1
00:00:00,000 --> 00:00:17,920
Hey everyone and welcome back. In the previous nugget we had talked about some of the architecture

2
00:00:17,920 --> 00:00:23,440
around IP tables. We still have to focus on a little bit more pieces of information in

3
00:00:23,440 --> 00:00:29,519
order to put together all of the pieces. Now where we left off we were discussing the

4
00:00:29,599 --> 00:00:36,159
concept of rules. Now in order to be able to begin enforcing these rules we have to understand

5
00:00:36,159 --> 00:00:42,799
one more vital piece of information and that is called our targets. Now with respect to IP

6
00:00:42,799 --> 00:00:49,120
tables we have a bunch of built-in targets that we want to know about as well as some extensions.

7
00:00:49,120 --> 00:00:55,439
So realistically when a particular packet traversing the network happens to match a

8
00:00:55,439 --> 00:01:01,839
particular rule that we want to set we want to tell the router what exactly it should do with

9
00:01:01,839 --> 00:01:09,359
that packet. So these are indeed the targets. So the first target is going to be the drop target

10
00:01:09,359 --> 00:01:16,560
and this might be quite self-explanatory. Simply put this is just going to drop the packet and no

11
00:01:16,560 --> 00:01:22,479
logging is going to happen with this particular target. We will just quietly drop that packet.

12
00:01:22,480 --> 00:01:28,400
Now the next target is pretty much the opposite of drop it is going to be the accept target.

13
00:01:28,400 --> 00:01:34,800
As you can imagine this is going to allow the packet to keep on moving it's going to be accepted

14
00:01:34,800 --> 00:01:41,680
meaning that it can continue on to the next part of the chain. Now the drop and accept targets are

15
00:01:41,680 --> 00:01:48,640
deemed built-in targets but we also have these extensions. So the extension targets are as follows

16
00:01:48,640 --> 00:01:55,680
we're going to have the log target. Simply put if we match on a particular rule and we have set

17
00:01:55,680 --> 00:02:02,719
the action i.e. the target to be log we are just going to log that particular packet and lastly

18
00:02:02,719 --> 00:02:09,520
we are going to have our reject target. Now this is really quite similar to the drop target. The

19
00:02:09,520 --> 00:02:16,000
main difference being is that drop is just going to silently drop the packet whereas if we set the

20
00:02:16,000 --> 00:02:22,319
action to be reject we are going to drop the packet but we're also going to report that the

21
00:02:22,319 --> 00:02:27,199
packet was dropped. We're going to send the back additional information so depending if you want

22
00:02:27,199 --> 00:02:32,080
to hide the behavior maybe you get a lot of malicious attacks you don't want to divulge

23
00:02:32,080 --> 00:02:37,439
any information about your network perhaps you just want to silently drop any incoming packets that

24
00:02:37,439 --> 00:02:42,800
match the rule that you have set whereas perhaps for diagnostic purposes if you happen to have

25
00:02:42,800 --> 00:02:48,800
maybe a trusted network and for some reason a packet is dropped maybe you actually want to flag

26
00:02:48,800 --> 00:02:55,120
that and report back this behavior. So really two different viewpoints but ultimately these targets

27
00:02:55,120 --> 00:03:00,400
are going to allow us to invoke our particular rules. So as we say what we could do is if we happen to

28
00:03:00,400 --> 00:03:07,680
have our server right here this is our local server let's just again say it's 10111. If we happen to

29
00:03:07,680 --> 00:03:15,840
have traffic coming from let's maybe say the source of 8.8.8.8 we might have a particular rule

30
00:03:15,840 --> 00:03:23,760
to say hey by the way if we get a packet from this source address 8.8.8.8 we want to allow that in

31
00:03:23,760 --> 00:03:28,719
but we can specify a particular filter that we are going to accept anything coming from this

32
00:03:28,719 --> 00:03:34,560
particular source address coming into our local machine that would be the input chain and ultimately

33
00:03:34,560 --> 00:03:41,360
this packet would be allowed. Conversely we could maybe say if we happen to have let's maybe say

34
00:03:41,360 --> 00:03:49,599
again another server this could be 9.9.9.9 we could say the same type of thing we want to apply

35
00:03:49,599 --> 00:03:56,960
some type of filter on the input chain for packets targeting our local machine. If it comes from let's

36
00:03:56,960 --> 00:04:03,280
say this source address the target we're going to use is the drop target and ultimately this packet

37
00:04:03,280 --> 00:04:08,719
would be dropped and not allowed into our system and of course you get the drift that we could

38
00:04:08,719 --> 00:04:14,479
allow particular packets we could forward particular packets that were not destined for us all of this

39
00:04:14,479 --> 00:04:20,399
is possible. Now one thing we have to be aware of is that with respect to our Linux system there are

40
00:04:20,399 --> 00:04:27,680
some particular locations that we have to be aware of for the lpik2 examination when we want to utilize

41
00:04:27,680 --> 00:04:34,240
our system as a routing device. Let me just quickly show you what this is I'll just clear the screen

