FluxTuna 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.rvmrc +27 -0
- data/Gemfile +51 -0
- data/Gemfile.lock +61 -0
- data/HISTORY +16 -0
- data/LICENSE +13 -0
- data/README.rdoc +20 -0
- data/Rakefile +100 -0
- data/VERSION +1 -0
- data/bin/whitecloth +49 -0
- data/lib/LICENSE +20 -0
- data/lib/WhiteCloth.rb +24 -0
- data/lib/whitecloth/cli/base.rb +102 -0
- data/lib/whitecloth/cli/commands/bootstrap.rb +103 -0
- data/lib/whitecloth/cli/commands/help.rb +106 -0
- data/lib/whitecloth/cli/commands/show.rb +87 -0
- data/lib/whitecloth/cli/commands.rb +29 -0
- data/lib/whitecloth/cli/logger.rb +88 -0
- data/lib/whitecloth/cli.rb +29 -0
- data/test/data/bayeux/Labs/Lab1/L1_Internet.byx +536 -0
- data/test/data/bayeux/Labs/Lab1/L1_Internet.yaml +1 -0
- data/test/data/bayeux/Labs/Lab2/L2_StaticR.byx +383 -0
- data/test/data/bayeux/Labs/Lab2/L2_StaticR.yaml +1 -0
- data/test/data/bayeux/Labs/Lab3/L3_DNS.byx +943 -0
- data/test/data/bayeux/Labs/Lab3/L3_DNS.yaml +1 -0
- data/test/data/bayeux/Labs/Labs.byx +1 -0
- data/test/data/bayeux/Labs/Labs.yaml +1 -0
- data/test/data/bayeux/Resources/Resources.byx +91 -0
- data/test/data/bayeux/Resources/Resources.yaml +1 -0
- data/test/data/bayeux/Welcome.byx +49 -0
- data/test/data/bayeux/Welcome.yaml +1 -0
- data/test/data/data_test.rb +29 -0
- data/test/dir_walk/create_witness_test.rb +39 -0
- data/test/init_test.rb +26 -0
- metadata +268 -0
@@ -0,0 +1,536 @@
|
|
1
|
+
[h1 Connecting to the Internet]
|
2
|
+
|
3
|
+
[h2 Aim]
|
4
|
+
|
5
|
+
During this lab you will create a small network, linking a Windows client to
|
6
|
+
the Internet via an intermediate router. You will start with a very simple
|
7
|
+
set-up, and then gradually add and configure the intermediate router to
|
8
|
+
produce the final configuration.
|
9
|
+
|
10
|
+
For the purpose of this lab, you only need to set-up the [ac TCPIP] network
|
11
|
+
stack: we will do most of our network testing using [tt ping] to start with.
|
12
|
+
Once you have the [ac TCPIP] network working, try enabling other services and
|
13
|
+
see what happens.
|
14
|
+
|
15
|
+
[note]
|
16
|
+
This lab may seem arcane and complex at first sight, but is
|
17
|
+
actually very simple. The hard part is learning to work through the
|
18
|
+
configuration of each client, router and patch panel in a methodical
|
19
|
+
manner. Once you know how to do this, you should be able to replicate
|
20
|
+
your efforts in a few minutes. It will probably take you longer than
|
21
|
+
that on the first few tries, however...
|
22
|
+
[end]
|
23
|
+
|
24
|
+
[h2 Objectives]
|
25
|
+
|
26
|
+
[ul]
|
27
|
+
|
28
|
+
[item You will be able to configure the basic [ac TCPIP] parameters
|
29
|
+
on a Windows client]
|
30
|
+
|
31
|
+
[item You will be able to use [man:8 ifconfig] to set-up basic
|
32
|
+
[ac TCPIP] parameters on a Unix system]
|
33
|
+
|
34
|
+
[item You will be able to identify how a router may be used to
|
35
|
+
join physically unrelated networks.]
|
36
|
+
|
37
|
+
[item You will be able to calculate maximum and minimum hosts,
|
38
|
+
sub-net number and network address given an arbitrary [ac IPv4]
|
39
|
+
address and subnet mask.]
