Implement Network Address Translation

.gitattributes

@@ -0,0 +1 @@
+*.pkt filter=lfs diff=lfs merge=lfs -text

README.md

@@ -1,3 +1,20 @@
 # ST1Tutorials
+Solutions for the tutorial lessons of Applied Network Security 1 at CVUT FIT
 
-Solutions for the tutorial lessons of Applied Network Security 1 at CVUT FIT
+## Network Diagram
+This diagram shows the network topology as it should turn out after finishing this semester:
+
+### Segmented Version
+![Segmented View](./Segmented.svg)
+
+In this version, the different parts of the network are labelled:
+
+  - ***CORE*** <!--- ToDo: Add description -->
+  - ***DISTRIBUTION***  <!--- ToDo: Add description -->
+  - ***ACCESS***  <!--- ToDo: Add description -->
+
+### Unsegmented Version
+![Unsegmented View](./Unsegmented.svg)
+
+### Labs
+Labs are stored in the `Tutorials` directory in folders named `M{# of meeting} Lab {# of lab} - {title}`.

Tutorials/M2 Lab 1 - Virtual Network/README.md

@@ -0,0 +1,6 @@
+# Lab 01 - Virtual Networks
+> ***Objectives:***  
+> - Create Switch 1, Switch 2, Switch 3 and Switch 4.
+> - Attach 6 PCs to each Switch
+
+Objectives are realized in `../../Networks/Main.pkt` at tag `lab-1`. 

Tutorials/M3 Lab 2 - Switch Configuration/README.md

@@ -0,0 +1,77 @@
+# Lab 02 - Switch Configuration
+> ***Objectives:***
+> - Ensure PCs and switches are connected properly
+>   - Cable types
+>     - PC-SW: straight cables
+>     - SW-SW: ~~gay~~ crossover cables
+>   - Connections
+>     - Connect PCs to ports 1-3 and 11-13 of switches
+>     - Connect switches together with ports 23 and 24
+> - Configure switches properly
+>   - Rename switches to `SW1`-`SW4`
+>   - Assign ports 1-10 to VLAN 10
+>   - Assign ports 11-20 to VLAN 20
+>   - Set spanning-tree `portfast` on ports 1-20
+>   - Set ports 22-24 as trunks for VLAN 10 and 20
+>   - Set spanning-tree `portfast trunk` for ports 22-24
+>   - Set `SW2` to be spanning-tree root primary for VLAN 10 and root secondary for VLAN 20
+>   - Set `SW3` to be spanning-tree root secondary for VLAN 20
+> - Configure static IP addresses for at least 3 computers per switch
+
+The lab is realized in `./Networks/Main.ptk` in tag `lab-2`
+
+## Basic Configuration
+Run this configuration on each Switch replacing `{x}` with the switch number:
+
+```sh
+enable
+configure terminal
+hostname SW{x}
+
+interface range fastEthernet 0/1-10
+switchport mode access
+switchport access vlan 10
+
+interface range fastEthernet 0/11-20
+switchport mode access
+switchport access vlan 20
+
+interface range fastEthernet 0/1-20
+spanning-tree portfast
+
+interface range fastEthernet 0/22-24
+switchport mode trunk
+switchport trunk allowed vlan 10,20
+spanning-tree portfast trunk
+
+exit
+exit
+disable
+exit
+```
+
+## Configuration of `SW2`
+```sh
+enable
+configure terminal
+spanning-tree vlan 10 root primary
+spanning-tree vlan 20 root secondary
+
+exit
+exit
+disable
+exit
+```
+
+## Configuration of `SW3`
+```sh
+enable
+configure terminal
+spanning-tree vlan 10 root secondary
+spanning-tree vlan 20 root primary
+
+exit
+exit
+disable
+exit
+```

