├── .gitignore
├── BGP
├── BGP-Anycast.imn
├── BGP-Anycast_custom-config.imn
├── BGP_custom-config.imn
├── README.md
└── test.sh
├── COPYRIGHT
├── DHCP
├── DHCP.imn
├── DHCPserver.dhcpd.conf
├── README
├── README.short
├── start_dhcp
└── test.sh
├── DHCP6+RSOL
├── DHCP6.imn
├── dhcp_radvd.conf
├── dhcp_rtadvd.conf
├── dhcpd6.conf
├── radvd.conf
├── rtadvd.conf
├── start_dhcpd6
├── start_stateless
└── test.sh
├── DMZ+DNS+Mail+WEB
├── DNS_files
│ ├── aRootServer
│ │ ├── in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── rndc.conf
│ │ └── root
│ ├── bRootServer
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── rndc.conf
│ ├── cRootServer
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── rndc.conf
│ ├── dnsCom
│ │ ├── com
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── rndc.conf
│ ├── dnsFer
│ │ ├── fer
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── rndc.conf
│ ├── dnsHr
│ │ ├── hr
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── rndc.conf
│ ├── dnsMM
│ │ ├── 15.in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── mm
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── rndc.conf
│ ├── dnsOrg
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ ├── org
│ │ └── rndc.conf
│ ├── dnsTel
│ │ ├── 20.in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ ├── rndc.conf
│ │ └── tel
│ ├── dnsZpm
│ │ ├── 30.in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ ├── rndc.conf
│ │ └── zpm
│ ├── hr2
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── rndc.conf
│ ├── resolv.dmzhosts
│ ├── resolv.mm
│ ├── resolv.pc
│ ├── resolv.smtpMM
│ ├── resolv.www
│ ├── resolv.wwwMM
│ ├── resolv.zpmMail
│ └── rndc.key
├── FW_files
│ ├── FW-FreeBSD.fw
│ ├── FW-Linux.fw
│ ├── FW.fwb
│ ├── FWint-FreeBSD.sh
│ ├── FWint-Linux.fw
│ ├── FWint.fwb
│ └── FWint.sh
├── Mail_files
│ ├── cone
│ │ ├── cone.lan
│ │ │ ├── addressbook
│ │ │ └── conerc
│ │ ├── cone.mm
│ │ │ ├── addressbook
│ │ │ └── conerc
│ │ ├── cone.tel
│ │ │ ├── addressbook
│ │ │ └── conerc
│ │ ├── cone.zpm
│ │ │ └── conerc
│ │ ├── linux-cone.lan
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ │ ├── linux-cone.mm
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ │ ├── linux-cone.tel
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ │ └── linux-cone.zpm
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ ├── dovecot
│ │ └── 10-auth.conf
│ ├── postfix.LAN-SMTP
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
│ ├── postfix.smtpMM
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
│ ├── postfix.www
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
│ └── postfix.zpmMail
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
├── NETWORK.imn
├── PREREQUISITES
├── README
├── README_DNS+Mail+WEB
├── WEB_files
│ ├── www.lighttpd.conf
│ ├── www.www
│ │ ├── form.html
│ │ ├── freebsd.gif
│ │ ├── index.html
│ │ └── lesson2.pl
│ ├── www.wwwMM
│ │ ├── form.html
│ │ ├── freebsd.gif
│ │ ├── index.html
│ │ ├── lesson2.pl
│ │ └── powerlogo.gif
│ ├── www.zpmMail
│ │ ├── index.html
│ │ └── powerlogo.gif
│ ├── wwwMM.lighttpd.conf
│ └── zpmMail.lighttpd.conf
├── getMail
├── start_all
├── start_dns
├── start_fw
