Homework 3 Firewalls and VPN
- The UDP and ICMP protocols are not connection-based protocols, how do firewalls know whether a UDP or ICMP packet is part of an existing “connection”?
- A machine has an IP address 10.0.20.5. On this machine, you need to block incoming connections to its ports 22, 23, 80, and 443. What will be the iptables command?
- A TCP server is running on a remote machine called sirius using “nc -lv 9090” (recall this command from the TCP chapter). This machine is on a planet outside the Solar system. An alien named Alice living on the Earth wants to communicate with the TCP server on sirius, but unfortunately, the Earth has a firewall that prevents all computers on the Earth from accessing any machine outside the Solar system. Alice does have a computer on Mars, which does not have such a restrict firewall rule. Alice’s computer on Mars is called mars, and her account name is called alien. Please describe how Alice can use an SSH tunnel to bypass Earth’s firewall, so she can talk to sirius.
(1) The port used in the local host machine should be 8080. Why not port 80? (check online)
(2) What command should Alice run to set up the SSH tunnel?
(3) Without the firewall, if Alice wants to communicate with the TCP server on sirius, she can use the “nc sirius 9090” command. Now, with the SSH tunnel and the firewall, what command should Alice run to access the server?
- To log into X University’s network, Bob needs to use a TLS-based VPN. After he has established a VPN tunnel between his machine and X University’s network (184.108.40.206/16), he checks the routing table on his computer. Here is what he sees:
From the above routing information, please answer the following questions (you need to explain your answer).
(a) What is the IP address of the TUN interface on Bob’s machine?
(b) What is the IP address of X University’s VPN server?
(c) What is the computer’s real IP address, i.e., the IP address assigned to the machine’s physical network interface card?
(d) Assume that Bob is behind a firewall that blocks him from accessing a web site (assume that the IP address of the web site is 220.127.116.11). Please describe how Bob can use X University’s VPN to bypass the firewall. If changes need to be made to this routing table, please show exactly what changes Bob needs to make to achieve the goal.
Firewalls and VPN