Protect Your Home/SMB Office Network Using Firestarter Firewall On Linux v1.1

Global Open Versity Labs Using DHCP Server & Firestarter Firewall to secure Internal Network v1.
Global Open Versity

IT Security & Network Defense Hands-on Labs Training Manual
Protect your Home/SMB Office Network using Firestarter Firewall

Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org
Table of Contents Page No.
PROTECT YOUR HOME/SMB OFFICE NETWORK USING FIRESTARTER FIREWALL 2
Introduction 2
Part 1: Dynamic Host Configuration Protocol (DHCP) 3

Step 1: Install and Configure DHCP Server 3
Option 1: Install via YUM 4
Option 2: Download and Install 4
3. Configure dhcpd.config file 5
Step 2: Adding Static IP's & MAC Addresses to dhcpd.conf file 6
Step 3: Configure Static IP address on eth1 on LAN side 6
Part 2: Install Firewall 9

Step 1: Install Firestarter Firewall 9
Step 2: The Firestarter System Init Scripts 14
Step 3: Test your Firewall Security from Outside your Network 16
Part 3: Testing Firestarter Firewall Security using NMAP 19

Step 2: Install Nmap on Linux Firewall Server inside the Internal Network 21
Part 4: Hands-on Labs Home Assignment 22
Part 5: Need More Training on Windows 24

OpenNebula Cloud Computing Training 24
Linux Administration Training 24
Part 6: Hands-on Labs Assignments 24
A GOV Open Access Technical Academic Publications

Enhancing education & empowering people worldwide through eLearning in the 21st Century
1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Global Open Versity Labs Using DHCP Server & Firestarter Firewall to secure Internal Network v1.1
Global Open Versity

IT Security & Network Defense Hands-on Labs Training Manual
Protect your Home/SMB Office Network using Firestarter Firewall

By Kefa Rabah, krabah@globalopenversity.org Jan 09, 2010 SerengetiSys Labs
Project: your company – a small business company recently moved into a new building with Internet
access but no DHCP service or budget to purchase a firewall to protect your network You have 100
computers and 10 servers, couple of printers and network devices to connect your LAN. Your task as
network administrator is to implement a DHCP server, a firewall router but to your surprise you do not
have access to the router or any money to spend on a dedicated appliance. So what are your options – of
course you go the open source way. In this guide we’ll see how best to accomplish this task.
Solution:
In this Lab session, you’ll learn how to setup virtual network on VMware (you may also use any other
virtual machines like MS VirtualPC, Linux Xen, or VirtualBox from Sun). Next you will learn how to install
and configure Linux CentOS5 (VM1) with two NIC adapters. On the Linux VM1, I’ll show you how to install
& configure a DHCP server and Firestarter firewall on it. You’ll also learn how to install & configure a
second Linux CentOS5 (VM2) machine to use for testing your firewalled network connectivity to public
network (Internet). Finally you’ll have an opportunity to do the Hands-on Labs home assignment labs to
test what you have learned in this lesson. Once you’re done with this labs session you should have gained
an experience and capability to enable you to plan design implement and deploy a simple but secure
Home/SMB office network infrastructure.
Assumptions:
It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install and configure Linux CentOS5, if not go ahead and pop over
to scribd.com and check out a good howto entitled “Install Guide Linux CentOS5 Server v1.1” to get you
started.
Introduction
Figure 1 shows our setup for pilot lab test session of our private Home/SMB LAN, which have configured
using VMware with two NIC adapters attached to VMnet2. The eth0 is attached to the public side of the
network and is receiving its IP address from DHCP. The eth1 is configured with static IP address and is
also the NIC that is attached to DHCP server which feeds the dynamic IP address to the devices located
within the private LAN via the VMnet2 virtual switch. Machine 1 is running Linux CentOS5 which we’ll use
to install the DHCP server and the firewall.
2

© January 20, 2007 Internet

Global Open Versity,
Vancouver Canada
Internal Private LAN

Modem
Internet
Virtual NIC Virtual NIC
eth1 eth0
192.168.0.0/24
Virtual network switch

VMnet2 Virtual Machine 1
Linux Firewall
Virtual Machine 2 Public (Internet) Network