|
40
|
+
|
41
|
+
[item You will be able to configure [ac TCPIP] in a routed
|
42
|
+
environment, and identify the differences between a Routed and a
|
43
|
+
Switched network.]
|
44
|
+
|
45
|
+
[item You will be able to identify the need for an automatically
|
46
|
+
configured network routers]
|
47
|
+
|
48
|
+
[end]
|
49
|
+
|
50
|
+
[h2 Pre-Requisites]
|
51
|
+
|
52
|
+
[ul]
|
53
|
+
|
54
|
+
[item You will need a copy of the Windows XP Service Pack 3
|
55
|
+
client, held in on the lab computers.]
|
56
|
+
|
57
|
+
[item You will need a copy of the [tt pfSense Router]
|
58
|
+
client, available from the module site. These notes assume you
|
59
|
+
will be using image version [tt 01]. Ask the tutor for
|
60
|
+
details if you are unsure.]
|
61
|
+
|
62
|
+
[item You should be familiar with running an operating system
|
63
|
+
image under VMWare in the labs. If you haven't set-up a client
|
64
|
+
image before, have a look on the module lab page for a tutorial
|
65
|
+
on VMWare which will take you through the steps.]
|
66
|
+
|
67
|
+
[item You should be aware of how to set-up a basic Ethernet
|
68
|
+
network. We will not be using anything fancy, but should should
|
69
|
+
be comfortable with the patch panel and basic switch set-up.]
|
70
|
+
|
71
|
+
[item Finally it would be a good ideal to have some familiarity
|
72
|
+
with the basics of [ac IPv4] addressing and sub-netting theory.]
|
73
|
+
|
74
|
+
[end]
|
75
|
+
|
76
|
+
[h2 Equipment]
|
77
|
+
|
78
|
+
[ol]
|
79
|
+
|
80
|
+
[item 1 $\times$ switch on the rack system]
|
81
|
+
[item 2 $\times$ computers capable of running VMWare 6.5]
|
82
|
+
[item 4 $\times$ UTP Cat5 patch cables]
|
83
|
+
|
84
|
+
[end]
|
85
|
+
|
86
|
+
[h2 Recommended Reading]
|
87
|
+
|
88
|
+
Most of the background documentation is available on
|
89
|
+
the module site, under the notes for [e Lab 1].
|
90
|
+
|
91
|
+
If you have not used a Unix system before, have a look
|
92
|
+
at the [e Brief Guide to Unix] available on the module Wiki.
|
93
|
+
You will also find links to the Unix manual ([tt man]) pages
|
94
|
+
of the commands used in this lab.
|
95
|
+
|
96
|
+
Finally, if you need a reminder of how [ac IPv4]
|
97
|
+
addressing works, read the [e Short Note on IP Addressing]
|
98
|
+
available on the module web-site.
|
99
|
+
|
100
|
+
[h2 Connecting a Client Directly to the Internet]
|
101
|
+
|
102
|
+
The first host we will set-up will be a single Windows XP client, connected
|
103
|
+
directly to the Internet via an [ac ADSL] router. For many of you, this set-up
|
104
|
+
will be familiar: once you know how the lab works, you can move onto the
|
105
|
+
subsequent problems.
|
106
|
+
|
107
|
+
You can find a copy of the Windows XP client on the lab machines system disk,
|
108
|
+
in the folder [tt C:\VMWare\Virtual Machines\Windows XP Pro SP3]. Copy the
|
109
|
+
entire folder to [tt D:\], and open the folder. Click on the file [tt Windows
|
110
|
+
XP Pro SP3.vmx] inside the folder [tt D:\Windows XP Pro SP3]. VMWare should
|
111
|
+
now start, opening the [tt Windows XP Pro SP3] image.
|
112
|
+
|
113
|
+
[note]
|
114
|
+
[e Before] you start the image, check the Ethernet card in VMWare is set to
|
115
|
+
'Bridged' mode. If necessary, change the network type of the virtual interface
|
116
|
+
card to 'Bridged' mode[fn We will be using real hardware in this lab, so you
|
117
|
+
need to tell VMWare to direct everything to the underlying network hardware
|
118
|
+
used by the host. We will later look at situations where we use a mix of
|
119
|
+
virtual and real hardware.].