├── start_http
├── start_mail
├── test.sh
└── test_fw.sh
├── DNS+Mail+WEB
├── DNS_files
│ ├── aRootServer
│ │ ├── in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── root
│ ├── bRootServer
│ │ ├── localhost.rev
│ │ └── named.conf
│ ├── cRootServer
│ │ ├── localhost.rev
│ │ └── named.conf
│ ├── dnsCom
│ │ ├── com
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── named.root
│ ├── dnsFer
│ │ ├── fer
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── named.root
│ ├── dnsHr
│ │ ├── hr
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── named.root
│ ├── dnsOrg
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── org
│ ├── dnsTel
│ │ ├── 20.in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── tel
│ ├── dnsZpm
│ │ ├── 30.in-addr.arpa
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ ├── named.root
│ │ └── zpm
│ ├── hr2
│ │ ├── localhost.rev
│ │ ├── named.conf
│ │ └── named.root
│ ├── resolv.mm
│ ├── resolv.pc
│ ├── resolv.www
│ └── resolv.zpmMail
├── Mail_files
│ ├── cone
│ │ ├── cone.tel
│ │ │ ├── addressbook
│ │ │ └── conerc
│ │ ├── cone.zpm
│ │ │ └── conerc
│ │ ├── linux-cone.tel
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ │ └── linux-cone.zpm
│ │ │ ├── addressbook
│ │ │ ├── cacherc
│ │ │ └── conerc
│ ├── dovecot
│ │ └── 10-auth.conf
│ ├── postfix.www
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
│ └── postfix.zpmMail
│ │ ├── aliases
│ │ ├── linux-main.cf
│ │ ├── local-host-names
│ │ ├── main.cf
│ │ └── master.cf
├── NETWORK.imn
├── README
├── WEB_files
│ ├── www.lighttpd.conf
│ ├── www.www
│ │ ├── form.html
│ │ ├── freebsd.gif
│ │ ├── index.html
│ │ └── lesson2.pl
│ ├── www.zpmMail
│ │ ├── index.html
│ │ └── powerlogo.gif
│ └── zpmMail.lighttpd.conf
├── getMail
├── start_dns
├── start_http
├── start_mail
└── test.sh
├── IS-IS
├── IS-IS.imn
├── README.md
└── test.sh
├── Makefile
├── OSPF
├── OSPF.imn
├── OSPF1.imn
├── OSPF_RFC-custom_config.imn
├── OSPF_RFC.imn
├── README
└── test.sh
├── Ping
├── README
├── ping.imn
└── test.sh
├── README.md
├── RIP
├── README
├── RIP.imn
├── RIP1.imn
└── test.sh
├── Traceroute
├── README
├── test.sh
└── traceroute.imn
├── benchmark
├── benchmark.sh
├── h-r-h.imn
├── h-s-h.imn
├── p-3r-p.imn
├── p-p.imn
├── p-r-p.imn
├── p-s-p.imn
└── pp.imn
├── common
├── procedures.sh
└── start_functions.sh
├── functional_tests
├── empty_ifaces
│ ├── empty.imn
│ └── test.sh
├── extelem
│ ├── extelem.imn
│ ├── extelem_directlink.imn
│ └── test.sh
├── rj45
│ ├── rj45.imn
│ ├── rj45_directlink.imn
│ └── test.sh
└── rj45_vlan
│ ├── rj45vlan.imn
│ ├── rj45vlan_directlink.imn
│ └── test.sh
├── gif
├── gif.imn
├── start_gif.sh
└── test.sh
├── ipsec44
├── certs
├── ipsec44.imn
├── moon
├── moon44_ipsec.conf
├── start44.sh
├── sun
├── sun44_ipsec.conf
└── test.sh
├── ipsec46
├── certs
├── ipsec46.imn
├── moon
├── moon46_ipsec.conf
├── start46.sh
├── sun
├── sun46_ipsec.conf
└── test.sh
├── ipsec64
├── certs
├── ipsec64.imn
├── moon
├── moon64_ipsec.conf
├── start64.sh
├── sun
├── sun64_ipsec.conf
└── test.sh
├── ipsec66
├── certs
├── ipsec66.imn
├── moon
├── moon66_ipsec.conf
├── start66.sh
├── sun
├── sun66_ipsec.conf
└── test.sh
