Home > Developer > Linux

Firewall in Linux Redhat 6.5

Source: Internet
Author: User
Tags iptables
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Linux firewall system as long as the work in the network layer, for TCP/IP packet Implementation filtering restrictions, a typical packet filter firewall (or called Network layer Anti-firewall)
    • Net filter refers to the overall implementation of the kernel of Linux, packet header filtering does not exist in the form of programs or files.
    • iptables refers to the user-managed Linux firewall Chitian program, usually located in the/sbin/iptables directory under the Rules table
      1. Filter table used to filter packets, according to the specific rules of the requirements of the decision to handle a packet. Three chains are included in the table. That is, input, Forward,output
      2. NAT table: Mainly used to modify the packet IP address, the Port information table contains three chains, prerouting postrouting OUTPUT
      3. mangle table with To modify the TOS service TTL lifetime for the packet, or to set the mark tag for the packet. The table contains five chain prerouting postrouting INPUT OUTPUT FORWARD.
        4. The
      4. raw table is a new version of Iptables from 1.2.9, as long as it is used to determine whether the packet tracking table contains two chain OUTPUT prerouting rule chains
      5. INPUT applies rules from the link when it receives access to the firewall native address packet (inbound).
      6. OUTPUT applies the rules in the secondary chain when the firewall sends packets outward (outbound) natively. The
      7. FORWARD applies the rules in this link when it receives packets that need to be forwarded to other addresses through the firewall.
      8. prerouting Apply the rules in this chain before the packet makes a routing selection
      9. postrouting after the packet has been selected, apply the order between the rules
        rules table in this chain when the packet arrives at the firewall, the raw table is applied one time , the Mangle table, the NAT table, and the corresponding rules in the filter table (if present) are applied in the order raw=> mangle=>nat=>filter. Basic Syntax
      10. accept allows you to DROP straight through
      11. No response is given to the
      12. REJECT deny Packet pass, and if necessary, a corresponding
    for the data sender
Option Name Functions and Characteristics
-A Add at the end of the specified chain
-D Delete Mo One
-I. Inserts a rule in the specified chain
-R Modify Replace
-L Lists all specified rules at the end specified as all
-F Empty chain rules are specified at the end of all
-P Specify a default chain
-N Use the digital mind to display output results
-V View the list of rules to display detailed information
-H Production See Chitian Help information
--line-numbers When you view the list of rules, it also shows the sequential number in the chain
The experiment started with the goal of providing access to the Web services provided by Linux without having to allow ping to implement NAT snt conversion and DNAT

Experiment prepare two Linux which Linux 1 provides HTTP service Linux 2 acting as router one client

  2. Linux 1 only need to turn on the httpd service, but let the network card information to be clear
  4. Linux 2 acts as a router dual NIC configuration one for 192.168.100.1 a 12.0.0.1
  5. One client IP address is 12.0.0.33 Start the experiment
      • Interconnection, of course, can only be flat-pass Gateway
      • [[email protected] ~]# iptables-f Clear all chains
      • [[email protected] ~]# vim/etc/sysctl.conf Modify configuration file
      • Net.ipv4.ip_forward = 1 Change 0 to 1 This will enable access from the client to the HTTPD service provided by Linux 1
      • [Email protected] ~]# iptables-a forward-s 12.0.0.33-p icmp-j DROP
        Insert in the last row of the specified list (this looks at the environment because I have all the conditions not in order) FORWARD (outbound) Prohibit source address-s 12.0.0.33 access-P ICMP protocol-j perform Operation drop Discard (note case)
      • [Email protected] ~]# Cat/etc/httpd/logs/access_log
        12.0.0.33--[12/may/2018:07:59:27 +0800] "View httpd access log
      • [Email protected] ~]# iptables-t nat-a postrouting-s 12.0.0.0/24-o eth0-j SNAT--to-source 192.168.100.1
        Intranet access public network-t specify table NAT table-a insert into the postrouting rule chain after selecting the source address of the packet-o exit eth0-j use SNAT--to-source to convert to an extranet exit
      • [Email protected] ~]# iptables-t nat-a prerouting-s 192.168.100.1-i eth0-j DNAT--to-destination 12.0.0.33 This is the PRE ROUTING before a packet makes a routing selection

Firewall in Linux Redhat 6.5

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux built in firewall bash profile location in linux redhat how to install git in redhat linux how to share folder in redhat linux how to install rpm package in redhat linux how to reset root password in redhat linux 7 how to check cpu cores in redhat linux
Related Article
Linux under the PS command Usage summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More