WEB375 Lab 7: Configure iptables in Linux

Lab Scenario
Assignment
The purpose of this iLab is to configure an iptables firewall in Linux. Use the IP addresses that exist when you start Linux.
Virtual Machine Login Information for PLABFED01 and PLABFED02

Username: Student
Password: Password
Username: root
Password: Password
Lab Diagram
During your session, you will have access to the following lab configuration.
WINCONSOLE PLABFED01 PLABFED02

The Linux servers also connect to a private network. The IP address of PLABFED01 is 192.168.240.11 and. The IP address of PLABFED01 is 192.168.240.12.

Connecting to your iLab
In this module, you will be working on the following equipment to carry out the steps defined in each exercise.
• WINCONSOLE (Management Server)
• PLABFED01 (Linux Server)
• PLABFED02 (Linux Server)
Each exercise will detail which console you are required to work on to carry out the steps.
To start simply click on the named Server from the device list (located on the left hand side of the screen) and click the “Power on” button from the Tools bar. In some cases, the devices may power on automatically.

During the boot-up process, an activity indicator will be displayed in the Name tab.
• Black—Powered off
• Orange—Working on your request
• Green—Ready to access
If the remote console is not displayed automatically in the main window (or pop-up), click the Connect icon located in the Tools bar to start your session.
If the remote console does not appear, please try the following option.
• Switch between the HTML 5 and Java client versions in the Tools bar.
In the event this does not resolve your connectivity problems, please visit our Help and Support pages for additional resolution options.

iptables Firewall Configuration Step by Step
General information

This Linux-based firewall is controlled by two programs.
• iptables handles filtering for IPv4
• ip6tables handles filtering for IPv6
IPTables main files are as follows.
• /etc/sysconfig/iptables—where rule sets are saved
• /sbin/iptables—binary
At present, there are four total chains.
• INPUT: default chain originating to system
• OUTPUT: default chain generating from system
• FORWARD: default chain packets sent through another interface
• RH-Firewall 1-INPUT: the user-defined custom chain
Packet-Matching Rules
• Each packet starts at the first rule in the chain.
• A packet proceeds until it matches a rule.
• If a match is found, then control will jump to the specified target (such as REJECT, ACCEPT, or DROP).
Target Meanings
• The target ACCEPT means to allow the packet.
• The target REJECT means to drop the packet and send an error message to remote host.
• The target DROP means to drop the packet and not send an error message to the remote host or sending host.
TASK A: Configure iptables Firewall
We are going to configure the iptables. Log in to the PLABFED01 as root and type the following commands.
Note: The # symbol before each command is the prompt of the root account. Do not type it.
Step 1: To use the iptables service, disable firewalld by typing the following commands.
#systemctl disable firewalld
#systemctl stop firewalld
Step 2: Make sure to install iptables by typing the following commands.
#yum -y install iptables-services
#rpm –q iptables
Step 3: To install the system-config-firewall tool, type the following commands.
#yum -y install system-config-firewall
Step 4: To execute the system-config-firewall tool, type the following command.
#system-config-firewall
A Firewall Configuration window will pop up.
a) Click the Wizard button on the top left corner.
b) Leave the “Information” page and click on Forward.
c) For Firewall Setting, keep the default “system with network access” and click on Forward.
d) For user skill level, keep the default “Beginner” and click on Forward.
e) For Configuration, select Load “Server” configuration and click on OK, then click the Apply button on the top left corner and click on YES.
f) Click on X to close the firewall configuration.
To make sure that the rules set was set up, type the following command.
#ls /etc/sysconfig/iptables
If it says, “No such file or directory,” you have to execute the system-config-firewall tool in Step 4 again.
The file /etc/sysconfig/iptables is the default rule set.
Step 5: To turn on the firewall, type the following commands.
#systemctl start iptables
#systemctl enable iptables
Step 6: To check the status of the firewall, type the following command.
#systemctl status iptables
Note:The below commands are for reference.
• To start the firewall, type the following command.
#systemctl start iptables
• To restart the firewall, type the following command.
#systemctl restart iptables
• To stop the firewall, type the following command.
#systemctl stop iptables
• To check status of the firewall, type the following command.
#systemctl status iptables