|
120
|
+
[end]
|
121
|
+
|
122
|
+
When you are ready, click the green [e Run] button . Alternatively, select [tt
|
123
|
+
VM] $\rightarrow$ [tt Power] $\rightarrow$ [tt Power On] from the menu bar.
|
124
|
+
The virtual machine should now begin to start loading.
|
125
|
+
|
126
|
+
VMWare may ask you if you have 'moved or copied' the virtual machine. Select
|
127
|
+
'copied' and VMWare will regenerate the MAC address[fn VMWare generates the
|
128
|
+
[sc mac] addresses for the virtual machines when the image is first created.
|
129
|
+
Selecting [e copied] forces VMWare to regenerate the [sc mac] addresses,
|
130
|
+
allowing you to have multiple images attached to the same network. If you
|
131
|
+
select [e move], VMWare would use the original [sc mac] address, and everyone
|
132
|
+
would end up with the same one. At the very least this will cause confusion,
|
133
|
+
but it would normally prevent the networking working at all.].
|
134
|
+
|
135
|
+
While the virtual Windows image boots, cable your host to the [ac ADSL] line
|
136
|
+
using a switch. Each group should use their own switch to start with, in order
|
137
|
+
to reduce potential problems. Once your group has got everything up and
|
138
|
+
running, you should be able to combine machines with other groups to grow the
|
139
|
+
sub-net.
|
140
|
+
|
141
|
+
For the moment, though, turn you attention the small patch panel on the bench in front of you and the larger patch panels at the back of the lab.
|
142
|
+
|
143
|
+
Before you move to the patch panel at the back of the room, note the number
|
144
|
+
underneath the [s red] faceplate (which should have a patch cable in it
|
145
|
+
leading to the back of your computer). The number should be between [tt 01]
|
146
|
+
and [tt 30]. Make a note of the number, and move to the back of the lab.
|
147
|
+
|
148
|
+
At the back of the lab inside one of the middle cabinets, you should see a
|
149
|
+
small black patch panel below a large green one (it will have 24 ports on it).
|
150
|
+
Ports 1--5 of the [s black] patch panel will have an [ac ADSL] router
|
151
|
+
behind them, on the [tt 192.168.7.0/24] subnet. Select a free port (other
|
152
|
+
groups will be using other [ac ADSL] routers), and patch from the selected
|
153
|
+
port to a [e free] switch. You can use the same switch as a another group if
|
154
|
+
your really want, but you can avoid someone else's problems by reserving a
|
155
|
+
switch for your group. [e Make a note] of your chosen port number on the
|
156
|
+
[s black] patch panel --- you will need it later to work out the gateway
|
157
|
+
address to use for your clients. Use [ref table:PortNum] to find the
|
158
|
+
gateway address from the number of your [s black] patch-panel port.
|
159
|
+
|
160
|
+
While you are at the back of the lab, patch from your chosen switch to the
|
161
|
+
port on the [s red] patch panel where your lab computer connects to. Your
|
162
|
+
port will have the same number as the red faceplate on your bench: [e i.e.]
|
163
|
+
the number you made a note of earlier. For example, if your bench faceplate
|
164
|
+
has the number [tt 12] below it, patch from port [tt 12] on the red patch
|
165
|
+
panel to your chosen switch.
