13,420
edits
Changes
no edit summary
# Use your other web-browser to confirm that you can now browse the Internet. If you cannot, contact your lab assistant or professor for help.
# Determine the '''external facing address''' of your c7host machine.<br>('''Tip:''' in a web-browser, enter the term: '''"ip address"'''. The external facing IP Address should start with '''"10."''').
# Have a Provide your external facing address, and provide another lab neighbour try -mate to ping that external facing address. Were they successful?# Issue the following iptables policy to DROP all incoming connections:<br><b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em;">iptables -P INPUT DROP</span></code></b># Have your neighbour try to ping your lab-mate determine THEIR external facing IP Address. What happened? Why?# Have your neighbour address and obtain the external facing that IP Address on THEIR c7host machine.# Issue the following iptables command to ADD ping allow an exception for pings from your neighbour's IPAddresslab-mate:<br><b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.2em;">iptables -A INPUT -p icmp -s {neighbour's exeternal facing address} -j ACCEPT</span></code></b><br>Is # Have your neighbour able to ping YOUR repeat pinging your external facing IP Address. What happened? Why?
# Have your neighbour try to SSH into YOUR c7host. Were they Successful?
# Issue an iptables rule (in a similar way as with the following previous iptables command:<br><b><code><span style="pointer-events: none;cursor: default;color:) to allow an exception for incoming ssh traffic (eg. port #3366CC;font-size:1.2em;">iptables -A INPUT -p tcp -s {22) from your neighbour's exeternal external facing IP address} --sport 22 -j ACCEPT</span></code></b><br>.# Have your neighbour try to SSH into YOUR c7host(at least to get a password prompt). Were they Successful? If so, why?# Issue the following iptables command to add a rule at bottom of OUTPUT chain to DROP http (port 80 connections). Try to think of the command yourself.# Open another web-browser. Can you connect to a webpage?# Issue iptables rule to '''flush''' the OUTPUT chain. Does your web-browser now work?
# Shutdown all VMs and restart your c7host Linux machine.
# List the iptables rules for the INPUT chain. What happened to your iptables rules for the INPUT chain?