TASK B: Practice Manipulating iptables
We are still logged in to the PLABFED01 as root, so type the following commands and observe the outputs.
Step 1: To display default rules with line numbers type the following command.
#iptables –line-numbers -n -L
Note: You can use line numbers to delete or insert new rules into the firewall.
Step 2: To display the status of the firewall, type the following command.
#iptables -L -n -v
Where -L: List rules
-v: Display detailed information
-n: Display IP address and port in numeric format
Step 3: To display INPUT or OUTPUT chain rules, type the following commands.
#iptables -L INPUT -n -v
#iptables -L OUTPUT -n -v –line-numbers
Step 4: You can use the iptables command itself to stop the firewall and delete all rules.
#iptables -F
#iptables -X
Where: -F: Deleting (flushing) all the rules
-X: Delete chain
Step 5: To delete a rule on line 4 and verify it, type the following commands.
#iptables –line-numbers -n -L
#iptables -D INPUT 4
#iptables –line-numbers -n -L
Step 6: To insert rule between 1 and 2, type the following commands.
#iptables -I INPUT 2 -s 202.54.1.2 -j DROP
#iptables –line-numbers -n -L
Step 7: To block an attacker’s IP address called 1.2.3.4, type the following commands.
#iptables -A INPUT -s 1.2.3.4 -j DROP
#iptables –line-numbers -n -L
Step 8: You can use the iptables command itself to stop the firewall and delete all the rules.
#iptables -F
Where -F: Deleting (flushing) all the rules
#iptables –line-numbers -n -L

Step 9: To stop the firewall, type the following command.
#systemctl stop iptables
Step 10: To restore firewall rules from the file /etc/sysconfig/iptables, type:
#systemctl restart iptables
Step 11: To save firewall rules in /etc/sysconfig/iptables, type the following command.
#iptables-save
Note 1): In this case, we did not add more rules because with the restart of iptables, the content of the file /etc/sysconfig/iptables does not change.
Note 2): If the file /etc/sysconfig/iptables is corrupted, just redo the TASK A Step 4, which will generate a new default rule file.
Note 3): To see more details on iptables’ options, type “man iptables.”

TASK C: Experiment Rules
These lab scenarios are focusing on using iptables to improve the security of PLABFED01 Linux server. We use the PLABFED02 Linux server for testing. This part of the lab will require you to switch back and forth between two Linux systems. So log in to each system, open a terminal window, and switch user to root. From there, you can use the mouse to select a system. See the example below.

Step 1: On PLABFED01: To restore the default firewall rules (restart), type the following command.
#systemctl restart iptables
The below is the listing of the default iptables rule set.

Step 2: On PLABFED01: Look at the INPUT chain; the rule on line 4 accepts the telnet connections.
• Your task is to delete line 4 and display the list of iptables with line numbers.
• Capture the Linux desktop and save this image to your Lab Report document in the space allocated for the modified rule set.
Step 3: On PLABFED02: Check whether telnet connections to PLABFED01 are possible.
• From PLABFED02 telnet to PLABFED01 and logon as Student with the password Password.
• Capture the Linux desktop and save this image to your Lab Report document in the space allocated for the telnet session from PLABFED2.
Step 4: On PLABFED01: We want to set up the iptables to reject telnet connections.
• Your task is to flush (delete) all the rules, add the following rule, and display the list of iptables.
#iptables –A INPUT –p tcp –-dport 23 –j DROP
• Capture the Linux desktop and save this image to your Lab Report document in the space allocated for the modified rule set.
Step 5: On PLABFED02: Check whether telnet connections to PLABFED01 are still possible.
• From PLABFED02, telnet to PLABFED01 and log in as Student with the password Password.
• Capture the Linux desktop and save this image to your Lab Report document in the space allocated for the telnet session from PLABFED2.

This concludes iLab 7.