|
166
|
+
|
167
|
+
[table:PortNum]
|
168
|
+
Port Number | Gateway Address
|
169
|
+
------------------------------
|
170
|
+
[tt 1] | [tt 192.168.7.1/24]
|
171
|
+
[tt 2] | [tt 192.168.7.2/24]
|
172
|
+
[tt 3] | [tt 192.168.7.3/24]
|
173
|
+
[tt 4] | [tt 192.168.7.4/24]
|
174
|
+
[tt 5] | [tt 192.168.7.5/24]
|
175
|
+
[tt 6] | [tt 192.168.7.6/24]
|
176
|
+
[caption Mapping [ac ADSL] Patch-Panel Ports to Gateway Addresses]
|
177
|
+
[end]
|
178
|
+
|
179
|
+
[note]
|
180
|
+
The [ac ADSL] routers on Ports [tt 1], [tt 2] and [tt
|
181
|
+
4] will [e require] a crossover cable to work correctly. The [ac ADSL] routers
|
182
|
+
on Ports [tt 3], [tt 5] and [tt 6] can be patched using either a
|
183
|
+
straight-through or a crossover cable[fn Not all our [ac ADSL] routers are
|
184
|
+
identical, and those living on Ports [tt 1], [tt 2] and [tt 4] do not have [e
|
185
|
+
auto-sensing] Ethernet ports. The ports on the other [ac ADSL] routers can
|
186
|
+
detect where the [sc tx] and [sc rx] pairs are in the patch cable, and
|
187
|
+
configure themselves accordingly.
|
188
|
+
[end]
|
189
|
+
|
190
|
+
[question]
|
191
|
+
[item For routers without auto-sensing Ethernet ports, why do we have to use a cross-over patch cable to connect the router to the switch?.]
|
192
|
+
[end]
|
193
|
+
|
194
|
+
[medskip]
|
195
|
+
|
196
|
+
When everything is patched, your virtual Windows machine should be connected
|
197
|
+
to an ASDL router. All you need to do now is to configure your Windows
|
198
|
+
machine, so that you can connect to the Internet via the [ac ADSL] router.
|
199
|
+
|
200
|
+
[medskip]
|
201
|
+
|
202
|
+
Inside the Windows client image, click [tt Control Panel] $\rightarrow$ [tt
|
203
|
+
Network and Internet Connections] $\rightarrow$ [tt Network Connections] to
|
204
|
+
open the list of adapters. You should see the VMWare bridged connection in
|
205
|
+
here, and it should be listed as '[tt Connected]'
|
206
|
+
|
207
|
+
Right-click on the icon for the VMWare adapter, and then click [tt Properties]
|
208
|
+
from the pop-up menu. Windows should bring up the list of protocols and
|
209
|
+
services for this adapter.
|
210
|
+
|
211
|
+
Find the [tt Internet Protocol (TCP/IP)] service, and then click [tt
|
212
|
+
Properties] to alter the [ac IPv4] parameters for the VMWare adapter. You will
|
213
|
+
probably find the boxes in the dialogue box greyed out, as Windows will try to
|
214
|
+
get everything from a [ac DHCP] server.
|
215
|
+
|
216
|
+
Tell Windows you want to enter the [ac IPv4] address and sub-net mask
|
217
|
+
manually, and enter an [ac IPv4] address in the form [tt 192.168.7.1x] where
|
218
|
+
[tt x] is your computer number. For instance if you are connect to the bench
|
219
|
+
patch panel [tt 15], your [ac IPv4] address will be [tt 192.168.7.115]. Your
|
220
|
+
sub-net mask will be the same as that for your [ac ADSL] router. Finally you
|
221
|
+
will need to put in the details for your [ac ADSL] router for your default
|
222
|
+
gateway. You will also want to put the [ac IPv4] address of the [ac ADSL]
|
223
|
+
router in the box marked [tt Preferred [ac DNS] server]. Leave the [tt
|
224
|
+
Alternate [ac DNS] server] box blank.
|
225
|
+
|
226
|
+
Close the sequence of dialogue boxes, and Windows should reconfigure the
|
227
|
+
adapter.
|
228
|
+
|
229
|
+
[medskip]
|
230
|
+
|
231
|
+
Once the VMWare adapter has been configured, you will need to make sure
|
232
|
+
everything is working. Open a command shell, by going to [tt Start Menu]
|
233
|
+
$\rightarrow$ [tt Run]. Type [tt cmd], and press [tt Enter] and you should see
|
234
|
+
a command prompt.
