NIST NET Installation Instruction on Redhat 7.X System ** Better sign in as root user to accomplish below else use “su” before inserting your commands. ***
1. Install Redhat 7.1. You can get the image files for this version of Redhat from ftp://archive.download.redhat.com/pub/redhat/linux/7.1/en/iso/i386/
You will need to first burn them on CDs and the try installing them on your machine.
2. Go to http://www-x.antd.nist.gov/cgi-bin/nistnet-distribution to download the appropriate version of NISTNet for your linux kernel. I downloaded the 2.0.12b version since my linux kernel is 2.4.2. If you use2.6.x kernel, 2.0.12c would be the choice.
3. Next install the kernel-source and kernel-header for the Redhat machine. kernel-header-x.x.x-x.x.rpm and kernel-source-x.x.x-x.x.rpm, can be downloaded from the internet using “wget completeURL/filename.rpm”, and use “rpm –ivh ” to install it on the machine.
Note: replace x.x.x with what you get from running the command “uname -rm” or “uname -a”. That’s the kernel version number and the architecture of your linux.
This will install the linux kernel stuff and will create a linux.x.x-x folder in your usr/src foler.
4. Once the above is correctly done, type in “ln -s /usr/src/linux-x.x.x-x /usr/src/linux” into the terminal, x is the kernel version. This will create a link to your linux kernel folder named linux which will be needed by the NISTNet.
5. Go to /usr/src/linux/configs directory, you will see a couple of different config files for different architectures. Pick the right one based on your kernel version. If you are not sure about your kernel version, type in “uname –a”. So in my case I had to pick kernel –x.x.x-x.i686.config.
Then, do the following:
cp kernel-X.X.X-X.i686.config ../.config
Above creates all the dependencies corresponding to your configuration.
5. This would be enough for you to compile and install NIST Net.
tar -xvzf nistnet.2.0.12b.tar.gz
Which creates a Nistnet.x folder , in my case the folder was nistnet.2.0.12b.
You can also check the NISTNet readme file for more information on installation using “vi Nistent.2.0.12b/readme.nistnet”.
6. run the ./Unpatch.Kernel to remove the old patches in the same nistnet.2.0.12b directory.
7. Go to the nistnet directory, in our case, it’s nistnet.2.0.12b.
- Decide whether or not you want support for explicit congestion notification processing. Yes.
- Decide whether you want COS (class of service) selection support. Yes.
- You will also be prompted for Experimental mode.
- removes add-on module (must be done before removing nistnet)
- removes module from kernel
If nistspy did not work in the above commands replace it with spymod.
For my questions about how to install NIST Net, please refer to the README under the nistnet directory and the link: http://snad.ncsl.nist.gov/nistnet/install.html
If your xnistnet doesn’t work try entering values from the command line interface for nistnet and then update the rules and then start it from xnistnet and then it should be fine.
Next big step is to change the Redhat machine into a PC-based router.
1. Below, I assume the machine has two network cards. Each connected to a different subnet, in our simple case, two separate PCs. Configure these two cards with IP address. In our case:
eth0: IP: 192.168.0.3 (It’s the default gateway for subnet machines.)
eth1: IP: 192.168.1.3
Their protocol should be ” none” not DHCP as you are assigning a static ip. Do an ifconfig and you should be able to see all the interfaces. if you don’t see them in the list type in ”ifconfig eth0 up“ and the same for eth1 to bring it into the ifconfig list.
2. Open /etc/sysctl.conf file, change the value of net.ipv4.ip_forward to 1. If doesn’t exist, add this line to the file: net.ipv4.ip_forward = 1.
3. We need IP masquerading going on the Red Hat Linux router. So the settings of the firewall need to be changed. We must enable forwarding packet from one side to the other side. Most Linux systems have two types of firewall, iptable, and ipchains. In the case of my system I made use of ipchains as follows:
For ipchains, add these lines to /etc/sysconfig/ipchains file (key lines in bold) (You can do a vi ipchains to see the content):
-A forward –i eth1 -s 192.168.0.0/255.255.255.0 –d 192.168.1.0/255.255.255.0 -j MASQ :output ACCEPT
The commands are case sensitive.
4. At this point, you may want to restart your network as follows:
# /etc/init.d/network restart
5. Then, restart your firewall:
# /etc/init.d/ipchains restart
6. To see if your new rules have gone into effect, type iptables -L or ipchains -L (again, depending on which firewall you are using). All current rules are displayed.
7. Set the IP, subnetmask and gateway on the two computers connected to the router as follows:
PC connected to eth0: 192.168.0.15/24 gw: 192.168.0.3
PC connected to eth1: 192.168.1.15/24 gw:192.168.1.3
Make sure the PCs have no other network connection.
Now, the whole configuration is done, you can ping from one side network to the other side. Try pinging 192.168.1.15 from the machine which has an IP of 192.168.0.15 and it should succeed.
You can try the xnistnet interface or the command line interface and add delay or BW configuration for the connection between various machines:
cnistnet –a 192.168.1.15 192.168.0.15 --delay 300