“Internal PC”
Note: eth0 = DHCP Internet

eth1 = 192.168.0.1 (Static IP address)
Fig. 1: Home/SMB LAN, with test PC (Internal PC) added
Note: once you’re done with pilot testing and all is working great then you can migrate your setup
to your production environment.
Part 1: Dynamic Host Configuration Protocol (DHCP)

DHCP (Dynamic Host Configuration Protocol) is an Internet protocol for automating the configuration of
computers that use TCP/IP. DHCP can be used to automatically assign IP addresses, to deliver TCP/IP
stack configuration parameters such as the subnet mask and default router, and to provide other
configuration information such as the addresses for printer, time and news servers.
Step 1: Install and Configure DHCP Server

By default all Linux distros come with DHCP server. However, rather than use the default DHCP server
included with your Red Hat / Fedora Linux system, for security reasons, it’s recommend that you use the
latest version of software.
Why is it important to have the latest version? In IT security best practices, as is with any other software
that you're going to run on your server, it's critically important that you have the very latest version of this
'daemon' (the Linux lingo for programs that run on the server without intervention) on your system. It's
also very important to shut off any services that you’re not using
3

Option 1: Install via YUM

1. You can install dhcpd daemon via yum utility as follows:
yum install dhcp* -y
2. Go to configure "dhcpd.config" file section
3. You’re done with this section
Option 2: Download and Install

4. Head over to the Internet Software Consortium and Download the latest version of the
DHCP Server. As I write this, it's at version "dhcp-4.1.0p1.tar.gz".
5. Once you've downloaded it, move the file to your favorite location (/usr/local/src for this guide)
and unpack it by running the following command:
# tar -zxvf dhcp-*.tar.gz
6. This will create a directory called "DHCP 4.1.0p1" (in our case). Change into newly created
directory and run the following command as root:
# ./configure
7. If there are no errors you may run the following commands (as root):
# make && make install
to build and install the software. You may be prompted for the root password, then, if you typed it in
correctly, the new DHCP server will be installed onto your system.
Note: If you come across any errors when running the above commands you are likely missing some
library files or files on your system.
8. Good. Now you have the latest DHCP server it's time to configure it properly for your environment.
9. That’s, before launching the DHCP server, copy the file "server/dhcpd.conf" from the build
directory into your "/etc" directory,
# cp server/dhcpd.conf /etc/
10. You’re done with this section
4

3. Configure dhcpd.config file

11. Finally, it’s time to edit the configuration file to match your system configuration. Here's what the
"/etc/dhcpd.conf" file looks like:
ddns-update-style none; # keep it simple for now

ignore client-updates; # here too
DHCPARGS=eth1; # tells it what interface to listen on
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1; # gateway on your eth1 internal interface
option subnet-mask 255.255.255.0; # subnet mask
# option domain-name "example.com"; # domain name given to client

# the IP of your ISP's nameservers and any other local name server(s) you're using. You can
# normally found under "/etc/resolv.conf" file. These will be distributed all DHCP clients
option domain-name-servers 192.168.1.1;
option time-offset off; # Pacific Standard Time - set to what you have
option ip-forwarding 21600;
range 192.168.0.128 192.168.0.254; # the range of IP's your clients will get
default-lease-time 21600; # how long the client's will keep the same IP
max-lease-time 43200;
# we want the nameserver to appear at a fixed address (optional)
host ns {
next-server ns1.ispserver.net; # change to your ISP's nameservers
hardware ethernet 0A:A9:5B:8E:05:67; # hardware MAC
fixed-address 192.68.0.7 # your ISP's nameserver IP
}
}
Note 1: For the DNS Server, you can use the OpenDNS for all your public DNS needs; it's free and
allows for content filtering.
Note 2: It’s very important that you make sure that you set the domain name properly, identify your
set of DNS servers by name, and define the subnet range for which you want to provide services via
DHCP.
12. Now we restart the DHCP server
# service dhcpd configtest

5

Syntax: OK
# service dhcpd restart
Note: If after checking the configuration for errors, if there are errors, you'll find them listed in
/var/log/messages so the changes will take effect.
Step 2: Adding Static IP's & MAC Addresses to dhcpd.conf file

1. If you would like to assign a static IP to a particular machine on your network you'll need to know the
MAC address of the Ethernet card on that particular machine. To find the MAC address in Linux type:
ifconfig
2. You should then see something similar to "HWaddr 0A:CD:9E:05:AD:D7". The MAC address for
that NIC adapter would be "0A:CD:9E:05:AD:D7"
3. If you are running Windows XP/Vista/7/2k3/2k8/ you can find out the MAC address by clicking on
"Start --> Run and type "cmd" and hit "Enter" to access DOS prompt, and then type:
ipconfig /all
4. You should then see "Physical Address" and the MAC address listed. Note: Windows might list
the MAC address with hyphens (-) instead of colons (:), if so, just replace them with colons when
entering them into your "dhcpd.conf" file. (ex: change "0A-CD-9E-05-AD-D7" to
"0A:CD:9E:05:AD:D7")
5. Once you've found the MAC address you can add the following entry to the bottom your
"dhcpd.conf" file:
# Assign a static IP to atlantis.linuxhelp.ca

host atlantis {
hardware ethernet 0A:CD:9E:05:AD:D7;
fixed-address 192.168.0.129;
Step 3: Configure Static IP address on eth1 on LAN side

Now we have to configure the eth1 (internal) interface to match what we just did in the DHCP server, so
edit the file "/etc/sysconfig/network-scripts/ifcfg-eth1" so it looks something like this:
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=<leave empty>
6

Note: You'll need to edit at least the GATEWAY IP, that's just the IP of my eth0 interface, change it
be whatever your eth0 IP is, which you can find out by running:
# ifconfig eth0
It should say something like: "eth0 inet addr:192.168.1.107", that's the one you want.
6. Next you have to tell your computer to listen for the telltale DHCP request to come across the inside
the private network. When a client computer or network device within your internal network goes
looking for a DHCP address, it sends out a blast to anyone that'll listen that has an IP address of
255.255.255.255, so you have to tell your DHCP server to listen for that IP:
# route add -host 255.255.255.255 dev eth1
7. So now we’re testing the setup.

8. Now, you should be able to go to one of the client computers, hook it up to the switch where your
gateway is connected (in my case a cheap home D-Link or Netgear $30 8 port switch) and it should
find an IP using your new DHCP server, and you should be able to browse the internet.
9. In case we’re using VMware, so fire-up and initialize another virtual machine, in our case we’re fire-up
another WinXP (Internal PC) with its eth0 NIC adaptor attached to the VMnet2 switch, see Fig. 1.
10. Once your test machine internal PC (server07) is up and running, fire-up a new Terminal window, and
issue the following command (see Fig. 2):
# ipconfig /all
Fig.2
7

11. Next issue the PING command to test connectivity with the rest of the NIC adapters, as shown in Fig.
2, by pinging our main server Internet NIC adapter eth1, IP address 192.168.1.107, as shown in
Fig. 3.
Fig.3
12. Now, from the main firewall Linux server, again issue the PING command to test connectivity with the
rest of the NIC adapters, as shown in Fig. 4, by ping the external Internet facing eth0 adapter, and our
WinXP client on internal network with IP address 192.168.0.250.
Fig. 4: Testing connectivity from internal LAN
13. We’re done with this section on DHCP setup. Configuration.

14. Now simply set the machines on your local private network to obtain their IP addresses via DHCP and
you're all set.
In the next section I will show you how to set up your firewall to block more things than we've done in this
install guide to keep your internal computers safe
8