|
235
|
+
|
236
|
+
Now run the a basic sequence of service tests as follows
|
237
|
+
|
238
|
+
[command]
|
239
|
+
ping www.myertor.com
|
240
|
+
[end]
|
241
|
+
[command]
|
242
|
+
ping 81.187.233.190
|
243
|
+
[end]
|
244
|
+
[command]
|
245
|
+
tracert www.myertor.com
|
246
|
+
[end]
|
247
|
+
[command]
|
248
|
+
tracert 81.187.233.190
|
249
|
+
[end]
|
250
|
+
|
251
|
+
[h3 Questions]
|
252
|
+
|
253
|
+
[ol]
|
254
|
+
[item What is the output of the [tt ping] commands? Is this what you would expect? Why?
|
255
|
+
[item What is the output of [tt tracert] commands? Is this what you would expect? Why?
|
256
|
+
[end]
|
257
|
+
|
258
|
+
[h2 Setting up the [ac WAN] Interface of the Sub-net Border Router]
|
259
|
+
|
260
|
+
Now we have a known working connection to the Internet, we will reconfigure
|
261
|
+
the Windows client to connect to an intermediate border router. The Windows
|
262
|
+
client will connect to sub-net [tt 172.20.56.0/27], using an intermediate
|
263
|
+
border router to regain the connection to the Internet.
|
264
|
+
|
265
|
+
Our intermediate router will be running [tt pfSense], and you can download a
|
266
|
+
copy of the [tt pfSense Router 01] image from the lab page on the module
|
267
|
+
web-site.
|
268
|
+
|
269
|
+
[medskip]
|
270
|
+
|
271
|
+
To set-up the [tt pfSense Router] image, download a copy of the [tt pfSense
|
272
|
+
Router 01] image from the module Wiki. By default Internet Explorer will try
|
273
|
+
to save the image on your [tt F:] --- and will probably fail. Instead,
|
274
|
+
right-click on the link shown in the module web-page, and click [tt Save As]
|
275
|
+
to put the file on [tt D:\]. When the download finishes, open [tt D:\] and
|
276
|
+
right-click on the file '[tt pfSense\_Router\_01.7z]' and select [tt 7-zip]
|
277
|
+
$\rightarrow$ [tt Extract Here] to open the archive. When 7-zip finishes, you
|
278
|
+
should see a folder called '[tt pfSense Router]' in [tt D:\]. Open the [tt
|
279
|
+
pfSense Router] folder, and double-click on the file '[tt pfSense Router.vmx]'
|
280
|
+
to open VMWare.
|
281
|
+
|
282
|
+
Your [tt pfSense Router] will have two virtual Ethernet cards. The first card
|
283
|
+
[e must] be set to 'Bridged' mode, and will be used to connect the border
|
284
|
+
router to the [ac ADSL] router. In [tt pfSense], the virtual Ethernet
|
285
|
+
interface will be called the [tt WAN] interface.
|
286
|
+
|
287
|
+
Your second virtual Ethernet interface [e must] be set to 'Host-only' mode.
|
288
|
+
Later we will connect the Windows client image to this interface. Under [tt
|
289
|
+
pfSense] this interface will be known as the [tt LAN] image.
|
290
|
+
|
291
|
+
Make sure the [tt pfSense Router] interfaces are set-up correctly, and start
|
292
|
+
the image using the [e Run] icon from the toolbar (or on the image summary
|
293
|
+
screen). Again, if asked whether the image has been 'Moved or copied', select
|
294
|
+
'copied' and let the image continue to boot.
|
295
|
+
|
296
|
+
[medskip]
|
297
|
+
|
298
|
+
[figure:pfBoot]
|
299
|
+
[image pfSense_menu]
|
300
|
+
[caption The [tt pfSense] menu]
|
301
|
+
[end]
|
302
|
+
|
303
|
+
When the image has finished booting, you should see a text menu with a list of
|
304
|
+
options as shown in [ref pfBoot]. Some [tt pfSense] options can be
|
305
|
+
configured by this text-based interface: most of the options, though, are
|
306
|
+
configured by a web-based interface.
