An Easy Tutorial on IP Tables and Port Knocking
Do you wish you had access to your home file server without leaving your firewall wide open to attacks? Well today's your lucky day! While you can implement this on any OS its easiest to do this on Linux. This article will show you how to lock down your firewall and implement a port knocker to let you in.
We are going to achieve this using a Linux firewall and server, SLED 10.1 to be exact. Yes, you will be playing around with config files, but I'll give you a template you can work with so you can just copy/paste and change the things you need to change.
Before we get started you need to install some things along with the OS. Mainly:
- C/C++ Compiler and Tools Pattern
- Common Code Base (for certification) Pattern
- kernel-source Package
- kernel-syms Package
You can install these tools through YaST2, just make sure you have the install cd/dvd with you and remember to resolve dependencies.
The first thing you have to do is configure both network cards. That's right, I said "both." You need to have two network cards in this box to let it run as a firewall. You need to configure one as "internal" and one as "external." Again, you can do this through YaST2.
While your there, make sure the "External" card has no ports open and your internal one has all the ports open. The external card is the one that's going to be interfacing with the Internet and as such is the one running the firewall. If you can't figure out which card is which open a terminal, do an
su - to change to root and type in
ifconfig. Note the MAC addresses for each card (probably eth0 and eth1) and then compare them to the MACs you see in the YaST2 configuration screen. If your ISP gave you a static IP address, configure that in the external card as well, or else set up that card to optain its IP address with DHCP. The set up should eventually look like this: modem->SLED Server (a.k.a. firewall)->router->other computers.
I'm going to skip the rest of the card configuration steps; it's not that hard just play around with it. You need to set up your internal card to either give out IP addresses, or just put the IP address of your second card into the default gateway of your router. Go crazy and experiment, the worst that will happen is you need to reinstall or reset your router.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: GNOME 3.12 and New Betas for Ubuntu 14.04 and OpenMandriva Lx 2014.0
- 2Linux Top 3: Linus Lashes out, Linux 3.14 Gets PIE and Ubuntu One is Done.
- 3Linux Top 3: Ubuntu 14.04, Debian Gives Squeeze More Life and Red Hat Goes Atomic
- 4Linux Top 3: Linux 3.11, Kubuntu Goes Commercial
- 5Linux Top 3: RHEL 6.5, Debian 7.2 and EOL for Linux 3.0.x