IPsec Host-to-Host Configuration
For a host-to-host connection, you need the following information:
The IP address for both hosts.
A unique name to identify the IPsec connection and distinguish it from other devices or connections (for example, ipsec0).
A fixed encryption key or one automatically generated by racoon.
A pre-shared authentication key that is used to initiate the connection and exchange encryption keys during the session.
For example, suppose Workstation A and Workstation B want to connect to each other through an IPsec tunnel. They want to connect using a pre-shared key with the value of ‘buddies’ and the users agree to let racoon automatically generate and share an authentication key between each host. Both host users decide to name their connections ipsec0.
The following is the ifcfg file for Workstation A for a host-to-host IPsec connection with Workstation B (the unique name to identify the connection in this example is ipsec0, so the resulting file is named /etc/sysconfig/network-scripts/ifcfg-ipsec0):
DST=X.X.X.X TYPE=IPSEC ONBOOT=yes IKE_METHOD=PSK
Workstation A would replace X.X.X.X with the IP address of Workstation B, while Workstation B replaces X.X.X.X with the IP address of Workstation A.
The connection is set to initiate upon boot-up (ONBOOT=yes) and uses the pre-shared key method of authentication (IKE_METHOD=PSK).
The following is the content of the pre-shared key file (called /etc/sysconfig/network-scripts/keys-ipsec0) that both workstations need to authenticate each other.
The contents of this file should be identical on both workstations and only the root user should be able to read or write this file.
For Security chmod to 600
chmod 600 /etc/sysconfig/network-scripts/keys-ipsec0
IPsec VPN on Red Hat Linux
IPsec is the supported VPN implementation for Red Hat Enterprise Linux that sufficiently addresses the usability needs of organizations with branch offices or remote users.
IPsec can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one LAN/WAN to another). The IPsec implementation in Red Hat Enterprise Linux uses Internet Key Exchange (IKE), which is a protocol implemented by the Internet Engineering Task Force (IETF) to be used for mutual authentication and secure associations between connecting systems.
On Red Hat Enterprise Linux systems, an IPsec connection uses the pre-shared key method of IPsec node authentication. In a pre-shared key IPsec connection, both hosts must use the same key in order to move to the second phase of the IPsec connection.
Implementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration).
/sbin/setkey
Manipulates the key management and security attributes of IPsec in the kernel.
/sbin/racoon
The IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
/etc/racoon/racoon.conf
The racoon daemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection.
How to check if the port is associated with the official list of known services.
Example:
cat /etc/services | grep 834
This command returns no output. This indicates that while the port is in the reserved range (meaning 0 through 1023) and requires root access to open, it is not associated with a known service.
Next, check for information about the port using netstat or lsof. To check for port 834 using netstat, use the following command:
The lsof command reveals similar information since it is also capable of linking open ports to services:
These tools reveal a great deal about the status of the services running on a machine. These tools are flexible and can provide a wealth of information about network services and configuration. Consulting the man pages for lsof, netstat, nmap, and services is therefore highly recommended.
Redirect all HTTP traffic through the proxy.
If you would like to redirect all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.0.0.1:3128
And
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
Where eth1,eth0 are the LAN, WAN devices and 10.0.0.1 is the IP address of your LAN device.
Verifying Which Ports Are Listening
After configuring network services, it is important to pay attention to which ports are actuallylistening on the system’s network interfaces. Any open ports can be evidence of an intrusion.
There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack by typing commands such as netstat -an or lsof -i.
Or
This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system.
For this reason, these applications are frequent targets for replacement by attackers. In this way, crackers attempt to cover their tracks if they open unauthorized network ports.
A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.
root@:~# nmap -sT -O localhost
Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-08 11:31 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.22
Network Distance: 0 hops
OS detection performed.
Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds
