Professional Documents
Culture Documents
In this lab assignment, we are going to apply firewall to a software defined network (SDN). The firewall is
implemented with POX controller in Mininet. The firewall rules will be provided using a configuration
file, so that they can be changed without modifying the firewall code.
This command will download the files of Lab 4 for the class in your home folder (/home/mininet). Make
sure that you have the following files in the ~/MIS543_Lab4 directory:
In case you do not know how to show the files in Linux, follow the commands in the following
screenshot.
This assignment has three parts. First, you need to following the instructions to start the network and
the firewall. Second, you will then modify the configuration files to block traffic in the network. Third,
you will use Wireshark to track the packets through the firewall.
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
sudo ~/mininet/mininet/examples/miniedit.py
You will see the topology as below. Here we mark the IP addresses on the topology for your
convenience (You can right click to check the properties or use mininet commands after you start up the
network).
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
Then click the green Run button in the left bottom corner. You should see the following output in the
Terminal.
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
You can also use the following commands in the mininet CLI (command line interface):
Check the IP configuration of h1:
h1 ifconfig
xterm h1
Now our simulated network is up and running. We next need to start the POX controller to start the
firewall.
b. Now open another Terminal. Change directory to the Lab4 folder and run the run_pox.sh script.
cd ~/MIS543_Lab4
./run_pox.sh
The last line of the above screenshot says that the traffic from IP address 192.168.2.10 to 192.168.2.20
is blocked. We will explain more about this in part 2).
c. Now we have connected the network and started the controller. Our network should be working now.
You need to verify that the hosts are connected and can reach each other.
Return to the Mininet CLI terminal. Use the following command to show the IP configuration of h1:
h1 ifconfig
To ping h2 for three times, you can use the following command in the Mininet CLI:
h1 ping h2 -c3
An alternative way is to open the xterm of h1 and use ifconfig and ping there. The following screenshot
shows how to do it.
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
Deliverables
Now finish the following tasks (either of the two ways is OK):
Deliverable 1:
Screenshot for the IP configuration of h2 (192.168.1.20). (1 POINT)
Deliverable 2:
Screenshot for successful ping from h2 (192.168.1.20) to h1 (192.168.1.10) for three times. (1 POINT)
Deliverable 3:
Screenshot for successful ping from h3 (192.168.1.30) to server (10.0.0.5) for three times. (1 POINT)
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
We are not going to place a firewall between Host h1 and h2. But first, you need to go through the
following steps:
• In Terminal 1 (CLI), type “exit”. Then hit Stop in MiniEdit to stop the Mininet virtual network.
• In Terminal 2, press Ctrl + C to stop the POX controller. You can restart it when you restart the
network.
1) Firewall rules are written down in a .csv file which will be taken as an input by Mininet application.
Edit firewall-policies.csv. The traffic from “ip_src” and “ip_dest” is blocked by the firewall.
Add one line in firewall-policies.csv to block traffic from 192.168.1.10 to 192.168.1.20
2) In the MiniEdit window, click on Run to start the network simulation.
3) Open new terminal(terminal 2) and execute following command to invoke POX
./run_pox.sh
5) Execute the command “pingall” in terminal 1. You will see that the packets between h1 and h2 are
dropped.
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
Deliverables
Deliverable 1:
1) Explain the steps that you had taken to place a firewall. (1 POINTS)
Deliverable 2:
2) Ping h1 to h2 and from h2 to h1 for three times. Provide a screenshot that verifies that you have
successfully added a firewall to the network. Why a host can or cannot ping the other host? What
can you say about the result? (3 POINTS)
Deliverable 3:
3) Ping h2 to h3 and server. Provide a screenshot that verifies that you have successfully tested the
connectivity of the network. Is the host able to ping other devices in the network? Explain why the
host can/cannot ping the devices on the network. (3 POINTS)
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
1) For the same network topology in Part 2. Open xterm for h1.
2) Enter the following command on the xterm of h1 to start wireshark. Monitor the traffic for h1-eth0
interface in wireshark.
wireshark &
3) Ping h2 for three times in xterm of h1. Monitor the ICMP traffic in Wireshark on h1.
Deliverable 1:
Ping h2 for three times in xterm of h1 and monitor the ICMP traffic in Wireshark. Provide a screenshot of
your Wireshark capture. Explain what you see in Wireshark, and why. (2 POINTS)
4) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3.
Deliverable 2:
Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3. Provide a screenshot
of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in Deliverable 1? Why?
(2 POINTS)
1) Following what you have done in Part 2, block the traffic from h3 to the server.
2) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3.
Deliverable 3:
Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on h3. Provide a screenshot
of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in Deliverable 2? Why?
(2 POINTS)
3) Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on the server.
Deliverable 4:
MIS 543 – Business Data Communications & Networking
Assignment 4: Understanding Firewalls using Mininet
Ping server from h3 for three times. Monitor the ICMP traffic in Wireshark on the server. Provide a
screenshot of your Wireshark capture. Explain what you see in Wireshark. Is it the same as in
Deliverable 3? Why? (2 POINTS)
The firewall in this lab uses a POX controller to install the firewall rules. Open “lab4_pox_firewall.py” in
“~/MIS543_lab4” and answer the following questions:
Deliverable 5: