Laboratory: Configuring a Firewall
In this exercise you will be working with firewalld, a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems. It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall "zones" to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.
For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will these machines as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).
NIXENT01 (Enterprise) is a CentOS 7 machine. CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.
NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.)
Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows:
|
Service
|
Associated IP Address
|
|
domain, telnet
|
192.168.10.10
|
|
http, https
|
192.168.10.20
|
|
ftp, imap2, imaps, pop3, pop3s, urd
|
192.168.10.30
|
Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows:
|
Service
|
Associated IP Address
|
|
domain, telnet
|
192.168.10.210
|
|
http, https
|
192.168.10.220
|
|
ftp, imap, imaps, pop3, pop3s, urd
|
192.168.10.230
|
Network Traffic Simulation Script
The Network traffic Simulation script allows users to test pathways to lab resource machines by using the terminal to initiate test packets. The script takes 2 input variables (IP address and service) and uses this information to initiate a test. The script is implemented using bash shell. The script accepts a target IP (-t) and any service name (-s) available in /etc/services
To run the script:
1. Open Terminal window.
2. Enter command "sudo /usr/local/sbin/traffic_test -t (target IP) -s (service)"
a. Target IP and Service are taken from the Enterprise and External Tables above
b. Http example: "sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http"
3. Input the Password for the StudentFirst User: Cyb3rl@b
4. The script will then run a 5 packet test and display the results.
The firewall is initially is set up to Deny by Default. So, no traffic will be admitted in either direction until we explicitly change the firewall rules.
Attachment:- FirewallLab.rar