Linux OSU Presenting: Karl Vollmer Implemented By: Brian Staffenson / irc.oregonstate.edu #osu-id.

Slides:

Advertisements

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Advertisements

Firewalls and Network Address Translation (NAT) Chapter 7.

IUT– Network Security Course 1 Network Security Firewalls.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Saving Money by Recycling Existing Computers with LTSP Peter Billson Linux Terminal Server Project (LTSP.org) Linux User Group in Princeton LUG/IP July.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

1 Firewall & IP Tables. 2 Firewall IP Tables FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Chien-Chung Shen Google Compute Engine Chien-Chung Shen

Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.

Computer Network (MASQ/NAT/PROXY)

Installing software on personal computer

LİNUX-ROUTER-1 Gw1: GW2: ISP1 eth eth /30 LİNUX-ROUTER-2 Gw1: Gw2: eth1.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

1 Guide to Network Defense and Countermeasures Chapter 6.

Operating Systems Operating System

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

IPtables Objectives –to learn the basics of iptables Contents –Start and stop IPtables –Checking IPtables status –Input and Output chain –Pre and Post.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns.

Emergency Alert System Dave Swift Zach Smith. Why EAS? Virginia Polytechnic Institute Client: Union College Campus Safety ◦Siren ◦Text Messaging ◦ .

Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.

1 實驗九：建置網路安全閘道器教師：助教：. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

IPtables Objectives Contents Practicals Summary

Le firewall Technofutur. Table des matières Schémas du réseau Routage sans VPN Routage avec VPN Le NAT Le firewall.

CSN09101 Networked Services Week 6 : Firewalls + Security Module Leader: Dr Gordon Russell Lecturers: G. Russell.

Terminal Servers in Schools A second life for your older computers.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

1 Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about private networks and NAT.

1 Firewalls. ECE Internetwork Security 2 Overview Background General Firewall setup Iptables Introduction Iptables commands “Limit” Function Explanation.

Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.

Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.

CNIT 124: Advanced Ethical Hacking Ch 13: Post Exploitation Part 2.

Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.

Linux Firewall For the Office and Home Nov 17, 2001 Matthew Tam, CISSP.

Introduction to Linux Firewall

Firewalls Chien-Chung Shen The Need for Firewalls Internet connectivity is essential –however it creates a threat (from the network) vs.

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Linux Firewall Iptables.

Wireless Access Point. What is a WAP?  A Wireless access point (WAP) is a device that allows a wireless device to connect to a wired network.

Routing with Linux 'cause you really love the command line

Linux Firewalls By Shane Lofgren. Definition from wikipedia.org: A firewall is a security device which is configured to permit, deny or proxy data connections.

Managing and Directing Network Traffic with Linux

Network Address Translation (NAT)

ECE 544: Middlebox lab Abhigyan Sharma.

WSU Linux Users Group By Haven Hash

Network Address Translation (NAT)

Diskless Remote Boot Linux

Packet Filtering Dick Steflik.

Setting Up Firewall using Netfilter and Iptables

OPS235: Configuring a Network Using Virtual Machines – Part 2

Firewalls By conventional definition, a firewall is a partition made

Emergency Alert System

The “FREE” WiFi by Chandan.

From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse)

Presentation transcript:

Linux OSU Presenting: Karl Vollmer Implemented By: Brian Staffenson / irc.oregonstate.edu #osu-id

What we have 13 Residence Halls 13 Residence Halls 4 Cooperative Houses 4 Cooperative Houses 3900 Beds 3900 Beds Students Students 1600 Summer Conference guests 1600 Summer Conference guests Two Computer in every residence hall w/CRT Two Computer in every residence hall w/CRT

Previous Setup Independent Linux boxes running Debian Independent Linux boxes running Debian Updates were pushed via rsync Updates were pushed via rsync HDDs in every computer HDDs in every computer Regular incidents of vulgar material left on Regular incidents of vulgar material left on terminals terminals

Objectives Reduce power consumption and complexity Reduce power consumption and complexity Centralize updates and faster changes Centralize updates and faster changes Increase uptime and prevent tampering Increase uptime and prevent tampering Increased lifetime of components Increased lifetime of components

Linux Terminal Server Project Wiki: Downloads:

Our Configuration Firefox launches on boot Firefox launches on boot HDD, CDRom & Floppy Disk removed HDD, CDRom & Floppy Disk removed 2 Min of inactivity resets the web browser 2 Min of inactivity resets the web browser and clears any changes and clears any changes Screensaver Images are pulled from Screensaver Images are pulled from network share making updates easy network share making updates easy

Required Resources Server: Dell GX270 w/1Gb ram and two network cards Server: Dell GX270 w/1Gb ram and two network cards Current Clients: Dell GX260’s, Current Clients: Dell GX260’s, Previous Clients: GX150 (866Mhz) 256mb of ram Previous Clients: GX150 (866Mhz) 256mb of ram Switches supporting VLANs between client and server Switches supporting VLANs between client and server

IP Tables Script #!/bin/sh # IPTABLES PROXY script for the Linux 2.4 kernel. echo -e "\n\nSETTING UP IPTABLES PROXY..." # SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK INTIF="eth1" # SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION EXTIF="eth0" # SET YOUR EXTERNAL IP ADDRESS EXTIP=“ " echo "Loading required stateful/NAT kernel modules..." /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_nat_irc echo " Enabling IP forwarding..." echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Clearing any existing rules and setting default policy iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F # FWD: Allow all connections OUT and only existing and related ones IN iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # Enabling SNAT (MASQUERADE) functionality on $EXTIF iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Questions?