Make your own free website on Tripod.com
 
Home | Question 1 | Question 2 | Question 3 | Question 4 | Question 5 | Question 6 | Question 7 | Question 8 | Question 9

UCCS2113 - Communication Network Assignment

6. Find out more about IPtable and why it is being adopted. Summarize your findings.

IPTABLE
Iptables is the name of the user space tool by which administrators create rules for the packet filtering (first generation of firewall) and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself.

Iptables is a standard part of all modern Linux distributions.The IPTables program that comes with Linux distributions allows administrators to configure the operating system so that it allows applications and clients to connect through the network and stop unwanted applications and clients from communicating and corrupting the operating system.

An iptables firewall consists of several tables, each with a default policy and builtin chains of rules. Further rule chains can optionally be created in each table. Different tables and chains are traversed according to the source and destination of the packet. A packet that is received via a network interface on the system goes through a sequence of steps before it is handled locally or forwarded to another host.Here are the few table name; filter table, (Network Address Translation )nat table, mangle table.

There are few reasons why IPTABLE is being adopted:

- The connection-tracking feature of IP Table is a very useful thing. It can be 
   used to prevent most TCP hijackings for non-IP Masqueraded clients that
   suffer from poor TCP sequence number randomization, such as Windows
   systems, some UNIXes (notably SGI), some IBM system configurations,
   and many older systems. Similarity, it can be used to prevent UDP packet
   hijacking in the same way. This functionality can also prevent attackers from
   injecting spurious ICMP packets for cracking and probing.

- Packets can now be matched based on MAC address, the local process's
   UID, Time To Live (TTL), or the rate of a class of packets being send.
   These allow better detection and rejection of interlopers trying to inject
   packets or scan a system.

- Incoming packets initiating TCP connections to your organization's servers
   can be randomly distributed among a set of servers to spread the load. With
   IP Tables, you can specify a text string to precede the logged message,
   making figuring out why a packet was logged much easier.

- IP Tables has the ability to REDIRECT packets like IP Chains does,
   however it also has a generalized DNAT feature that allows arbitrary
   changing of the destination IP address and port number. Thus, you can
   actually disguise where packets of a given service go. This has uses
   everywhere from Honey Pots and Tarpits to enforcing the use of a given
   proxy server for web caching.