COIT13146 System and Network Administration

COIT13146 - System and Network Administration

Week 06 - Network and Firewall Basics

This week contains quite a bit of reading, much of which should be

revision of things already learned. We tidy up some of the
details about system networks and introduce some tools that we
will be using to create and test firewalls.

Summary

Software we need to install

* iptables - "administration tool for IPv4 packet filtering and

NAT."

* nmap - "Network exploration tool and security/port scanner.

Chapters we need to read

* 15 - Routing

* 16 - Network Hardware

* 17 - DNS: The Domain Name System

* 18 - The Network File System

* 19 - Sharing System Files

Tasks

Readings

Read all of the recommended chapters before beginning the

assessment items. You will have seen some of the material covered
before, in a prerequisite network course, so it should be a useful
refresher.

Week 06 vt117 [1]

COIT13146 System and Network Administration

Discuss on the course forum if you have problems with any of the
questions or activities.

Assessment

NOTE: For all questions that ask you to write a summary, zero marks apply if
your summary consists mostly of text copied straight from textbook, help files,
man pages, or internet sources.

1. Submit a screenshot of the output from your systems "route"

command. Briefly describe what each line is indicating.

2. VirtualBox allows a number of different network modes. Review

the VirtualBox Help and summarize each of the following virtual
network modes: Network Address Translation (NAT); Bridged
networking; and Internal networking, ensuring that you highlight
the differences between them.

This must be in your own words and your summaries must be much
shorter and simpler than whats in the Help, while still being
clear and correct.

3. View the contents of your /etc/resolv.conf file.

a) Describe the contents and use of the file.

b) What server is nominated as resolving domain names for

your system?

c) Submit a screenshot of your /etc/resolv.conf file.

4. Install (if required) iptables and nmap. Read the man pages
for iptables and nmap and provide a brief summary of each, being
sure to mention what they have in common.

NOTE: Your answer must be in your own words and your summaries
must be much shorter and simpler than whats in the man pages,
while still being clear and correct.

5. The activity in this question is critical to the rest of the

course. Future weeks will use the configuration you create here.

In this activity you will:

a) Build two VirtualBox VMs, cloned from the 'Ubuntu Server'.

The two clones should be named userv1 and userv2 and both
should be configured in the 'Internal network' mode (using
the same internal network name (use the default intnet).

Week 06 vt117 [2]

COIT13146 System and Network Administration

The configuration should ensure that they can both 'see' each
other but not the Internet (e.g. they should be able to ping
each other but not an address on the Internet). See
creating the two servers below for more information.

b) Provide proof that the setup for userv1 and userv2 was
successful. You can provide this proof as follows:

i--A screenshot of each servers successful ping or

traceroute of the other and briefly describe what you
did.

ii--Another screenshot showing that the servers were not

able to ping the Internet as they were using 'Internal
network' mode.

Creating the two servers:

Ensure that the two servers do not both have the same MAC address.
Remember to delete the file /etc/udev/rules.d/70-persistent-
net.rules (review why you need to do this).

To change the name of the server: update the /etc/hostname and

/etc/hosts files as appropriate - use the names userv1 and userv2
for the two virtual servers.

To manually configure your network IP address, netmask and

gateway, edit the /etc/network/interfaces file in both servers and
add the following lines:
# For userv1:
iface eth0 inet static # Configure static IP address and network details.
address 192.168.12.1 # IP address for this host - no two hosts should be the same...
network 192.168.12.0
netmask 255.255.255.0 # Default mask for this IP range.
broadcast 192.168.12.255
gateway 192.168.12.254 # We don't have one, but set a default for now.
dns-nameservers 192.168.1.1 # This has to be your name server - ADSL Router address.

You can use the above values in userv1 as shown. For userv2 use
the next available IP address.

Use network 192.168.12.0 to avoid clashes with possible local

networks that are likely to be configured as 192.168.1.0. (e.g.
your own home network).

For the DNS server you will need to plug in your actual name
server(s), (remember how to look up your name servers? see Q.3).

At this point we need to reboot the server since the

/etc/udev/rules.d/70-persistent-net.rules file was deleted, so go

Week 06 vt117 [3]

COIT13146 System and Network Administration

ahead and reboot the server. This will cause the network card to
be re-initialised on startup.

For changes only to the networking interfaces, we could just

restart the network with:

sudo /etc/init.d/networking restart

If you add an entry in the /etc/hosts file naming the other
server, e.g. in userv1 you put 192.168.12.2 userv2, you should
be able to ping it by name rather than IP address.

Re-start both servers and test that the configuration is still

correct.

How to submit:

Include all answers, files etc. in a single Word document, not

zipped. All screenshots pasted in Word must be easily readable
and legible.

Week 06 vt117 [4]