├── ipsec_common
├── certs
│ ├── Makefile
│ ├── make_certificates.sh
│ └── openssl.cnf
├── moon
│ ├── ipsec.d
│ │ ├── cacerts
│ │ │ └── strongswanCert.pem
│ │ ├── certs
│ │ │ └── moonCert.pem
│ │ └── private
│ │ │ └── moonKey.pem
│ ├── ipsec.secrets
│ └── strongswan.conf
├── nat-ipsec
│ ├── moon
│ │ ├── ipsec.conf
│ │ ├── ipsec.d
│ │ │ ├── cacerts
│ │ │ │ └── strongswanCert.pem
│ │ │ ├── certs
│ │ │ │ └── moonCert.pem
│ │ │ └── private
│ │ │ │ └── moonKey.pem
│ │ ├── ipsec.secrets
│ │ └── strongswan.conf
│ ├── nat-ipsec64.imn
│ ├── nat.rules
│ ├── nat.rules.linux
│ ├── start_ipsec.sh
│ ├── start_nat.sh
│ ├── sun
│ │ ├── ipsec.conf
│ │ ├── ipsec.d
│ │ │ ├── cacerts
│ │ │ │ └── strongswanCert.pem
│ │ │ ├── certs
│ │ │ │ └── sunCert.pem
│ │ │ └── private
│ │ │ │ └── sunKey.pem
│ │ ├── ipsec.secrets
│ │ └── strongswan.conf
│ └── test.sh
└── sun
│ ├── ipsec.d
│ ├── cacerts
│ │ └── strongswanCert.pem
│ ├── certs
│ │ └── sunCert.pem
│ └── private
│ │ └── sunKey.pem
│ ├── ipsec.secrets
│ └── strongswan.conf
├── services
├── services.imn
└── test.sh
└── testAll.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | *.swp
2 | TESTRESULTS*
3 |
--------------------------------------------------------------------------------
/BGP/README.md:
--------------------------------------------------------------------------------
1 | # BGP
2 | BGP routing protocol examples
3 |
4 | #### BGP_custom-config.imn
5 | In this example "Custom Config" feature is used for BGP router's configuration.
6 |
7 | Double click on router or select "Configure" from right-click popup menu:
8 | - Custom startup config is "Enabled"
9 | - Selected custom config is "conf1"
10 | - Click on "Editor" button
11 |
12 | (configuration is taken from: "Configuring and Testing Border Gateway
13 | Protocol (BGP) on Basis of Cisco Hardware and Linux Gentoo with Quagga
14 | Package (Zebra)": http://hosteddocs.ittoolbox.com/ke032707.pdf)
15 |
16 | #### BGP-Anycast.imn
17 | This is the example of BGP router configuration inserted directly in .imn file.
18 | ```
19 | vi BGP-Anycast.imn
20 | ```
21 | In this example BGP Anycast routing is demonstrated:
22 | - IP address 8.8.8.8 is assigned to WEB1 and WEB2.
23 | - Client1 is redirected to WEB1 and Client2 is redirected to WEB2.
24 | - If the link between Backbone1 and DC2 is configured to have BER=1 (or loss=100% for Linux), than after some time the traffic from Client2 is redirected to WEB1.
25 |
26 |
--------------------------------------------------------------------------------
/COPYRIGHT:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2007-2015 University of Zagreb, Croatia.
3 | #
4 | # Redistribution and use in source and binary forms, with or without
5 | # modification, are permitted provided that the following conditions
6 | # are met:
7 | # 1. Redistributions of source code must retain the above copyright
8 | # notice, this list of conditions and the following disclaimer.
9 | # 2. Redistributions in binary form must reproduce the above copyright
10 | # notice, this list of conditions and the following disclaimer in the
11 | # documentation and/or other materials provided with the distribution.