|
307
|
+
|
308
|
+
We will look at the web-based interface very shortly. Usually when configuring
|
309
|
+
[tt pfSense] you set-up the router on the [ac LAN] first, and then use the
|
310
|
+
web-based interface to configure the [ac WAN] interface. Hence option [tt 2)]
|
311
|
+
on the text-menu to set the [ac LAN] [ac IPv4] address: [tt pfSense] assumes
|
312
|
+
that once the [ac LAN] [ac IPv4] is set, everything else can be done through
|
313
|
+
the web interface.
|
314
|
+
|
315
|
+
However, in this lab we are effectively working 'backwards' --- moving from
|
316
|
+
the Internet connection back towards the client. This allows us to check the
|
317
|
+
connection at each stage, but means we have to do a bit more work to set-up
|
318
|
+
[tt pfSense].
|
319
|
+
|
320
|
+
[medskip]
|
321
|
+
|
322
|
+
[figure:pfShell]
|
323
|
+
pfSense_shell]
|
324
|
+
[caption Calling Up the Shell in [tt pfSense]]
|
325
|
+
[end]
|
326
|
+
|
327
|
+
Our first task is therefore to set-up the [tt WAN] interface, making sure our
|
328
|
+
sub-net router can talk to the [ac ADSL] router. We will do this using the [tt
|
329
|
+
pfSense] command line, and the [man:8 ifconfig] command. Type [tt 8] and press
|
330
|
+
[tt Return] to select the [tt 8) Shell] option. This will open a command line,
|
331
|
+
as shown in [ref pfShell]
|
332
|
+
|
333
|
+
[medskip]
|
334
|
+
|
335
|
+
You can read about the [man:8 ifconfig] command from the links on the module
|
336
|
+
Wiki. Use [man:8 ifconfig] command to [e temporarily][fn All Unix systems use
|
337
|
+
the 'interface configuration' command [man:8 ifconfig] to perform [e
|
338
|
+
temporary] configuration of the network interfaces. Some, e.g. Silicon
|
339
|
+
Graphics Irix, use [man:8 ifconfig] to perform permanent alterations as well.
|
340
|
+
Under [tt pfSense] (FreeBSD) you will have to edit the the [tt /etc/rc.d] file
|
341
|
+
if you want your configurations to survive a reboot of the image. Have a look
|
342
|
+
at the [e FreeBSD Handbook] for more details.] set the [ac IPv4] address of
|
343
|
+
the [tt em0] interface. The basic syntax of the [man:8 ifconfig] is
|
344
|
+
|
345
|
+
[command]
|
346
|
+
ifconfig <interface> inet <address> netmask <mask>
|
347
|
+
[end]
|
348
|
+
|
349
|
+
You might want to type
|
350
|
+
|
351
|
+
[command]
|
352
|
+
ifconfig
|
353
|
+
[end]
|
354
|
+
|
355
|
+
and examine the output to get a feel for the command.
|
356
|
+
|
357
|
+
[medskip]
|
358
|
+
|
359
|
+
Our [tt WAN] interface is [tt em0][fn See the list of interfaces displayed in the login screen, or in [ref pfBoot]]. Thus the basic syntax will be
|
360
|
+
|
361
|
+
[command]
|
362
|
+
ifconfig em0 inet <address> netmask <mask>
|
363
|
+
[end]
|
364
|
+
|
365
|
+
Set the interface address using pattern [tt 192.168.n.1x], where [tt x] is the
|
366
|
+
number of your bench faceplate and [tt n] is the sub-net used by your [ac
|
367
|
+
ADSL] router. For instance, if your computer is connected to faceplate [tt 12]
|
368
|
+
on [tt Port 3], use the [ac IPv4] address [tt 192.168.7.112]. The sub-net mask
|
369
|
+
obviously remains as before. Use
|
370
|
+
|
371
|
+
[command]
|
372
|
+
ifconfig
|
373
|
+
[end]
|
374
|
+
|
375
|
+
and review the output to make sure everything is as you expect.
