辅导S1 2019解析Python
- 首页 >> Java编程Unit 5: Firewalls
Network Engineering, S1 2019
Dr. Paul Gardner-Stephen
Revision 1, 30MAY19, Dr. Paul Gardner-Stephen.
Overview
The intention of this unit is to give students a theoretical and practical understanding of simple
firewall configuration tasks, including use of iptables.
Materials
You will require use of your own laptop or other BYOD device, that is capable of running two
Virtual Machine instances of Ubuntu 18.04. You will use the Virtual Machines you setup in Unit 0.
Significant typing will be required, so laptop or netbook is strongly recommended as compared to a
tablet or other such device.
Estimated Time Required
It is estimated that 6.75 hours of effort will be required to obtain a “Credit” result for this unit.
The justification of effort is as follows:
This unit constitutes 11% of the practical component of this topic, which in turn
constitutes 45% of the total topic. Thus this unit is 5% of the total topic. Obtaining a
credit grade for a 4.5 Unit topic is expected to require 135 hours of study, and 5% of
that is approximately 6.75 hours.
One possible break-down of this time is as follows:
1 hour – Attending the lecture.
1 hours – Reading recommended reading materials in preparation for Practical/Workshop.
3 hours – Practical/Workshop session.
1.75 hours – Activity following the practical workshop session to complete your submission.
Learning Outcomes
1. Configure simple firewall rules and verify their correct operation.
Preparation
1. Read https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
https://www.booleanworld.com/depth-guide-iptables-linux-firewall/, and take a brief look at
https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html, in case you want to refer to
a rather more in-depth introduction.
2. Read the man page for the iptables command. To view a man page, type a command like:
man iptables
3. Search the internet for tutorials on using this command as desired, to further familiarise yourself.
Body of work
1. Each student is required to individually configure both their virtual machines to communicate
via a shared network interface using 10.1.1.0/24 as the network, and 10.1.1.1 and 10.1.1.2 as the
IP addresses for your first and second virtual machines, such that you can ping, traceroute
and ssh from one to the other, if you have not previously done so.
This section is worth 0% of the total, because without it, you can’t actually complete the second
part.
2. Each student is required to individually use iptables on their virtual machines so that the first
virtual machine can ssh to the second, but not the second to the first.
The steps to reproduce this should be recorded in unit4.md and committed to git.
This section is worth 60% of the total, but is not possible to complete, if you have not also
completed the first section.
3. Each student is required to individually use iptables on their virtual machines so that when the
second virtual machine attempts to connect to the first virtual machine using ssh on port 12345,
that the connection actually connects to port 22 on the second virtual machine.
The steps to reproduce this should be recorded in unit4.md and committed to git.
This section is worth 40% of the total, but is not possible to complete, if you have not also
completed the first section.