Linux Administrator (Advance)



Similar documents
Linux Firewall Wizardry. By Nemus

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

+ iptables. packet filtering && firewall

Linux Networking: IP Packet Filter Firewalling

Linux Routers and Community Networks

Lab Objectives & Turn In

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Assignment 3 Firewalls

How to Turn a Unix Computer into a Router and Firewall Using IPTables

Firewalls. Chien-Chung Shen

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Intro to Linux Kernel Firewall

Chapter 7. Firewalls

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Linux: 20 Iptables Examples For New SysAdmins

Linux Firewalls (Ubuntu IPTables) II

Linux Administrator (Advance)

CS Computer and Network Security: Firewalls

Building a Home Gateway/Firewall with Linux (aka Firewalling and NAT with iptables )

CSE 265: System and Network Administration

Samba and Vista with IPv6

CS Computer and Network Security: Firewalls

TECHNICAL NOTES. Security Firewall IP Tables

CSC574 - Computer and Network Security Module: Firewalls

Main functions of Linux Netfilter

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Optimisacion del ancho de banda (Introduccion al Firewall de Linux)

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

ipchains and iptables for Firewalling and Routing

Network security Exercise 9 How to build a wall of fire Linux Netfilter

Samba. Samba. Samba 2.2.x. Limitations of Samba 2.2.x 1. Interoperating with Windows. Implements Microsoft s SMB protocol

Install and configure a Debian based UniFi controller

Cloud Storage Quick Start Guide

How to Secure RHEL 6.2 Part 2

Linux Squid Proxy Server

Firewall Configuration and Assessment

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)

IP Address: the per-network unique identifier used to find you on a network

How to protect your home/office network?

Vuurmuur - iptables manager

LAB THREE STATIC ROUTING

IPv6 Network Security.

Focus on Security. Keeping the bad guys out

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation

Distributed File System

Netfilter / IPtables

Linux Firewall. Linux workshop #2.

Network Security Exercise 10 How to build a wall of fire

Packet Filtering Firewall

Using Single Sign-on with Samba. Appendices. Glossary. Using Single Sign-on with Samba. SonicOS Enhanced

Firewalls (IPTABLES)

Firewalls with IPTables. Jason Healy, Director of Networks and Systems

Lecture 18: Packet Filtering Firewalls (Linux) Lecture Notes on Computer and Network Security. by Avi Kak

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

CIT 480: Securing Computer Systems. Firewalls

Lustre SMB Gateway. Integrating Lustre with Windows

QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide

How to install PowerChute Network Shutdown on VMware ESXi 3.5, 4.0 and 4.1

Bridgewalling - Using Netfilter in Bridge Mode

Lecture 18: Packet Filtering Firewalls (Linux) Lecture Notes on Computer and Network Security. by Avi Kak

Packet filtering with Linux

TECHNICAL NOTE. Technical Note P/N REV 03. EMC NetWorker Simplifying firewall port requirements with NSR tunnel Release 8.

Intuit QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide

Free Dynamic DNS account you can use one of your choosing I like DynDNS but there's also No-IP and probably others.

pp=pod number, xxx=static IP address assigned to your pod

CSE543 - Computer and Network Security Module: Firewalls

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara

Linux Development Environment Description Based on VirtualBox Structure

How To Understand A Firewall

OS Installation: CentOS 5.8

Definition of firewall

Load Balancing Trend Micro InterScan Web Gateway

Installing QuickBooks Enterprise Solutions Database Manager On Different Linux Servers

Linux Cluster Security Neil Gorsuch NCSA, University of Illinois, Urbana, Illinois.

Worksheet 9. Linux as a router, packet filtering, traffic shaping

Rapid Access Cloud: Se1ng up a Proxy Host

Firewalls. October 23, 2015

BF2CC Daemon Linux Installation Guide

Load Balancing McAfee Web Gateway. Deployment Guide

CIT 480: Securing Computer Systems. Firewalls

NRPE Documentation CONTENTS. 1. Introduction... a) Purpose... b) Design Overview Example Uses... a) Direct Checks... b) Indirect Checks...

# Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no

Firewall implementation and testing

Debian and Windows Shared Printing mini HOWTO

Network Security CS 192

Don't Get Owned at DEF CON

Load Balancing - Single Multipath Route HOWTO

Module: Firewalls. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Host Configuration (Linux)

Firewalls. Pehr Söderman KTH-CSC

CIS 433/533 - Computer and Network Security Firewalls

ip6tables testing ip6tables Oliver Eggert (Universität Potsdam) ft6: firewall tester for IPv6 Folie 1 von 12

Transcription:

Linux Administrator (Advance) Mr.Kriangsak Namkot Trainer & Director Jodoi IT&Service Co.,Ltd. jodoi@jodoi.com jodoi1819@hotmail.com http://www.jodoi.com Linux Administrator I Day 1 9.00 10.30 - Samba Server ( File Server ) 10.30 10.45 - Coffee Break 10.45 12.00 - Samba Server ( File Server ) 12.00 13.00 - Lunch 13.00 14.30 - Iptables 14.30 14.45 - Coffee Break 14.45 16.00 - Iptables & Internet Gateway 1

