• -P forward DENY -A forward –i eth0 -s 192.168.1.0/255.255.255.0 –d 192.168.0.0/255.255.255.0-j MASQ
  • /etc/init.d/network restart 5. Then, restart your firewall: /etc/init.d/ipchains restart 6. To see if your new rules have gone into effect, type iptables -L
  • Nist net installation Instruction on Redhat X system




    Download 14.96 Kb.
    Sana21.03.2017
    Hajmi14.96 Kb.

    NIST NET Installation Instruction on Redhat 7.X System
    ** Better sign in as root user to accomplish below else use “su” before inserting your commands. ***

    1. Install Redhat 7.1. You can get the image files for this version of Redhat from ftp://archive.download.redhat.com/pub/redhat/linux/7.1/en/iso/i386/

    You will need to first burn them on CDs and the try installing them on your machine.
    2. Go to http://www-x.antd.nist.gov/cgi-bin/nistnet-distribution to download the appropriate version of NISTNet for your linux kernel. I downloaded the 2.0.12b version since my linux kernel is 2.4.2. If you use2.6.x kernel, 2.0.12c would be the choice.
    3. Next install the kernel-source and kernel-header for the Redhat machine. kernel-header-x.x.x-x.x.rpm and kernel-source-x.x.x-x.x.rpm, can be downloaded from the internet using “wget completeURL/filename.rpm”, and use “rpm –ivh ” to install it on the machine.

    ftp://ftp.muug.mb.ca/mirror/redhat/redhat/support/enterprise/isv/kernel-archive/7.1/2.4.2-2/i386/kernel-source-2.4.2-2.i386.rpm

    ftp://ftp.muug.mb.ca/mirror/redhat/redhat/support/enterprise/isv/kernel-archive/7.1/2.4.2-2/i386/kernel-headers-2.4.2-2.i386.rpm
    Note: replace x.x.x with what you get from running the command “uname -rm” or “uname -a”. That’s the kernel version number and the architecture of your linux.

    This will install the linux kernel stuff and will create a linux.x.x-x folder in your usr/src foler.


    4. Once the above is correctly done, type in “ln -s /usr/src/linux-x.x.x-x /usr/src/linuxinto the terminal, x is the kernel version. This will create a link to your linux kernel folder named linux which will be needed by the NISTNet.

    5. Go to /usr/src/linux/configs directory, you will see a couple of different config files for different architectures. Pick the right one based on your kernel version. If you are not sure about your kernel version, type in “uname –a”. So in my case I had to pick kernel –x.x.x-x.i686.config.

    Then, do the following:



    cd /usr/src/linux/configs

    cp kernel-X.X.X-X.i686.config ../.config

    cd /usr/src/linux

    make oldconfig

    make dep

    Above creates all the dependencies corresponding to your configuration.


    5. This would be enough for you to compile and install NIST Net.

    tar -xvzf nistnet.2.0.12b.tar.gz

    Which creates a Nistnet.x folder , in my case the folder was nistnet.2.0.12b.

    You can also check the NISTNet readme file for more information on installation using “vi Nistent.2.0.12b/readme.nistnet”.
    6. run the ./Unpatch.Kernel to remove the old patches in the same nistnet.2.0.12b directory.
    7. Go to the nistnet directory, in our case, it’s nistnet.2.0.12b.

    ./configure

    - Decide whether or not you want support for explicit congestion notification processing. Yes.

    - Decide whether you want COS (class of service) selection support. Yes.
    - You will also be prompted for Experimental mode.

    8. Then build the Nistnet module



    make

    make install
    9. Try things out:

    Test all the modules



    Load.Nistnet (if not working, try “insmod nistnet”)

    - loads "nistnet" emulator module into kernel



    xnistnet

    - runs (X-based) user interface



    cnistnet -h

    - usage info for command-line interface



    insmod mungemod

    - loads "mungebox," a sample emulator add-on



    mungebox -u -a src dest -S

    - view traffic between src and dest



    insmod spymod

    - loads "nistspy" sample add-on (note: only one add-on can be installed at a time)



    nistspy -u -a src port dest port newdest newport

    - duplicate traffic to newdest/port


    10. To turn off:

    cnistnet -d or "off" button in xnistnet

    - turns off emulator



    nistspy -d

    - turn off duplicator


    (mungebox shuts itself off automatically)

    rmmod mungemod (or nistspy)

    - removes add-on module (must be done before removing nistnet)



    rmmod nistnet

    - removes module from kernel


    If nistspy did not work in the above commands replace it with spymod.

    For my questions about how to install NIST Net, please refer to the README under the nistnet directory and the link: http://snad.ncsl.nist.gov/nistnet/install.html


    If your xnistnet doesn’t work try entering values from the command line interface for nistnet and then update the rules and then start it from xnistnet and then it should be fine.
    Next big step is to change the Redhat machine into a PC-based router.
    1. Below, I assume the machine has two network cards. Each connected to a different subnet, in our simple case, two separate PCs. Configure these two cards with IP address. In our case:

    eth0: IP: 192.168.0.3 (It’s the default gateway for subnet machines.)

    eth1: IP: 192.168.1.3
    Their protocol should be ” none” not DHCP as you are assigning a static ip. Do an ifconfig and you should be able to see all the interfaces. if you don’t see them in the list type in ”ifconfig eth0 up“ and the same for eth1 to bring it into the ifconfig list.
    2. Open /etc/sysctl.conf file, change the value of net.ipv4.ip_forward to 1. If doesn’t exist, add this line to the file: net.ipv4.ip_forward = 1.
    3. We need IP masquerading going on the Red Hat Linux router. So the settings of the firewall need to be changed. We must enable forwarding packet from one side to the other side. Most Linux systems have two types of firewall, iptable, and ipchains. In the case of my system I made use of ipchains as follows:
    For ipchains, add these lines to /etc/sysconfig/ipchains file (key lines in bold) (You can do a vi ipchains to see the content):

    :input ACCEPT


    :forward ACCEPT
    -P forward DENY
    -A forward –i eth0 -s 192.168.1.0/255.255.255.0 –d 192.168.0.0/255.255.255.0-j MASQ

    -A forward –i eth1 -s 192.168.0.0/255.255.255.0 –d 192.168.1.0/255.255.255.0 -j MASQ
    :output ACCEPT
    The commands are case sensitive.
    4. At this point, you may want to restart your network as follows:

    # /etc/init.d/network restart


    5. Then, restart your firewall:

    # /etc/init.d/ipchains restart


    6. To see if your new rules have gone into effect, type iptables -L or ipchains -L (again, depending on which firewall you are using). All current rules are displayed.
    7. Set the IP, subnetmask and gateway on the two computers connected to the router as follows:

    PC connected to eth0: 192.168.0.15/24 gw: 192.168.0.3

    PC connected to eth1: 192.168.1.15/24 gw:192.168.1.3

    Make sure the PCs have no other network connection.


    Now, the whole configuration is done, you can ping from one side network to the other side. Try pinging 192.168.1.15 from the machine which has an IP of 192.168.0.15 and it should succeed.
    You can try the xnistnet interface or the command line interface and add delay or BW configuration for the connection between various machines:
    cnistnet –a 192.168.1.15 192.168.0.15 --delay 300

    cnistnet –a 192.168.0.15 192.168.1.15 --delay 200



    Reference: http://mongol-it.blogspot.com/2008/11/setting-up-red-hat-linux-as-router.html


    Download 14.96 Kb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa


    Nist net installation Instruction on Redhat X system

    Download 14.96 Kb.