IP Masquerading and network cards

ginganinja472

New Member
Credits
29
Hi. I am a second year information systems student. I got an exercise from my university but i am struggling to understand how to complete it, and with covid and not having in person teaching (and tutors and lecturers who dont respond) its taking its toll. I will attach the question as an image.

I need to allow specific traffic on a specified card, with a specified address. All of the filtering requirements for c i understand how to do. eg sudo iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED but i am unsure of how to apply a rule like this to "incoming traffic from the internet". I understand it has to do with the network cards. I have seen lots of things add the " -i eth0" part to specify incoming traffic to eth0 (the external card) but how to i specify that the address of the external card is 192.51.100.42 ? i also thought to add something like " -d 192.51.100.42" which i think means allow all established connection traffic where the destination is 192.51.100.42 (my external card). Which of these satisfy the question, if any? How would i go about accomplishing the questions b and c? Any help will be appreciated.
Screenshot (43).png
 


ginganinja472

New Member
Credits
29
I think this should help you understand it better.
Hi. This is a great link and very helpful! see right in the beginning where it says

"The FORWARD policy allows an administrator to control where packets can be routed within a LAN. For example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal IP address on eth1), the following rules can be set:"

it assumes the firewall is assigned an internal ip address on eth1. this is the part im having trouble with. How do i assign the internal and external ip addresses? any clue?
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
Hi. This is a great link and very helpful! see right in the beginning where it says

"The FORWARD policy allows an administrator to control where packets can be routed within a LAN. For example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal IP address on eth1), the following rules can be set:"

it assumes the firewall is assigned an internal ip address on eth1. this is the part im having trouble with. How do i assign the internal and external ip addresses? any clue?
You have to configure the network interface(s) with an ip, this will depend on how the distribution has setup networking.
 


Members online

No members online now.

Latest posts

Top