nat iptables nat iptables nat iptables
play

NAT & IPTables NAT & IPTables NAT & IPTables From - PowerPoint PPT Presentation

Oct 10, 2022 •580 likes •732 views

NAT & IPTables NAT & IPTables NAT & IPTables From ACCEPT to MASQUERADE From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse) Tim(othy) Clark (eclipse) NAT IPv4 Hack One external IP for a whole network Used commonly

  1. NAT & IPTables NAT & IPTables NAT & IPTables From ACCEPT to MASQUERADE From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse) Tim(othy) Clark (eclipse)

  2. NAT • IPv4 Hack • One external IP for a whole network • Used commonly in home routers • All external traffic goes through the router

  3. IPTABLES • Packet Filtering • Packet Manipulation • Creates firewalls • NATs • Cool stuff

  4. Command Structure IPTABLES –A INPUT –s 137.44.10.0/24 –j DROP • “-A chain” adds rules to a chain • This is followed by a match • And then an action • Can match on lost of things • Can ACCEPT, DROP or jump to a user defined chain

  5. Tables, Chains and Rules • Tables define basic usage • Chains contain rules that are checked till one is executed • Different built in chains execute in different paces • Rules execute actions on packets that match the condition.

  6. Example Traversal Source: 137.44.10.6 –A INPUT –s 137.44.10.0/24 –j DROP –A INPUT –s 137.44.0.0/16 –j ACCEPT –P INPUT DROP Incoming Packet Matching DROP

  7. Example Traversal Source: 137.44.195.83 –A INPUT –s 137.44.10.0/24 –j DROP –A INPUT –s 137.44.0.0/16 –j ACCEPT –P INPUT DROP Incoming Packet Matching Not Matched Matching ACCEPT

  8. Example Traversal Source: 64.233.183.104 –A INPUT –s 137.44.10.0/24 –j DROP –A INPUT –s 137.44.0.0/16 –j ACCEPT –P INPUT DROP Policy Incoming Packet Matching Not Matched Matching Not Matched DROP

  9. Connection Tracking • Detects replies to sent packets • Matching module • NEW is starting a new connection • ESTABLISHED is for existing connections • RELATED is for new connections related to existing ones

  10. Masquerade • Used in the prerouting chain of the nat table • Makes NAT work • Changes destination and source addressed as appropriate

  11. Example Masq Code • Internal interface is eth1 • External interface is eth0 • Example configuration: iptables –P INPUT DROP iptables -P FORWARD DROP iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables –A FORWARD -i eth1 -j ACCEPT iptables –t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward

  12. Useful Bits • iptables-save stores the configuration in a file • iptables-restore restores the configuration from a file • Easily write scripts to restore it • iptables has a good manual page

  13. Any Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Firewalls with iptables Linux Sirindhorn International Institute of Technology Thammasat

Firewalls with iptables Linux Sirindhorn International Institute of Technology Thammasat

Linux Firewalls with iptables Concepts Examples Firewalls with iptables Linux Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 14 October 2013 Common/Reports/iptables-introduction.tex, r715

469 views • 14 slides
Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

IP Masquerading using iptables Eli Billauer eli billauer@yahoo.com IP Masquerading using iptables p.1 Talks outline iptables versus ipchains The goal (or: my goal) The packets way through iptables Classic masquerading (SNAT)

785 views • 31 slides
netfilter/iptables training Nov 05/06/07, 2007 Day 1 by Harald Welte

netfilter/iptables training Nov 05/06/07, 2007 Day 1 by Harald Welte

netfilter/iptables training Nov 05/06/07, 2007 Day 1 by Harald Welte <laforge@netfilter.org> 1 netfilter/iptables tutorial Contents Day 1 Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP

342 views • 20 slides
DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat

DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat

DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat RMLL Montpellier, July 2014 1/36 Email: brouer@redhat.com / netoptimizer@brouer.com / hawk@kernel.org DDoS protection using Netfilter/iptables

822 views • 38 slides
Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19 getting the most (security) out of your openssh The users perspective: least amount of hassle tradeoff between anxiety, angst and

559 views • 19 slides
RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted

RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted

https://res212.telecom-paristech.fr TP02v1 2018/05/31 RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted with the design, configuration and testing of firewalls. Given the limited amount of time,

736 views • 14 slides
Reflections on data plane performance, iptables and ipsets Neil Jerram Metaswitch &

Reflections on data plane performance, iptables and ipsets Neil Jerram Metaswitch &

Reflections on data plane performance, iptables and ipsets Neil Jerram Metaswitch & Project Calico @neiljerram www.projectcalico.org Who am I? Free software hacker since 1990s ; line+.el ; ; version 1.1 ; ; This has not (yet)

534 views • 24 slides
Cyber@UC Meeting 72 Firewalls/IPTables If Youre New! Join our Slack: cyberatuc.slack.com

Cyber@UC Meeting 72 Firewalls/IPTables If Youre New! Join our Slack: cyberatuc.slack.com

Cyber@UC Meeting 72 Firewalls/IPTables If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with

737 views • 27 slides
Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch instead! Who we are? Jakub Libosvar Software Engineer at Red Hat libosvar@redhat.com Rodolfo Alonso Software Engineer

397 views • 29 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Project 4 - Linux iptables CSE497b - Spring 2007 Introduction Computer and Network Security

Project 4 - Linux iptables CSE497b - Spring 2007 Introduction Computer and Network Security

Project 4 - Linux iptables CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Project

481 views • 15 slides
How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux

How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux

How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux December 4, 2014 Blacklist in practice The backbone of security ! Traffic analysis : Firewall : iptables , netfilter IDS : l7-filter

319 views • 15 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case study: Linux iptables

778 views • 46 slides
Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan

Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan

Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan Boreham @bboreham Who knows... Kubernetes Docker Linux iptables Ancient wisdom For survival, your group needs: Leadership

675 views • 21 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George

Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George

Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George Mason University September 26, 2013 Where Innovation Is Tradition Threat and Mitigation Introduction Background Disabling the

535 views • 31 slides
OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology

OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology

OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology Czech Republic September 15-16, 2016 Levente Mszros Motivation Example Implemented Visualizations for Communication Physical layer

469 views • 13 slides
LOGIC II DAY 1 Oklahoma GEAR UP WHICH SHAPE ARE YOU? SETTING THE NORMS Whats said

LOGIC II DAY 1 Oklahoma GEAR UP WHICH SHAPE ARE YOU? SETTING THE NORMS Whats said

LOGIC II DAY 1 Oklahoma GEAR UP WHICH SHAPE ARE YOU? SETTING THE NORMS Whats said here stays here. Whats learned here leaves here. Everyone has a voice be respectful. 25 minute technology break . LOGIC Leadership

560 views • 35 slides
Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H.

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H.

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign We need a science of security Practice of doing

373 views • 24 slides
Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability)

Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability)

Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability) OpenBSD Higher Availability IDS M:Tier A.R.S.S (Security) DNS Reshaping DNS Local Resolver NTP DMZ A.R.S.S (Stability) Packet

415 views • 16 slides
Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay Brown US-CERT Analysts Einstein Program Background US-CERT Mission Einstein Program > Large volumes of traffic > Architecture

529 views • 36 slides
TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I?

TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I?

TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I? radio, weather, electronics, computers. Creator of TTN Mapper Amateur radio (HAM) ZS1JPM Based on methods used during my masters research No

616 views • 33 slides
Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT

Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT

Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT DISTRIBUTE 1 CAUTIONARY STATEMENTS & DISCLOSURES This presentation and the accompanying oral presentation contain forward - looking

540 views • 32 slides

More recommend