Home | Hardware | Internet News |Web Hosting |IT Management |Network Storage
LinuxPlanet
Search 
  Power Search | Tips 

 Front Door
 Discussion
 LinuxEngine
 Opinions
 Reports
 Reviews
 Tutorials
 News
 Technology Jobs

 Browse by subject.
Free Newsletter

Linux Planet
 Linux Today
More Free Newsletters

Be a Commerce Partner



internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
Print this article
Email this article
   LinuxPlanet / Tutorials


An Easy Tutorial on IP Tables and Port Knocking
Basic Preparation

Matt Waldo
Monday, February 4, 2008 10:53:27 AM

Do you wish you had access to your home file server without leaving your firewall wide open to attacks? Well today's your lucky day! While you can implement this on any OS its easiest to do this on Linux. This article will show you how to lock down your firewall and implement a port knocker to let you in.

We are going to achieve this using a Linux firewall and server, SLED 10.1 to be exact. Yes, you will be playing around with config files, but I'll give you a template you can work with so you can just copy/paste and change the things you need to change.

Before we get started you need to install some things along with the OS. Mainly:

  • C/C++ Compiler and Tools Pattern
  • Common Code Base (for certification) Pattern
  • kernel-source Package
  • kernel-syms Package

You can install these tools through YaST2, just make sure you have the install cd/dvd with you and remember to resolve dependencies.

The first thing you have to do is configure both network cards. That's right, I said "both." You need to have two network cards in this box to let it run as a firewall. You need to configure one as "internal" and one as "external." Again, you can do this through YaST2.

While your there, make sure the "External" card has no ports open and your internal one has all the ports open. The external card is the one that's going to be interfacing with the Internet and as such is the one running the firewall. If you can't figure out which card is which open a terminal, do an su - to change to root and type in ifconfig. Note the MAC addresses for each card (probably eth0 and eth1) and then compare them to the MACs you see in the YaST2 configuration screen. If your ISP gave you a static IP address, configure that in the external card as well, or else set up that card to optain its IP address with DHCP. The set up should eventually look like this: modem->SLED Server (a.k.a. firewall)->router->other computers.

I'm going to skip the rest of the card configuration steps; it's not that hard just play around with it. You need to set up your internal card to either give out IP addresses, or just put the IP address of your second card into the default gateway of your router. Go crazy and experiment, the worst that will happen is you need to reinstall or reset your router.

Next: Configuration 101 »

Skip Ahead

1 Basic Preparation
2 Configuration 101
3 Connecting to Windows





Linux is a trademark of Linus Torvalds.


internet.com home | search | help! | about us

Jupiter Online Media

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers