Lab-Mar16 - Lab on Firewall, Ethereal, ICMP and ARP in...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Lab on Firewall, Ethereal, ICMP and ARP in SANDBOX lab (PL112) CSE398: Network Systems Design, Lehigh University Instructor: Dr. Liang Cheng, Assistant Professor, Computer Science and Engineering Lab Graduate Assistant: Yaoyao Zhu March 16th, 2005 Introduction This lab session includes two parts: 1. Configuring firewalls using iptables in Linux; 2. Using ethereal to capture network packets and observe the packets in various layers; Each machine has one network interface cards (NIC), eth0 . Their IP-address configurations are DHCP enabled. The eth0 interface belongs to a 192.168.1.0/24 network and is connected with a switch, which enables an Internet connection. A machine with an IP address 192.168.1.200 is configured and activated in this 192.168.1.0/24 network to be used for ping checking functionality. Procedure Firewall 1. Make a temporary directory called “ temp ” and perform the rest of the steps under “temp” directory. 2. Open a terminal window. Try to ping localhost , 192.168.1.200, and www.lehigh.edu . They all should be ping-able, otherwise please ask the lab graduate assistant for help. 3. Open a web browser, and visit http://www.cse.lehigh.edu/~cheng/Teaching/CSE398- 05/firewall-031605.tar to download firewall-031605.tar to the temp directory that you have just created. 4. Untar the firewall-031605.tar using “tar –xvf firewall-031605.tar ”. It will automatically create a firewall-031605 sub-directory. 5. Change directory to firewall-031605 . And modify all the script files to be executable by using “ chmod 700 * ”. 6. Study the firewall script accept-all based on the Linux command iptables , which has been briefly described in the appendix of this document. 7. Run the script accept-all using “./ accept-all ”. Then try to ping localhost , 192.168.1.200, and www.lehigh.edu . They all should be ping-able, otherwise please ask the lab graduate assistant for help.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8. Study the firewall script deny-all based on the Linux command iptables , which has been briefly described in the appendix of this document. 9. Run the script deny-all using “./ deny-all ”. Then try to ping localhost , 192.168.1.200, and www.lehigh.edu . They all should NOT be ping-able, otherwise please ask the lab graduate assistant for help. 10. Modify the deny-all script to enable the Loopback interface. 11. Run the script deny-all using “./ deny-all ”. Then try to ping localhost , and it should be ping-able. Then try to ping 192.168.1.200, and www.lehigh.edu . They all should NOT be ping- able, otherwise please ask the lab graduate assistant for help. 12. Modify the deny-all script to enable the LOCAL_INTERFACE interface. 13. Run the script deny-all using “./ deny-all ”. Then try to ping localhost , and it should be ping-able. Then try to ping 192.168.1.200 and
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/06/2008 for the course CSE 398 taught by Professor Cheng during the Spring '05 term at Lehigh University .

Page1 / 10

Lab-Mar16 - Lab on Firewall, Ethereal, ICMP and ARP in...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online