|
376
|
+
|
377
|
+
[medskip]
|
378
|
+
|
379
|
+
With the interface address set, try the basic service tests again
|
380
|
+
|
381
|
+
[command]
|
382
|
+
ping www.myertor.com
|
383
|
+
[end]
|
384
|
+
|
385
|
+
[command]
|
386
|
+
ping 81.187.233.190
|
387
|
+
[end]
|
388
|
+
|
389
|
+
[command]
|
390
|
+
traceroute www.myertor.com
|
391
|
+
[end]
|
392
|
+
|
393
|
+
[command]
|
394
|
+
traceroute 81.187.233.190
|
395
|
+
[end]
|
396
|
+
|
397
|
+
[h3 Questions]
|
398
|
+
|
399
|
+
[ol]
|
400
|
+
[item What is the output of the [tt ping] commands? Is this what you would expect? Why?
|
401
|
+
[item What is the output of [tt traceroute] commands? Is this what you would expect? Why?
|
402
|
+
[end]
|
403
|
+
|
404
|
+
[medskip]
|
405
|
+
|
406
|
+
Now try setting the default gateway of the border router to the address of the
|
407
|
+
[ac ADSL] modem. You will need to use the [man:8 route][fn See the lab notes
|
408
|
+
on the module Wiki for more details of the [man:8 route] command.] command to
|
409
|
+
tell [tt pfSense] where to send foreign packets to.
|
410
|
+
|
411
|
+
Although [man:8 route] can do many things to the routing table, for our purposes the basic command we need is
|
412
|
+
|
413
|
+
[command]
|
414
|
+
route add default <gateway\_address>
|
415
|
+
[end]
|
416
|
+
|
417
|
+
where [tt <gateway\_address>] is the address of the [ac ADSL] router. Set the
|
418
|
+
default gateway using the [man:8 route] command and try the basic service
|
419
|
+
tests again
|
420
|
+
|
421
|
+
[command]
|
422
|
+
ping www.myertor.com
|
423
|
+
[end]
|
424
|
+
|
425
|
+
[command]
|
426
|
+
ping 81.187.233.190
|
427
|
+
[end]
|
428
|
+
|
429
|
+
[command]
|
430
|
+
traceroute www.myertor.com
|
431
|
+
[end]
|
432
|
+
|
433
|
+
[command]
|
434
|
+
traceroute 81.187.233.190
|
435
|
+
[end]
|
436
|
+
|
437
|
+
[h3 Questions]
|
438
|
+
|
439
|
+
[ol]
|
440
|
+
[item What is the output of the [tt ping] commands this time? Is this what you would expect? Why?
|
441
|
+
[item What is the output of [tt traceroute] commands this time? Is this what you would expect? Why?
|
442
|
+
[end]
|
443
|
+
|
444
|
+
[h2 Setting up the [ac LAN] Interface of the Sub-net Border Router]
|
445
|
+
|
446
|
+
Once the [ac WAN] interface is set-up and known to be working, you will need
|
447
|
+
to set-up the [ac LAN] interface. Once both interfaces have been set-up, we
|
448
|
+
can connect the Windows client to the Internet via the newly configured border
|
449
|
+
router.
|
450
|
+
|
451
|
+
[medskip]
|
452
|
+
|
453
|
+
As we mentioned before, setting up the [ac LAN] interface in [tt pfSense] is
|
454
|
+
considerably easier. Setting the [ac LAN] interface by hand fits the 'natural'
|
455
|
+
way of setting-up [tt pfSense] in most environments.
|
456
|
+
|
457
|
+
If you are still on the [tt pfSense] command line from the previous task, type
|
458
|
+
|
459
|
+
[command]
|
460
|
+
exit
|
461
|
+
[end]
|
462
|
+
|
463
|
+
to return to the [tt pfSense] menu.
|
464
|
+
|
465
|
+
[note]
|
466
|
+
Do not reset the router to return to the [tt pfSense] menu]. If you reset the router your [ac WAN] configuration will be lost and you will have to re-configure the interface before you go any further][fn Remember we have only set-up the [ac WAN] interface temporarily. We need to use the Web interface (or edit a few configuration file) to make your changes permanent)].