Part 2: Install Firewall

Information security is commonly thought of as a process and not a product. However, standard security
implementations usually employ some form of dedicated mechanism to control access privileges and
restrict network resources to users who are authorized, identifiable, and traceable. Red Hat Enterprise
Linux includes several tools to assist administrators and security engineers with network-level access
control issues.
Firewalls are one of the core components of a network security implementation. Several vendors market
firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data
center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware
solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint,
McAfee, and Symantec have also developed proprietary software firewall solutions for home and business
markets.
Apart from the differences between hardware and software firewalls, there are also differences in the way
firewalls function that separate one solution from another. In this guide, we’ll only concentrate in Home-
SMB type of network configuration with very limited or no budget to carter for exotic firewall infrastructure.
However, with the open source Linux operating system you have a lot of choices for protection. And for
this lab session, we are going to use FireStarter firewall.
To understand Firestarter or any other Firewall let's take a look a very common scenario for small
business. We need to provide internet access to all computers in the network and yet we want them all to
be protected from outside access. The best access is transparent where the user behind firewall doesn't
feel the presence of firewall when he accesses the internet. However external access must be blocked
except where specifically allowed. Firestarter shines in such setup. You can setup this configuration in
less than 5 minutes. And the best part of all is that the client machines need nothing more than a simple
configuration during setup wherein you specify that the IP address etc. information will be provided by
DHCP, most likely it is already the default for your Linux distribution.
Step 1: Install Firestarter Firewall

Firestarter firewall is software package that is installable on a Linux server and it’s one of the easiest
firewall to use. And with this simplicity does not come-a-sacrifice to security. Just because it’s easy does
not mean it lacks protection. It is powerful and has a ton of features. Firestarter is for Linux what
ZoneAlarm is for Windows, a simple to use but fully functional firewall for small business and homes for
free.
Firestarter is conveniently available in RPM package format for RPM enabled Linux distributions like,
Fedora Core, SuSE and Mandrake. In this section you will learn how to install Firestarter and set up a
basic desktop firewall on Linux CentOS5 server.
In most cases, Firestarter is packaged for many of the leading Linux distributions. Using a pre-compiled
package ensures that the program will integrate properly with your distribution of choice. For platforms for
9

which a binary package does not yet exist and for experienced users, Firestarter can also be compiled
from source.
To install Firestarter firewall package, perform the following procedure:
1. Hope over to Firestarter website and download the latest package, which at the time of writing this lab
manual was "FireStarter-1.0.3-1.i386"
2. Once you have downloaded the Firestarter RPM specific to your distribution, open a terminal and
change to the directory where you downloaded the RPM to.
3. To install the Firestarter package, issue the following command:
# rpm -Uvh firestarter*rpm

Preparing...
...
Note: Barring any unresolved dependencies or other problems, Firestarter should now be installed.
Alternatively you can use a graphical package manager by double clicking the RPM file in your file
manager.
4. Next, launch Firestarter using the Applications -> System Tools and then select Firestarter, as
shown in Fig. 5.
Fig. 5
5. As you can see from Fig. 6, instead of an intimidating interface, Firestarter uses a simple wizard to
take new users through the steps necessary for configuring the firewall. Click the Forward button.
10

Fig. 6
6. The first step is to identify which network interface the firewall will listen to as shown in Fig. 7. This is
usually the primary network interface of the machine which is connected to the Internet, in our case
"Virtual Machine 1 (Linux Firewall)", see Fig. 1. Click the Forward button.
Fig. 7
7. Next comes the part where the user is asked to choose whether this machine is also used for sharing
the Internet connection. Select the secondary network interface of the machine which is connected to
the rest of the internal network, if this machine is also being used for sharing the internet connection.
Next select, Enable DHCP for local network to enable your internal network devices to receive IP
address dynamically. Next click create new DHCP configuration, as shown in Fig. 8.
11

Fig. 8
8. That’s it you’re done with the initial configuration. The firewall is ready to be deployed. Select Start
Firewall now, and then click Save to complete the installation, as shown in Fig. 9.
Fig. 9
12

9. Next you will see the Firewall status window, as shown in Fig. 10. This is where you can see current
statistics about your newly created firewall and also tweak the rules even more if you so desire.
Fig. 10
10. Recall that in Fig.11, we had used Firestarter to reconfigure our internal DHCP server. Now check and
verify the current DHCP configuration using your favorite Text editor; or issue the following command:
"gedit /etc/dhcpd.conf". Figure 11 shows the current "dhcpd.conf" file content.
Fig. 11
11. You’re now done with the installation and configuration of Firestarter
13

Step 2: The Firestarter System Init Scripts

12. Firestarter comes with a SysV style init script for managing the firewall. The script provides the
following functions:
• Start: starts the firewall.

