| 1 | {{{ |
| 2 | #!html |
| 3 | <table border="0" cellpadding="0" cellspacing="0"> |
| 4 | <tr> |
| 5 | <td valign="top" align="left"> |
| 6 | <img src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/Graphics/execute.png?format=raw" height="150" alt="Execute"></a> |
| 7 | </td> |
| 8 | <td> |
| 9 | <h3><u> Step 3: Firewall</u></h3> |
| 10 | For this experiment we will run an OpenFlow Firewall. |
| 11 | <table border="0"> |
| 12 | <tr> |
| 13 | <td > |
| 14 | <ol type="a"> |
| 15 | <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller: |
| 16 | <pre>wget https://www.dropbox.com/s/wc4szossxjeairn/gpo-ryu-firewall.tar.gz |
| 17 | gunzip gpo-ryu-firewall.tar.gz |
| 18 | tar xvf gpo-ryu-firewall.tar |
| 19 | /tmp/ryu/bin/ryu-manager simple_firewall.py loading app simple_firewall.py |
| 20 | </pre> |
| 21 | </li> |
| 22 | <li>Log into <tt>right</tt> and run a <tt>nc</tt> server: |
| 23 | <pre> |
| 24 | nc -l 5001 |
| 25 | </pre> |
| 26 | </li> |
| 27 | <li>Log into <tt>left</tt> and run a <tt>nc</tt> client: |
| 28 | <pre> |
| 29 | nc 10.10.11.1 5001 |
| 30 | </pre></li> |
| 31 | <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vis versa.</li> |
| 32 | <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not: |
| 33 | <pre> |
| 34 | Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'} |
| 35 | Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'} |
| 36 | </pre> |
| 37 | </li> |
| 38 | <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li> |
| 39 | <li>Run a <tt>nc</tt> server on port 5002, then 5003. Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>. <i>Does the behavior match the configuration file?</i> Feel free to modify the configuration file to block other traffic.</li> |
| 40 | |
| 41 | </ol> |
| 42 | </td> |
| 43 | |
| 44 | </tr> |
| 45 | </table> |
| 46 | }}} |