12 | #
13 | # THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 | # ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
17 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23 | # SUCH DAMAGE.
24 | #
25 |
--------------------------------------------------------------------------------
/DHCP/DHCPserver.dhcpd.conf:
--------------------------------------------------------------------------------
1 | # dhcpd.conf na DHCP serveru dhcp1
2 | #
3 | option domain-name "imunes.net";
4 | option domain-name-servers 10.0.0.53, 10.0.0.54;
5 |
6 |
7 | default-lease-time 600;
8 | max-lease-time 7200;
9 | authoritative;
10 | log-facility local7;
11 | lease-file-name "/var/db/imunes-dhcpd.leases";
12 |
13 | subnet 10.0.0.0 netmask 255.255.255.0 {
14 | range 10.0.0.10 10.0.0.20;
15 | option routers 10.0.0.7;
16 | }
17 |
18 | host fixed {
19 | hardware ethernet 42:00:aa:11:11:11;
20 | fixed-address 10.0.0.30;
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/DHCP/README:
--------------------------------------------------------------------------------
1 |
2 | The purpose of this example is to show how DHCP server works.
3 |
4 | Start the simulation.
5 |
6 | Go to the console of the main machine (right-click on the background and select xterm).
7 | From the DHCP directory (where this file is) start the script "start_dhcp":
8 |
9 | # ./start_dhcp
10 |
11 | This script sets up the clients and the server.
12 |
13 | Go back to the Imunes GUI and start shell on the host pc3. Start the Ethereal (Wireshark) on pc3 and start capturing, with the "Update traffic in real time" option checked.
14 |
15 | In the pc3 shell check the pc3 IP address:
16 |
17 | pc3# ifconfig -a
18 |
19 | Request IP address for the eth0 interface:
20 |
21 | pc3# dhclient eth0
22 |
23 | Now, check the address:
24 |
25 | pc3# ifconfig -a
26 |
27 | Stop capturing traffic. Check the packet trace.
28 |
29 | First, check the DHCP release trace. What messages are transmitted?
30 |
31 | Now, check how the client gets the IP address from the DHCP server. Identify those packets!
32 |
33 | 1. DHCP Discover
34 |
35 | - sent by pc3 with the source IP 0.0.0.0 (remember, pc3 want's new address, so uses 0.0.0.0 as the source, destination address is broadcast - pc3 has no idea who the DHCP server is
36 |
37 | 2. DHCP Offer
38 |
39 | - DHCP server sends its offer, offering IP address, DNS servers, router, subnet mask
40 |
41 | 3. DHCP Request
42 |
43 | - pc3 sends broadcast requesting the offered address
44 |
45 | 4. DHCP ACK
46 |
47 | - DHCPserver approves the request for the address, defines the lease time (10 minutes in this example) and sends default router and DNS servers.
48 |
49 |
50 |
--------------------------------------------------------------------------------
/DHCP/README.short:
--------------------------------------------------------------------------------
1 | ####################
2 | # DHCP server/client
3 | ####################
4 |
5 | Start imunes:
6 |
7 | # imunes DHCP.imn &
8 | Select Experiment -> Execute
9 |
10 | Start dhcp server and setup clients:
11 | # ./start_dhcp
12 |
13 | Right-click on pc3 (to start xterm on that host)
14 | Check IP address:
15 | pc3# ifconfig -a
16 |
17 | Release address:
18 | pc3# dhclient -r
19 |
20 | Request IP address:
21 | pc# dhclient eth0
22 | pc# ifconfig -a
23 |
24 | To look at the traffic right-click on selected link.
25 | After a few moments Ethereal will be started!
