Tag: Networking

linux iptables intro and basic network information

Introduction iptables – the standard linux firewall

iptables is a standard firewall built into common Linux distributions such as ubuntu, debian, and centOS.

First, packets are logical containers of data representing the flow of data. Protocols are languages and sets of rules used by network devices to send and/or receive data. Ports are numerical representations of protocols and are common throughout TCP/IP networking. Registered ports are those from 0 through 49151. IANA maintains the official list of both ranges.The dynamic or private ports are those from 49152 through 65535. One common use for ephemeral ports are used by servers to continue communications with a client that initially connected to one of the server’s well-known service listening ports. Here is a list of about 250 well-known ports.

iptables drops network packets when those packets meet a certain set of pre-defined CHAINS of rules stored in the computer’s memory. The chains can be placed in different binding orders and they organize the firewall.

A packet, or a datagram, is a unit of a series of bits that forms a container that can be examined, routed, dropped, and filtered in regards to it’s headers, source, destination, and content.

The packet is organized into different fields. It is typically 32bits and contains different data objects which contain mac address source/destination, and IP address source/destination. Cyclical redundancy checks (CRCs) are used to check the values of a packet before they are sent. When the datagrams reach their destination a checksum is attained and checked against the CRC field. In TCP, if the two match then the datagram is marked as successfully sent. If it is different, the source is notified that the packet is bad and will need to be resent.

Datagrams on a wired network really just represent electrons (ethernet) or pulses of light and radio waves that modulate in frequency and amplitude in optical transmissions.

CSMA/CD is used to manage collisions and prevents simultaneous transmission of data on both wired and wireless networks.

Layer 3 of the OSI model is where routers route packets to different vlans and subnets based on their field values using static routes and dynamic protocols such as RIP and OSPF. Layer 2 switches create connections between nodes with addresses in their MAC tables through Application Specific Integrated Circuit (ASICs).

Services running on a server rely on field data in each datagram. The traffic is organized by standard protocols that are bound to specific ports. Each port is represented by a number and are filtered by opening or closing the ports to accept or drop packets whole field data matches that port.

Like other firewalls, iptables manages ports on a NIC where packets can enter, pass, or exit. Ports can be opened, listen, or closed for each service or kind of traffic that will be allowed. Other ports are closed for traffic to be denied.

Chains are sets of rules that manage network traffic by opening or closing ports that can be applied or bound to a Network Interface in a particular order.

There are three kinds of CHAINS:

  1. INPUT – packets coming into the PC.
  2. OUTPUT – packets leaving out our PC.
  3. FORWARD – packets that pass through the PC if it’s multi-homed and being used as a router.

Here are common iptables switches used in chains:

  • -s = source address
  • -d = destination address
  • -p = protocol
  • -j = action
  • -P = specify default policy for a chain
  • -D = delete a rule for a chain
  • -R = replace a rule for a chain
  • -F = remove all rules for specified chain.
  • -L = list all chain rules
  • -A = add/append a rule to the end of a chain

Rules are used to define and manage the traffic you want to ALLOW first in iptables. Then you add the last rule, or the catch-all rule at the bottom of these rules. The last rule blocks all other traffic not previously allowed.

Example of a rule applied to the INPUT chain:

  1. Allow HTTP traffic for an Apache2 web server on port 80 on the interface named eth0:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 80 -i eth0

2. Allow FTP packets for the VSFTPD daemon/service on port 21:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 21 -i eth0

3. Allow SSH traffic for Secure Shell connections on port 22:

iptables -A INPUT -j ACCEPT -p tcp –destination-port 22 -i eth0

4. Apply a CATCH-ALL rule:

iptables -A INPUT -j DROP -p tcp -i eth0

*Note – catch-all rules must be entered and applied LAST.

You can define your own iptables chains as well as view the built-in chains present. Many users will define their own iptables rules in a shell script that is run automatically at boot.

 

Sharing a Windows 7 Notebook/Laptop Wireless Connection with a Desktop PC Using A Bridge

I have a notebook that is connected to a wireless network and also has a Cat5 network port. I also have a desktop PC with no wireless card, but is too difficult to run a cable to the wireless router. How do you easily share your notebook laptop wireless connection in Windows 7 via a notebook’s Ethernet NIC port, so that the PC will pick up a DHCP address from the router, and not have to use Windows 7 ICS (Internet Connection Sharing) service?

It’s actually pretty easy to share your laptop’s wireless connection through the notebook’s NIC, to a Desktop PC’s network card. You can do this without an additional (second) router, or a crossover cable, or setting static IP addresses, etc.

1. Go into your laptop’s Network Sharing Center and then click on the “Change Adapter Settings” link.

2. Next, you’ll see your Local Area Connection is in Network Cable Unplugged status (hold off on plugging in the network cable). You should also see your Wireless Network Connection is connected to the network/internet. I like change the view settings on the screen to View Details, and sort the adapters so that the two you’re trying to share are right next to each other.

Click Image to Enlarge

3. Next, hold down the Ctrl button and click on both adapters so that they are both highlighted. You can also click-drag your mouse highlight/select both adapters. After they are both selected, right-click on the two and choose “Bridge Connections.”

Click image to enlarge

4. After a few moments you should see a Network Bridge adapter created and then connected to the internet.

click image to enlarge

5. Now take a simple Cat5e/ethernet cable (not cross-over) and plug it into your PC’s NIC, and the other end into the laptop’s NIC port. The Local Area Connection adapter should change to “Enabled, Bridged”.

click image to enlarge

6. Your Desktop PC should pick up a new IP address from the same router as your laptop, and go online. If not, make sure the Local Area Connection adapter on the Desktop PC is set to DHCP, and then then hit “Troubleshoot Problems” on the network connection, or do a DHCP address release/renew. During testing, my PC warned me that there was an IP address conflict when first plugging in the cable from the laptop to the PC. I did a release/renew on the adapter and received a new IP address from the router, and all is well.

Hopefully this post will save you a little time when trying share your wireless internet connection on your laptop out to your PC.