Samba Server samba - A Windows SMB/CIFS fileserver for UNIX The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS). For a more thorough description, see http://www.ubiqx.org/cifs/. Samba also implements the NetBIOS protocol in nmbd. smbd - server to provide SMB/CIFS services to clients # rpm -q samba samba-3.0.33-3.29.el5_5.1 # yum install samba Or How to Compile Samba http://www.samba.org/samba/docs/man/samba-howto- Collection/compiling.html # vi /etc/samba/smb.conf Samba Server 2

Samba Server [root@doiserver named]# vi /etc/samba/smb.conf ~ workgroup = MYGROUP server string = Samba Server # ---------------- Standalone Server Options ------------- # security = user # passdb backend = tdbsam security = share ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.1. 127. ; interfaces = 192.168.12.2/24 192.168.13.2/24 interfaces = 192.168.1.212/24 Samba Server [public] comment = Public Stuff path = /samba public = yes writable = yes printable = no write list = @staff :wq! [root@jodoi-server ~]# /etc/init.d/smb restart [root@jodoi-server ~]# service smb restart 3

Samba Server [root@jodoi-server ~]# netstat -anp grep smb tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2719/smbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2719/smbd [root@jodoi-server ~]# netstat -anp grep nmb udp 0 0 192.168.1.212:137 0.0.0.0:* 2723/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 2723/nmbd udp 0 0 192.168.1.212:138 0.0.0.0:* 2723/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 2723/nmbd [root@jodoi-server ~]# ps -ef grep smb root 2719 1 0 08:29? 00:00:00 smbd -D root 2720 2719 0 08:29? 00:00:00 smbd -D Samba Server [root@jodoi-server /]# cd / [root@jodoi-server /] # mkdir samba [root@jodoi-server /]# chmod -fr samba/ [root@jodoi-server /]# chmod -fr 777 samba/ Test on PC 4

Samba Server Test on PC # vi /etc/samba/smb.conf [...] security = user passdb backend = tdbsam [...] #smbpasswd -a user Samba Server # /etc/init.d/smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ] 5

In GUI Samba Server In GUI Samba Server 6

Samba Server iptables - administration tool for IPv4 packet filtering and NAT Option -t, --table table -L, --list [chain] -n, --numeric -A, --append chain rule-specification -D, --delete chain rule-specification -I, --insert chain [rulenum] rule-specification -F, --flush [chain] deleting all the rules one by one -P, --policy chain target 7

Option -p, --protocol [!] protocol -s, --source [!] address[/mask] -d, --destination [!] address[/mask] -j, --jump target -i, --in-interface [!] name -o, --out-interface [!] name Reading iptables rules # iptables -L n # iptables-save # vi /etc/sysconfig/iptables [root@jodoi-server ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) 8

[root@jodoi-server ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 9

TABLES in IPTABLES [1] filter [2] nat # iptables -t filter -L n # iptables -t nat -L n ERASE existing ruleset # iptables -F INPUT # iptables -F OUTPUT set defaut policy # iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT set stateful connection tracking (allow REPLY to come back) # iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT # ping 192.168.1.254 # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ping 192.168.1.254 10

Ex.1 SELECTIVELY PERMIT some connection e.g. TCP/22 from 192.168.1.0/24 LIST the following information [0] FROM WHAT INTERFACE? ( eth0 ) [1] FROM WHAT IP? ( 192.168.1.0/24 ) [2] TO WHICH PROTOCOL? ( TCP ) [3] TO WHICH PORT? ( 22 ) # iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT Ex. 2 SELECTIVELY PERMIT some connection e.g. TCP/80 from 192.168.1.0/24 LIST the following information [0] FROM WHAT INTERFACE? ( eth0 ) [1] FROM WHAT IP? ( any ) [2] TO WHICH PROTOCOL? ( TCP ) [3] TO WHICH PORT? ( 80,443 ) # iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT # iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT 11

Ex. 3 Block web hi5 # iptables -A FORWARD -i eth0 -d 66.218.161.68 -j DROP # iptables -A FORWARD -i eth0 -d 66.218.161.133 -j DROP # iptables -A FORWARD -i eth0 -d 66.218.161.6 -j DROP Internet Gateway Server 1. enable IP Forward [root@jodoi-server ~]# vi /etc/sysctl.conf ~ # Controls IP packet forwarding net.ipv4.ip_forward = 1 ( 0 is disabled, 1 is enabled) ~ :wq! [root@doiserver root]# service network restart [root@doiserver root]# cat /proc/sys/net/ipv4/ip_forward 1 12

Internet Gateway Server 2. Disable Firewall [root@doiserver root]# setup Internet Gateway Server 3. Set group IP can Forward Packet [root@doiserver root]# iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT [root@doiserver root]# iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT [root@doiserver root]# iptables -A FORWARD -j DROP [root@doiserver root]# service iptables save [root@doiserver root]# service iptables restart or # vi /etc/sysconfig/iptables Ex Config NAT # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 203.222.222.222 13

Internet Gateway Server Lab Test IP tabless 1. Client can not open www.manager.co.th and www.jodoi.com and can not ping to any IP 2. Outside can ping, use web, samba, ssh and webmin 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information