NASA lab3

@piepie01

Outline

  • Virtual Machine
  • Exercise - Prepare
  • Routing
  • NAT
  • IPTables
  • Port Forwarding

Virtual machine

Why VM?

  • Commands need privileged mode.
  • Install packages easily.

How?

  1. Download VM
  2. Open VMware
  3. Import VM
  4. Generate a new MAC-address
  5. Boot it
Account:piepie01

password:nasa2020

Exercise - prepare

Download here

Infrastructure

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

Real world

192.168.127.128

192.168.127.127

Public IP

Your PC

server

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

Routing

NAT

First step - Test connection

You should be able to connect to external network here.

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

Routing

NAT

Goal

routing

Routing in Linux

  • Routing Table
    • Decide packet destination
  • PC doesn't recognize the destination IP we assign

Routing table

Infrastructure

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

sudo route add -net 0.0.0.0 netmask 0.0.0.0 \
gw 192.168.127.127

Network Address Translation

NAT

  • Layer 3
  • Lack of public IP

Real world

192.168.127.128

192.168.127.127

Public IP

Your PC

server

Infrastructure

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

Command

iptables -t nat -A POSTROUTING -s 192.168.127.0/255.255.255.0 -o ens33 -j MASQUERADE
iptables -A FORWARD -s 192.168.127.0/255.255.255.0 -o ens33 -j ACCEPT
iptables -A FORWARD -d 192.168.127/255.255.255.0 -m state --state ESTABLISHED,RELATED \ 
-i ens33 -j ACCEPT

IPtables

IPTABLEs

  • Many table to handle every packet
    • EX : nat, filter
  • Each table has rules

PREROUTING

NAT

FORWARD

filter

POSTROUTING

NAT

Packet in

Packet out

Commands

PREROUTING

NAT

FORWARD

filter

POSTROUTING

NAT

Packet in

Packet out

iptables -t nat -A POSTROUTING -s 192.168.127.0/255.255.255.0 -o ens33 -j MASQUERADE
iptables -A FORWARD -s 192.168.127.0/255.255.255.0 -o ens33 -j ACCEPT
iptables -A FORWARD -d 192.168.127/255.255.255.0 -m state --state ESTABLISHED,RELATED \ 
-i ens33 -j ACCEPT

Port forwarding

Your turn~

Infrastructure

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

ssh server

Goal

  • Change setting in 127 so that your PC can connect to the ssh server in Arvin through 127.

Place to add rules

PREROUTING

NAT

FORWARD

filter

POSTROUTING

NAT

Packet in

Packet out

port forwarding

192.168.127.128

192.168.127.127

172.16.x.x

VM:Arvin

VM:127

Your PC

ssh server : 22

Forward

  • Make the packet to 127 with port xxxx FORWARD to Arvin's port 22.

Step

  1. Import VM
  2. check connection in Arvin
  3. Add commands to 127

Submit to Cool

  • submit screen shot to cool
  • your picture should contain
    • connection info(EX : your ssh command)
    • ip after you ssh to Arvin(Check if you succeed or not)
Made with Slides.com