Thursday, April 17, 2014

Desktop & Technical Support Interview Questions and Answers



WHAT IS A DIFFERENCE BETWEEN PRIMARY AND SECONDARY STORAGEDEVICES?WHAT ARE STORAGE DEVICES?Storage devices are used to store data and programpermanently. These devices are used to store large volume of data and program. Storage device are also called as1: PRIMARY STORAGE DEVICES.2: SECONDARY STORAGE DEVICES.3: AUXILIARY STORAGE DEVICES.WHAT IS PRIMARY AND SECONDARY STORAGE DEVICES?There is no official definition of these two terms, primary storagetypically refers to random access memory (RAM), whilesecondary storage refers to the computer's internal hard drive. )EXAMPLES OF PRIMARY STORAGE DEVICES:Following are some examples of primary storage devices.1: RAM.2: ROM.3: Cache MEMORY.EXAMPLES OF SECONDARY STORAGE DEVICES:Internal Hard Disk DriveExternal hard disk drivesDifferentiate between RAM and ROM?
RAM stands for Random Access Memory. It can store information and have newinformation stored over it later. And it’s a physical device you can changeit Types of RAMDDR (Double Data Rate), DDR2 and SDRAMROM stands for Read Only Memory. It can’t be written-over Types of ROMPROM (Programmable Read-Only Memory) and CD-ROM
Cache memory is random access memory (RAM) that a computer microprocessorcan access more quickly than it can access regular RAM. As the microprocessorprocesses data, it looks first in the cache memory and if it finds the data there, itdoes not have to do the more time-consuming reading of data from larger memory.
 The terms 32-bit and 64-bit refer to the way a computer's processor (also called aCPU), handles information. The 64-bit version of Windows handles large amounts of random access memory (RAM) more effectively than a 32-bit system.
Virtual memory is storage space on your computer’s hard disk that Windows uses inconjunction with random access memory

(RAM).
What is NVRAM?
NVRAM (Non-Volatile Random Access Memory) is a type of Random Access Memory(RAM) that retains its information when power is turned off. The NVRAM is a small

24 pin DIP (Dual Inline Package) integrated circuit chip and is thus able to obtain thepower needed to keep it running from the CMOS battery installed in yourmotherboard. It keeps track of various system parameters such as serial number,Ethernet MAC (Media Access Control) address, HOSTID, date of manufacture.How many logical drives is it possible to fit onto a physical disk?Maximum of 24 logical drives. The extended partition can only have 23 logicaldrivesMax of 24 partition from "c" to "z"primary 4
What is the difference between L1 and L2 cache?
L1 (level 1) cache - L1 cache stores information for use by the processor. L1 cacheis extremely quick but also expensive. Most processors have an L1 cache dividedinto space for data and space for instructions.L2 (level 2) cache - L2 cache is the next step down from L1 cache. Most processorstoday have L2 cache, which increases cache performance. Most desktop processorshave an L2 Cache of about 256KB, but some high-end processors can have as muchas 2MB.
BIOS stands for Basic Input/output System, although the full term is used veryinfrequently. The system BIOS is the lowest-level software in the computer; it actsas an interface between the hardware and theoperating system.
What is TCP/IP?
 TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communicationlanguage or protocol of the Internet. It can also be used as a communicationsprotocol in a private network.
What is Intranet?
An Intranet is a private network that is contained within an enterprise. It mayconsists of many interlinked LAN .The main purpose of an intranet is to sharecompany information & computing resources among employees. An intranet canalso be used to facilitate working in groups and for teleconferences.Difference between TCP and UDP TCP is a Transmission Control Protocol.UDP is a User Datagram Protocol. TCP offers error connection and Guaranteed DeliveryUDP doesn’t offer error connection & delivery TCP Provides or sends larger packetsUDP Provides or sends smaller packets. TCP is Slower than UDPUDP is Faster than TCP
What is Load balancing?
Distributing processing and communications activity evenly across a computernetwork so that no single device is overwhelmed. Load balancing is especiallyimportant for networks where it's difficult to predict the number of requests that willbe issued to a server.What are called Fat clients and Fat servers?


