remote to Firewall.Let Server remote to Firewall.
  • 7. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 6 2. ALLOW LAN-CLIENT REQUEST IP ADDRESS
  • 8. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 7 3. ALLOW DNS A. FIREWALL REQUEST DNS FROM ISP
  • 9. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 8 B. FIREWALL REQUEST DNS IN LOCAL
  • 10. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 9 C. SRV1 REQUEST DNS FROM ISP D. LAN-CLIENT REQUEST DNS IN LOCAL
  • 11. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 10 4. ALLOW LAN-CLIENT JOIN DOMAIN AND ACCESS FILE SHARE Let us join and access file share
  • 12. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 11
  • 13. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 12 User access file share from server
  • 14. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 13
  • 15. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 14 5. ALLOW ONLY PC2 CAN REMOTE DESKTOP INTO SRV1 SERVER => Let client remote
  • 16. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 15 6. ALLOW LAN-CLIENT ACCESS WEBSERVER IN SRV1 (LOCAL)
  • 17. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 16 Test Client * I have two different template for point to domain and ip address. => Access by Domain name of server
  • 18. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 17 Access by IP address 7. ENABLE POSTROUTING BY USING MASQUERADING TYPE 8. ALLOW ACCESS INTERNET A. FIREWALL SERVER
  • 19. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 18
  • 20. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 19 B. LAN-SERVER C. LAN-CLIENT
  • 21. PASSERELLESNUMERIQUES CAMBODIA NETWORK ADMINISTRATION TOLA.LENG-PC 20 9. Enable PREROUTING by using Destination NAT. (optional) A. Make sure PC3 (your real machine) can access Webserver in SRV1. The End!The End!The End!The End!