Coder Social home page Coder Social logo

common-open-research-emulator-core-tutorials's Introduction

CORE Network Tutorial

This is a Tutorial to get the base knowledge of CORE framework. The configuration of this Tutorial is also available for download in sources folder.

  1. Install and Run CORE Network:

    • 1.1 Please download packages or VMware image available from CORE Network official download page.
    • 1.2 Install daemon and gui packages. Hint: On ubuntu 16.04 and ubuntu 18.04 we got trusty packages to work.
    • 1.3 Run CORE daemon /etc/init.d/core-daemon start.

  2. Add a Router and rename it firewall-router, then add a physical interface to get a bridge on a real ifname on your workstation:

    • 2.1 Configure (double click) the physical interface and select an ethernet interface of your workstation;
    • 2.2 Remove ipv6 from firewall_router if you don't need it;
    • 2.3 Using link tool link firewall-router to the physical interface;
    • Hint: do not use wireless interface for bridging

    Problem: Every time you stop and start your CORE session the Bridge ifname will change on your workstation. Use a command to keep it handy.

    BRIFNAME=$(ifconfig | grep  "^b.[0-9]\{4\}.[a-z0-9]*"| awk -F' ' {'print $1'})

    To make this persistent in a CORE session, as other preferencies, go to Session -> Hooks and configure as follow in picture: Alt text

  3. Run this first test.

    • 3.1 On CORE Network window, run the emulation session clicking on the green arrow, in the left menu.
    • 3.2 Open a terminal on your workstation, check available interfaces (ifconfig or ip ad sh). You will see at least two brand new interfaces, veth* and b.*.
    • 3.3 On your Workstation run brctl show to check what interfaces is a bridge (probably b.). You will also see that veth is the interfaces linked to this bridge.

    Alt text

    • 3.4 On your Workstation run tcpdump -i $BRIFNAME, you will see traffic from the firewall_router like DHCP/BOOT and maybe some ARP request too. Double click on firewall_router, it will open a terminal, see network the network interfaces and check its HWaddress, it's the same you get in the tcpdump stdout.
    # on your workstation
tcpdump -i $BRIFNAME
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on b.42777.a7, link-type EN10MB (Ethernet), capture size 262144 bytes
16:53:35.441144 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:00:00:aa:00:00 (oui Ethernet), length 300
16:53:44.446805 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:00:00:aa:00:00 (oui Ethernet), length 300

  4. Configure the LAN 10.0.0.0/24 to link your workstation to firewall_router. Remember that $BRIFNAME is only a variable name, be sure that this will have a different value on your setup!

    • 4.1 On your Workstation configure the ip with ifconfig $BRIFNAME 10.0.0.254/24 or ip ad ch 10.0.0.254/24 dev $BRIFNAME
    • 4.2 On your Workstation ping 10.0.0.1 (firewall_router). Good news, a working layer2 was created from your workstation to your CORE Network session.
    • 4.3 Disable unecessary routing services, all those that are not needed in this tutorial. Alt text

  5. Enable supernetting, firewall_router must reach internet. All these task must be executed on your workstation.

    • 5.1 Enable ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward.
    • 5.2 NAT all the traffic from the bridge to internet using iptables. What's your ifname linked to internet? That is the output interface:
      • iptables -t nat -A POSTROUTING -s 10.0.0.1 -o wlp2s0 -j MASQUERADE;
      • 10.0.0.1 is the ip of firewall_router;
      • wlp2s0 is the wireless interface that I'm using on my workstation to reach internet;
    • 5.3 Configure a default gateway to firewall_router with command route add default gw 10.0.0.254.
    • 5.4 In firewall-router shell test a foreign ping to 8.8.8.8 or tracepath -n 8.8.8.8, you must see it work. Make it persistent. Alt text

  6. Create a persistent configuration in firewall_router with CORE Network hook services.

    • 6.1 This is an example to make a good resolv.conf into the firewall_router. Alt text Alt text

  7. Create Collision Zones, the switched LANs in your CORE Network project.

    • 7.1 Add network switches to simulate the real world. Remember that every switch will create a bridge interface in your Workstation, including all the interfaces linked in. This means that we can always sniff the traffic directly in the emulated network switch. Rename the switch Aswitch and Bswitch. Alt text
    • 7.2 Create two nodes, one in the A LAN and another in the B LAN.
    • 7.3 In A1 and B1 configuration change services.DefaultRoute configuring the correct firewall_router ip.
    • 7.4 Run a ]tracepath` from A1 to B1 and viceversa, this is a test to check if networks are now reachable each other through the firewall_router.

  8. Add some firewall rule in firewall_router configuration:

    • 8.1 Network A must reach internet and not B.
      • 8.1.1 Enable services.firewall in firewall_router.
      • 8.1.2 Reject traffic in FORWARD chain, from A to B. 
        # IMPORTANT: accept returning packets from B to A, otherwise packets from B will not be forwarded
# this means that if B reach A the forward will works because it was previously established 
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# REJECT traffic from A to B, ip_forward will works but this rule will reject the packets
iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -j REJECT
      • 8.1.3 Add a masquerade rule to NAT all the traffic from A to Internet. 
        iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
    • 8.2 Network B must reach Internet and also A.
      • 8.2.1 Add masquerade rule to NAT all the traffic from B to Internet 
        iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE

Result

Remember: in ~/.core/configs you will also find more complex examples. Alt text

TODO

  • Make the tasks described in 8. without iptables but using Linux Advanced Routing and blackholes.
  • Please contribute, suggest other basic use cases, opening an Issue or Pull Request.

Resources

common-open-research-emulator-core-tutorials's People

Contributors

peppelinux avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

lorenzoelsalserito nlebang

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.