Anda di halaman 1dari 3

Problem 1.

Set up telnet, ftp services in a machine. Test these services from other machines. Document the steps
involved.

Solution.

The following are the steps involved to setting up telnet service in a machine (working in Fedora)-

1. Log in as root

2. Install telnet

yum install telnet­server telnet

3. Start the telnet services

/etc/init.d/xinetd start

The ip address of our machine is 192.168.170.47 (known by ifconfig 
command)

We tested whether our telnet service was up from another machine by 
using the following instruction.

   Telnet 192.168.170.47

The following are the steps involved to setting up ftp service in a 
machine (working in Fedora)­

Log in as root
4. Install ftp
yum install vsftpd
5. Start ftp service
6. cd /etc/init.d/
7. service vsftpd start

We tested whether our ftp service was up from another machine by 
using the following instruction.

   ftp 192.168.170.47
 # PROBLEM 2
Use iptables to block ftp, telnet and ping traffic to a machine. Test this configuration from other
machines. Document the steps involved.

Solution.

The following steps are involved in blocking the ping traffic to host 
machine.

1. Flush the contents of current iptables


iptables ­F
2. Write new rules in iptables to block the ping traffic.
iptables -A INPUT -d 192.168.170.47 -p icmp --icmp-type echo-request -j REJECT
3. The rules can be viewed in the iptables

The following steps are involved in blocking the telnet services to 
host machine.

Flush the contents of current iptables
iptables ­F
2. Write new rules in iptables to block telnet services.
 iptables ­A INPUT ­p tcp ­­dport 23 ­j REJECT
3. The rules can be viewed in the iptables

The following steps are involved in blocking the ftp services to host 
machine.

Flush the contents of current iptables
iptables ­F
4. Write new rules in iptables to block telnet services.
 iptables ­A INPUT ­p tcp ­­dport 21 ­j REJECT
5. The rules can be viewed in the iptables

# PROBLEM 3
Selectively allow other machines to access ftp, telnet services and to ping the host machine.
Test this configuration from other machines. Document the steps involved.
# SOLUTION

The following steps are involved in selectively allowing ftp services to host machine.

1. Flush the contents of current iptables


iptables –F

2. Write new rules in iptables to allow ftp services from selected machines. For e.g., if we
want to allow ftp service from machine whose IP address is 192.168.170.125, we shall
execute the following command,
iptables -A INPUT –s 192.167.170.125 -d 192.168.170.47
-p tcp --dport 21 -j ACCEPT

3. To ensure, we have blocked ftp services for all other IP addresses barring the selected
machines, we execute the following instruction.
iptables -A INPUT -d 192.168.170.47 -p tcp --dport 21 -j
REJECT

Similar operations are performed for selectively allowing ping traffic and tenet services to host
machine.