Tutorials/M4 Lab 4 - Dynamic Routing/README.md

@@ -0,0 +1,93 @@
+# Lab 04 - Dynamic Routing
+> ***Objectives:***  
+> - Replicate Internet configuration by setting up a chain of 3 routers
+>   - `EE`: Enterprise switch (the switch of the company or home)
+>   - `ISP`: The router of the internet service provider
+>   - `NET`: The router of the provider of a website
+>   - `SERVER` the web server providing the website
+> - Set IP address of server and routers
+> - Enable OSPF protocol on all routers
+> - Try to ping the webserver from the `EE` router
+
+The lab is realized in `./Networks/Lab 04.ptk` in tag `lab-4`
+
+## Router Configuration
+Router `EE`:
+```sh
+enable
+configure terminal
+hostname EE
+
+interface fastEthernet0/1
+ip address 1.0.0.1 255.0.0.0
+no shutdown
+
+interface fastEthernet0/0
+ip address 10.123.0.3 255.255.0.0
+no shutdown
+
+router ospf 1337
+network 1.0.0.0 0.255.255.255 area 0
+
+exit
+exit
+disable
+exit
+```
+
+Router `ISP`:
+```sh
+enable
+configure terminal
+hostname ISP
+
+interface fastEthernet0/0
+ip address 1.0.0.2 255.0.0.0
+no shutdown
+
+interface fastEthernet0/1
+ip address 2.0.0.1 255.0.0.0
+no shutdown
+
+router ospf 1337
+network 1.0.0.0 0.255.255.255 area 0
+network 2.0.0.0 0.255.255.255 area 0
+
+exit
+exit
+disable
+exit
+```
+
+Router `NET`:
+```sh
+enable
+configure terminal
+hostname NET
+
+interface fastEthernet0/0
+ip address 2.0.0.2 255.0.0.0
+no shutdown
+
+interface fastEthernet0/1
+ip address 3.0.0.1 255.0.0.0
+no shutdown
+
+router ospf 1337
+network 2.0.0.0 0.255.255.255 area 0
+network 3.0.0.0 0.255.255.255 area 0
+
+exit
+exit
+disable
+exit
+```
+
+## Test Change
+On Router `EE`:
+```sh
+enable
+ping 3.3.3.3
+disable
+exit
+```

Tutorials/M5 Lab 3 - VLAN Routing/README.md

@@ -0,0 +1,76 @@
+# Lab 03 - VLAN Routing
+> ***Objectives:***  
+> - Use Lab 02 setup
+> - Add the routers `R1` and `R2`
+> - Create a subinterface FE0/0.10 for VLAN10
+> - Set up VLAN routing
+> - Set up load balancing using First-Hop Redundancy Protocol
+> - Set up DHCP
+
+The lab is realized in `./Networks/Main.ptk` in tag `lab-3`
+
+## Inter-VLAN Routing Configuration
+For each router, configure this replacing `{x}` with the router number:
+
+```sh
+enable
+configure terminal
+hostname R{x}
+
+interface fastEthernet 0/0
+no shutdown
+
+interface fastEthernet 0/0.10
+ip address 10.10.0.{x} 255.255.0.0
+encapsulation dot1q 10
+no shutdown
+
+interface fastEthernet 0/0.20
+ip address 10.20.0.{x} 255.255.0.0
+encapsulation dot1q 20
+no shutdown
+
+exit
+exit
+disable
+exit
+```
+
+## First-Hop Redundancy Protocol Setup
+On each router:
+
+```sh
+enable
+configure terminal
+
+interface fastEthernet 0/0.10
+standby 1 ip 10.10.0.111
+
+interface fastEthernet 0/0.20
+standby 2 ip 10.20.0.222
+
+exit
+exit
+disable
+exit
+```
+
+## DHCP Configuration
+On each router:
+```sh
+enable
+configure terminal
+
+ip dhcp pool Pool10
+network 10.10.0.0 255.255.0.0
+default-router 10.10.0.111
+
+ip dhcp pool Pool20
+network 10.20.0.0 255.255.0.0
+default-router 10.20.0.222
+
+exit
+exit
+disable
+exit
+```