If the bulk of the application runs on the Client side, then it is Fat clients. It is usedfor decision support and personal software.If the bulk of the application runs on the Server side, then it is Fat servers. It tries tominimize network interchanges by creating more abstract levels of services.
What is Client/Server?
Client-server computing or networking is a distributed application architecture thatpartitions tasks or workloads between service providers (servers) and servicerequesters, called clients
What are the characteristics of Client/Server?
ScalabilityA client server system can accommodate growth and network expansions.Computers can easily be added or replaced .Because a client server system iscentralized, servers can easily move files and applications from an old computer toa new one.FlexibilityHaving a centralized management makes the client server system flexible to adaptto changes and new technologies.AccessibilityA client server system also is more accessible and secure than a peer-to-peernetwork because servers ensure that everything that goes in and out of thenetwork passes through their stringent security measures.
What are the building blocks of Client/Server?
 The building blocks of client/server applications are:ClientServerMiddleware The Client Building Block
Runs the client side of the application
It runs on the OS that provides a GUI or an OOUI and that canaccess distributed services, wherever they may be.
 The client also runs a component of the Distributed System Management(DSM) element. The Server Building Block
Runs the server side of the application
 The server application typically runs on top of some shrink-wrappedserver software package.
 The five contending server platforms for creating the nextgeneration of client/server applications are SQL database servers, TP Monitors, groupware servers, Object servers and the Web server.
 The server side depends on the OS to interface with the middlewarebuilding block.
 The server also runs DSM component
It may be a simple agent or a shared object database etc. The Middleware Building Block
Runs on both the client and server sides of an application



39Desktop & Technical Support Interview Questions and Answers
Ratings:  (4)|Views: 132,613|Likes: 415
Published by vinaaypalkar
See More

WHAT IS A DIFFERENCE BETWEEN PRIMARY AND SECONDARY STORAGEDEVICES?WHAT ARE STORAGE DEVICES?Storage devices are used to store data and programpermanently. These devices are used to store large volume of data and program. Storage device are also called as1: PRIMARY STORAGE DEVICES.2: SECONDARY STORAGE DEVICES.3: AUXILIARY STORAGE DEVICES.WHAT IS PRIMARY AND SECONDARY STORAGE DEVICES?There is no official definition of these two terms, primary storagetypically refers to random access memory (RAM), whilesecondary storage refers to the computer's internal hard drive. )EXAMPLES OF PRIMARY STORAGE DEVICES:Following are some examples of primary storage devices.1: RAM.2: ROM.3: Cache MEMORY.EXAMPLES OF SECONDARY STORAGE DEVICES:Internal Hard Disk DriveExternal hard disk drivesDifferentiate between RAM and ROM?
RAM stands for Random Access Memory. It can store information and have newinformation stored over it later. And it’s a physical device you can changeit Types of RAMDDR (Double Data Rate), DDR2 and SDRAMROM stands for Read Only Memory. It can’t be written-over Types of ROMPROM (Programmable Read-Only Memory) and CD-ROM
Cache memory is random access memory (RAM) that a computer microprocessorcan access more quickly than it can access regular RAM. As the microprocessorprocesses data, it looks first in the cache memory and if it finds the data there, itdoes not have to do the more time-consuming reading of data from larger memory.
 The terms 32-bit and 64-bit refer to the way a computer's processor (also called aCPU), handles information. The 64-bit version of Windows handles large amounts of random access memory (RAM) more effectively than a 32-bit system.
Virtual memory is storage space on your computer’s hard disk that Windows uses inconjunction with random access memory

(RAM).
What is NVRAM?
NVRAM (Non-Volatile Random Access Memory) is a type of Random Access Memory(RAM) that retains its information when power is turned off. The NVRAM is a small

24 pin DIP (Dual Inline Package) integrated circuit chip and is thus able to obtain thepower needed to keep it running from the CMOS battery installed in yourmotherboard. It keeps track of various system parameters such as serial number,Ethernet MAC (Media Access Control) address, HOSTID, date of manufacture.How many logical drives is it possible to fit onto a physical disk?Maximum of 24 logical drives. The extended partition can only have 23 logicaldrivesMax of 24 partition from "c" to "z"primary 4
What is the difference between L1 and L2 cache?
L1 (level 1) cache - L1 cache stores information for use by the processor. L1 cacheis extremely quick but also expensive. Most processors have an L1 cache dividedinto space for data and space for instructions.L2 (level 2) cache - L2 cache is the next step down from L1 cache. Most processorstoday have L2 cache, which increases cache performance. Most desktop processorshave an L2 Cache of about 256KB, but some high-end processors can have as muchas 2MB.
BIOS stands for Basic Input/output System, although the full term is used veryinfrequently. The system BIOS is the lowest-level software in the computer; it actsas an interface between the hardware and theoperating system.
What is TCP/IP?
 TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communicationlanguage or protocol of the Internet. It can also be used as a communicationsprotocol in a private network.
What is Intranet?
An Intranet is a private network that is contained within an enterprise. It mayconsists of many interlinked LAN .The main purpose of an intranet is to sharecompany information & computing resources among employees. An intranet canalso be used to facilitate working in groups and for teleconferences.Difference between TCP and UDP TCP is a Transmission Control Protocol.UDP is a User Datagram Protocol. TCP offers error connection and Guaranteed DeliveryUDP doesn’t offer error connection & delivery TCP Provides or sends larger packetsUDP Provides or sends smaller packets. TCP is Slower than UDPUDP is Faster than TCP
What is Load balancing?
Distributing processing and communications activity evenly across a computernetwork so that no single device is overwhelmed. Load balancing is especiallyimportant for networks where it's difficult to predict the number of requests that willbe issued to a server.What are called Fat clients and Fat servers?


