Lab: Setting up a Dual-Homed Host and Using It as a Poor-man's Router. Form teams of 3 or 2. For this lab, your team will need: o 3 Linux boxes, called F, H, and O. F is the forwarding machine, H is the Host, and O is Other. F should be in the middle between H and O. o A switch or hub. o Two ethernet cables. *** Record answers to questions, etc., in a document, to be submitted for your team. You could open this document on machine O, which will be on the 153.106 (green) network which should be able to reach Google Docs at all times. *** On F, plug in the green ether cable only and make sure you have an IP address on the 153.106.117.* network. *** Record this address and what interface (eth0, eth1, etc.) it is on. *** *** have them check the routin gtable periodically. *** Add step to stop networkmanager... *** You may want to borrow 2 or 3 or 4 sticky notes from your benevolent professor. Use 1 of them to write down the IP address, interface name, and MAC address of the interface on F. On F, make sure you can reach the Internet. Unplug H from all networks. Get a hub or switch and plug in H and F to it (so that now F is connected on two ports). Use ifconfig to configure an IP address on each interface connected to the hub/switch. (e.g., sudo ifconfig eth0 10.0.0.2/24 ) Make F have address 10.0.0.1 and H have address 10.0.0.2. On two sticky notes, write down the IP addresses, MAC addresses, and interface names you just configured on H and F. Make sure each machine can ping the other machine. (Now, F is on two networks: the 153.106.*.* network and the 10.0.0.* network.) Try to ping the 153.106 interface of F from H. You shouldn't be able to... *** What error message does ping give you? *** The problem is that H does not know how to get to any other network besides the one it is connected to -- 10.0.0.*. You can see that by looking at the routing table. Do this on H in a Terminal window: netstat -rn *** Record what you see when you run that command. *** To tell H how to send packets to the rest of the world, we have to add a default route. Search google to figure out how on ubuntu to add a default route on H that tells H to use 10.0.0.1 (F) as its default gateway (i.e., its router to get to the rest of the world). After you find info on google, do this on H and try it out (by trying to ping the 153.106 interface on F from H). *** What command did you use to set up a default route on H? What does the output of netstat -rn look like now? *** Make sure machine O is connected to the 153.106 network only (green ethernet cable). Find the IP address of machine O on the 153.106 network. *** Try to ping that IP address from F and from H. Record what you observe. *** Stop the pings. To explain what you observe, start up wireshark (under "sudo") on F twice. On the first instance, only capture packets on one interface (eth0). On the second instance capture on the other interface (eth1_rename, usually). In each case, set the filter to only show icmp packets (recall that ping uses ICMP). Now, ping from F to O like you did above. You should see the packets in one wireshark window only. Now, ping from H to O. *** Record what you observe. *** Try to ping to the 153.106 interface of F from H. *** Record what you observe in wireshark. *** *** From all these observations, what can you infer? *** --------------------------------------------------------------------------- Just because a machine is on two networks, as F is, does not mean that it will pass packets received on one interface to the other interface. To make a machine do this, you have to set up IP forwarding on the machine. Search the Google and figure out how to enable IP forwarding on an Ubuntu box. I searched for "ubuntu enable IP forwarding". Then, make it so (using the sysctl command), on F. *** Record what you did to turn on IP forwarding. *** Now, start up the ping on H (or perhaps it is still running) to O like before. Do you see the packets in the wireshark instances on F? *** Record what you observe now. *** *** Are you getting ping responses back to H? If not, why? *** Start up wireshark on O and see what icmp messages are being received and sent. *** Record what you observe. *** *** Look at the routing table on O. Does it say where to send packets destined to network 10.0.0.*? *** On O, you need to set up a *host-specific route* so that if O receives a packet from H, it knows how to send a response back. To do this, type this on O: route add -host 10.0.0.2 gw 153.106.117.203 (<-- replace 153.106.117.203 with F's IP address on the 153.106 network.) Once you do this, you should see ping packets flow back and forth between H and O, through F, and you should see them on all 3 wiresharks that you have running. Install openssh-server on O (if it isn't installed already). Now, try to ssh to O from H. It should work. So, now you can ssh between H and O through F. Note that F is not a true router here: it is not advertising on both networks that it forwards packets between the two networks. That's why we had to set up O and H to forward packets to F in order to get the packets to flow back and forth between the two. But, in our current setup, O and H are able to send any traffic to each other. Clean up your stuff. Thanks. Go away.