42
00:04:34,240 --> 00:04:40,480
now the location we want to be looking at is if we go into our proc directory and then the sys directory

43
00:04:40,480 --> 00:04:48,240
and then net and then ipv4 and i do an ls we're going to see a whole bunch of particular files

44
00:04:48,240 --> 00:04:54,160
right here what we want to go into is one called ip forward you can actually just see it right here

45
00:04:54,160 --> 00:05:00,800
you can just see this right here ip forward if i happen to cat this particular file i say cat ip

46
00:05:00,800 --> 00:05:08,160
forward and hit enter we can see here the value here is the value zero now if we want to configure

47
00:05:08,160 --> 00:05:14,560
our device to act like a router ie so that it can actually forward ip packets we need to change this

48
00:05:14,560 --> 00:05:21,120
value to be the value one instead of zero so what i'm going to do is i'm going to change the value

49
00:05:21,120 --> 00:05:26,560
here by just saying echo and then in quotation marks i will have the value one and i'm going to

50
00:05:26,560 --> 00:05:32,720
redirect that value into that particular file so again i could just say ip forward but i can also

51
00:05:32,720 --> 00:05:41,920
give the full path i can say proc sys net ipv4 and then into the ip forward file and if i hit enter

52
00:05:41,920 --> 00:05:48,560
oh of course i have to use my super user privileges so what i will do is i will substitute user to the

53
00:05:48,560 --> 00:05:54,959
root account we'll do echo and before i do this i better make sure i'm redirecting it in there we go

54
00:05:54,959 --> 00:06:02,240
and hit enter try again now if i happen to cat this particular file cat ip forward hit enter now the

55
00:06:02,240 --> 00:06:10,000
value has been changed to one so now realistically our device here this ubuntu server can actually

56
00:06:10,000 --> 00:06:15,920
act as a router for the different networks to which it is connected to let's imagine i have my ubuntu

57
00:06:16,000 --> 00:06:21,759
server here and let's say i have my interface here let's just call this eth0 and let's imagine

58
00:06:21,759 --> 00:06:30,240
that this was connected to the network of 10 1 1 0 slash 24 and we could also have another network

59
00:06:30,240 --> 00:06:39,360
here on this interface let's imagine this was eth1 and this could be connected to 172 16 0 0 slash 16

60
00:06:39,360 --> 00:06:46,800
now we have two completely separate networks and traffic can now transit through our device

61
00:06:46,800 --> 00:06:52,879
coming say for example in on this network and our device is now configured to forward ip packets

62
00:06:52,879 --> 00:06:58,960
so we can actually take it in from one interface and pass it out into another interface into another

63
00:06:58,960 --> 00:07:06,720
network effectively rooting the traffic so now we have transformed our device into a

64
00:07:06,720 --> 00:07:13,360
router and as such if we so wished as we were passing traffic through our device we could invoke

65
00:07:13,360 --> 00:07:20,480
all sorts of complex or simple if you wish firewalling rules using ip tables so that if we do happen to

66
00:07:20,480 --> 00:07:25,760
forward the traffic we can forward it on particular conditions or we could drop it on particular

67
00:07:25,760 --> 00:07:31,280
conditions whatever we so choose now one thing we have to be aware of is that this change that we

68
00:07:31,279 --> 00:07:39,039
made was within as we can see here the proc directory we know that the changes here are going to be

69
00:07:39,039 --> 00:07:44,159
temporary if we want to have persistence for our connection or rather persistence for our

70
00:07:44,159 --> 00:07:48,719
configuration should i say we actually have to make the modification in a different location that

71
00:07:48,719 --> 00:07:55,439
is going to be let me just show you clear the screen if we go into the etsy directory done ls and i

72
00:07:55,600 --> 00:08:05,920
say sudo nano the file we want to modify is sysctl.conf if i go in here if i scroll on down notice this

73
00:08:05,920 --> 00:08:13,279
particular configuration here if i uncomment this this is going to allow the same action i.e.

74
00:08:13,279 --> 00:08:19,839
transform our device into a router that is capable of forwarding ip packets then we want to uncomment

75
00:08:19,839 --> 00:08:25,839
this and like i say the difference being is that this configuration would actually survive a system

76
00:08:25,839 --> 00:08:31,279
shutdown so if we shut the system down and reboot the system whatever it may be the configuration

77
00:08:31,279 --> 00:08:39,679
this way will still hold whereas if we just modify it in our proc sysnet ipv4 ip forward file that will

78
00:08:39,679 --> 00:08:46,159
only be maintained so long as the system is on as soon as the system is shut down that configuration

79
00:08:46,159 --> 00:08:50,399
will be terminated so now that we understand that some of these crucial concepts what i now

80
00:08:50,399 --> 00:08:56,559
want to dig into is the concept of network address translation as well as showing you some examples

81
00:08:56,559 --> 00:09:02,559
of writing our firewall rules so our actual ip tables configuration is going to be coming up next

82
00:09:02,559 --> 00:09:10,000
i hope this has been informative for you and i'd like to thank you for viewing