Le firewall Technofutur

Table des matières Schémas du réseau Routage sans VPN Routage avec VPN Le NAT Le firewall

Schémas du réseau:

Configurations des interfaces auto eth0 iface eth0 inet static address netmask network broadcast gateway

Configurations des interfaces auto eth1 iface eth1 inet static address netmask network broadcast

Configurations des interfaces auto eth2 iface eth1 inet static address netmask network broadcast

Schémas du réseau:

Routage sans les VPN

echo "1" > /proc/sys/net/ipv4/ip_forward /etc/sysctl.conf tcpdump -n -i eth2 10:53: IP > : ICMP echo request, id 256, seq 5598, length 72 10:53: IP > : ICMP echo reply, id 256, seq 5598, length 72

Routage avec les VPN

ip route flush table all services networking stop services networking start ip route add /24 via ip route add /24 via

Routage avec les VPN ip route flush table all services networking stop services networking start ip route add /24 via ip route add /24 via

Le NAT iptables -v -t nat -A POSTROUTING -j MAQUERADE iptavles -v -t nat -i eth2 -A PREROUTING -s j DNAT --to

Le NAT iptables -v -t nat -A POSTROUTING -j MAQUERADE iptavles -v -t nat -i eth2 -A PREROUTING -s j DNAT --to

Firewall Policy iptables -v -P INPUT ACCEPT iptables -v -P OUTPUT ACCEPT iptables -v -P FORWARD DROP iptables -v -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Firewall ICMP, test réseau # Autorisons l'ICMP sur tout le réseau iptables -v -A FORWARD -p ICMP -j ACCEPT # Autorisons l'ip de google iptables -v -A FORWARD -d j ACCEPT

Firewall Client WEB: iptables -v -A FORWARD -s p TCP - m multiport --dports 80,443 -j DROP

Firewall VPN: #GRE iptables -v -A FORWARD -p 47 -j ACCEPT iptables -v -A FORWARD -s p TCP -- sport j ACCEPT iptables -v -A FORWARD -d p TCP -- sport j ACCEPT

Firewall IPSEC: iptables -v -A FORWARD -p 50 -j ACCEPT# ESP iptables -v -A FORWARD -p 51 -j ACCEPT# AH iptables -v -A FORWARD -s p UDP -j ACCEPT iptables -v -A FORWARD -d p UDP -j ACCEPT

Firewall SSH, web, SQUID iptables -v -A FORWARD -d p TCP - m multiport --dports 22,80,8080,3128 -j ACCEPT MAIL: iptables -v -A FORWARD -d p TCP - m multiport --dports 25,110,587,995 -j ACCEPT

Firewall DNS iptables -v -A FORWARD -d p UDP --dport 53 -j ACCEPT

Firewall Active Directory iptables -v -A FORWARD -d /24 -p UDP -m multiport --dports 53,67,68,88,137,138,389,464,2535 -j ACCEPT iptables -v -A FORWARD -s /24 -p TCP -m multiport --dports 53,80,88,135,139,389,443,445,464,636,3128,32 68,3269,5722,9389 -j ACCEPT

Firewall iptables -P FORWARD ACCEPT iptables --flush

Quesitons?