Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter


Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter
eBook: $23.99
Formats: PDF, PacktLib, ePub and Mobi formats
$12.00
save 50%!
Print + free eBook + free PacktLib access to the book: $63.98    Print cover: $39.99
$39.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Implementing Packet filtering, NAT, bandwidth shaping, packet prioritization using netfilter/iptables, iproute2, Class Based Queuing (CBQ) and Hierarchical Token Bucket (HTB)
  •  Designing and implementing 5 real-world firewalls and QoS scenarios ranging from small SOHO offices to a large scale ISP network that spans many cities
  • Building intelligent networks by marking, queuing, and prioritizing different types of traffic

Book Details

Language : English
Paperback : 288 pages [ 235mm x 191mm ]
Release Date : October 2006
ISBN : 1904811655
ISBN 13 : 9781904811657
Author(s) : Lucian Gheorghe
Topics and Technologies : All Books, Networking and Servers, Linux Servers, Networking & Telephony
Sorry, the table of contents for this book is not yet available.

Lucian Gheorghe

Lucian Gheorghe has just joined the Global NOC of Interoute, Europe's largest voice and data network provider. Before Interoute, he was working as a senior network engineer for Globtel Internet, a significant Internet and Telephony Services Provider to the Romanian market He has been working with Linux for more than 8 years putting a strong accent on security for protecting vital data from hackers and ensuring good quality services for internet customers. Moving to VoIP services he had to focus even more on security as sensitive billing data is most often stored on servers with public IP addresses. He has been studying QoS implementations on Linux to build different types of services for IP customers and also to deliver good quality for them and for VoIP over the public internet. Lucian has also been programming with Perl, PHP and Smarty for over 5 years mostly developing in-house management interfaces for IP and VoIP services.

Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.


Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter +    Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide =
50% Off
the second eBook
Price for both: $42.60

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

Chapter 1 is a brief introduction to networking concepts. It covers  OSI and TCP/IP networking models with explanations on their layers, TCP and UDP as Layer 4 protocols and then rounds off the chapter with a discussion on IP addresses, Subnetting, and Supernetting.

Chapter 2  discusses  possible security threats and vulnerabilities found at each of the OSI layers. The goal here is to understand where and how these threats can affect us and to stay protected from attackers. It then rounds off  the discussion by sketching out the basic steps required to protect the services that run on our system.

Chapter 3 introduces two tools needed to build Linux firewalls and QoS. We first learn the workings of netfilter, which is a packet filtering framework, and implement what we have learnt to build a basic firewall for a Linux workstation. We then see how to perform advanced routing and traffic shaping using the IP and TC tools provided by the iproute2 package. The chapter ends with another example scenario where we implement the concepts learnt in the chapter.

Chapter 4 discusses NAT, the types of NAT, how they work and how they can be implemented with Linux by giving practical examples. It also describe packet mangling, when to use it, and why to use it.

Chapter 5 covers layer 7 filtering in detail. We  see how to install the l7-filter package, apply the necessary Linux kernel and ip table patches, and test our installation. We then learn the different applications of l7-filter and see how to put them to practical use. We will also see how to install and use IPP2P, which is an alternative to the l7-filter package but only for P2P traffic, and finally we set up a test between the two packages.

Chapter 6 raises two very popular scenarios, for which we design, implement, and test firewalls and a small QoS configuration. In the first scenario, we configure Linux as a SOHO router.

Click to enlarge

Chapter 7 covers the design of a firewall system for a hypermarket having the headquarters in one location, one store in the same city and several stores in other cities. The hypermarket has an application that uses MSSQL databases in each location which is replicated at the headquarters.

Click to enlarge

All locations have IP Analog Telephone Adapters (IP Phones in the diagram) with subscriptions at the main provider (the HQ provider). In this example we will use, just like in the real application, H.323 as VoIP protocol. We setup all remote locations to have an encrypted VPN connection using ip tunnel to connect to headquarters. You will be shown how to create a QOS script with HTB that controls bandwidth usage based on priorities. The next firewall we take up is that for a small ISP setup that has one internet connection, an access network, a server farm and the
internal departments.

 


Click to enlarge

We will cover the setup of firewall scripts for each of them and learn how to handle the tricky wireless server. The QoS is handled by the intranet server, the wireless server and the Core router.

Chapter 8 covers the design of a three-layered network deployed at a large provider of Internet and IP telephony services, the three layers being Core, Distribution and Access. It explains  network configuration first on the core and distribution levels and then moves on to building firewalls. The huge size of the network also means that there is a need to tackle newer security threats. As seen in the figure we have 4 Cores running BGP under Zebra and each one peculiar in its own way.

Click to enlarge

There are 3 data services that this ISP can provide to its customers: Internet access, national network access, and metropolitan network access. This chapter will show you how to handle QoS so as to limit this traffic as per one’s needs.

In Detail

Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks.
After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation.
Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

This practical guide teaches you how to implement effective network protection by using your own customized firewall solution. Based on extensive practical experience, this book distills a unique set of scenario based scripts and guidelines for a proven firewall solution, into one succinct and precise book.

Approach

The author draws on his experience to offer the reader valuable advice on the best practices.  Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

Who this book is for

This book is aimed at Linux Network administrators<!--[if !supportAnnotations]--> with some understanding of Linux security threats and issues, or any one interested in securing their systems behind a firewall. Basic knowledge of Linux is presumed but other than that this book shows you how to do the rest, from configuring your system to dealing with security breaches.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software