• Stop: stops the firewall.
• Restart: restarts the firewall.
• Locks: locks the firewall.
• Status: reports the state of the firewall.
Note: The functions can be invoked by appending them as parameters to the script. For example,
on a Red Hat Mandrake distribution you can start the firewall by issuing the command:
# /etc/init.d/Firestarter start
Note: Most distributions also include tools, like chkconfig, to manage the service scripts. These
tools allow you to change the boot priority and many other parameters of the services.
13. Now let’s do some testing and then use to Firestarter to monitor the activities, as shown in Fig. 12.
Here go ahead fire-up your browser and go any website as desired.
Fig. 12
14

Note 1: You can click the “Active connection” link to view what kinds of connections are
underway within your network, as shown in Fig. 13.
Fig. 13
That is, the Active Connections listing allows you to monitor every active connection ever made to and
from your machine/network. In both the Active connections section and the Events tab you can right
click an entry and take action. For instance, in the Active Connections section you can right click an
entry and look up the hostname of that entry. In the Events tab you can do more. If you right click an
entry in the Events tab you can do the following:
• Allow connections from source.

• Allow inbound service for everyone.
• Allow inbound service for source.
• Disable events from source.
• Disable events on port.
• Lookup hostnames.
Note 2: By default, Firestarter firewall is fairly restrictive but if, for example, you want to create a rule
that only your employer, and in particular, road warriors should be able to remotely access this
machine, then you can add a policy to whitelist you’re your employees’ IP address.
14. To this, click Policy tab, and then click Add Rule, and add as desired, as shown in Fig. 14. When
done click Apply Policy and you’re done.
15

Fig. 14
15. As you might have realized by now, Firestarter is, a very simple and easy to use utility to configure
and manage the iptables firewall, both for the novice and the experienced user. And a great tool for
Home/SMB who doesn’t have extra money to use for deploying expensive network security device.
Firestarter makes the often daunting task of creating a firewall for a Linux machine simple. If you have
ever dealt with iptables you will understand when I say this is a huge relief for not so experienced
users or network administrators who do not want to take the time to learn to use the underlying
technology, which incase of Linux can be very scary and nightmarish.
Step 3: Test your Firewall Security from Outside your Network

In this section we will test our firewall security using PING test. To perform this log into any computer that
is not part of your Home/SMB network. In our case I am going to perform my ping test from my WinXP
machine (IP address 192.168.1.107) which is hosting my VMware machine.
1. From Virtual Machine 2 (Internal PC), Fig. 1, open a Terminal window and issue the ping test to
WinXP Host machine, you should be able to have connectivity without any problem.
2. Now from WinxXP machine issue the ping test again, this time to VM2 (Internal PC), see Fig. 1. Thus,
if your firewall is working correctly, you should not be able to ping the VM2 from outside our Private
LAN. You should see "Request time out" or "Network unreachable".
16

3. Next test that you can access the Internet from within the internal network, from WinXP, using PING
command, as shown Fig. 15.
C:\> ping google.com
Fig. 15
4. Again from WinXP, verify that your internal devices can access websites within the public Internet,. To
do this, fire-up your favorite and browser and access any website as desired, www.google.com, as
shown in Fig. 16.
Fig. 16
17

5. From the Firestarter status window, you can monitor the connections, to verify that indeed someone
from the internal network is indeed accessing the Google Search page, as shown in Fig. 17.
Fig. 17
6. Also form the Linux OS status window, you should see the Firestarter status icon change from normal
running icon, Fig. 18(a); to a warning icon, Fig. 18(b), to warn you as to which LAN system’s IP
address is trying to access the network, as shown in Fig. 18(c).
Fig. 18: Firestarter status icon.
18

7. You’re done with this lab session, Installing and configuring DHCP server and Firestarter firewall.
8. Enjoy
Part 3: Testing Firestarter Firewall Security using NMAP