|
467
|
+
[end]
|
468
|
+
|
469
|
+
When you can see the [tt pfSense] menu again, select option [tt 2)] to start
|
470
|
+
the configuration of the [ac LAN] interface. This should start a small
|
471
|
+
text-based wizard, allowing you to specify the interface address and sub-net
|
472
|
+
mask. When asked whether you can a [ac DHCP] server, select [tt no] or '[tt
|
473
|
+
n]'.
|
474
|
+
|
475
|
+
You don't have to use the interface wizard: now you know how to use the [man:8
|
476
|
+
ifconfig] command you can set-up the [tt em1] ([ac LAN]) interface as before.
|
477
|
+
If you want to set-up the interface this way, you will need to open a
|
478
|
+
command line shell as before.
|
479
|
+
|
480
|
+
Whichever way you choose to set-up the [ac LAN] interface, you will need to
|
481
|
+
use the same information. In both cases, set-up your [ac LAN] interface as the
|
482
|
+
[e lowest] use-able address on the [tt 172.20.56.30/27] network.
|
483
|
+
|
484
|
+
[questions]
|
485
|
+
[item What is the lowest use-able address on the [tt 172.20.56.30/27] network?
|
486
|
+
[item What is the sub-net mask of the [tt 172.20.56.30/27] network in dotted decimal form?
|
487
|
+
[item What is the broadcast address address of the [tt 172.20.56.30/27] network in dotted decimal form?
|
488
|
+
[end]
|
489
|
+
|
490
|
+
[h2 Connecting the Windows Client]
|
491
|
+
|
492
|
+
With both the [ac WAN] and [ac LAN] interfaces configured, you should now be
|
493
|
+
able to connect the Windows client to the [tt 172.20.56.30/27] sub-net. [e You
|
494
|
+
will need to change the virtual interface type from 'Bridged' to 'Host-Only'
|
495
|
+
before the client will connect properly]. Give the Windows client the highest
|
496
|
+
host (last use-able) address on the [tt 172.20.56.30/27] sub-net.
|
497
|
+
|
498
|
+
[h3 Questions]
|
499
|
+
|
500
|
+
[ol]
|
501
|
+
[item What is the last use-able address on the [tt 172.20.56.30/27] network?
|
502
|
+
[item Which [ac IPv4] address should you use as the default gateway on the [tt 172.20.56.30/27] sub-net, given the configuration already done for the previous task?
|
503
|
+
[end]
|
504
|
+
|
505
|
+
Set the default gateway on the Windows client. You can also tell Windows to
|
506
|
+
use the same address for the [ac DNS] resolver[fn Our router runs a [ac DNS]
|
507
|
+
forwarder, which should pick up the correct [ac DNS] resolver addresses from
|
508
|
+
the [ac ADSL] router.]. Try the basic service tests again
|
509
|
+
|
510
|
+
[command]
|
511
|
+
ping www.myertor.com
|
512
|
+
[end]
|
513
|
+
|
514
|
+
[command]
|
515
|
+
ping 81.187.233.190
|
516
|
+
[end]
|
517
|
+
|
518
|
+
[command]
|
519
|
+
traceroute www.myertor.com
|
520
|
+
[end]
|
521
|
+
|
522
|
+
[command]
|
523
|
+
traceroute 81.187.233.190
|
524
|
+
[end]
|
525
|
+
|
526
|
+
[h3 Questions]
|
527
|
+
|
528
|
+
[ol]
|
529
|
+
[item What is the output of the [tt ping] commands? Is this what you would expect? Why?]
|
530
|
+
[item What is the output of [tt traceroute] commands? Is this what you would expect? Why?]
|
531
|
+
[end]
|
532
|
+
|
533
|
+
As a final check, you should now be able to use the [tt pfSense] web interface
|
534
|
+
from the Windows client. Open Internet Explorer in Windows and type in the
|
535
|
+
address of the sub-net border router. The login name is [tt admin], and the
|
536
|
+
password is [tt gold].
|
@@ -0,0 +1 @@
|
|
1
|
+
title: Lab 1
|