26 |
27 |
--------------------------------------------------------------------------------
/DHCP/start_dhcp:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | dhcp_server="DHCPserver"
6 | hosts="FIX PC1 PC2"
7 |
8 | if [ $# -eq 1 ]; then
9 | eid=$1
10 | isEidRunning $eid
11 | else
12 | eid=`isNodeRunning $dhcp_server`
13 | if [ $? -ne 0 ]; then
14 | exit 1
15 | fi
16 | fi
17 |
18 |
19 | if isOSfreebsd; then
20 | hasPackage "$dhcp_server" "$eid" '^isc-dhcp.*-server'
21 | fi
22 |
23 | echo "Configuring server:"
24 |
25 | # Stop dhcpd on DHCP server
26 | himage ${dhcp_server}@${eid} killall -9 dhcpd > /dev/null 2>&1
27 | # and start it ...
28 |
29 | hcp DHCPserver.dhcpd.conf ${dhcp_server}@${eid}:/tmp
30 | himage ${dhcp_server}@${eid} mkdir -p /var/db/
31 | himage ${dhcp_server}@${eid} touch /var/db/imunes-dhcpd.leases
32 | if isOSlinux; then
33 | himage -b ${dhcp_server}@${eid} dhcpd -d -cf /tmp/DHCPserver.dhcpd.conf &
34 | else
35 | himage ${dhcp_server}@${eid} dhcpd -d -cf /tmp/DHCPserver.dhcpd.conf >/dev/null 2>&1 &
36 | fi
37 |
38 | echo
39 | echo Configuring clients:
40 | for i in $hosts
41 | do
42 | isNodeRunning $i $eid
43 | if isOSlinux; then
44 | himage ${i}@${eid} dhclient -v -1 eth0
45 | else
46 | himage ${i}@${eid} dhclient eth0
47 | fi
48 | himage ${i}@${eid} ifconfig eth0 | grep "inet "
49 | done
50 |
--------------------------------------------------------------------------------
/DHCP/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | pcs="FIX PC1 PC2"
6 | err=0
7 | legacy=""
8 | if test -n "$LEGACY"; then
9 | legacy=" -l"
10 | fi
11 |
12 | eid=`imunes$legacy -b DHCP.imn | awk '/Experiment/{print $4; exit}'`
13 | startCheck "$eid"
14 |
15 | ./start_dhcp $eid
16 | if [ $? -ne 0 ]; then
17 | echo "********** START_DHCP ERROR **********"
18 | pcs=""
19 | err=1
20 | fi
21 |
22 | for pc in $pcs; do
23 | pingCheck $pc@$eid 10.0.2.2
24 | err=$?
25 | if [ $err -ne 0 ]; then
26 | break
27 | fi
28 |
29 | ip_addr=`getNodeIP $pc@$eid eth0`
30 | echo $ip_addr | grep -q "10.0.0."
31 | if [ $? -ne 0 ]; then
32 | echo "********** IFCONFIG ERROR **********"
33 | err=1
34 | break
35 | fi
36 | done
37 |
38 | if [ $err -eq 0 ]; then
39 | netDump PC3@$eid eth0 'port 67 and not arp or port 68 and not arp'
40 | if [ $? -eq 0 ]; then
41 | sleep 2
42 | himage PC3@$eid dhclient eth0
43 | if [ $? -eq 0 ]; then
44 | sleep 2
45 | readDump PC3@$eid eth0
46 | err=$?