If the bulk of the application runs on the Client side, then it is Fat clients. It is usedfor decision support and personal software.If the bulk of the application runs on the Server side, then it is Fat servers. It tries tominimize network interchanges by creating more abstract levels of services.
What is Client/Server?
Client-server computing or networking is a distributed application architecture thatpartitions tasks or workloads between service providers (servers) and servicerequesters, called clients
What are the characteristics of Client/Server?
ScalabilityA client server system can accommodate growth and network expansions.Computers can easily be added or replaced .Because a client server system iscentralized, servers can easily move files and applications from an old computer toa new one.FlexibilityHaving a centralized management makes the client server system flexible to adaptto changes and new technologies.AccessibilityA client server system also is more accessible and secure than a peer-to-peernetwork because servers ensure that everything that goes in and out of thenetwork passes through their stringent security measures.
What are the building blocks of Client/Server?
 The building blocks of client/server applications are:ClientServerMiddleware The Client Building Block
Runs the client side of the application
It runs on the OS that provides a GUI or an OOUI and that canaccess distributed services, wherever they may be.
 The client also runs a component of the Distributed System Management(DSM) element. The Server Building Block
Runs the server side of the application
 The server application typically runs on top of some shrink-wrappedserver software package.
 The five contending server platforms for creating the nextgeneration of client/server applications are SQL database servers, TP Monitors, groupware servers, Object servers and the Web server.
 The server side depends on the OS to interface with the middlewarebuilding block.
 The server also runs DSM component
It may be a simple agent or a shared object database etc. The Middleware Building Block
Runs on both the client and server sides of an application

1) What is Active Directory? 
A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments. For example we can create, manage and administor users, computers and printers in the network from active directory.


2) What is DNS? Why it is used? What is "forward lookup" and "reverse lookup" in DNS? What are A records and mx records? 
DNS is domain naming service and is used for resolving names to IP address and IP addresses to names. The computer understands only numbers while we can easily remember names. So to make it easier for us what we do is we assign names to computers and websites. When we use these names (Like yahoo.com) the computer uses DNS to convert to IP address (number) and it executes our request.
Forward lookup: Converting names to IP address is called forward lookup.
Reverse lookup: Resolving IP address to names is called reverse lookup.
'A' record: Its called host record and it has the mapping of a name to IP address. This is the record in DNS with the help of which DNS can find out the IP address of a name.
'MX' Record: its called mail exchanger record. Its the record needed to locate the mail servers in the network. This record is also found in DNS.


3) What id DHCP? Why it is used? What are scopes and super scopes? DHCP:Dynamic host configuration protocol. Its used to allocate IP addresses to large number of PCs in a network environment. This makes the IP management very easy.
Scope: Scope contains IP address like subnet mask, gateway IP, DNS server IP and exclusion range which a client can use to communicate with the other PCs in the network.
Superscope: When we combine two or more scopes together its called super scope.


4) What are the types of LAN cables used? What is a cross cable? 
Types of LAN cables that are in use are "Cat 5" and "Cat 6". "Cat 5" can support 100 Mbps of speed and "CAT 6" can support 1Gbps of speed.
Cross cable: Its used to connect same type of devices without using a switch/hub so that they can communicate.


5) What is the difference between a normal LAN cable and cross cable? What could be the maximum length of the LAN cable? 
The way the paired wires are connected to the connector (RJ45) is different in cross cable and normal LAN cable.
The theoritical length is 100 meters but after 80 meters you may see drop in speed due to loss of signal.


6) What would you use to connect two computers without using switches? Cross cable. 7) What is IPCONFIG command? Why it is used?
IPCONFIG command is used to display the IP information assigned to a computer. Fromthe output we can find out the IP address, DNS IP address, gateway IP address assigned to that computer.


