Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE 544: Middlebox lab Abhigyan Sharma.

Published byRachel Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "ECE 544: Middlebox lab Abhigyan Sharma."— Presentation transcript:

1 ECE 544: Middlebox lab Abhigyan Sharma

2 Amazon EC2 login Go to aws.amazon.com Login: abhigyan.sharma@gmail.com
Password: ece544 Download private key file from mail SSH to this VM ssh -i id_rsa Then, ssh to any VM you create (ssh to /24) IP address in the VM ssh

3 References IPTABLES SQUID
firewall-using-iptables-on-ubuntu-14-04 iptables-firewall-rules man iptables SQUID

4 Testbed configuration
Subnets: /24, /24, /24 /24 /24 /24 /24 /24 /24 A B C *** Update IP Address based on your group number ***

5 More testbed config Name VMs as <group-num>-a, <group-num>-b, <group-num>-c Choose security group allow-all Disable source/dest check for all interfaces Enable all interfaces (ifconfig up, dhclient) Routing A: add ip route to /24 via B B: enable ipv4 forwarding C: add ip route to /24 via B

6 Test ping & firewall From A: ping 10.0.2.103
Should work Now enable iptables firewall to drop packets being forwarded: sudo iptables -P FORWARD DROP sudo iptables -P FORWARD ACCEPT

7 Setup HTTP server (NODE C)
mkdir web cd web echo "hello" > hello.txt echo "hello2" > hello2.txt sudo python3 -m http.server -b XX3 80

8 Setup iptables rules to forward only port 80 traffic
RULES at B sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -p tcp --dport 80 -j ACCEPT sudo iptables -A FORWARD -j DROP Test from A wget wget Use TCPDUMP at B and log at C to see packets tcpdump -i eth2 Delete rule 2 at B sudo iptables -D FORWARD 2 Wont work!

9 Setup NAT (Network address translation)
Rules at B sudo iptables -F sudo iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE  Start tcpdump: sudo tcpdump -i eth2 Test ping from A ping Test wget from A wget wget Notice the source ip from tcpdump above

10 B: Setup Squid caching proxy and iptables
sudo apt-get update sudo apt-get install squid Modify /etc/squid/squid.conf http_port 3128 transparent http_access allow all sudo iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 View iptables rules iptables -t nat -L

11 Test squid Test wget from A View squid log at node B
sudo cat /var/log/squid/access.log Access same file again View squid log again

12 What to submit Describe in your own words the following aspects of this exercise IP routing in linux Firewall middlebox NAT Caching proxy You may include Testbed diagram Screenshots of key steps Explanation of middlebox configuration commands

Download ppt "ECE 544: Middlebox lab Abhigyan Sharma."

Similar presentations

Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com Software Defined Networking Lab Using Mininet and the POX Controller Last Update 2014.02.04 2.1.0.

Copyright 2014 Kenneth M. Chipps Ph.D. Software Defined Networking Lab Using Mininet and the POX Controller Last Update
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Linux Networking TCP/IP stack – kernel controls the TCP/IP protocol – Ethernet adapter is hooked to the kernel in with the ipconfig command – ifconfig.

Linux Networking TCP/IP stack – kernel controls the TCP/IP protocol – Ethernet adapter is hooked to the kernel in with the ipconfig command – ifconfig.
Chien-Chung Shen cshen@udel.edu Google Compute Engine Chien-Chung Shen cshen@udel.edu.

Chien-Chung Shen Google Compute Engine Chien-Chung Shen
Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.

Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Squid Proxy CentOS 6.4 Prepared by : Mr. Sopheap Position : IT Support Location : Deam Computer Date : 24/July/2013.

Squid Proxy CentOS 6.4 Prepared by : Mr. Sopheap Position : IT Support Location : Deam Computer Date : 24/July/2013.
Virtual Company Group 8 Presentation Date: June /04/2017

Virtual Company Group 8 Presentation Date: June /04/2017
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Lab How to Use WANem Last Update 2011.08.01 1.1.0 Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
BASIC CONFIGURATION MODEM D-LINK

BASIC CONFIGURATION MODEM D-LINK
Sponsored by the National Science Foundation1GENI Introduction – SIGCSE ‘14 – 5 March 2014www.geni.net Agenda Presentation and Demo: An Introduction to.

Sponsored by the National Science Foundation1GENI Introduction – SIGCSE ‘14 – 5 March 2014www.geni.net Agenda Presentation and Demo: An Introduction to.
Topics ABOUT SQUID SQUID BASICS INSTRALLATION OF SQUID SQUID SERVICE CONFIGURATION UNDERSTANDING ACCESS CONTROL LIST LOGS TRANSPARENT PROXY MONITORING.

Topics ABOUT SQUID SQUID BASICS INSTRALLATION OF SQUID SQUID SERVICE CONFIGURATION UNDERSTANDING ACCESS CONTROL LIST LOGS TRANSPARENT PROXY MONITORING.
Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.

Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.
System Administration and Maintenance. Proxy Server 1 Purpose – – To separate internal network from internet (NAT) To cache often used content User control:

System Administration and Maintenance. Proxy Server 1 Purpose – – To separate internal network from internet (NAT) To cache often used content User control:
Iptables and apache 魏凡琮 (Jerry Wei). Agenda iptables apache.

Iptables and apache 魏凡琮 (Jerry Wei). Agenda iptables apache.

Similar presentations

Ads by Google