Scribd Logo
Upload

Welcome to Scribd!

  • Understanding Firewalls Using Mininet (20 Points)

    Uploaded by

    Prakhar Jain
    203 views10 pages
    MIS543 Lab assignment 4 - networking

    Original Title

    MIS543_Lab4

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    MIS543 Lab assignment 4 - networking

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    203 views10 pages

    Understanding Firewalls Using Mininet (20 Points)

    Uploaded by

    Prakhar Jain
    MIS543 Lab assignment 4 - networking

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    MIS 543 – Business Data Communications & Networking

    Assignment 4: Understanding Firewalls using Mininet

    Understanding Firewalls using Mininet (20 Points)

    In this lab assignment, we are going to apply firewall to a software defined network (SDN). The firewall is
    implemented with POX controller in Mininet. The firewall rules will be provided using a configuration
    file, so that they can be changed without modifying the firewall code.

    In the VM, open a Terminal. Type the following command.

    git clone https://github.com/weichen-ua/MIS543_Lab4.git

    This command will download the files of Lab 4 for the class in your home folder (/home/mininet). Make
    sure that you have the following files in the ~/MIS543_Lab4 directory:

    • Lab4.mn – This is the mininet topology we provide for Lab 4.


    • firewall-policies.csv – This is a configuration file that contains the firewall rules.
    • lab4_pox_firewall.py – This is the POX controller that implemented a simple IP firewall. What it
    does is just add the firewall rules in firewall-policies.csv into the flow table of the switches.
    • run_pox.sh – This is the script for you to run the firewall.

    In case you do not know how to show the files in Linux, follow the commands in the following
    screenshot.

    This assignment has three parts. First, you need to following the instructions to start the network and
    the firewall. Second, you will then modify the configuration files to block traffic in the network. Third,
    you will use Wireshark to track the packets through the firewall.
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Part 1: Setting up the Network in Mininet


    a. First, in the Terminal, open MiniEdit with the following command

    sudo ~/mininet/mininet/examples/miniedit.py

    Then open the Lab4.mn file from MiniEdit.

    You will see the topology as below. Here we mark the IP addresses on the topology for your
    convenience (You can right click to check the properties or use mininet commands after you start up the
    network).
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Then click the green Run button in the left bottom corner. You should see the following output in the
    Terminal.
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    You can also use the following commands in the mininet CLI (command line interface):
    Check the IP configuration of h1:

    h1 ifconfig

    Open the xterm for h1:

    xterm h1

    Now our simulated network is up and running. We next need to start the POX controller to start the
    firewall.

    b. Now open another Terminal. Change directory to the Lab4 folder and run the run_pox.sh script.

    cd ~/MIS543_Lab4
    ./run_pox.sh

    You should see the following output in the new terminal.

    The last line of the above screenshot says that the traffic from IP address 192.168.2.10 to 192.168.2.20
    is blocked. We will explain more about this in part 2).

    c. Now we have connected the network and started the controller. Our network should be working now.
    You need to verify that the hosts are connected and can reach each other.

    Return to the Mininet CLI terminal. Use the following command to show the IP configuration of h1:

    h1 ifconfig

    You should see the following output:


    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    To ping h2 for three times, you can use the following command in the Mininet CLI:

    h1 ping h2 -c3

    An alternative way is to open the xterm of h1 and use ifconfig and ping there. The following screenshot
    shows how to do it.
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Deliverables
    Now finish the following tasks (either of the two ways is OK):

    • Show the IP configuration of h2


    • Ping from h2 (192.168.1.20) to h1 (192.168.1.10)
    • Ping from h3 (192.168.1.30) to server (10.0.0.5)

    Deliverable 1:
    Screenshot for the IP configuration of h2 (192.168.1.20). (1 POINT)

    Deliverable 2:
    Screenshot for successful ping from h2 (192.168.1.20) to h1 (192.168.1.10) for three times. (1 POINT)

    Deliverable 3:
    Screenshot for successful ping from h3 (192.168.1.30) to server (10.0.0.5) for three times. (1 POINT)
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Part 2: Blocking traffic for one host or traffic into a subnet

    We are not going to place a firewall between Host h1 and h2. But first, you need to go through the
    following steps:

    • In Terminal 1 (CLI), type “exit”. Then hit Stop in MiniEdit to stop the Mininet virtual network.
    • In Terminal 2, press Ctrl + C to stop the POX controller. You can restart it when you restart the
    network.