8) What is APIPA IP address? Or what IP address is assigned to the computer when the DHCP server is not available?
When DHCP server is not available the Windows client computer assignes an automatic IP address to itself so that it can communicate with the network cmputers. This ip address is called APIPA. ITs in the range of 169.254.X.X.
APIPA stands for Automatic private IP addressing. Its in the range of 169.254.X.X.


9) What is a DOMAIN? What is the difference between a domain and a workgroup?Domain is created when we install Active Directory. It's a security boundary which is used to manage computers inside the boundary. Domain can be used to centrally administor computers and we can govern them using common policies called group policies.
We can't do the same with workgroup.


10) Do you know how to configure outlook 2000 and outlook 2003 for a user?
Please visit the link below to find out how to configure outlook 2000 and outlook 2003.http://www.it.cmich.edu/quickguides/qg_outlook2003_server.asp


11) What is a PST file and what is the difference between a PST file and OST file? What file is used by outlook express?
PST file is used to store the mails locally when using outlook 2000 or 2003. OST file is used when we use outlook in cached exchanged mode. Outlook express useds odb file.


12) What is BSOD? What do you do when you get blue screen in a computer? How do you troubleshoot it?
BSOD stands for blue screen of Death. when there is a hardware or OS fault due to which the windows OS can run it give a blue screen with a code. Best way to resolve it is to boot the computer is "LAst known good configuration". If this doesn't work than boot the computer in safe mode. If it boots up than the problemis with one of the devices or drivers.


13) What is RIS? What is Imaging/ghosting?
RIS stands for remote installation services. You save the installed image on a windows server and then we use RIS to install the configured on in the new hardware. We can use it to deploy both server and client OS. Imaging or ghosting also does the same job of capturing an installed image and then install it on a new hardware when there is a need. We go for RIS or iamging/ghosting because installing OS everytime using a CD can be a very time consuming task. So to save that time we can go for RIS/Ghosting/imaging.


14) What is VPN and how to configure it?
VPN stands for Virtual private network. VPN is used to connect to the corporate network to access the resources like mail and files in the LAN. VPN can be configured using the stepsmentioned in the KB: http://support.microsoft.com/kb/305550

15) Your computer slowly drops out of network. A reboot of the computer fixes the problem. What to do to resolve this issue?
Update the network card driver.


16) Your system is infected with Virus? How to recover the data?
Install another system. Insall the OS with the lates pathces, Antivirus with latest updates. Connect the infected HDD as secondary drive in the system. Once done scan and clean the secondary HDD. Once done copy the files to the new system.


17) How to join a system to the domain? What type of user can add a system to the domain?
Please visit the article below and read "Adding the Workstation to the Domain"
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/domxppro.mspx

18) What is the difference between a switch and a hub?
Switch sends the traffic to the port to which its meant for. Hub sends the traffic to all the ports.


19) What is a router? Why we use it?
Router is a switch which uses routing protocols to process and send the traffic. It also receives the traffic and sends it across but it uses the routing protocols to do so.


20) What are manageable and non manageable switches?
Switches which can be administered are called manageable switches. For example we can create VLAN for on such switch. On no manageable switches we can't do so.

Friday, April 11, 2014

Redhat IPtables 


Redhat Iptables Firewall Configuration Tutorial
by NIX CRAFT on NOVEMBER 10, 2009 · 31 COMMENTS· LAST UPDATED JUNE 17, 2010
How do I configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux?

Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network packet.
Iptables Config File
The default config files for RHEL / CentOS / Fedora Linux are:
§  /etc/sysconfig/iptables - The system scripts that activate the firewall by reading this file.
Task: Display Default Rules
Type the following command:
iptables --line-numbers -n -L
Sample outputs:
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
4    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Task: Turn On Firewall
Type the following two commands to turn on firewall:
chkconfig iptables on
service iptables start
# restart the firewall
service iptables restart
# stop the firewall
service iptables stop
Understanding Firewall
There are total 4 chains:
1.  INPUT - The default chain is used for packets addressed to the system. Use this to open or close incoming ports (such as 80,25, and 110 etc) and ip addresses / subnet (such as 202.54.1.20/29).
2.  OUTPUT - The default chain is used when packets are generating from the system. Use this open or close outgoing ports and ip addresses / subnets.
3.  FORWARD - The default chains is used when packets send through another interface. Usually used when you setup Linux as router. For example, eth0 connected to ADSL/Cable modem and eth1 is connected to local LAN. Use FORWARD chain to send and receive traffic from LAN to the Internet.
4.  RH-Firewall-1-INPUT - This is a user-defined custom chain. It is used by the INPUT, OUTPUT and FORWARD chains.
Packet Matching Rules
1.  Each packet starts at the first rule in the chain .
2.  A packet proceeds until it matches a rule.
3.  If a match found, then control will jump to the specified target (such as REJECT, ACCEPT, DROP).
Target Meanings
1.  The target ACCEPT means allow packet.
2.  The target REJECT means to drop the packet and send an error message to remote host.
3.  The target DROP means drop the packet and do not send an error message to remote host or sending host.





Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
by RAMESH NATARAJAN on JANUARY 24, 2011
iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.
iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.
This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.
This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.
On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets.
So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.
http://static.thegeekstuff.com/wp-content/uploads/2011/01/iptables-table-chain-rule-structure.png
Fig: IPTables Table, Chain, and Rule Structure
Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.
I. IPTABLES TABLES and CHAINS
IPTables has the following 4 built-in tables.
1. Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
§  INPUT chain – Incoming to firewall. For packets coming to the local server.
§  OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
§  FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.
2. NAT table
Iptable’s NAT table has the following built-in chains.
§  PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT).
§  POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT).
§  OUTPUT chain – NAT for locally generated packets on the firewall.
3. Mangle table
Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.
§  PREROUTING chain
§  OUTPUT chain
§  FORWARD chain
§  INPUT chain
§  POSTROUTING chain
4. Raw table
Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.
§  PREROUTING chain
§  OUTPUT chain
The following diagram shows the three important tables in iptables.
http://static.thegeekstuff.com/wp-content/uploads/2011/01/iptables-filter-nat-mangle-tables.png
Fig: IPTables built-in tables
II. IPTABLES RULES
Following are the key points to remember for the iptables rules.
§  Rules contain a criteria and a target.
§  If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
§  If the criteria is not matached, it moves on to the next rule.
Target Values
Following are the possible special values that you can specify in the target.
§  ACCEPT – Firewall will accept the packet.
§  DROP – Firewall will drop the packet.
§  QUEUE – Firewall will pass the packet to the userspace.
§  RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain.
If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain.
# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Do the following to view the mangle table.
# iptables -t mangle --list
Do the following to view the nat table.
# iptables -t nat --list
Do the following to view the raw table.
# iptables -t raw --list
Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same.
# iptables -t filter --list
(or)
# iptables --list
The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table.
# iptables --list
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
The rules in the iptables –list command output contains the following fields:
§  num – Rule number within the particular chain
§  target – Special target variable that we discussed above
§  prot – Protocols. tcp, udp, icmp, etc.,
§  opt – Special options for that specific rule.
§  source – Source ip-address of the packet
§  destination – Destination ip-address for the packet
§   PTables Flush: Delete / Remove All Rules On RedHat and CentOS Linux
§  by RAMESH NATARAJAN on JANUARY 31, 2011
§  Tweet
§  On Red Hat based Linux, iptables comes with certain default rules. It is good idea to clean them up, and start from scratch.
§  This article is part of an ongoing iptables tutorial series. This is the 2nd article in that series. In our 1st part, we discussed about IPTables Tables, Chains, Rules Fundamentals.
§  Before we start learning how to add firewall rules using iptables, it is helpful to understand how to cleanup all the existing default rules and start everything from scratch.

