Presentation is loading. Please wait.

Presentation is loading. Please wait.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Published byBasil White Modified over 9 years ago

Similar presentations

Presentation on theme: "Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses."— Presentation transcript:

1 Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy

2 Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses for clients  Firewall Traffic filtering  Proxy Intermediary of client and server to translate requests

3 Computer Center, CS, NCTU 3 Basic Knowledge – Isolated Execution Environment  Provide a sandbox with limited access to resource Protect other programs from compromised one  OS-level virtualization (Used in this HW) Resource isolation  File system, device… Lightweight Easy to manage  Implementation FreeBSD: jail Linux: lxc

4 Computer Center, CS, NCTU 4 Architecture Overview Network card Server IP0 - public IP1 – private HostA - GUI based hostHostB - FTP server Private IP domain IP2 – private IP3 – private Internet

5 Computer Center, CS, NCTU 5 Architecture  Server UNIX-based OS Act as a gateway for all services DHCP & NAT server A dedicated Public IP and a static private IP  HostA Any OS A private IP via DHCP  HostB An isolated execution environment on Server Runs FTP service A static private IP

6 Computer Center, CS, NCTU 6 Requirement – NAT & DHCP  NAT HostA & HostB can access Internet via Server  DHCP Provided by Server Static range should be excluded  Authentication Only clients passed authentication can access the internet  Exclude static range Redirect un-auth host to authentication page  Web service on Server  Serve a simple authentication page

7 Computer Center, CS, NCTU 7 Requirement – Firewall  Firewall Deny all connections come from Allow the connection from 140.113.17.0/24 to access HostB’s FTP server Drop packets from 140.113.235.0/24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable Allow the connection from 140.113.17.0/24 to access HostB’s SSH server (Server will redirect the request for port 222 to HostB’s SSH server) Drop packets from 140.113.235.0/24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable The connection from other public IP to access HostB’s FTP and SSH server should be denied and not response TCP RST/ICMP unreachable All public IP can’t send ICMP echo request packets to server (will not response ICMP ECHO-REPLY packets)

8 Computer Center, CS, NCTU 8 Requirement – Proxy  FTP proxy Setup an FTP proxy on Server All FTP requests should be proxied to HostB  HTTP proxy Setup a transparent proxy on Server All http traffic should pass through this TP Hint ftp-proxy(8) (ftp) www/squid (http) www/privoxy (http)

9 Computer Center, CS, NCTU 9 Bonus – LB and HA for HTTP Service  Setup multiple worker nodes (>=2) Load balance  Load should be distributed across all nodes High availability  Health check on all nodes  Remove fail node(s)

10 Computer Center, CS, NCTU 10 Hand-in  Due 5/1  Demo TBA

Download ppt "Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Homework 02 Announce: 20090408 Due: 20090420. Requirements Basic firewall settings (40%) Set trusted network 140.113.235.0/24 Allow all connections from.

Homework 02 Announce: Due: Requirements Basic firewall settings (40%) Set trusted network /24 Allow all connections from.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.

Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.

Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Similar presentations

Ads by Google