How to configure Linux transparent Firewall

Source: Internet
Author: User

When you access the Internet, do you often suffer attacks? How can we avoid such attacks? We should configure the Linux transparent firewall, which raises another problem. How can we configure and configure the Linux transparent firewall?

1. Set the network address. Modify the file/etc/sysconfig/network-scripts/ifcfg-eth0 and/etc/sysconfig/network-scripts/ifcfg-eth1 so that it has the same IP address, the same subnet mask. Use vi to edit the following file, save the file, and run the Command service network restart to make the modification take effect.

 
 
  1. DEVICE=eth0 
  2. BOOTPROTO=none 
  3. BROADCAST=192.168.1.255  
  4. IPADDR=192.168.1.254  
  5. NETMASK=255.255.255.0  
  6. NETWORK=192.168.1.0  
  7. ONBOOT=yes 
  8. USERCTL=no 
  9. PEERDNS=no 
  10. TYPE=Ethernet DEVICE=eth1 
  11. BOOTPROTO=none 
  12. BROADCAST=192.168.1.255  
  13. IPADDR=192.168.1.254  
  14. NETMASK=255.255.255.0  
  15. NETWORK=192.168.1.0  
  16. ONBOOT=yes 
  17. USERCTL=no 
  18. PEERDNS=no 
  19. TYPE=Ethernet 

Note the following two points: the first is to distinguish between eth0 and eth1. this problem is critical. If it is mixed up, the firewall cannot connect to the network. As for how to distinguish eth0 from eth1, I will briefly describe it at the end of the article. It is assumed that the NIC connected to the vro is eth0.

2. Set the default route. In the file/etc/sysconfig/network-scripts/ifcfg-eth0 add a line gateway = 192.168.1.1 save and run the Command service network restart, the modification takes effect. Find a public IP address that opens the ICMP protocol, and run the command ping 202.108.36.196 (host www.163.com) to check the connectivity with the Internet. If the connection is normal, the Linux firewall host and the Internet are correctly configured. Run ping 192.168.1.18 to check the connectivity between the firewall host and the Intranet host. If the connection is normal, perform the next step.

3. Enable network forwarding and proxy_arp. This is the core part of the transparent firewall. I will write them into the file/etc/rc. d/rc. local. Use vi/etc/rc. d/rc. local to insert the following content. During this step, I used to spend a lot of time, because the parameter "-w" was not included in the reference book, and then I ran sysctl net separately. ipv4.conf. only after eth0.proxy _ arp = 1 can we find that red hat Linux 9 cannot run without the "-w" parameter.

 
 
  1. #Ip forward  
  2. /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 
  3. #Enable proxy-arp  
  4. /sbin/sysctl -w net.ipv4.conf.eth0.proxy_arp=1 
  5. /sbin/sysctl -w net.ipv4.conf.eth1.proxy_arp=1 

4. Specify the route. Because the two NICs (eth0, eth1) use the same ip address, if the forwarding path is not specified, the routing will be chaotic, so that computers within the firewall cannot access the Internet. Use the command vi to modify the file/etc/rc. d/rc. local and insert the following lines. Save the file and restart the computer.

 
 
  1. #Define route  
  2. /sbin/ip route del 192.168.1.0/24 dev eth0  
  3. /sbin/ip route add 192.168.1.1 dev eth0  
  4. /sbin/ip route add 192.168.1.0/24 dev eth1 

Linux firewall can access the Internet from the host 192.168.1.18 without any exceptions. Of course, any machine on the Intranet can access the Internet. Here, Define route is described as follows: /sbin/ip route del 192.168.1.0/24 dev eth0 indicates that all data packets destined for 192.168.1.0/24 in the subnet are not forwarded from eth0 but from eth1, that is, the command/sbin/ip route add 192.168.1.0/24 dev eth1;/sbin/ip route add 192.168.1.1 dev eth0 indicates that all packets destined for 192.168.1.1 are forwarded by eth0, in fact, this can be understood as the Division of data forwarding between two NICs-eth0 is responsible for the packets to 192.168.1.1, and eth1 is responsible for the remaining packets. In this way, you can complete the configuration of the Linux transparent firewall. If the selected firewall rule is of medium level, the firewall has been configured successfully.

  1. Learn to delete old Linux Kernel
  2. Measure the test taker's knowledge about how to prevent attacks on Linux operating systems.
  3. Teach you how to display duplicate rows in Linux
  4. How to install and Uninstall Linux software
  5. Yuan Meng: an endless Linux Desktop Innovation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.