Firewall Troubleshooting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, there Cybrarians and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor, Rob Gels.
00:00
In today's lesson, we're going to
00:00
be discussing firewall troubleshooting.
00:00
Upon completion of this lesson,
00:00
you are going to be able to understand the types of
00:00
firewall issues that you may need to
00:00
troubleshoot or that you may encounter,
00:00
and we're going to talk about using firewall management
00:00
commands to examine firewall issues.
00:00
When an application appears to be having
00:00
network issues, but we've gone in,
00:00
>> ruled out those network problems.
00:00
>> The next step is logically to check
00:00
>> for firewall issues.
00:00
>> Common firewall issues are generally related to
00:00
overly restrictive access control lists or ACL rules.
00:00
Now there may be ports or protocols that are blocked
00:00
in the firewall and those would be causing the issues,
00:00
so we need to look at the ACL configuration.
00:00
Now recall in Module 19 we learned that
00:00
ACLs use packet information to filter network traffic.
00:00
When we're troubleshooting firewalls, ACLs,
00:00
we need that same information that
00:00
the firewall ACL itself uses.
00:00
We need to know the source address or host
00:00
name and the destination address and host name,
00:00
we need to know about the network protocol used
00:00
and the inbound and outbound port.
00:00
Now once we have all that information,
00:00
we can review the firewall settings and see if
00:00
ACL settings are too
00:00
restrictive or just downright incorrect.
00:00
Now if an application is having issues
00:00
and relies upon a particular port,
00:00
we can check the rules and ensure that that port is open.
00:00
For example, if we're trying to connect to
00:00
a secure web server and we just can't get through.
00:00
We're going to want to ensure that
00:00
HTTPS or the specific port,
00:00
Port 443 is open,
00:00
and we could do this by viewing the listed rules.
00:00
We can use sudo firewall-cmd - list
00:00
all on modern Red Hat-based systems.
00:00
You're probably going to be using firewall CMB
00:00
that will list all the rules.
00:00
If for some chance or using IPtable
00:00
still you can do sudo IPtables- L,
00:00
and that will list all the firewall rules.
00:00
Then we can also check ufw status
00:00
so sudo ufw status on an obuntu system.
00:00
That will display all the ACL rules,
00:00
everything in place on the ufw uncomplicated firewall.
00:00
If you're still having issues
00:00
after examining port restrictions,
00:00
and everything looks okay,
00:00
the next thing to check is
00:00
this specific protocol that's in use because
00:00
recall some applications can use
00:00
both TCP and UDP for example.
00:00
We can see which protocols are used
00:00
by the port in etc services.
00:00
Using our previous example,
00:00
maybe we want to see what's being used
00:00
for Port 443 and which protocols that can use.
00:00
We can do Grep for 443 on /etc/ services.
00:00
Look low and behold,
00:00
this could use both TCP and UDP.
00:00
Now maybe we want to go back in
00:00
and ensure that this port is open for both TCP
00:00
and UDP and then see if that issue is resolved.
00:00
But with that, in this lesson,
00:00
we covered the types of firewall issues
00:00
you may need to troubleshoot.
00:00
Then we talked about using firewall management
00:00
commands to examine firewall issues.
00:00
We can use firewall-cmd, IP tables or UFW.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next