Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
Chapter 6. Packet Forwarding
This chapter covers some of the basic issues underlying LAN security, the forwarding of gateway firewalls, and perimeter networks. Security policies are defined relative to the site's level of security needs, the importance or value of the data being protected, and the cost of lost data or privacy. This chapter opens by reviewing the firewalls presented in earlier chapters and then discusses issues that the site's policy maker must address when choosing server placement and determining security policies. You may need Network Address Translation (NAT) to access the Internet from internal machines. NAT is not discussed until Chapter 7, "NATNetwork Address Translation." This chapter focuses on forwarding alone. For readers familiar with ipchains or ipfwadm, forwarding and NAT were combined syntactically. Both functions were specified by a single forward rule. These logically distinct functions are clearly distinct in iptables. In fact, the two functions are handled by separate tables with separate chains. All forwarded packets, NATed or not, require forwarding rules. NAT is applied separately at a different point in the packet's traversal path through the system. This chapter focuses on the iptables services available in the filter table and in its extensions. Chapter 7 looks at the services available in the nat table and in its extensions. |
Категории