IP TABLES AND

FILTIRING:
What is IP Addressing?
 An Internet Protocol Address (IP Address) is a numerical label assigned to each device connected
to a computer network that uses the Internet Protocol for communication.
 An IP address is an address used in order to uniquely identify a device on a network. The address
is made up of 32 binary bits, which can be divisible into a network portion and host portion with
the help of subnet mask.
 A subnetwork or subnet is a logical subdivision of a network. The practice of dividing a network
into two or more networks called subnetting.

Firewall Utilities
 A firewall is a software utility or hardware device that acts as a filter for data entering or leaving
a network or computer. You could think of a firewall as security guard that decides who enter or
exits a building. A firewall works by blocking or restricting network ports. Firewall are commonly
used to help to prevent unauthorized access to both company and home networks.
 A firewall controls network traffic to and from a computer, permitting or denying
communications based on security policy.

Level of implementation:
 IP Tables with FILTERING Mechanism
BEFORE IP TABLES
 Before IPTABLE the most popular firewall / NAT package running on Linux was IPCHAINS. It had a
number of limitations, the primary one being that it ran as a separate program and not as part of
kernel. The Net filter organization decided to create a new product called IPTABLES in order rectify
this shortcoming. As a result of this, IPTABLES is considered a faster and more secure alternative.
IPTABLES has now become the default firewall package installed under RedHat and Fedora Linux.

IP TABLES
 The basic firewall software used in Linux is called IPTABLES.
 IPTABLES is a command-line firewall utility that uses policy chains to allow or block traffic. When a
connection tries to establish itself on your system, IPTABLES look for the rule in its list to match it. If
it doesn’t find one, it resorts to the default action.
 We can call, it’s the basics of Firewall for Linux. IPTABLES is a rule based firewall system and it is
normally pre-installed firewall which is controlling the incoming and outgoing packets. By-default
the IPTABLES is running without any rules, we can create, add, edit rules into it.
 The Linux kernel has the built-in ability to filter packets, allowing some of them into system while
stopping other.

BASIC STRUCTURE OF IPTABLES

 The default structure of IPTABLES is like:
o “Tables which has Chains and the Chains which contains Rules”
 TablesChainsRules.
 The rules are defined to control the packets for input/output.

IP FILTERING
 The kernel will inspect data packets and decide based on these rules what to do with each packet.
 IP filtering is simply a mechanism that decides which types of IP datagram will be processed
normally and which be discarded. By discarded we mean that the datagram is deleted and
completely ignored, as if it had never been received.
 The main difference between packet forwarding and packet filtering is: Packet forwarding uses only
routing table to make decisions, Packets Filtering uses a list of rules for filtering.
 TYPES OF RULES IN CHAINS
There are five types of rules implemented in all types of IP table chains:
 Input: The Input chain is used for any packet coming into the system. Input Chaim is for
managing packets input to server and used by mangle and filter Tables.
 Output: The output chain is for any packet leaving the system and it is used by Mangle, NAT
and Filter Table.
 Forward: The forward chain is for packets that are forwarded through the system and used
by Mangle and Filter table.
 PreRouting: Prerouting allows altering of the packets before they reach the input chain and
used by Mangle, NAT tables.
 PostRouting: Postrouting allows altering packets after they exist the output chain and used
by mangle and NAT tables.

TARGETS
Every IPTABLE rules have some “Target” which is executed when it is matched against a “Criteria”.

 ACCEPT: Packet is accepted and goes to the application for processing.

 DROP: Packet is dropped. No information regarding the drop is send to the sender.
 REJECT: Packet is dropped and information message is send to the sender.
 LOG: Packet details are sent to for logging.
 DNAT: Rewrite the destination IP of the Packet.
 SNAT: Rewrite the source IP of the Packet.

TYPES OF IP TABLES USE IN FILTERING:

The three built-in tables with chains of rules are as follows:

 Filter: The default table for handling network packets.

 NAT: Used to alter packets that create a new connection.
 Mangle: Used for specific types of packet alternation.
 TRAFFIC CONTROL IN
LINUX
We can use SSH Tunnels to secure our network traffic.

What is SSH?
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an
unsecured network. Typical applications include remote command-line, login, and remote command
execution, but any network service can be secured with SSH.

Securing Network Traffic With SSH Tunnels

Introduction to SSH Tunnels
Secure Shell, or SSH, is used to create a secure channel between a local and remote computer. While SSH is
commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel
between computers for forwarding other network connections that are not normally encrypted. SSH tunnels
are also useful for allowing outside access to internal network resources.

To create an SSH tunnel, you need:

 Target server offering network services (http, VNC, etc.) to the client

 SSH server listening for connections from the client
 SSH client configured to forward traffic from a local listening port, through the SSH server, to the
target server

The SSH server may be running on the same machine as the target server, or on a different machine. Network
communications between the SSH server and the target server are NOT encrypted by the SSH tunnel (see
diagram below), so if the servers are running on different machines, ideally they should be located together
on a secure network.
 Scenario - Connecting to an insecure service
In this scenario, a client wishes to connect to a service that does not natively use encryption but does not
want the traffic to be sent unencrypted through the Internet. The environment for this scenario:

 Target server: VNC service is listening on port 5900 at IP address 1.2.3.4

 SSH server: SSH service is listening on port 22 at IP address 1.2.3.5
 Client machine: SSH and VNC clients installed

Creating the SSH tunnel using PuTTY:

1. Open the PuTTY client user interface
2. In the Session window, under "Basic options for your PuTTY session", enter the IP address and
listening port for the SSH server:

3.
4. In the left pane, select Connection->SSH->Tunnel
5. Under "Options controlling SSH port forwarding", enter the following settings (see screenshot):
6. Source port: Pick an arbitrary port, not in use on your client; the example uses 15900.
7. Destination: IP address and listening port for the target server, 1.2.3.4:5900
8. Leave "Local" and "Auto" radio buttons selected
9. Click "Add" to save these settings
10. Click "Open" to create the SSH tunnel. Enter your username and password for the SSH server when
prompted.