Le firewall Technofutur
Table des matières Schémas du réseau Routage sans VPN Routage avec VPN Le NAT Le firewall
Schémas du réseau:
Configurations des interfaces auto eth0 iface eth0 inet static address netmask network broadcast gateway
Configurations des interfaces auto eth1 iface eth1 inet static address netmask network broadcast
Configurations des interfaces auto eth2 iface eth1 inet static address netmask network broadcast
Schémas du réseau:
Routage sans les VPN
echo "1" > /proc/sys/net/ipv4/ip_forward /etc/sysctl.conf tcpdump -n -i eth2 10:53: IP > : ICMP echo request, id 256, seq 5598, length 72 10:53: IP > : ICMP echo reply, id 256, seq 5598, length 72
Routage avec les VPN
ip route flush table all services networking stop services networking start ip route add /24 via ip route add /24 via
Routage avec les VPN ip route flush table all services networking stop services networking start ip route add /24 via ip route add /24 via
Le NAT iptables -v -t nat -A POSTROUTING -j MAQUERADE iptavles -v -t nat -i eth2 -A PREROUTING -s j DNAT --to
Le NAT iptables -v -t nat -A POSTROUTING -j MAQUERADE iptavles -v -t nat -i eth2 -A PREROUTING -s j DNAT --to
Firewall Policy iptables -v -P INPUT ACCEPT iptables -v -P OUTPUT ACCEPT iptables -v -P FORWARD DROP iptables -v -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Firewall ICMP, test réseau # Autorisons l'ICMP sur tout le réseau iptables -v -A FORWARD -p ICMP -j ACCEPT # Autorisons l'ip de google iptables -v -A FORWARD -d j ACCEPT
Firewall Client WEB: iptables -v -A FORWARD -s p TCP - m multiport --dports 80,443 -j DROP
Firewall VPN: #GRE iptables -v -A FORWARD -p 47 -j ACCEPT iptables -v -A FORWARD -s p TCP -- sport j ACCEPT iptables -v -A FORWARD -d p TCP -- sport j ACCEPT
Firewall IPSEC: iptables -v -A FORWARD -p 50 -j ACCEPT# ESP iptables -v -A FORWARD -p 51 -j ACCEPT# AH iptables -v -A FORWARD -s p UDP -j ACCEPT iptables -v -A FORWARD -d p UDP -j ACCEPT
Firewall SSH, web, SQUID iptables -v -A FORWARD -d p TCP - m multiport --dports 22,80,8080,3128 -j ACCEPT MAIL: iptables -v -A FORWARD -d p TCP - m multiport --dports 25,110,587,995 -j ACCEPT
Firewall DNS iptables -v -A FORWARD -d p UDP --dport 53 -j ACCEPT
Firewall Active Directory iptables -v -A FORWARD -d /24 -p UDP -m multiport --dports 53,67,68,88,137,138,389,464,2535 -j ACCEPT iptables -v -A FORWARD -s /24 -p TCP -m multiport --dports 53,80,88,135,139,389,443,445,464,636,3128,32 68,3269,5722,9389 -j ACCEPT
Firewall iptables -P FORWARD ACCEPT iptables --flush
Quesitons?