방화벽 실습

1. telnet-server 구성 (tcp 23)

yum -y install telnet-server

systemctl start telnet.socket

 

2. ssh server 구성 (tcp 12121, root 접속 허용)

yum -y install openssh

vim /etc/ssh/sshd_config

systemctl start sshd

root 계정 접속 허용

port 번호 설정

 

3. ftp server 구성 (tcp 21, passive 50000~50005, root 접속 허용)

yum -y install vsftpd

vim /etc/vsftpd/vsftpd.confg

추가 입력

 

4. win10에서 telnet, ssh, ftp 서비스 접속 확인

O

 

5. 기존 리눅스 방화벽 구성

 

5-1. 기본 정책 DROP

iptables -t filter -P INPUT DROP

iptables -t filter -P OUTPUT DROP

iptables -t filter -P FORWARD DROP

 

5-2. 서비스 허용 정책 추가

iptables -t filter -A INPUT -p tcp --dport 23 -s 192.168.50.1 -d 192.168.50.50 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --sport 23 -s 192.168.50.50 -d 192.168.50.1 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 12121 -s 192.168.50.1 -d 192.168.50.50 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --sport 12121 -s 192.168.50.50 -d 192.168.50.1 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 21 -s 192.168.50.1 -d 192.168.50.50 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --sport 21 -s 192.168.50.50 -d 192.168.50.1 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 50000:50005 -s 192.168.50.1 -d 192.168.50.50 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --sport 50000:50005 -s 192.168.50.50 -d 192.168.50.1 -j ACCEPT

 

5-3. 해당 리눅스가 인터넷 가능하도록 설정 (www.google.com)

↓ DNS

iptables -t filter -A OUTPUT -p udp --dport 53 -s 192.168.50.50 -d 8.8.8.8 -j ACCEPT

iptables -t filter -A INPUT -p udp --sport 53 -s 8.8.8.8 -d 192.168.50.50 -j ACCEPT

 

↓ 웹 통신

iptables -t filter -A OUTPUT -p tcp --dport 80 -s 192.168.50.50 -j ACCEPT

iptables -t filter -A INPUT -p tcp --sport 80 -d 192.168.50.50 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --dport 443 -s 192.168.50.50 -j ACCEPT

iptables -t filter -A INPUT -p tcp --sport 443 -d 192.168.50.50 -j ACCEPT

최종 iptables 목록