Sunday, June 27, 2010

Enhance Linux Box Security: Iptables made easy - tutorial part 4

This time we are concern with mangle rules of iptables.
Mangling of packets is done only with NAT and is a part of the NAT process. In NAT, we can "mangle" a packet as modifying the Source IP address and Destination IP address fields of the IP header.
Format of IP PACKET

Read more »
Posted by Unknown at 6/27/2010 09:22:00 PM 0 comments
Labels: ,

Enhance Linux Box Security: Iptables made easy - tutorial part 3.2

We were left with Destination Network Address Translation part of the NAT rules of the iptables.

DNAT Destination NAT, deals with Prerouting & used to rewrite the Destination IP address of a packet. It's used for appending the destination IP for the packets meant for our internal LAN machines. When the packet reaches our external public IP, its destination address is DNATed & the packet is transferred to the local internal LAN machine. DNAT can only be used with prerouting & output chain. It is meant for all input packets/interface therefore '-i'. Destination NAT is specified using `-j DNAT', and the `--to-destination' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).

Read more »
Posted by Unknown at 6/27/2010 03:46:00 PM 0 comments
Labels: ,

Friday, June 25, 2010

Enhance Linux Box Security: Iptables made easy - tutorial part 3.1

This time, we will deal with NAT rules of iptables. NAT means Network Address Translation.
It is of 2 types - SNAT & DNAT
SNAT means Source NAT, deals with Postrouting/Masquerading. The SNAT target means that this target will rewrite the Source IP address in the IP header of the packet. It's used for hiding the private IPs from the internet. Packets leaving from an internal LAN when reaches the public IP or the firewall (visible to internet) is SNATed & then transferred to the destination. It appears to the external internet as if our external public IP is the originator of the packet. Postrouting is used in case of static IPs whereas Masquerading is used in case of dynamic IPs

The `-o' option is used as it is an outgoing interface. `-j SNAT' specifies Source NAT and the `--to-source' option specifies an IP address, a range of IP addresses, and
an optional port or range of ports (for UDP and TCP protocols only).
Read more »
Posted by Unknown at 6/25/2010 09:48:00 AM 0 comments
Labels: ,
Subscribe to: Posts (Atom)