Scribd
Upload
26 views3 pages

Tema 1

The document discusses configuring IP addresses and firewall rules for network equipment integrating an intranet. IP addresses were configured correctly and routing is enabled. Rules allow HTTP, HTTPS, DNS, SMTP access and masquerade traffic between networks.

Uploaded by

edmodanez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
26 views3 pages

Tema 1

The document discusses configuring IP addresses and firewall rules for network equipment integrating an intranet. IP addresses were configured correctly and routing is enabled. Rules allow HTTP, HTTPS, DNS, SMTP access and masquerade traffic between networks.

Uploaded by

edmodanez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

TEMA 1

Definição e configuração de endereços IP fixos para os equipamentos servidores que


integrarão a intranet:

Definição de endereços IP fixos:


"cat /etc/network/interfaces"
auto enp0s3
iface enp0s3 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1

"2" é o nosso grupo

encaminhamento de IP (gateway):
"sysctl net.ipv4.ip_forward"
net.ipv4.ip_forward = 1
Roteamento esta habilitado

interface de rede:
"ip addr show enp0s3"
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 08:00:27:42:d0:c4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe42:d0c4/64 scope link
valid_lft forever preferred_lft forever

tabela de roteamento:
"route -n"
Tabela de Roteamento IP do Kernel
Destino Roteador MáscaraGen. Opções Métrica Ref Uso Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3

1. Definição e configuração de endereços IP fixos


Configuração IP fixa:

O IP fixo 192.168.1.2 foi configurado corretamente para o interface enp0s3.


Configurar o gateway para roteamento IP entre as duas redes:

O roteamento IP está habilitado (net.ipv4.ip_forward = 1).


O gateway está configurado (192.168.1.1).

2. Tradução de endereços IP (NAT)


Regras de NAT (Masquerade):
A regra de Masquerade está aplicada na interface enp0s3 para permitir a tradução de
endereços IP.

sudo iptables -t nat -L -v -n

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination
156 15303 MASQUERADE all -- * enp0s3 0.0.0.0/0 0.0.0.0/0
3. Proteção através de um firewall
a) Permitir acessos externos aos servidores Web (HTTP e HTTPS), DNS e SMTP, na rede
interna
Regras INPUT para HTTP, HTTPS, DNS e SMTP:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT

b) Permitir o acesso do DNS cache interno a outros servidores DNS externos


Regras OUTPUT para DNS
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT

c) Permitir o acesso a servidores externos Web (HTTP e HTTPS) e FTP apenas ao


servidor Proxy
Regras FORWARD para o servidor proxy (assumindo IP 192.168.1.2):
sudo iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.2 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 443 -s 192.168.1.2 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 21 -s 192.168.1.2 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 80 -j REJECT
sudo iptables -A FORWARD -p tcp --dport 443 -j REJECT
sudo iptables -A FORWARD -p tcp --dport 21 -j REJECT

d) Permitir a passagem de ICMP entre as redes interna e externa


sudo iptables -A INPUT -p icmp -j ACCEPT
sudo iptables -A OUTPUT -p icmp -j ACCEPT

sudo iptables -L -v -n
sudo iptables -t nat -L -v -n
Chain INPUT (policy ACCEPT 877 packets, 110K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:25
74 24168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.1.2 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.1.2 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 192.168.1.2 0.0.0.0/0
tcp dpt:21
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 379 packets, 67139 bytes)


pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 93.184.215.14
tcp dpt:80 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 93.184.215.14
tcp dpt:443 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 157.240.12.13
tcp dpt:443 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 157.240.12.35
tcp dpt:443 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 157.240.12.35
tcp dpt:80 reject-with icmp-port-unreachable
190 11400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
83 24924 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
214 14827 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination
360 33446 MASQUERADE all -- * enp0s3 0.0.0.0/0 0.0.0.0/0

You might also like