Question 1 – The following “firewall” script is run on a “gateway” machine-
1 echo 1 > /proc/sys/net/ipv4/ip_forward
2
3 iptables -F
4 iptables -X
5
6 iptables -P INPUT DROP
7 iptables -P OUTPUT ACCEPT
8 iptables -P FORWARD DROP
9
10 iptables -A INPUT -i lo -j ACCEPT
11 iptables -A INPUT -i eth1 -s 192.168.48.0/24 -j ACCEPT
12 iptables -A INPUT -i eth0 \
13 -m state –state RELATED,ESTABLISHED -j ACCEPT
14
15 iptables -A FORWARD -i eth1 -s 192.168.48.0/24 \
16 -m state –state NEW -j ACCEPT
17 iptables -A FORWARD -m state \
18 –state RELATED,ESTABLISHED -j ACCEPT
19
20 iptables -t nat -F
21 iptables -t nat -X
22
23 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.48.0/24 \
24 -j SNAT –to-source 147.20.53.71Using the script above answer the following questions:
a. Explain, in your own words what a “gateway” machine is and what it is used for.
b. Explain the general purpose of the firewall above. Your explanation should include a description of the networks the gateway machine is connected to and how it is connected.
c. Explain in detail how each rule of this script is filtering the network traffic on this machine.
d. There are two rules for the FORWARD chain in the above script. Explain how iptables knows a packet is to be forwarded and must apply these rules.
e. The last rule in the script modifies the POSTROUTING chain of the NAT table. What is the POSTROUTING chain and why are SNAT rules applied to this chain?
Question 2 – As the system administrator you would like to SSH to a gateway machine (see Exercise 1) from off-site. Unfortunately that would mean opening the SSH port to the world-and you would rather not do that.
A friend tells you of the dæmon knockd that can temporarily open a port for quick access.
Install knockd and configure it to open a temporary hole in a firewall using a “single” knock.
Your write-up will need to include the following:
a. A couple of paragraphs in your own words describing how knockd works.
b. A couple of paragraphs in you own words describing the security flaws in the knockd approach to opening a temporary hole in a firewall. Hint: Read about Single Packet Authorisation methods.
c. The configuration file or files you needed to modify to open a temporary hole in a firewall using a “single” knock. Include an explanation in your own words of the purpose of every line in the configuration file or files.
d. The firewall on the machine. Use the output from the command iptables -L -v to show that the machine has been firewalled.
e. Output showing that knockd worked. A successful SSH session and the output from the command iptables -L-v to show the hole that knockd has created in the firewall.
Question 3 – In about a page, explain in your own words what a VPN is, what it is used for and how it works.
Your explanation should include:
• examples of where a VPN may be useful,
• the various technologies that can be used to establish a VPN. For example, IPsec and IKE (racoon dæmon), SSL/TLS VPNs
(openvpn), PPTP, and the venerable PPP with SSH.
Do not discuss proprietory solutions, for example, Checkpoint, Cisco Concentrators, etc.
