mmawin99 Blog
Published at

LAB 08 - SOHO (SOHO - Small Office, Home office) [Device by device procedures]

LAB 08 - SOHO (SOHO - Small Office, Home office) [Device by device procedures]

Table of Contents

Device-by-Device Lab Procedures

LAB 08 - SOHO (SOHO: Small Office, Home office)

1. PC3 (ISP DHCP Server) Procedure

  • Step 1.1: Connect your eth0 interface to R1’s g0/0 port.

  • Step 1.2: Configure your IP address and default gateway pointing to R1:

ifconfig eth0 200.0.1.2/24 up
route add default gw 200.0.1.1
  • Step 1.3: Set up the DHCP configuration file /etc/dhcp/dhcpd.conf. Leave the 200.0.1.0/24 section empty, but fill in the 202.44.12.0/24 network that R2 attaches to.

# /etc/dhcp/dhcpd.conf file at PC3
ddns-update-style none;
default-lease-time 600;

# Leave the section empty for network 200.0.1.0/24.
subnet 200.0.1.0 netmask 255.255.255.0 {

}

# Fill in the section for the network that R2 attaches to.
subnet 202.44.12.0 netmask 255.255.255.0 {
range 202.44.12.10 202.44.12.100;
option routers 202.44.12.1;
default-lease-time 300;
}
  • Step 1.4: Edit the file /etc/default/isc-dhcp-server to specify your interface:
INTERFACES="eth0"
  • Step 1.5: Start the DHCP server and verify its status:
service isc-dhcp-server restart
service isc-dhcp-server status

  • [WAIT FOR STEP 2.3, 3.6] Wait for PC2 to configure the Cisco router (R1) with IP addresses and the DHCP relay helper, and wait for R2 to request an IP address from you.

  • [WAIT FOR STEP 3.11] Stand by while the rest of the lab generates traffic and captures packets.

  • Step 1.6: Clear the content in /etc/dhcp/dhcpd.conf.

  • Step 1.7: Shutdown PC3.

2. PC2 (and R1 Console) Procedure

  • Step 2.1: Connect your PC’s Ethernet cable to the SOHO Switch. Connect your console cable to R1 (Cisco Router).

  • Step 2.2: Configure IP addresses of R1’s g0/0 and g0/1 and the default gateway:

R1(config)# int g0/0
R1(config-if)# ip address 200.0.1.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# int g0/1
R1(config-if)# ip address 202.44.12.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# ip route 0.0.0.0 0.0.0.0 g0/1
  • Step 2.3: Configure the DHCP relay agent on R1 so that DHCP messages can be exchanged between the 202.44.12.0/24 network and PC3:
R1(config)# ip forward-protocol udp
R1(config)# interface g0/1
R1(config-if)# ip helper-address 200.0.1.2
R1(config-if)# end

  • [WAIT FOR STEP 3.6] Wait for R2 to configure its local DHCP server and successfully request a public IP from PC3.

  • Step 2.4: Start a DHCP client on your PC2 terminal and wait until you get an IP address from R2:

dhclient -d eth0

  • [WAIT FOR STEP 3.7] Wait for R2 to configure its NAT rules and start its Wireshark captures.

  • Step 2.5: Open a terminal and generate continuous pings to the public interface of R1 (e.g., 202.44.12.1 or 200.0.1.1). Keep this running while R2 monitors the connections.

  • [WAIT FOR STEP 3.11] Wait for R2 to confirm they have captured the NAT translations and stopped their packet captures.

  • Step 2.6: Stop your pings (Ctrl+C).

  • Step 2.7: Shutdown PC2, roll up the cables, and turn off the Cisco router.

3. R2 (Linux Router) Procedure

  • Step 3.1: Connect eth0 to the SOHO Switch. Connect eth1 to R1’s g0/1 interface.

  • Step 3.2: Configure the IP address on your private interface:

ifconfig eth0 10.0.1.1/24 up
  • Step 3.3: Configure R2 as the DHCP server for the private network hosts. Edit /etc/dhcp/dhcpd.conf:

/etc/dhcp/dhcpd.conf file at R2
ddns-update-style none;
default-lease-time 600;
subnet 10.0.1.0 netmask 255.255.255.0 {
range 10.0.1.10 10.0.1.100;
option routers 10.0.1.1;
}
  • Step 3.4: Edit the file /etc/default/isc-dhcp-server to specify your private interface:
INTERFACES="eth0"
  • Step 3.5: Start the DHCP server for your private network:
service isc-dhcp-server restart

  • [WAIT FOR STEP 1.5, 2.3] Wait for PC3 to start the ISP DHCP server and for PC2 to finish configuring R1’s IP addresses and DHCP relay.

  • Step 3.6: Start a DHCP client to get an IP address for your public interface (eth1) from PC3:

dhclient -d eth1
  • Step 3.7: Enable IP forwarding and configure source-NAT (MASQUERADE) to translate private network packets. Additionally, block incoming private destination packets on the public interface:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A POSTROUTING -j MASQUERADE -s 10.0.1.0/24
iptables -t mangle -A PREROUTING -j DROP -i eth1 -d 10.0.0.0/8

  • [WAIT FOR STEP 4.2, 2.4, 4.3, 2.5] Wait for PC1 and PC2 to acquire their IP addresses from your DHCP server and begin generating their continuous pings to R1.

  • Step 3.8: Start two Wireshark sessions to capture packets: one on eth0 and the other on eth1. Set the display filter on both to icmp.

  • Step 3.9: Open a terminal and check the connection tracking table to see the NAT translation:

cat /proc/net/ip_conntrack | grep icmp

  • Step 3.10: Save the output screenshots of the conntrack command.

  • Step 3.11: Stop and save the Wireshark captures.

  • [WAIT FOR STEP 4.4, 2.6] Inform PC1 and PC2 they can stop their pings.

  • Step 3.12: Clear the content in /etc/dhcp/dhcpd.conf.

  • Step 3.13: Shutdown R2.

4. PC1 Procedure

  • Step 4.1: Connect your Ethernet cable to the SOHO Switch.

  • [WAIT FOR STEP 3.5] Wait for R2 to successfully configure and start its private DHCP server.

  • Step 4.2: Start a DHCP client on your terminal and wait until you get an IP address from R2:

dhclient -d eth0

  • [WAIT FOR STEP 3.7] Wait for R2 to finish setting up its NAT and IP forwarding rules.

  • Step 4.3: Open a terminal and generate continuous pings to the public interface of R1 (e.g., 202.44.12.1 or 200.0.1.1). Keep this running while R2 monitors the traffic.

  • [WAIT FOR STEP 3.11] Wait for R2 to finish capturing the packets and the conntrack table.

  • Step 4.4: Stop your pings (Ctrl+C).

  • Step 4.5: Shutdown PC1.

Sharing is caring!