Book Image

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

By : Lucian Gheorghe
Book Image

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

By: Lucian Gheorghe

Overview of this book

Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks. After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation. Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

Related Content you might be interested in

Current Title:

Small book image
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter
Lucian Gheorghe
Oct, 2006 | 0 hours 0 minutes
No titles found
Table of Contents (14 chapters)
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
Preface
Preface
Free Chapter
1
Networking Fundamentals
Networking Fundamentals
The OSI Model
The TCP/IP Model
OSI versus TCP/IP
IP Addressing, IP Subnetting, and IP Supernetting
How the Internet Works
Summary
2
Security Threats
Security Threats
Layer 1 Security Threats
Layer 2 Security Threats
Layer 3 Security Threats
Layer 4 Security Threats
Layer 5, 6, and 7 Security Threats
Summary
3
Prerequisites: netfilter and iproute2
Prerequisites: netfilter and iproute2
netfilter/iptables
iproute2 and Traffic Control
Summary
4
NAT and Packet Mangling with iptables
NAT and Packet Mangling with iptables
A Short Introduction to NAT and PAT (NAPT)
NAT Using iptables
Packet Mangling with iptables
Summary
5
Layer 7 Filtering
Layer 7 Filtering
When to Use L7-filter
How Does L7-filter Work?
Installing L7-filter
L7-filter Applications
IPP2P: A P2P Match Option
IPP2P versus L7-filter
Summary
6
Small Networks Case Studies
Small Networks Case Studies
Linux as SOHO Router
Linux as Router for a Typical Small to Medium Company
Summary
7
Medium Networks Case Studies
Medium Networks Case Studies
Example 1: A Company with Remote Locations
Example 2: A Typical Small ISP
Summary
8
Large Networks Case Studies
Large Networks Case Studies
Thinking Large, Thinking Layered Models
A Real Large Network Example
Summary
Index
Index

Chapter 1. Networking Fundamentals

When it comes to theory, some of you out there might find it boring to read; so the first thing that may go through your mind is to skip this chapter. Don't do it. Even if you think that you know all the theoretical concepts, a recapitulation is good anytime.

Network professionals talk about protocols, devices, and software in terms of which OSI Layer they function at. When people talk about high-performance Layer 3 switches these days, they talk about switches that can perform OSI Layer 3 tasks and they expect you to know which tasks are at that layer. A simple deduction makes you realize that classic switches perform OSI Layer 2 functions.

Layer 3 switches are beyond the scope of this book, but that was a simple example of why you should know the OSI layered model, which is purely theoretical. Further in this book, you will learn about "Layer 7 filtering" which refers to how to filter what is on OSI Layer 7, which I'm sure you will find very attractive to read and implement.

By definition, a network is a group of two or more computer systems linked together, with the ability to communicate with each other.

The types of networks commonly used are:

  • LAN (Local Area Network): A network in which the computers are close together (the same building).

  • WAN (Wide Area Network): A network in which the computers are at very long distances.

  • MAN (Metropolitan Area Network): A city-wide network.

  • CAN (Campus Area Network): A network in a campus or a military base.

  • SAN (Storage Area Network): A high-performance network used to move data between servers and dedicated storage devices.

  • VPN (Virtual Private Network): A private network built over the public network infrastructure (over the Internet).

  • HAN (Home Area Network): A network in a personal home. This term is rarely used; most people use the term LAN in this matter.

Computers in a user home network (a HAN) are usually connected to the building switch and form a LAN with the other users' computers. This switch is connected to a MAN or a CAN that is connected to the largest WAN, which is the Internet.

Previous Section
End of Section 1
Next Section