Nov29LabManual

Nov29LabManual - Lab on Firewall, Wireshark, ICMP and ARP...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Lab on Firewall, Wireshark, ICMP and ARP in SANDBOX lab (PL112) CSE/ECE404: Computer Networks, Lehigh University Instructor: Dr. Liang Cheng, Assistant Professor, Computer Science and Engineering Lab Graduate Assistant: Shengpu Liu November 29th, 2007 Introduction This lab session includes two parts: 1. Configuring firewalls using iptables in Linux; 2. Using wireshark to capture network packets and observe the packets in various layers; Each machine has two network interface cards (NIC), eth0 and eth1 . The IP-address configuration of both eth0 and eth1 is DHCP enabled. The eth1 interface is connected to the Internet directly. The eth2 interface belongs to a 192.168.0.0/22 network and is connected with a switch. A machine with an IP address, e.g.192.168.3.30 is configured and activated in this 192.168.0.0/22 network to be used for ping checking functionality. Procedure Firewall 1. Make a temporary directory called “ temp ” and perform the rest of the steps under “temp” directory. 2. Change to the root user using “su”. 3. Open a terminal window. Try to ping 127.0.0.1 (the 127.0.0.1) , 192.168.3.30, and www.lehigh.edu . They all should be ping-able, otherwise please ask the lab graduate assistant for help. 4. Open a web browser, and visit http://www.cse.lehigh.edu/~cheng/Teaching/CSEECE404-07/firewall.tar to download firewall.tar to the temp directory that you have just created. 5. Untar the firewall.tar using “tar –xvf firewall.tar ”. It will automatically decompress all the files into the current directory. 6. Modify all the script files to be executable by using “ chmod 700 * ”. 7. Study the firewall script accept-all based on the Linux command iptables , which has been briefly described in the appendix of this document. 8. Run the script accept-all using “./ accept-all ”. Then try to ping 127.0.0.1, 192.168.3.30, and www.lehigh.edu . They all should be ping-able, otherwise please ask the lab graduate assistant for help.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
9. Study the firewall script deny-all based on the Linux command iptables , which has been briefly described in the appendix of this document. 10. Run the script deny-all using “./ deny-all ”. Then try to ping 127.0.0.1, 192.168.3.30, and www.lehigh.edu . They all should NOT be ping-able, otherwise please ask the lab graduate assistant for help. 11. Modify the deny-all script to enable the Loopback interface. 12. Run the script deny-all using “./ deny-all ”. Then try to ping 127.0.0.1, and it should be ping-able. Then try to ping 192.168.3.30, and www.lehigh.edu . They all should NOT be ping- able, otherwise please ask the lab graduate assistant for help. 13. Modify the deny-all script to enable the eth0 and eth1 interface. 14.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 10

Nov29LabManual - Lab on Firewall, Wireshark, ICMP and ARP...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online