PDA

View Full Version : Beginer Question about iptables, Networking



floregs3
06-Apr-2015, 14:05
Hello Forum Users,

I would ask for help about my Net-Infrasructur.

My destination is to get up and running a Intrusion Prevention System (Snort) in a Virtual Machine. This I installed succesfully . But in the Infrastructur I would do a step before, for understanding.

Now I have a PC (PC1) between my Internet Router and my internal Network (with a Cross Over Connection).

I managed it to ping from my internal Network across my PC1, where is a bridge with eth0 and eth1, to my Internet Router.

Now I have respect to do the next step, because my iptables are full with any default rules.

In my understanding, for other Net- Traffic (not ICMP) across PC1, I need a iptables rule?

In example: iptables -A FORWARD -i br3 -j ACCEPT

Is this right?

Thanks,
Flo

jmozdzen
08-Apr-2015, 14:52
Hi Flo,

for the sake of curiosity: The IDS VM is running on PC1? Or is your SLES system the "Internet router", or a third system, and is host to the VM?

For a better understanding, I'd like to see a more detailed description:

- which hardware machines are involved, and how are they connected IP-wise?
- where is the VM running and how is it connected, network-wise?
- which interfaces are involved (eth0, eth1 on which machine?)
- which rules are currently active, and on which machines?

> my iptables are full with any default rules

It might help to see the actual rules, especially the policies per chain.

Each chain (i.e. "FORWARD") has a "default action" (called "policy", set via "iptables -P"), and if that is set to block all traffic, then you'd need explicit rules to allow traffic. If set to allow any traffic that meets no explicit rule (which would be rather unsafe :D ), no explict rules would be required...

Regards,
Jens

floregs3
08-Apr-2015, 19:12
Hello Forum Users,

thank you for your reply and your explanation. My destination is to learn all necessary things about routing and work with Iptables, before I can say more.

1. Hardware Machines:

Internet Router ← normal cable --> SLES Server (with Virtual Machine) < ---cross over cable ---> Client PC (with static IP config)

2. The VM is running on the SLES Server. Snort is in this VM.

3. One Bridge br0 is connect to vnet0 from the Virtual Machine and the physical Nic eth0 on the SLES Server.

And Bridge br1 is connect to vnet1 from Virtual Machine and the physical Nic eth1 on the SLES Server.

It's all about learning in the moment. Before I act with snort in a Virtual Machine, I want to understanding how routing and Iptables work.
This was the cause of the Question to learn about routing. Next step is to route across snort.

But before I use iptables command line, I experimented with the GUI Firewall in SLES.
But now I have rules which is open for too much traffic. And I can not remove them also with „iptables -F“. After restart is the same as before.

I have rules configured with iptables, is not the problem. They disappear with a restart, and this react is normal, I have read in Internet.

Now my primary matter is to become a default based iptables environment.

I tried also to use „snapper“ and the first Snapshot with the comment „firewall“. But it's not working.


Thank you,
Flo

jmozdzen
09-Apr-2015, 12:32
Hi Flo,

as there are currently two threads discussing your situation, let's focus on one (https://forums.suse.com/showthread.php?6239-iptable-rules) and close this one.

As I have already answered in the other thread, the rules you see are most like re-established by starting the SuSE-firewall service at boot time. Simply deactivate that service (i.e. via YaST) so that you can stick to your own rules :)

Regards,
Jens

floregs3
09-Apr-2015, 17:56
Sorry for that, but I search and can't find the option to "close the thread".

Sorry and thank you,
Flo

jmozdzen
09-Apr-2015, 18:33
Hi Flo,

Sorry for that, but I search and can't find the option to "close the thread".

Sorry and thank you,
Flo

I'm sorry to have confused you: It was meant as a comment ("this thread now is closed per definition"), to keep others from adding to this one and to redirect them to the proper one :)

Regards,
Jens

floregs3
12-Apr-2015, 16:58
Hello,

this Thread is closed, Thank you