2015.10.05 updated > network device development - part 3: firewall 102 ~ ip filter
TRANSCRIPT
Network Device Development
PART 3 – Firewall 102: IP Filter
SEAN
Sean
• Developer
• https://www.facebook.com/erinus
GitHub
https://github.com/erinus/NetworkDeviceDevelopment
Read Me
It is a series of training. If you have no experience on kernel module development, you must view
other presentations.
1. Network Device Development - Part 1: Switchhttp://www.slideshare.net/erinus/network-device-development-part-1-switch
2. Network Device Development - Part 2: Firewall 101http://www.slideshare.net/erinus/network-device-development-part-2-firewall-101
First IP Filter
VMnet2
192.168.102.?
VMnet3
192.168.103.?
CLIENTUbuntu Desktop192.168.102.128
CLIENTUbuntu Desktop192.168.103.128
SWITCHDebian
VMnet1
NAT
eth1 eth2
eth0
TCP (IP 192.168.103.128)
ICMP (IP 192.168.103.128)
Modify main.c
192.168.103.128
to
C0A86780
192.168.103.*
to
FFFFFF00
Modify main.c
IP 192.168.103.128 ?
Install
$ make
$ make install
$ dmesg
Test your Firewall
Create HTTP Server on CLIENT of VMnet3
$ sudo python server.py
Test on CLIENT of VMnet2
Open Web Browser and connect:
1. http://192.168.103.128:80/ Failure
2. http://192.168.103.128:8080/ Failure
$ ping 192.168.103.128 Success
Change IP on CLIENT of VMnet3
# 192.168.103.128 to 192.168.103.129
$ sudo ifconfig eth1 192.168.103.129 netmask 255.255.255.0
$ sudo ip route add 192.168.102.0/24 via 192.168.103.129
Test on CLIENT of VMnet2
Open Web Browser and connect:
1. http://192.168.103.129:80/ Success
2. http://192.168.103.129:8080/ Success
$ ping 192.168.103.129 Success
Second IP Wildcard Filter
VMnet2
192.168.102.?
VMnet3
192.168.103.?
CLIENTUbuntu Desktop192.168.102.128
CLIENTUbuntu Desktop192.168.103.128
SWITCHDebian
VMnet1
NAT
eth1 eth2
eth0
TCP (IP 192.168.103.*)
ICMP (IP 192.168.103.*)
Modify main.c
IP Wildcard Support
Modify main.c
IP Rule 192.168.103.*
Install
$ make
$ make install
$ dmesg
Test your Firewall
Create HTTP Server on CLIENT of VMnet3
$ sudo python server.py
Test on CLIENT of VMnet2
Open Web Browser and connect:
1. http://192.168.103.128:80/ Failure
2. http://192.168.103.128:8080/ Failure
$ ping 192.168.103.128 Success
Next Part
Firewall 103