Unit 5: Firewalls Network Engineering, S1 2019 Dr. Paul Gardner-Stephen Revision 1, 30MAY19, Dr. Paul Gardner-Stephen. Overview The intention of this unit is to give students a theoretical and practical understanding of simple firewall configuration tasks, including use of iptables. Materials You will require use of your own laptop or other BYOD device, that is capable of running two Virtual Machine instances of Ubuntu 18.04. You will use the Virtual Machines you setup in Unit 0. Significant typing will be required, so laptop or netbook is strongly recommended as compared to a tablet or other such device. Estimated Time Required It is estimated that 6.75 hours of effort will be required to obtain a “Credit” result for this unit. The justification of effort is as follows: This unit constitutes 11% of the practical component of this topic, which in turn constitutes 45% of the total topic. Thus this unit is 5% of the total topic. Obtaining a credit grade for a 4.5 Unit topic is expected to require 135 hours of study, and 5% of that is approximately 6.75 hours. One possible break-down of this time is as follows: 1 hour – Attending the lecture. 1 hours – Reading recommended reading materials in preparation for Practical/Workshop. 3 hours – Practical/Workshop session. 1.75 hours – Activity following the practical workshop session to complete your submission. Learning Outcomes 1. Configure simple firewall rules and verify their correct operation. Preparation 1. Read https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ https://www.booleanworld.com/depth-guide-iptables-linux-firewall/, and take a brief look at https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html, in case you want to refer to a rather more in-depth introduction. 2. Read the man page for the iptables command. To view a man page, type a command like: man iptables 3. Search the internet for tutorials on using this command as desired, to further familiarise yourself. Body of work 1. Each student is required to individually configure both their virtual machines to communicate via a shared network interface using 10.1.1.0/24 as the network, and 10.1.1.1 and 10.1.1.2 as the IP addresses for your first and second virtual machines, such that you can ping, traceroute and ssh from one to the other, if you have not previously done so. This section is worth 0% of the total, because without it, you can’t actually complete the second part. 2. Each student is required to individually use iptables on their virtual machines so that the first virtual machine can ssh to the second, but not the second to the first. The steps to reproduce this should be recorded in unit4.md and committed to git. This section is worth 60% of the total, but is not possible to complete, if you have not also completed the first section. 3. Each student is required to individually use iptables on their virtual machines so that when the second virtual machine attempts to connect to the first virtual machine using ssh on port 12345, that the connection actually connects to port 22 on the second virtual machine. The steps to reproduce this should be recorded in unit4.md and committed to git. This section is worth 40% of the total, but is not possible to complete, if you have not also completed the first section.
