In previous labs, some students had problems setting up their virtual machines because of several issues, including sometimes not running the appropriate scripts to clone machines to configure networks or to establish internal settings for the machines. In other cases, the scripts did not run because vboxmanage was not in the search path for the shell (or command prompt) where the scripts were run. Please review last year's general lab instructions for virtualbox here, for guidance on setting up these virtual machines correctly (paying particular attention to the discussion of search path for vboxmanage, as well as the need to create a "base" snapshot for the fedora30-fall20 virtal machine, before it can be cloned by the populate script. Please be aware that the download instructions for scripts and ova files are different than what is in last years instructions, but the new locations are described in each lab.
Please note that you may need to login to google drive with your USC account in order to access these files.
(you can use the version previously downloaded if you like, or clone from the pevious installation). The files in the google drive for lab 6 are:
You will note that there is a directoy with scripts (or BATCH files) for this lab. There is a directory for windows machines, and another for Linux and apple systems. Download the scripts from the directory that is relevant to your machine. The scripts in these directories are used to clone the virtual machines (populate), start them (poweron), configure the network between them (construct network, set internal settings for the guest machine (guestOS-internal-setting), power them off, and get rid of them when you are done with the lab (destroy).
You will run these scripts at the appropriate time for the experment nftables below.
There are additional links in bullet 1, and also 2 and 3 which are for more advanced elements on the topic of firewalls. These cannot be accomplished using your current virtual machine setup. For these advanced sections of the lab you should review the material to understand how it fits into the context of that part of the lab which you are performing. You do not need to execute and perform these other parts of the lab, bt you may be asked questions regarding the description that you will review.
The material covered in this lab falls into three components:
After you have performed the above lab components, answer the following questions.
1. Windows XP's firewall by default lets nothing in and everything out. Comment on whether we should consider this an "optimistic" or "pessimistic" stance?
2. Here is a script that sets up a firewall.
a. briefly state in declarative English what the script above expresses in nftables syntax. Include mention of the effects of each of its four main sections, in terms of resulting behavior. For example, the first main section discards existing tables/chains/rules. (Look up the port numbers found in the script if you don't recognize them.)
b. for different reasons, removal of either lines 10 and 11, or else lines 15 and 16, will obstruct the primary behavior otherwise possible under this firewall. What's the reason when lines 10 and 11 are removed?
c. what's the reason when lines 15 and 16 are removed?
3. You have a home LAN containing 2 computers. The first computer is a general purpose PC running Windows XP. The second computer is a typical commercial router, perhaps a Netgear WGR614. The router, in addition to being on the LAN, is on the internet (it has 2 NICs).
a. You want to run a web server on your XP box. To enable, do you need to make the firewall adjustment on the router, XP, or both?
b. You want to prevent the XP box from conversing with the internet using certain protocols. To do it, do you need to make the corresponding firewall adjustment on the router, XP, or both?
4. The Netgear WGR614 which you can learn about through the link, is a smart device, not a dumb one. Because it's actually a computer. Though humble in appearance, it contains a CPU, memory, operating system-- the defining essentials. In addition, it has 2 network interfaces. To use this computer as a router for PCs, you need to connect them to it. You could do that just as you connect PCs to each other, by plugging them into a common switch. For marketability the small commercial router makers build a switch into their boxes. You got to have one; they're cheap to build in; the competitors do it. So you can hardly find a router that is not a router-with-switch.
Consider the switch built in to the WGR614. Physically, the number of computer connections it provides in the form of RJ-45 connection sockets is 4. Visibly. Electronically, by contrast, how many computer connections does this built-in switch have altogether? That is, if it is an n-port switch (electronically), what is n?