I am doing a class project and our team chose to do a little experiment using IPFire and ACL’s.
The goal of the project will be to show the class how a computer using an ACL would be able to communicate with another computer using IPFire. In addition, we would like to use a software that would be able to see this communication.
All aspects of the project must be done on VirtualBox
I currently am running IPFire and Kali-Linux 2020 on VB. The questions I have are:
- What would be the best/easiest software to install to use the ACL
- What software can I use to capture packets moving through the Firewall and ACL?
- Can anyone point me in the right direction on where to start with this type of project? Any help would be greatly appreciated. Thank you everyone!
You need to spell out “ACL”. It might have more than one meaning in IT
Q.1 If by ACL you mean Access Control Lists, any Linux system has them
Q.2 you can use tshark (ipfire addon) to sniff packets.
Q.3 I don’t see how your project needs ipfire.
Hello Friends. Thank you for replying! To answer Rodney and Pavlos’ questions: So for the ACL, we would like to use an access control list to communicate with a computer that uses IPFire. We basically just want to show how an ACL can be used to communicate through a firewall.
Any continued help would be fantastic.
ACL is a filesystem parameter. I’m not aware of IPFIre blocking it anywhere. See https://wiki.ipfire.org/configuration/firewall/default-policy
OTOH, Microsoft files, which tend to use that parameter can be blocked in blue zone: https://wiki.ipfire.org/configuration/firewall/options
Beyond that, you would need to experiment
@newtechguy I found a site that refers to firewall rules as ACLs. Is that what you were describing? you can setup systems, ipfire in between, and using firewall rules, allow/deny communication.
[hostA 192.168.10.5] ----- [LAN 192.168.10.1 ipfire WAN 192.168.20.1] — [hostB 192.168.20.5]
According to ipfire, LAN ===> WAN permitted but not the other way.
Hello everyone. Hope you are all safe! Thank you for the help. I will be starting this project tomorrow. I will definitely be looking into all information provided. I shall keep you posted. Thanks friends!
The setup will go as follows:
[Host A with VirtualBox with Kali Linux & IPFire] ------ [Host B, Friend’s computer with VirtualBox with Kali Linux. He will use ACL to communicate with my computer]. In-between this connection, we would like to use a network scanner to show network connectivity using the ACL. Does this help?
sure, you can do that and use tshark or tcpdump to sniff packets.
I am having trouble with IPFire. I just installed it, started it, and logged in. I am now going to the web interface https://192.168.15.1:444 on my Kali-linux VM and it just times out. I do not get a log-in window.
ifconfig green0 is 192.168.15.1
ifconfig red0 is 192.168.15.1
I do not understand why I cannot login? This is a localhost, I should not be having any issues. Thank you for the help!
red and green should be on different subnets, you listed them both on the 15 subnet.
My example above showed green as .10, red as .20
I suggest you run setup from the console of ipfire and fix.
I just got it to work. For some reason, the adapter in the network settings was totally different. I switched it to the bridged connecter which is my wireless and I am able to access the web interface now! I will report back with any issues I have! Thank you
So I am 90% done with this project. Here is how I did it. [Computer A: Kali Linux VM running a simple http.server in python3 with port 8000 & IPFire VM’s] -----> [Computer B: My friends computer trying to access the http.server on kali VM]. I needed to first do port forwarding on my router to allow outside requests to access the server. I can see all of this on Wireshark. All works until I turn on my IPFire and my friend cannot access the server. I cannot figure out where in IPFire web interface I need to create an ACL. I tried adding the port, I tried adding his IP to allow traffic. Any help would be appreciated. I am so close to finishing this lol.
Computer A is on the green network, computer B is outside on the red network.
You need to create a rule (ipfire gui, Firewall rules), to allow red->green on port 8000
Good Morning Pavlos,
Thank you for pointing me in the right direction. This would be more of a rule rather than an access control list. As far as the project is concerned, I need to stay within the guidelines. Is there anything else I can do with an access control list? Thank you in advance!