Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - CentOS7

55 bytes added, 19:24, 4 May 2015
no edit summary
# Open your browser and attempt to access the Internet again. Were you successful?
# Change the policies on all of the chains to DROP
# In the OUTPUT chain, add the following rule:#: <b><code><span style{|cellpadding="color:#3366CC;font-size:1.2em;15">iptables -A OUTPUT -j LOG</span></code></b># The above rule tells '''iptables''' to log packets and relevant information to '''/var/log/messages'''. # This entry in the OUTPUT policy will therefore log all packets being sent out of the machine.# Try to access the Internet again. Because the policies have been set to DROP, you should be unsuccessful. However, every packet of data that your PC attempted to send out was logged. Let's have a look at the log file and analyze the data.#: <b><code><span stylewidth="color:#3366CC;font-size:1.2em;40%">tail /var/log/messages</span></code></b># This command shows us the last 10 lines of the file. While there are many things being logged to this file, the last thing we did was try to access the Internet so we should be able to see the data we need. Look for a line that looks similar to the following:<br /><blockquote><code>Mar 3 09:21:03 koala|-laptop kernel: [90775.407304] INvalign= OUT=wlan0 SRC=192.168.1.107 DST=66.249.90.104 LEN=1470 TOS=0x00 PREC=0x00 TTL=64 ID=19752 DF PROTO=TCP SPT=45431 DPT=80 WINDOW=108 RES=0x00 ACK PSH URGP=0</code></blockquote>"top"# Your IP, host names and date will be different, but the one thing that should be the same is the DPT=80 value. # When your computer tried to send OUT a request to connect to the Internet using the WWW, the computer used a destination port of 80. This is the standard port for the WWW. Because we have set the default policy to DROP it drops these packets. The problem is we are dropping all packets. What if we just want to drop the WWW packets?# Using the commands we already know, change the default policies on all of your chains to ACCEPT. # Open a browser and confirm that you can access the world wide web.# Enter the command:#* <code>iptables -I OUTPUT -p tcp -s0/0 -d 0/0 --dport 80 -j DROP</code># Try to access the Web. If you have done everything right, you should not have been successful.# After you have completed the test execute the following command:#* <code>iptables -F</code>|{{Admon/note| Interpreting iptables commands |Here is the command you just used:
iptables -I OUTPUT -p tcp -s0/0 -d 0/0 --dport 80 -j DROP
}}
 
|}
# In the OUTPUT chain, add the following rule:
#: <b><code><span style="color:#3366CC;font-size:1.2em;">iptables -A OUTPUT -j LOG</span></code></b>
# The above rule tells '''iptables''' to log packets and relevant information to '''/var/log/messages'''.
# This entry in the OUTPUT policy will therefore log all packets being sent out of the machine.
# Try to access the Internet again. Because the policies have been set to DROP, you should be unsuccessful. However, every packet of data that your PC attempted to send out was logged. Let's have a look at the log file and analyze the data.
#: <b><code><span style="color:#3366CC;font-size:1.2em;">tail /var/log/messages</span></code></b>
# This command shows us the last 10 lines of the file. While there are many things being logged to this file, the last thing we did was try to access the Internet so we should be able to see the data we need. Look for a line that looks similar to the following:<br /><blockquote><code>Mar 3 09:21:03 koala-laptop kernel: [90775.407304] IN= OUT=wlan0 SRC=192.168.1.107 DST=66.249.90.104 LEN=1470 TOS=0x00 PREC=0x00 TTL=64 ID=19752 DF PROTO=TCP SPT=45431 DPT=80 WINDOW=108 RES=0x00 ACK PSH URGP=0</code></blockquote>
# Your IP, host names and date will be different, but the one thing that should be the same is the DPT=80 value.
# When your computer tried to send OUT a request to connect to the Internet using the WWW, the computer used a destination port of 80. This is the standard port for the WWW. Because we have set the default policy to DROP it drops these packets. The problem is we are dropping all packets. What if we just want to drop the WWW packets?
# Using the commands we already know, change the default policies on all of your chains to ACCEPT.
# Open a browser and confirm that you can access the world wide web.
# Enter the command:
#* <code>iptables -I OUTPUT -p tcp -s0/0 -d 0/0 --dport 80 -j DROP</code>
# Try to access the Web. If you have done everything right, you should not have been successful.
# After you have completed the test execute the following command:
#* <code>iptables -F</code>
 
{{Admon/note|0/0 Addresses|Source and destination addresses of 0/0 will match all addresses. Therefore, they '''don't do anything''' and can be removed:
Msaul
Administrators
13,420
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/110740"