§  Default Rules in IPTables
§  Start the iptables firewall as shown below.
§  # service iptables status
§  Firewall is stopped.
§   
§  # service iptables start
§  Applying iptables firewall rules:                          [  OK  ]
§  Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]
§  You can see the default rules under: iptables -> Filter Table -> RH-Firewall-1-INPUT Chain, as shown below. You can also use ‘iptables –list’ to view all the rules.
§  # service iptables status
§  Table: filter
§  Chain INPUT (policy ACCEPT)
§  num  target     prot opt source               destination
§  1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
§   
§  Chain FORWARD (policy ACCEPT)
§  num  target     prot opt source               destination
§  1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
§   
§  Chain OUTPUT (policy ACCEPT)
§  num  target     prot opt source               destination
§   
§  Chain RH-Firewall-1-INPUT (2 references)
§  num  target     prot opt source               destination
§  1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
§  2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
§  3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
§  4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
§  5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
§  6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
§  7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
§  8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
§  9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
§  10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
§  IPTables Rules are stored in /etc/sysconfig/iptables
§  Please note that the iptables rules are stored in the /etc/sysconfig/iptables file. If you view this file, you’ll see all the default rules.
§  # cat /etc/sysconfig/iptables
§  # Firewall configuration written by system-config-securitylevel
§  # Manual customization of this file is not recommended.
§  *filter
§  :INPUT ACCEPT [0:0]
§  :FORWARD ACCEPT [0:0]
§  :OUTPUT ACCEPT [0:0]
§  :RH-Firewall-1-INPUT - [0:0]
§  -A INPUT -j RH-Firewall-1-INPUT
§  -A FORWARD -j RH-Firewall-1-INPUT
§  -A RH-Firewall-1-INPUT -i lo -j ACCEPT
§  -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
§  -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
§  -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
§  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
§  -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
§  COMMIT
§  Temporarily delete all the firewall rules
§  Use ‘iptables –flush’ option to delete all the rules temporarily.
§  # iptables --flush
§   
§  # iptables --list
§  Chain INPUT (policy ACCEPT)
§  target     prot opt source               destination
§   
§  Chain FORWARD (policy ACCEPT)
§  target     prot opt source               destination
§   
§  Chain OUTPUT (policy ACCEPT)
§  target     prot opt source               destination
§   
§  Chain RH-Firewall-1-INPUT (0 references)
§  target     prot opt source               destination
§  After the ‘iptables –flush’, if you restart the iptables, you’ll see all the default rules again. So, –flush is only temporary.
§  # service iptables stop
§   
§  # service iptables start
§   
§  # iptables --list
§  Permanently remove all the default firewall rules
§  Before deleting all the firewall rules, you’ll see the following in the /etc/sysconfig/iptables file.
§  # cat  /etc/sysconfig/iptables
§  # Firewall configuration written by system-config-securitylevel
§  # Manual customization of this file is not recommended.
§  *filter
§  :INPUT ACCEPT [0:0]
§  :FORWARD ACCEPT [0:0]
§  :OUTPUT ACCEPT [0:0]
§  :RH-Firewall-1-INPUT - [0:0]
§  -A INPUT -j RH-Firewall-1-INPUT
§  -A FORWARD -j RH-Firewall-1-INPUT
§  -A RH-Firewall-1-INPUT -i lo -j ACCEPT
§  -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
§  -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
§  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
§  -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
§  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
§  -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
§  COMMIT
§  First, flush all these rules temporarily, as we discussed above.
§  # iptables --flush
§  Next, save the current iptables (which is empty, as we just flushed it) to the /etc/sysconfig/iptables file for permanent use using ‘service iptables save’
§  # service iptables save
§  Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]
§  Finally, view the /etc/sysconfig/iptables to make sure there are no rules.
§  # cat  /etc/sysconfig/iptables
§  # Generated by iptables-save v1.3.5 on Thu Oct 28 08:44:01 2010
§  *filter
§  :INPUT ACCEPT [102:7668]
§  :FORWARD ACCEPT [0:0]
§  :OUTPUT ACCEPT [78:8560]
§  COMMIT
§  # Completed on Thu Oct 28 08:44:01 2010
§  Now, if you stop and start the iptables, you’ll not see the default rules anymore. So, remember to do ‘service iptables save’ to make the ‘iptables –flush’ permanent.
§  # service iptables stop
§   
§  # service iptables start
§   
§  # iptables --list



Basic Guide on IPTables (Linux Firewall) Tips / Commands
By Ravi Saive Under: Firewalls, Open Source On: January 29, 2013
This tutorial guides you how firewall works in Linux Operating system and what is IPTablesin Linux? Firewall decides fate of packets incoming and outgoing in system. IPTables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. IPTables was included in Kernel 2.4, prior it was called ipchains oripfwadm. IPTables is a front-end tool to talk to the kernel and decides the packets to filter. This guide may help you to rough idea and basic commands of IPTables where we are going to describe practical iptables rules which you may refer and customized as per your need.
Different services is used for different protocols as:
o    iptables applies to IPv4.
o    ip6tables applies to IPv6.
o    arptables applies to ARP.
o    ebtables applies to Ethernet frames..
IPTables main files are:
o    /etc/init.d/iptables – init script to start|stop|restart and save rulesets.
o    /etc/sysconfig/iptables – where Rulesets are saved.
o    /sbin/iptables – binary.
There are at present three tables.
·         Filter
·         NAT
·         Mangle
At present, there are total four chains:
o    INPUT : Default chain originating to system.
o    OUTPUT : Default chain generating from system.
o    FORWARD : Default chain packets are send through another interface.
o    RH-Firewall-1-INPUT : The user-defined custom chain.
Note: Above main files may slightly differ in Ubuntu Linux.
How to start, stop and restart Iptabe Firewall.
# /etc/init.d/iptables start
# /etc/init.d/iptables stop
# /etc/init.d/iptables restart
To start IPTables on system boot, use the following command.
#chkconfig --level 345 iptables on
Saving IPTables rulesets with below command. Whenever system rebooted and restarted the IPTables service, the exsiting rules flushed out or reset. Below command save TPTables rulesets in /etc/sysconfig/iptables file by default and rules are applied or restored in case of IPTables flushes out.
#service iptables save
Checking the status of IPTables / Firewall. Options “-L” (List ruleset), “-v” (Verbose) and “-n” (Displays in numeric format).
[root@tecmint ~]# iptables -L -n -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    6   396 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5 packets, 588 bytes)
 pkts bytes target     prot opt in     out     source               destination
Display IPTables rules with numbers. With the help of argument “–line-numbers” you can append or remove rules.
[root@tecmint ~]# iptables -n -L -v --line-numbers