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security
auditing. Many systems and network administrators also find it useful for tasks such as network inventory,
managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets
in novel ways to determine what hosts are available on the network, what services (application name and
version) those hosts are offering, what operating systems (and OS versions) they are running, what type
of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan
large networks, but works fine against single hosts. Nmap runs on all major computer operating systems,
and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic
command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap),
a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results
(Ndiff).
Step 1: Run NMAP Test

Now let’s NMAP against the public IP on the firewall from another computer outside our private network to
test the firewall this is what came up.
To do this, perform the following procedure:

1. Login into a machine outside the private network
2. Now, hope over to nmap.org and download the latest Nmap package for Windows in case "nmap-
5.20-setup.exe", at the time of writing.
3. Click Run and Run again when prompted, and then read and Accepted the license.
4. From Fig. 19, select the components to install, in case we selected all, and then click Next.
5. On the next screen, click install and services and then click Finish to complete then installation.
19

Fig. 19
6. Once the installation is completed, click Start Æ Programs ÆNmap Æ Nmap – Zenmap GUI
7. Next, enter the IP address of Internet facing IP address "192.168.1.107", i.e., the NIC adapter,
eth0, and then click Scan, as shown in Fig. 20.
20

Fig. 20: Performing Nmap scan on the eth0 NIC adapter.
Note: As can be observed from Fig. 21 above, NMAP confirms the firewall is filtering traffic sent to the
public IP address on eth0.
Step 2: Install Nmap on Linux Firewall Server inside the Internal Network
You’re done with NMAP installation and using it to test our Firestarter firewall.
21

Part 4: Hands-on Labs Home Assignment

Using a virtual machine of choice, complete the following lab assignments using Fig. 19:
1. Configure and deploy a secure SMB with segmented DMZ and Internal network.
2. Install and configure a DNS server on internal network
3. Install & configure messaging server using Sendmail on the internal network
4. Install and configure a Web server on the DMZ sector.
Fig. 19: Sample schematic SMB network infrastructure (change as desired!)
The final more realistic network infrastructure should look like shown in Fig. 20.
22

Fig. 20
Internet
© Global Open Versity,
Vancouver Canada
Business
Partners
Access
Public IP address
Internet Wi-Fi
DMZ Network
Switch 1
FTP Server
192.168.0.0/24
Linux box 1
Switch 2 (Firestarter Firewall)
Switch 3
Web Server
Linux box 2
(Firestarter Firewall)
Linux
Private LAN Messaging RHE5
Server Samba
Server
192.168.10.0/24
Switch 5 - Rm 301 Switch 4 Switch 6 - Rm 302
Win7
Mac OSX Server: Win2k8 AD
Dbase
Linux Internal
Wi-Fi Wi-Fi
Win-Vista
Switch 7 - Rm 300
SSO Access to
Network Resources
Terminal
WinXP
Note: Add network devices to switches 3 & 4 or any other part of the network as desired.
23

Note: Figure 12 above shows a schematic but more realistic network infrastructure to work with
for your hands-on lab assignment. Fill free to re-configure the network design to suit your taste
and aspiration.
Stay tuned as I am continuously updating this lab session manual with more goodies!
Part 5: Need More Training on Windows

Are you having trouble understanding or comprehending the working of MS Windows OS, if so, then
check out some of our introductory courses on MS Windows at: Global Open Versity, Vancouver Canada.
OpenNebula Cloud Computing Training

You can now register and take our superb OpenNebula Cloud Computing Training course:
• VCC302 – Building a Private Cloud using OpenNebula Cloud Computing
Contact us today:
Email: info@globalopenversity.org
URL: www.globalopenversity.org
Linux Administration Training

Make a smart move, its time you reconfigure your skill-sets and move your career into the fastest moving
high tech gravy train of the Linux Open Source world, join our Linux program today:
• Linux Enterprise Infrastructure Engineering Diploma – ICT202
Part 6: Hands-on Labs Assignments

You’re required to complete these assignments as part of class assignments and submit the results to
your respective instructor. Continue assessment progress marks will be awarded as part of the grading
systems:
1. Install Ubuntu 10.04 LTS (Lucid Lynx) ensure it’s updated with the latest patches and bug fixes.
2. Install and configure OpenNebula Cloud Computing with two nodes.
3. Install and configure VMs with image for installing cloud applications
Other Related Articles & Hands-on Lab Manuals:

