# HG changeset patch # User Alessio Caiazza # Date 1257526471 -3600 # Node ID 9a713a4a8f6d6b06930504f616245268bcf9ba20 # Parent 0ae04ada4dbaa88f02d481bd3877d85a51477386 firewall diff -r 0ae04ada4dbaa88f02d481bd3877d85a51477386 -r 9a713a4a8f6d6b06930504f616245268bcf9ba20 Presentazione.tex --- a/Presentazione.tex Thu Nov 05 19:46:57 2009 +0100 +++ b/Presentazione.tex Fri Nov 06 17:54:31 2009 +0100 @@ -1241,7 +1241,68 @@ \begin{frame} \frametitle{Firewall} +\begin{colorblock}{IPv4 e NAT $\rightarrow$ IPv6 e \texttt{Global Unicast}} +\tikzstyle{na} = [baseline=-.5ex] +\tikzstyle{every picture}+=[remember picture] +\begin{columns} +\column{.5\textwidth} +\tikzstyle{net}+=[on chain=going below] +\tikzstyle{lnet}+=[on chain=going right] + +\begin{tikzpicture}[start chain,every join/.style={<->,thick},node distance=3mm] + \node [net] (net) {\pgfuseimage{nuvola}}; + \node [net,join,label=180:\tiny Router] (asbr) {\pgfuseimage{router}}; + \node [subnet, right of=net, yshift=+.7cm,lnet,join] { \begin{tikzpicture}[ node distance=1cm] + \node [] (c1) {\pgfuseimage{schermo}}; + \node [right of=c1] (c2) {\pgfuseimage{schermo}}; + \node [right of=c2] (c3) {\pgfuseimage{schermo}}; + + \node [subnet,below of=c2,yshift=-.15cm,xshift=.1cm] (nat) { \begin{tikzpicture}[ node distance=1cm] + \node [] (n1) {\pgfuseimage{schermo}}; + \node [right of=n1] (n2) {\pgfuseimage{schermo}}; + \end{tikzpicture}}; + \node [left of=nat,xshift=-.25cm,label=-90:\tiny NAT] (natter) {\pgfuseimage{case}}; + \end{tikzpicture} }; +%label + \node at (net) [anchor=center] {\tiny Internet}; +\end{tikzpicture} +\column{.5\textwidth} +\begin{itemize}[<+->] +\item I computer dietro al NAT\tikz[na] \node[coordinate] (nat_txt) {}; sono ``automaticamente protetti'' + +\item In IPv6 invece avranno un indirizzo \texttt{global unicast}, \`e necessario ``proteggerli'' installando un firewall sul NAT. +\end{itemize} +\end{columns} + + +%collegamenti +\begin{tikzpicture}[overlay] + \path[->]<1> (nat_txt) edge [bend left,olink] (natter); +% \path[->]<3> (tb) edge [bend right,olink] (6to4); +\end{tikzpicture} +\end{colorblock} + + +\end{frame} + +\begin{frame} + \frametitle{Firewall - \texttt{ip6tables}} + \setbeamercovered{invisible} + \begin{columns} + \begin{column}{.55\textwidth} + \includegraphics[]{chains} + \end{column} + \begin{column}{.45\textwidth} + \pause + \begin{colorblock}{Le catene di \texttt{ip6tables}} + I pacchetti in ingresso attraversano una lista di regole. + + Se il destinatario del pacchetto non \`e il firewall si utilizza la catena di \texttt{FORWARD}. Bloccando tutte le nuove connessioni nella catena di \texttt{FORWARD} si ottiene un livello di ``protezione'' paragonabile al NAT IPv4. + \end{colorblock} + \end{column} +\end{columns} + \end{frame} diff -r 0ae04ada4dbaa88f02d481bd3877d85a51477386 -r 9a713a4a8f6d6b06930504f616245268bcf9ba20 immagini/chains.pdf Binary file immagini/chains.pdf has changed