1 00:00:00,08 --> 00:00:03,05 - [Instructor] Compared to setting up a router host, 2 00:00:03,05 --> 00:00:06,00 adding new network firewall features 3 00:00:06,00 --> 00:00:08,06 is fairly straightforward. 4 00:00:08,06 --> 00:00:11,03 Let's set up our Ubuntu router host 5 00:00:11,03 --> 00:00:14,06 as a network firewall in this lesson. 6 00:00:14,06 --> 00:00:17,06 Network firewalls handle service requests 7 00:00:17,06 --> 00:00:22,09 by either blocking them or providing port forwarding. 8 00:00:22,09 --> 00:00:26,01 The prerequisite for port-forwarding 9 00:00:26,01 --> 00:00:29,06 is a host set up as a router, 10 00:00:29,06 --> 00:00:33,05 which in our case is the Ubuntu router host. 11 00:00:33,05 --> 00:00:36,03 We need to add some new firewall rules 12 00:00:36,03 --> 00:00:38,02 to enable port-forwarding 13 00:00:38,02 --> 00:00:40,06 that routes a network service request 14 00:00:40,06 --> 00:00:44,08 to an appropriate host behind a firewall. 15 00:00:44,08 --> 00:00:46,07 The Ubuntu router host firewall 16 00:00:46,07 --> 00:00:51,06 adheres to some default rules already. 17 00:00:51,06 --> 00:00:55,02 For example, is dropping all the ingress traffic 18 00:00:55,02 --> 00:00:59,05 or incoming traffic and it forwards all the egress 19 00:00:59,05 --> 00:01:03,04 or outgoing traffic to the internet. 20 00:01:03,04 --> 00:01:06,03 In addition to these default rules 21 00:01:06,03 --> 00:01:11,04 we need to add the following port-forwarding details. 22 00:01:11,04 --> 00:01:15,03 First of all, we need to open port 80 23 00:01:15,03 --> 00:01:17,08 on the Ubuntu router host 24 00:01:17,08 --> 00:01:21,07 and then send all the port 80 traffic 25 00:01:21,07 --> 00:01:27,02 to a host running an HTTP or web server. 26 00:01:27,02 --> 00:01:29,06 Here is a big picture view. 27 00:01:29,06 --> 00:01:33,06 A packet arrives whose destination port is 80 28 00:01:33,06 --> 00:01:37,05 from the internet at the external network interface card 29 00:01:37,05 --> 00:01:42,03 of our Ubuntu router host ETH0. 30 00:01:42,03 --> 00:01:50,03 The network interface card has the IP address of 10.0.0.6. 31 00:01:50,03 --> 00:01:54,03 If we have our port-forwarding rules set up 32 00:01:54,03 --> 00:01:56,01 this packet will be then 33 00:01:56,01 --> 00:01:59,03 sent to the internal network interface card 34 00:01:59,03 --> 00:02:03,05 of the Ubuntu router host ETH1. 35 00:02:03,05 --> 00:02:07,00 Next, it's sent to a switch. 36 00:02:07,00 --> 00:02:10,07 The switch then passes it on to our Ubuntu host 37 00:02:10,07 --> 00:02:14,09 whose IP is 10.0.0.5. 38 00:02:14,09 --> 00:02:18,09 The local host has only one network interface card 39 00:02:18,09 --> 00:02:22,03 and the IP address of that network interface card is 40 00:02:22,03 --> 00:02:25,06 10.0.0.5. 41 00:02:25,06 --> 00:02:29,05 The Ubuntu local hosts network interface card or NIC, 42 00:02:29,05 --> 00:02:33,04 ETH0 has it's port 80 open 43 00:02:33,04 --> 00:02:36,07 to receive all the hypertext transfer protocol 44 00:02:36,07 --> 00:02:39,05 or HTTP traffic. 45 00:02:39,05 --> 00:02:44,07 Now, the key here is the original package destination IP 46 00:02:44,07 --> 00:02:51,04 has to be changed from 10.0.0.6 to 10.0.1.5 47 00:02:51,04 --> 00:02:56,01 to arrive at the Ubuntu local host eventually. 48 00:02:56,01 --> 00:02:57,08 We don't have to do anything 49 00:02:57,08 --> 00:02:59,08 about the destination port number 50 00:02:59,08 --> 00:03:04,07 because the initial port number stays the same, which is 80. 51 00:03:04,07 --> 00:03:08,02 That's all we have to do on the Ubuntu router host 52 00:03:08,02 --> 00:03:11,00 to activate port forwarding.