0

I am practicing writing iptables rules and was looking to test the ones I wrote from an external network. I am currently running on an Ubuntu VM and have the following rules written:

sudo iptables -A INPUT -p tcp --dport 22 -s 10.10.1.0/24 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 22 -j DROP

The rules are meant to allow all SSH connections from devices on my local network and block external SSH connections. How would I go about testing that the 2nd rule works if I always access my VM from my local network?

Improve this question
4
  • How would I go about testing that the 2nd rule - I am confused, why don't you go with the obvious answer, test it from something that isn't on your local network? Commented Apr 2, 2021 at 22:09
  • Yeah, I understand that part of it, but how would I go about accessing my VM? I assume I would have to forward the port and the VM IP address on my router? Commented Apr 2, 2021 at 22:12
  • I don't know your network, so I don't really know how to answer that for you. If you want to test if your system blocks SSH, from other networks, you would have to have your network setup to permit ssh access to the host from other networks. If your system is behind a stateful+nat firewall, I probably wouldn't worry about blocking it, or opening a port on the firewall, just to test a host-based block. Commented Apr 2, 2021 at 22:15
  • It's part of a class that we are supposed to test it for. We need a "proof of concept" that is showing that the SSH from external networks are blocked. So I imagine having to access my network from the outside I would have to enable it on the router level or will I have to do anything else on my VM? Commented Apr 2, 2021 at 22:24

1 Answer 1

Reset to default
0

For local testing, I rather go with virtualization tools: Docker, vagrant, VirtualBox, and/or LXD/LXC.

Using Docker it's pretty easy creating additional networks to simulate outside accesses.

So a docker or LXC container should work pretty fine for your testing purpose.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.