1. DETAILED DESCRIPTION OF iptables filtering rules workflow and order?
iptables is the use of packet filtering work, the data in the packet header of his request will be analyzed, and according to the rules set in advance to match our related operations.
When the firewall receives the packet:
1. The layers of firewall filtering rule order from top to bottom, front to back for return
2. If the rule (ACCEPT, DROP) will not match the downwardly It matches.
3. If a match is not clear that the rule is to prevent or through the packet, which is no match for the rule, the rule will proceed to the next hop down.
4. If all of the above rules do not match up, and finally executes the default rule.
2, iptables there are a few tables and each table has several chain?
Tables and chains (four chains Table V)
1.filter (filtering) process for a packet filtering table
2.nat (map) the data address information conversion / packet port information converting
achieve user access network within the network
to achieve network users to access the external network
3.mangle (not used)
packet flag information
4.raw (not used)
packet flag information for a number of dismantling
3, and the role of each table corresponds to chain several tables iptables, the corresponding enterprise application scenarios?
The overall structure iptables
iptables is actually a plurality of tables (table) of containers, each table contains different chains (catena alberghiera), defined inside a chain of different rules (Policy), We define different rules to control packet in the firewall access.
iptables in the three tables
Filter is the default host firewall, packet filtering inflow and outflow host. INPUT comprising inside, OUTPUT, FOWARD three chains
INPUT packet filtering incoming host
OUTPUT processing packets sent out from the machine
FOWARD flowing through this process host data packets to the NAT relationship
Filter table is an important function of the firewall enterprises means
NAT is responsible for network address translation (conversion from IP destination address and port), is generally used for local area network to share the Internet, a network switch acl Similarly, comprising OUTPUT, PREROUTING, POSTROUTING three chains
OUTPUT to change the host sends packets destination address
for PREROUTING packet arrives at the firewall rules performed before the sub-route is determined, change the destination address of the packet, the destination port
for rule execution before the sub-route is determined POSTROUTING packet leaves the firewall, to change the address based on the source, the source port
Mangle raw and less in the enterprise application
4, filtered through a drawing explaining packet iptables simplified flowchart tables and different chains and forth.
1. packets before entering iptables preparation, the destination address of the packet will prerouting chain NAT table is rewritten IP or port, or mapped to different IP ports.
2. The data packet on its way, there are two cases:
2.1 iptables packet enters the host, through the chain INPUT FILTER table, into the strand through the NAT table OUTPUT OUTPUT chain outflow FILTER table, in general, only need to control the chain INPUT FILTER Table
2.2 Data packets flowing through the host, e.g. when used for routing, FORWARD chain of packets flowing through FILETER table
POSTROUTING 2.3 all packets finally flows out via the NAT table, rewrites the source address or IP port.
5, please write to view all current iptables rules command.
iptables -nL (the default view filter list)
iptables -t -nl NAT (NAT rule card table)
6, is prohibited from 10.0.0.188 ip address to access port 80 requests
iptables -A the INPUT -p tcp -s 10.0.0.188 --deport 80 -j DROP
7, how to make permanent in the execution of the command line iptables rules?
Method. 1:
/etc/init.d/iptables Save
Method 2:
iptables-Save> / etc / sysconfig / iptables
8, the realization of the access request 10.0.0.3:80 172.16.1.17:80 to
do IP host 10.0.0.3 mapped on the specific command:
iptables -t NAT -A the PREROUTING -d -p TCP 10.0.0.3 --dport Where do you want -j DNAT --to-80 172.16.1.17:80
. 9, paragraph 172.16.1.0/24 achieved by all hosts to share access the external network IP 124.32.54.26.
NAT table configured on the host 124.32.54.26 POSTROUTING chain
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j SNAT --to-source 124.32.54.26
every host in the network 172, need configure the default gateway to the IP network adapter in the same network segment host 124.32.54.26
10, described tcp 3-way handshake and four off course?
11. HTTP works described in detail?
Users access process
DNS resolution principle
tcp three-way handshake, four disconnect
request packet http response explain the message of
common status codes
tell you which architecture
12. Please describe the common production scenarios of iptables.
1) local area network to share Internet access (suitable for internal LAN Internet gateway, and Internet gateways within IDC room network)
(NAT POSTROUTING)
2) server fire safety features (server for IDC room has an external IP network) (mainly for controlling the filter INPUT of )
3) and the external IP end imports mapped to the internal LAN (IP mapping one may, for a particular enantiomer may end imports
shot). It may be I DC to the external network and Web site vip's end imports mapped to the load balancer (hardware firewall). (NAT
the PREROUTING)
. 4) + office router gateway function (Zebra passage ± + iptables forward filter and NAT + squid transparent proxy
80 + ntop / iftop / iptraf view traffic speed control flow TC +
5) e-mail gateway
13, describe the following action command iptables
iptables -N-SYN Flood
iptables -A the INPUT -j -i eth0 -syn-SYN Flood
iptables -A-SYN Flood -m limit -limit 5000 / S -limit-Burst 200 is the RETURN -j
iptables -A syn-flood -j DROP
prevent SYN attacks firewall policy
14, larger enterprises WEB application concurrency scenarios on how to optimize iptables?
the connection tracking table turn up,
the timeout little tune,
about pv3000w, concurrent 1w ~ 2w, off select hardware firewall or iptables off.
2) The enterprise operation and maintenance experience face questions:
15, write a script to configure the firewall to allow only remote access to the host machine's 80-port (Qihoo 360 interview questions)
(http://user.qzone.qq.com/49000448/blog / 1429755081)
iptables -P the INPUT DROP
iptables -A 80 --dport the INPUT -j ACCEPT
16, please describe how to configure a linux internet gateway?
linux kernel gateway forwards the fight card
17, describe how to configure a professional security WEB server host firewall?
The default rule denies, what what open
18 corporate real question 6: Please use at least two ways!
Write a script to solve the case of the production of DOS attack
Tip: According to the web log or network connections or, when a monitor or IP number of concurrent connections reaches 100 PV within a short time, that is, call firewall command sealing of the corresponding IP, frequency of monitoring every 3 minute. Firewall command: iptables -A INPUT -s 10.0.1.10 -j DROP .
(This question from one of the old boys of Education Examination questions will SHELL programming)
http://www.cnblogs.com/Richard-Liang/p/8991570.html
19, / var / log / messages log appears kernel: nf_conntrack: table full , dropping packet. What are the causes? How to solve?
The reason, transit connection pool is full, you need to turn up, turn down overtime
required kernel tuning
20, the actual finale machine iptables exams