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       51  4080 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 45 packets, 5384 bytes)
num   pkts bytes target     prot opt in     out     source               destination
Flushing or deleting IPTables rules. Below command will remove all the rules from tables. Take rulesets backup before executing above command.
[root@tecmint ~]# iptables -F
Deleting or appending rules, let us first see the rules in chains. Below commands shall display rulesets in INPUT and OUTPUT chains with rule numbers which will help us to add or delete rules
[root@tecmint ~]# iptables -L INPUT -n --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
[root@tecmint ~]# iptables -L OUTPUT -n --line-numbers
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Let’s say if you want to delete rule no 5 from INPUT chain. Use the following command.
[root@tecmint ~]# iptables -D INPUT 5
To insert or append rule to INPUT chain in between 4 and 5 ruleset.
[root@tecmint ~]# iptables -I INPUT 5 -s ipaddress -j DROP
We have just tried to cover basic usages and functions of IPTables for begineer. You may create complex rules once you have complete understanding of TCP/IP and good knowledge of your setup.



Linux IPTables: How to Add Firewall Rules (With Allow SSH Example)
by RAMESH NATARAJAN on FEBRUARY 14, 2011

This article explains how to add iptables firewall rules using the “iptables -A” (append) command.
“-A” is for append. If it makes it easier for you to remember “-A” as add-rule (instead of append-rule), it is OK. But, keep in mind that “-A” adds the rule at the end of the chain.
Again, it is very important to remember that -A adds the rule at the end.

