1,234
edits
Changes
Created page with "= Objectives = * Understand how port forwarding works and how it relates to security. * Set up port forwarding using iptables. * Understand fundamental concepts that make up..."
= Objectives =
* Understand how port forwarding works and how it relates to security.
* Set up port forwarding using iptables.
* Understand fundamental concepts that make up SELinux.
* Troubleshoot problems caused by SELinux.
= PART 1: FIX IPTABLES MISTAKES =
Most of you will have experimented with iptables last week and have made mistakes, which should be fixed before you start this week's lab. Here are some tips:
* You should start with the default iptables setup which you got when you installed iptables-services. If you've lost that - you can get it back by by putting the default values into /etc/sysconfig/iptables:
<source># cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT</source>
* Then re-add the rules you created last week, and make them persistent by running <code>service iptables save</code>
= PART 3: YOUR TASKS =
Use what you learned so far and what you can learn online in order to set up the following:
# lin1 will allow access to Apache from any source.
# c7host will allow access to SSH from hosts on the 192.168.210.* subnet and deny it from why other source.
= Lab completion =
* Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
* Have notes in your labbook from this lab.
* Show your work to the professor and have them sign your labbook.
* Understand how port forwarding works and how it relates to security.
* Set up port forwarding using iptables.
* Understand fundamental concepts that make up SELinux.
* Troubleshoot problems caused by SELinux.
= PART 1: FIX IPTABLES MISTAKES =
Most of you will have experimented with iptables last week and have made mistakes, which should be fixed before you start this week's lab. Here are some tips:
* You should start with the default iptables setup which you got when you installed iptables-services. If you've lost that - you can get it back by by putting the default values into /etc/sysconfig/iptables:
<source># cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT</source>
* Then re-add the rules you created last week, and make them persistent by running <code>service iptables save</code>
= PART 3: YOUR TASKS =
Use what you learned so far and what you can learn online in order to set up the following:
# lin1 will allow access to Apache from any source.
# c7host will allow access to SSH from hosts on the 192.168.210.* subnet and deny it from why other source.
= Lab completion =
* Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
* Have notes in your labbook from this lab.
* Show your work to the professor and have them sign your labbook.