Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAT、DHCP、Firewall、FTP、Proxy

Published byBasil Lynch Modified over 6 years ago

Similar presentations

Presentation on theme: "NAT、DHCP、Firewall、FTP、Proxy"— Presentation transcript:

1 NAT、DHCP、Firewall、FTP、Proxy
Homework 02 NAT、DHCP、Firewall、FTP、Proxy

2 Basic Knowledge DHCP NAT Firewall FTP Proxy
Dynamically assigning IPs to clients NAT Translating addresses for clients Firewall Traffic filtering FTP File Transfer Protocol Proxy Intermediary of client and server to translate requests

3 Basic Knowledge – Isolated Execution Environment
Provide a sandbox with limited access to resource Protect other programs from compromised one OS-level virtualization (Used in this HW) Resource isolation File system, device… Lightweight Easy to manage Implementation FreeBSD: jail Linux: lxc

4 Architecture Overview
Network card Server IP0 - public IP1 – private HostA - GUI based host HostB - FTP server Private IP domain IP2 – private IP3 – private Internet

5 Architecture Server HostA HostB UNIX-based OS
Act as a gateway for all services DHCP & NAT server A dedicated Public IP and a static private IP HostA Any OS A private IP via DHCP HostB An isolated execution environment on Server Runs FTP service A static private IP

6 Requirement – NAT & DHCP
HostA & HostB can access Internet via Server DHCP Provided by Server Static range should be excluded Authentication Only clients passed authentication can access the internet Exclude static range Redirect un-auth host to authentication page Web service on Server Serve a simple authentication page

7 Requirement – Firewall
Deny all connections come from <BadHost> Allow the connection from /24 to access HostB’s FTP server Drop packets from /24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable Allow the connection from /24 to access HostB’s SSH server (Server will redirect the request for port 222 to HostB’s SSH server) The connection from other public IP to access HostB’s FTP and SSH server should be denied and not response TCP RST/ICMP unreachable All public IP can’t send ICMP echo request packets to server (will not response ICMP ECHO-REPLY packets)

8 Requirement – Proxy FTP proxy HTTP proxy Hint
Setup an FTP proxy on Server All FTP requests should be proxied to HostB HTTP proxy Setup a transparent proxy on Server All http traffic should pass through this TP Hint ftp-proxy(8) (ftp) www/squid (http) www/privoxy (http)

9 Bonus – LB and HA for HTTP Service
Setup multiple worker nodes (>=2) Load balance Load should be distributed across all nodes High availability Health check on all nodes Remove fail node(s)

10 Bonus – Area Defense Setup multiple worker nodes (>=2)
Check login log Add pf policy

11 Hand-in Demo 5/4 – 5/8 Book Demo 4/28 – 5/2

Download ppt "NAT、DHCP、Firewall、FTP、Proxy"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Homework 02 Announce: 20090408 Due: 20090420. Requirements Basic firewall settings (40%) Set trusted network 140.113.235.0/24 Allow all connections from.

Homework 02 Announce: Due: Requirements Basic firewall settings (40%) Set trusted network /24 Allow all connections from.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.

Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Similar presentations

Ads by Google