Lab on Firewall, Wireshark, ICMP and ARP in SANDBOX lab (PL112) CSE/ECE404: Computer Networks, Lehigh University Instructor: Dr. Liang Cheng, Assistant Professor, Computer Science and Engineering Lab Graduate Assistant: Shengpu Liu November 29th, 2007 Introduction This lab session includes two parts: 1.Configuring firewalls using iptablesin Linux; 2.Using wiresharkto capture network packets and observe the packets in various layers; Each machine has two network interface cards (NIC), eth0 andeth1. The IP-address configuration of both eth0and eth1 is DHCP enabled. The eth1interface is connected to the Internet directly. The eth2interface belongs to a 192.168.0.0/22 network and is connected with a switch. A machine with an IP address, e.g.192.168.3.30 is configured and activated in this 192.168.0.0/22 network to be used for pingchecking functionality. Procedure Firewall 1.Make a temporary directory called “temp” and perform the rest of the steps under “temp” directory. 2.Change to the root user using “su”. 3.Open a terminal window. Try to ping 127.0.0.1 (the 127.0.0.1), 192.168.3.30, and www.lehigh.edu. They all should be ping-able, otherwise please ask the lab graduate assistant for help. 4.Open a web browser, and visit http://www.cse.lehigh.edu/~cheng/Teaching/CSEECE404-07/firewall.tarto download firewall.tarto the tempdirectory that you have just created. 5.Untar the firewall.tarusing “tar –xvf firewall.tar”. It will automatically decompress all the files into the current directory. 6.Modify all the script files to be executable by using “chmod 700 *”. 7.Study the firewall script accept-allbased on the Linux command iptables, which has been briefly described in the appendix of this document. 8.Run the script accept-allusing “./accept-all”. Then try to ping 127.0.0.1, 192.168.3.30, and www.lehigh.edu. They all should be ping-able, otherwise please ask the lab graduate assistant for help.
has intentionally blurred sections.
Sign up to view the full version.