Date: 4/2/2014 |
|
|
Exercises Make sure iptables have been installed on smbhost VM:
Check the iptables rules on smbhost:
On smbhost, download the iptables script from fw-script.sh, make it executable, then run:
Try pinging your desktop private virtual IP address from smbhost:
To enable ping, you need to add the following rules to your fw-script.sh (you can include them somwhere after the default policy)
Try to ssh to some host located outside of the lab, for example, eden or dsv. Try running apt-get update command. Both SSH and apt-get would hang up because the iptable rules don't allow initiating outbound TCP connections with remote hosts and their returm from outside of the local virtual private network, 192.168.122.0/24. To enable return TCP-connections from the outside of the subnet, change "-s 192.168.122.0/24" and "-d 192.168.122.0/24" for "-s 0/0" and "-d 0/0" in the rules for "Accept local-network return traffic..." in the script. The new rules should look as follows:
|