You have a Fedora Core 2 system that is to function as a Web proxy server. Client machines are on the 192.168.1/24 network. The Internet connection is via a router on the 172.20.5/24 network. Your proxy server has two network interfaces: eth0 is and eth1 is . Both interfaces use a subnet mask of (24-bits). Assume that the network routes and proxy services ( squid and named ) are correctly configured.

  1. Design firewall rules (using iptables ) to implement the following requirements.

    1. No incoming connections are allowed on the interface.

    2. The only permitted outgoing connections on the interface are for DNS, FTP, HTTP, and HTTPS traffic from the proxy server.

    3. Two machines (IP addresses and ) are to be allowed to connect using SSH.

    4. All other machines in the 192.168.1/24 network are allowed to connect on port 3128 only (the port that the Squid Web proxy server is listening on) and port 53 (for DNS queries).

    5. Allow ICMP traffic.

    6. All other connections (incoming or outgoing) must be blocked.

    7. Log attempts by machines on the 192.168.1/24 network to use Telnet or FTP to access the proxy server.

  2. Make sure your rules will be applied each time the system boots.

  3. After your proxy server has been running for a while, a new requirement is identified. Machines on the 192.168.1/24 network need to be able to make PPTP connections to an external VPN server with an IP address of . Update the iptables rules to satisfy this requirement. (Assume that IP forwarding is enabled on your proxy server).

Beginning Fedora 2
Beginning Fedora 2
ISBN: 0764569961
EAN: 2147483647
Year: 2006
Pages: 170

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net