Tutorials/M6 Lab 5 - Management VLAN/README.md

@@ -0,0 +1,137 @@
+# Lab 5 - Management VLAN
+> ***Objectives:***  
+> - Use Lab 03 setup
+> - Create Switch `SWC`
+> - Merge Lab 04
+> - Assign IP addresses to `SW1-4`
+> - Assign IP address to `SWC`
+> - Create user on each networking device
+
+## Adding SWC
+Configure `SWC`:
+```sh
+enable
+configure terminal
+hostname SWC
+interface range fastEthernet 0/1-24
+spanning-tree portfast
+
+exit
+exit
+disable
+exit
+```
+
+Configure routers replacing `{x}` with the number of the router:
+```sh
+enable
+configure terminal
+
+interface fastEthernet 0/1
+ip address 10.123.0.{x} 255.255.0.0
+no shutdown
+
+exit
+exit
+disable
+exit
+```
+
+## Assign IP Addresses
+On SW1-4 replace `{x}` with the corresponding switch number:
+
+```sh
+enable
+configure terminal
+
+interface vlan 10
+ip address 10.10.10.{x} 255.255.0.0
+
+exit
+exit
+disable
+exit
+```
+
+On `SWC` configure the following:
+
+```sh
+enable
+configure terminal
+
+interface vlan 1
+ip address 10.123.0.4 255.255.0.0
+no shutdown
+
+exit
+exit
+disable
+exit
+```
+
+## Gateway for SWC
+On SWC:
+```sh
+enable
+configure terminal
+ip default-gateway 10.123.0.3
+exit
+exit
+disable
+exit
+```
+
+On EE:
+
+```sh
+enable
+configure terminal
+ip route 10.10.0.0 255.255.0.0 10.123.0.1
+ip route 10.10.0.0 255.255.0.0 10.123.0.2
+
+exit
+exit
+disable
+exit
+```
+
+## Enable SSH Root Access
+On all devices:
+```sh
+enable
+configure terminal
+
+username moucha privilege 15 secret cisco
+ip domain-name moucha.org
+
+line vty 0 15
+transport input ssh
+login local
+
+exit
+exit
+disable
+exit
+```
+
+On Switches:
+```sh
+enable
+configure terminal
+crypto key generate rsa general-keys modulus 4096
+exit
+exit
+disable
+exit
+```
+
+On Routers:
+```sh
+enable
+configure terminal
+crypto key generate rsa general-keys modulus 2048
+exit
+exit
+disable
+exit
+```

Tutorials/M7 Lab 6 - Firewall using ACL/README.md

@@ -0,0 +1,22 @@
+# Lab 06 - Firewall using ACL
+> ***Objectives:***
+> - Implement firewall between VLAN10 and VLAN20
+
+## Configure Routers
+On Routers `R1` and `R2`
+
+```sh
+enable
+configure terminal
+ip access-list extended FILTER
+permit ip 10.20.0.0 0.0.255.255 host 10.10.10.10
+deny ip 10.20.0.0 0.0.255.255 10.10.0.0 0.0.255.255
+permit ip any any
+exit
+interface fastEthernet 0/0.20
+ip access-group FILTER in
+exit
+exit
+disable
+exit
+```

Tutorials/M7 Lab 7 - NAT Overload and Port Forwarding/README.md

@@ -0,0 +1,54 @@
+# Lab 07 - NAT Overload and Port Forwarding
+## Configure Router
+On Router `EE` configure:
+
+```sh
+enable
+configure terminal
+ip access-list extended NAT-ACL
+permit ip 10.0.0.0 0.255.255.255 any
+exit
+
+ip nat pool NAT-POOL 1.0.0.1 1.0.0.1 netmask 255.0.0.0
+
+interface fastEthernet0/0
+ip nat inside
+exit
+
+interface fastEthernet0/1
+ip nat outside
+exit
+
+ip nat inside source list NAT-ACL pool NAT-POOL overload
+
+exit
+exit
+disable
+exit
+```
+
+On Router `R1` and `R2`:
+```sh
+enable
+configure terminal
+ip route 0.0.0.0 0.0.0.0 10.123.0.3
+exit
+exit
+disable
+exit
+```
+
+## Implement Port Forwarding
+On `EE` configure port forwarding:
+```sh
+enable
+configure terminal
+
+ip nat inside source static tcp 10.10.10.10 80 1.0.0.1 180
+ip nat inside source static tcp 10.10.10.10 443 1.0.0.1 443
+
+exit
+exit
+disable
+exit
+```

scripts/install-packettracker.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+contextRoot="$(mktemp -d)";
+pushd "$contextRoot" > /dev/null;
+git clone https://aur.archlinux.org/packettracer.git .
+wget http://lectures.moucha.org/pt/CiscoPacketTracer_821_Ubuntu_64bit.deb;
+makepkg -si;
+sudo install --mode 644 *.desktop /usr/share/applications;
+ls -al;
+popd > /dev/null;
+
+rm -rf "$contextRoot";