Typically the last rule will be to drop all packets. If you already have a rule to drop all packets, and if you try to use “-A” from the command-line to create new rule, you will end-up adding the new rule after the current “drop all packets” rule, which will make your new rule pretty much useless.
Once you’ve mastered the iptables, and when you are implementing it on production, you should use a shell script, where you use -A command to add all the rules. In that shell script, your last line should always be “drop all packets” rule. When you want to add any new rules, modify that shell script and add your new rules above the “drop all packets” rule.
Syntax:
iptables -A chain firewall-rule
§  -A chain – Specify the chain where the rule should be appended. For example, use INPUT chain for incoming packets, and OUTPUT for outgoing packets.
§  firewall-rule – Various parameters makes up the firewall rule.
If you don’t know what chain means, you better read about iptables fundamentals first.
Firewall Rule Parameters
The following parameters are available for all kinds of firewall rules.
-p is for protocol
§  Indicates the protocol for the rule.
§  Possible values are tcp, udp, icmp
§  Use “all” to allow all protocols. When you don’t specify -p, by default “all” protocols will be used. It is not a good practice to use “all”, and always specify a protocol.
§  Use either the name (for example: tcp), or the number (for example: 6 for tcp) for protocol.
§  /etc/protocols file contains all allowed protocol name and number.
§  You an also use –protocol
-s is for source
§  Indicates the source of the packet.
§  This can be ip address, or network address, or hostname
§  For example: -s 192.168.1.101 indicates a specific ip address
§  For network mask use /mask. For example: “-s 192.168.1.0/24″ represents a network mask of 255.255.255.0 for that network. This matches 192.168.1.x network.
§  When you don’t specify a source, it matches all source.
§  You can also use –src or –source
-d is for destination
§  Indicates the destination of the packet.
§  This is same as “-s” (except this represents destination host, or ip-address, or network)
§  You can also use –dst or –destination
-j is target
§  j stands for “jump to target”
§  This specifies what needs to happen to the packet that matches this firewall rule.
§  Possible values are ACCEPT, DROP, QUEUE, RETURN
§  You can also specify other user defined chain as target value.
-i is for in interface
§  i stands for “input interface”
§  You might over look this and assume that “-i” is for interface. Please note that both -i and -o are for interfaces. However, -i for input interface and -o for output interface.
§  Indicates the interface through which the incoming packets are coming through the INPUT, FORWARD, and PREROUTING chain.
§  For example: -i eth0 indicates that this rule should consider the incoming packets coming through the interface eth0.
§  If you don’t specify -i option, all available interfaces on the system will be considered for input packets.
§  You can also use –in-interface
-o is for out interface
§  o stands for “output interface”
§  Indicates the interface through which the outgoing packets are sent through the INPUT, FORWARD, and PREROUTING chain.
§  If you don’t specify -o option, all available interfaces on the system will be considered for output packets.
§  You can also use –out-interface
Additional Options for Firewall Parameters
Some of the above firewall parameters in turn has it’s own options that can be passed along with them. Following are some of the most common options.
To use these parameter options, you should specify the corresponding parameter in the firewall rule. For example, to use “–sport” option, you should’ve specified “-p tcp” (or “-p udp”) parameter in your firewall rule.
Note: All of these options have two dashes in front of them. For example, there are two hyphens in front of sport.
–sport is for source port (for -p tcp, or -p udp)
§  By default all source ports are matched.
§  You can specify either the port number or the name. For example, to use SSH port in your firewall rule, use either “–sport 22″ or “–sport ssh”.
§  /etc/services file contains all allowed port name and number.
§  Using port number in the rule is better (for performance) than using port name.
§  To match range of ports, use colon. For example, 22:100 matches port number from 22 until 100.
§  You can also use –source-port
–dport is for destination port (for -p tcp, or -p udp)
§  Everything is same as –sport, except this is for destination ports.
§  You can also use –destination-port
–tcp-flags is for TCP flags (for -p tcp)
§  This can contain multiple values separated by comma.
§  Possible values are: SYN, ACK, FIN, RST, URG, PSH. You can also use ALL or NONE
–icmp-type is for ICMP Type (for -p icmp)
§  When you use icmp protocol “-p icmp”, you can also specify the ICMP type using “–icmp-type” parameter.
§  For example: use “–icmp-type 0″ for “Echo Reply”, and “–icmp-type 8″ for “Echo”.
Example Firewall Rule to Allow Incoming SSH Connections
Now that you understand various parameters (and it’s options) of firewall rule, let us build a sample firewall rule.
In this example, let us allow only the incoming SSH connection to the server. All other connections will be blocked (including ping).
WARNING: Playing with firewall rules might render your system inaccessible. If you don’t know what you are doing, you might lock yourself (and everybody else) out of the system. So, do all your learning only on a test system that is not used by anybody, and you have access to the console to restart the iptables, if you get locked out.
1. Delete Existing Rules
If you already have some iptables rules, take a backup before delete the existing rules.
Delete all the existing rules and allow the firewall to accept everything. Use iptables flush as we discussed earlier to clean-up all your existing rules and start from scratch.
Test to make sure you are able to ssh and ping this server from outside.
When we are done with this example, you’ll only be able to SSH to this server. You’ll not be able to ping this server from outside.
2. Allow only SSH
Allow only the incoming SSH connection to this server. You can ssh to this server from anywhere.
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
The above iptables command has the following 4 components.
§  “-A INPUT” – This indicates that we are appending a new rule (or adding) to the INPUT chain. So, this rule is for incoming traffic.
§  “-i eth0″ – Incoming packets through the interface eth0 will be checked against this rule.
§  “-p tcp –dport 22″ – This rule is for TCP packets. This has one tcp option called “–dport 22″, which indicates that the destination port for this rule on the server is 22 (which is ssh).
§  “-j ACCEPT” – Jump to accept, which just ACCEPTS the packet.
In simple terms the above rule can be stated as: All incoming packets through eth0 for ssh will be accepted.
3. Drop all Other Packets
Once you’ve specified your custom rules to accept packets, you should also have a default rule to drop any other packets.
This should be your last rule in the INPUT chain.
To drop all incoming packets, do the following.
iptables -A INPUT -j DROP
4. View the SSH rule and Test
To view the current iptables firewall rules, use “iptables -L” command.
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  anywhere             anywhere
As you see from the above output, it has the following two rules in sequence.
§  Accept all incoming ssh connections
§  Drop all other packets.
Instead of adding the firewall rules from the command line, it might be better to create a shell script that contains your rules as shown below.
# vi iptables.sh
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP

# sh -x iptables.sh
+ iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
+ iptables -A INPUT -j DROP

# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  anywhere             anywhere
Similar to iptables append/add command, there are few other commands available for iptables. I’ll cover them in the upcoming articles in the iptables series. I’ll also provide several practical firewall rule examples that will be helpful in real life scenarios.