    1) Firewall rules are written down in a .csv file which will be taken as an input by Mininet application.
    Edit firewall-policies.csv. The traffic from “ip_src” and “ip_dest” is blocked by the firewall.
    Add one line in firewall-policies.csv to block traffic from 192.168.1.10 to 192.168.1.20
    2) In the MiniEdit window, click on Run to start the network simulation.
    3) Open new terminal(terminal 2) and execute following command to invoke POX
    ./run_pox.sh

    ./run_pox.sh file description


    This file contains below commands:
    1) cp -rf ./lab4_pox_firewall.py ~/pox/ext/
    This command will copy the code having firewall policies from where POX can use them
    2) sudo ~/pox/pox.py forwarding.l3_learning --fakeways=192.168.1.1,10.0.0.1
    lab4_pox_firewall info.packet_dump samples.pretty_log log.level –INFO
    This command will implement firewall policies between gateways 192.168.1.1 and
    10.0.0.1

    4) Your terminal will look like below screen shot:

    5) Execute the command “pingall” in terminal 1. You will see that the packets between h1 and h2 are
    dropped.
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Deliverables
    Deliverable 1:

    1) Explain the steps that you had taken to place a firewall. (1 POINTS)

    Deliverable 2:

    2) Ping h1 to h2 and from h2 to h1 for three times. Provide a screenshot that verifies that you have
    successfully added a firewall to the network. Why a host can or cannot ping the other host? What
    can you say about the result? (3 POINTS)

    Deliverable 3:

    3) Ping h2 to h3 and server. Provide a screenshot that verifies that you have successfully tested the
    connectivity of the network. Is the host able to ping other devices in the network? Explain why the
    host can/cannot ping the devices on the network. (3 POINTS)
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Part 3: Monitoring Network Traffic using Wireshark


    A) Packet Tracing using Wireshark

    1) For the same network topology in Part 2. Open xterm for h1.
    2) Enter the following command on the xterm of h1 to start wireshark. Monitor the traffic for h1-eth0
    interface in wireshark.

    wireshark &

    3) Ping h2 for three times in xterm of h1. Monitor the ICMP traffic in Wireshark on h1.

    Deliverable 1:

    Ping h2 for three times in xterm of h1 and monitor the ICMP traffic in Wireshark. Provide a screenshot of
    your Wireshark capture. Explain what you see in Wireshark, and why. (2 POINTS)

    4) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3.

    Deliverable 2:

    Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3. Provide a screenshot
    of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in Deliverable 1? Why?
    (2 POINTS)

    B) Blocking a new subnet

    1) Following what you have done in Part 2, block the traffic from h3 to the server.
    2) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3.

    Deliverable 3:

    Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3. Provide a screenshot
    of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in Deliverable 2? Why?
    (2 POINTS)

    3) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on the server.

    Deliverable 4:
    MIS 543 – Business Data Communications & Networking
    Assignment 4: Understanding Firewalls using Mininet

    Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on the server. Provide a
    screenshot of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in
    Deliverable 3? Why? (2 POINTS)

    C) Understanding the POX controller

    The firewall in this lab uses a POX controller to install the firewall rules. Open “lab4_pox_firewall.py” in
    “~/MIS543_lab4” and answer the following questions:

    Deliverable 5:

    1) What does the method read_policies do? (1 POINT)


    2) What does the method _handle_ConnectionUp do (roughly)? (1 POINT)

    You might also like