SRT210 Lab 3
- Understand how port forwarding works and how it relates to security.
- Set up port forwarding using iptables.
- Understand fundamental concepts that make up SELinux.
- Troubleshoot problems caused by SELinux.
PART 1: FIX IPTABLES MISTAKES
Most of you will have experimented with iptables last week and have made mistakes, which should be fixed before you start this week's lab. Here are some tips:
- You should start with the default iptables setup which you got when you installed iptables-services. If you've lost that - you can get it back by by putting the default values into /etc/sysconfig/iptables:
# cat /etc/sysconfig/iptables # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
- Then re-add the rules you created last week, and make them persistent by running
service iptables save
PART 3: YOUR TASKS
Use what you learned so far and what you can learn online in order to set up the following:
- lin1 will allow access to Apache from any source.
- c7host will allow access to SSH from hosts on the 192.168.210.* subnet and deny it from why other source.
- Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
- Have notes in your labbook from this lab.
- Show your work to the professor and have them sign your labbook.