1. Step-By-Step Install Guide eyeOS Cloud Computing Operating System
2. Build your Own Private Cloud using Ubuntu 10.04 Eucalyptus Enterprise Cloud Computing
Platform
3. Using Webmin and Bind9 to Setup DNS Server on Linux
4. Build your own ISP Hosting using EHCP on Ubuntu 10.04 LTS Server
5. Build your own ISP Hosting using ISPConfig on Ubuntu Server v1.0
24

6. Step-By-Step Install Guide DTC on Linux CentOS5 Server v1.0

7. Install Guide Secure Sendmail with Dovecot & Roundcube Webmail v1.0
8. Build your Own Private Data Center Backup Solutions using Ubuntu Powered RESTORE Backup
Server v1.0
9. Install Guide IPCop Firewall for Network Security with Spam and Virus Protection
10. Install & Setup Astaro Security Gateway to Protect Corporate Network v1.1
-----------------------------------------------
Kefa Rabah is the Founder of Global Technology Solutions Institute. Kefa is knowledgeable in several
fields of Science & Technology, Information Security Compliance and Project Management, and
Renewable Energy Systems. He is also the founder of Global Open Versity, a place to enhance your
educating and career goals using the latest innovations and technologies.
Fellow us on Twitter: Global Open Versity and Kefa Rabah
A GOV Open Access Technical Academic Publications

Enhancing education & empowering people worldwide through eLearning in the 21st Century
25

Protect Your Home/SMB Office Network Using Firestarter Firewall On Linux v1.1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Protect Your Home/SMB Office Network Using Firestarter Firewall On Linux v1.1

Uploaded by

Copyright:

Available Formats

Global Open Versity Labs Using DHCP Server & Firestarter Firewall to secure Internal Network v1.

Global Open Versity

Protect your Home/SMB Office Network using Firestarter Firewall

Table of Contents Page No.

PROTECT YOUR HOME/SMB OFFICE NETWORK USING FIRESTARTER FIREWALL 2

Part 1: Dynamic Host Configuration Protocol (DHCP) 3

Part 2: Install Firewall 9

Part 3: Testing Firestarter Firewall Security using NMAP 19

Part 4: Hands-on Labs Home Assignment 22

Part 5: Need More Training on Windows 24

Linux Administration Training 24

Part 6: Hands-on Labs Assignments 24

A GOV Open Access Technical Academic Publications

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Global Open Versity

Protect your Home/SMB Office Network using Firestarter Firewall

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

© January 20, 2007 Internet

Internal Private LAN

Virtual network switch

Virtual Machine 2 Public (Internet) Network

Note: eth0 = DHCP Internet

Fig. 1: Home/SMB LAN, with test PC (Internal PC) added

Part 1: Dynamic Host Configuration Protocol (DHCP)

Step 1: Install and Configure DHCP Server

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Option 1: Install via YUM

yum install dhcp* -y

2. Go to configure "dhcpd.config" file section

3. You’re done with this section

Option 2: Download and Install

# tar -zxvf dhcp-*.tar.gz

# make && make install

10. You’re done with this section

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

3. Configure dhcpd.config file

ddns-update-style none; # keep it simple for now

# option domain-name "example.com"; # domain name given to client

12. Now we restart the DHCP server

# service dhcpd configtest

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

# service dhcpd restart

Step 2: Adding Static IP's & MAC Addresses to dhcpd.conf file

# Assign a static IP to atlantis.linuxhelp.ca

Step 3: Configure Static IP address on eth1 on LAN side

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

# route add -host 255.255.255.255 dev eth1

7. So now we’re testing the setup.

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Fig. 4: Testing connectivity from internal LAN

13. We’re done with this section on DHCP setup. Configuration.

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Part 2: Install Firewall

Step 1: Install Firestarter Firewall

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

To install Firestarter firewall package, perform the following procedure:

# rpm -Uvh firestarter*rpm

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Step 2: The Firestarter System Init Scripts

• Start: starts the firewall.