Home > Developer > Linux

How to configure Linux transparent Firewall

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

When you access the Internet, do you often suffer attacks? How can we avoid such attacks? We should configure the Linux transparent firewall, which raises another problem. How can we configure and configure the Linux transparent firewall?

1. Set the network address. Modify the file/etc/sysconfig/network-scripts/ifcfg-eth0 and/etc/sysconfig/network-scripts/ifcfg-eth1 so that it has the same IP address, the same subnet mask. Use vi to edit the following file, save the file, and run the Command service network restart to make the modification take effect.

 
 
    
  
  
  1. DEVICE=eth0 
    2. 
  
  
  2. BOOTPROTO=none 
    3. 
  
  
  3. BROADCAST=192.168.1.255  
    4. 
  
  
  4. IPADDR=192.168.1.254  
    5. 
  
  
  5. NETMASK=255.255.255.0  
    6. 
  
  
  6. NETWORK=192.168.1.0  
    7. 
  
  
  7. ONBOOT=yes 
    8. 
  
  
  8. USERCTL=no 
    9. 
  
  
  9. PEERDNS=no 
    10. 
  
  
  10. TYPE=Ethernet DEVICE=eth1 
    11. 
  
  
  11. BOOTPROTO=none 
    12. 
  
  
  12. BROADCAST=192.168.1.255  
    13. 
  
  
  13. IPADDR=192.168.1.254  
    14. 
  
  
  14. NETMASK=255.255.255.0  
    15. 
  
  
  15. NETWORK=192.168.1.0  
    16. 
  
  
  16. ONBOOT=yes 
    17. 
  
  
  17. USERCTL=no 
    18. 
  
  
  18. PEERDNS=no 
    19. 
  
  
  19. TYPE=Ethernet 
    20.

Note the following two points: the first is to distinguish between eth0 and eth1. this problem is critical. If it is mixed up, the firewall cannot connect to the network. As for how to distinguish eth0 from eth1, I will briefly describe it at the end of the article. It is assumed that the NIC connected to the vro is eth0.

2. Set the default route. In the file/etc/sysconfig/network-scripts/ifcfg-eth0 add a line gateway = 192.168.1.1 save and run the Command service network restart, the modification takes effect. Find a public IP address that opens the ICMP protocol, and run the command ping 202.108.36.196 (host www.163.com) to check the connectivity with the Internet. If the connection is normal, the Linux firewall host and the Internet are correctly configured. Run ping 192.168.1.18 to check the connectivity between the firewall host and the Intranet host. If the connection is normal, perform the next step.

3. Enable network forwarding and proxy_arp. This is the core part of the transparent firewall. I will write them into the file/etc/rc. d/rc. local. Use vi/etc/rc. d/rc. local to insert the following content. During this step, I used to spend a lot of time, because the parameter "-w" was not included in the reference book, and then I ran sysctl net separately. ipv4.conf. only after eth0.proxy _ arp = 1 can we find that red hat Linux 9 cannot run without the "-w" parameter.

 
 
    
  
  
  1. #Ip forward  
    2. 
  
  
  2. /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 
    3. 
  
  
  3. #Enable proxy-arp  
    4. 
  
  
  4. /sbin/sysctl -w net.ipv4.conf.eth0.proxy_arp=1 
    5. 
  
  
  5. /sbin/sysctl -w net.ipv4.conf.eth1.proxy_arp=1 
    6.

4. Specify the route. Because the two NICs (eth0, eth1) use the same ip address, if the forwarding path is not specified, the routing will be chaotic, so that computers within the firewall cannot access the Internet. Use the command vi to modify the file/etc/rc. d/rc. local and insert the following lines. Save the file and restart the computer.

 
 
    
  
  
  1. #Define route  
    2. 
  
  
  2. /sbin/ip route del 192.168.1.0/24 dev eth0  
    3. 
  
  
  3. /sbin/ip route add 192.168.1.1 dev eth0  
    4. 
  
  
  4. /sbin/ip route add 192.168.1.0/24 dev eth1 
    5.

Linux firewall can access the Internet from the host 192.168.1.18 without any exceptions. Of course, any machine on the Intranet can access the Internet. Here, Define route is described as follows: /sbin/ip route del 192.168.1.0/24 dev eth0 indicates that all data packets destined for 192.168.1.0/24 in the subnet are not forwarded from eth0 but from eth1, that is, the command/sbin/ip route add 192.168.1.0/24 dev eth1;/sbin/ip route add 192.168.1.1 dev eth0 indicates that all packets destined for 192.168.1.1 are forwarded by eth0, in fact, this can be understood as the Division of data forwarding between two NICs-eth0 is responsible for the packets to 192.168.1.1, and eth1 is responsible for the remaining packets. In this way, you can complete the configuration of the Linux transparent firewall. If the selected firewall rule is of medium level, the firewall has been configured successfully.

  1. Learn to delete old Linux Kernel
  2. Measure the test taker's knowledge about how to prevent attacks on Linux operating systems.
  3. Teach you how to display duplicate rows in Linux
  4. How to install and Uninstall Linux software
  5. Yuan Meng: an endless Linux Desktop Innovation

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to configure apache in linux how to configure web server in linux how to configure ntp server in linux how to configure http server in linux how to configure iptables in linux how to configure smtp server in linux how to check firewall settings in linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More