47 | else
48 | echo "********** DHCLIENT ERROR **********"
49 | err=1
50 | fi
51 | else
52 | err=1
53 | fi
54 | fi
55 |
56 | imunes$legacy -b -e $eid
57 |
58 | thereWereErrors $err
59 |
60 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/dhcp_radvd.conf:
--------------------------------------------------------------------------------
1 | interface eth1 {
2 | AdvSendAdvert on;
3 | MinRtrAdvInterval 3;
4 | MaxRtrAdvInterval 10;
5 | };
6 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/dhcp_rtadvd.conf:
--------------------------------------------------------------------------------
1 | eth1:
2 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/dhcpd6.conf:
--------------------------------------------------------------------------------
1 | # Server configuration file example for DHCPv6
2 | authoritative;
3 |
4 | # The path of the lease file
5 | dhcpv6-lease-file-name "/var/db/dhcpd6.leases";
6 |
7 | host otherclient {
8 | hardware ethernet 42:aa:bb:00:aa:bb;
9 |
10 | fixed-address6 fc00:3::50;
11 | }
12 |
13 | # The subnet where the server is attached
14 | # (i.e., the server has an address in this subnet)
15 | subnet6 fc00:3::/64 {
16 | range6 fc00:3::100 fc00:3::109;
17 | }
--------------------------------------------------------------------------------
/DHCP6+RSOL/radvd.conf:
--------------------------------------------------------------------------------
1 | interface eth1 {
2 | AdvSendAdvert on;
3 | MinRtrAdvInterval 3;
4 | MaxRtrAdvInterval 10;
5 | prefix fc00:3::/64 {
6 | AdvOnLink on;
7 | AdvAutonomous on;
8 | AdvRouterAddr on;
9 | };
10 | };
11 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/rtadvd.conf:
--------------------------------------------------------------------------------
1 | eth1:\
2 | :addr="fc00:3::":prefixlen#64:
3 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/start_dhcpd6:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | router="R1"
6 | dhcp_server="DHCP6server"
7 | pcs="FIX PC1 PC2"
8 |
9 | if [ $# -eq 1 ]; then
10 | eid=$1
11 | isEidRunning $eid
12 | else
13 | eid=`isNodeRunning $dhcp_server`
14 | if [ $? -ne 0 ]; then
15 | exit 1
16 | fi
17 | fi
18 |
19 | if isOSfreebsd; then
20 | comm="rtadvd"
21 | hasPackage "$dhcp_server" "$eid" '^isc-dhcp.*-server'
22 | hasPackage "$dhcp_server" "$eid" '^isc-dhcp.*-client'
23 | else
24 | comm="radvd"
25 | fi
26 |
27 | echo "Configuring router:"
28 | hcp dhcp_$comm.conf ${router}@${eid}:/etc/$comm.conf
29 | himage ${router}@${eid} killall $comm
30 | himage -b ${router}@${eid} $comm eth1
31 |
32 | echo "Configuring server:"
33 | himage ${dhcp_server}@${eid} mkdir -p /var/db
34 | himage ${dhcp_server}@${eid} touch /var/db/dhcpd6.leases
35 | himage ${dhcp_server}@${eid} killall dhcpd
36 |
37 | if isOSfreebsd; then
38 | hcp dhcpd6.conf ${dhcp_server}@${eid}:/usr/local/etc/dhcpd6.conf
39 | himage ${dhcp_server}@${eid} service isc-dhcpd6 onerestart
40 | else
41 | hcp dhcpd6.conf ${dhcp_server}@${eid}:/etc/dhcp/dhcpd.conf
42 | himage ${dhcp_server}@${eid} touch /var/lib/dhcp/dhcpd6.leases
43 | himage -b ${dhcp_server}@${eid} dhcpd -6
44 | fi
45 |
46 | sleep 3
47 | echo "Configuring clients:"
48 | for pc in $pcs; do
49 | echo "++++++ $pc ++++++"
50 | himage ${pc}@${eid} killall dhclient
51 | if isOSfreebsd; then
52 | pre="/usr/local/sbin/"
53 | himage ${pc}@${eid} ifconfig eth0 inet6 -ifdisabled
54 | himage ${pc}@${eid} ifconfig eth0 inet6 accept_rtadv
55 | himage ${pc}@${eid} rtsol -D eth0
56 | fi
57 | himage ${pc}@${eid} ${pre}dhclient -6 -v -cf /dev/null eth0
58 | done
59 |
--------------------------------------------------------------------------------
/DHCP6+RSOL/start_stateless:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | router="R1"
6 | dhcp_server="DHCP6server"
7 | pcs="FIX PC1 PC2"
8 |
9 | if [ $# -eq 1 ]; then
10 | eid=$1
11 | isEidRunning $eid
12 | else
13 | eid=`isNodeRunning $dhcp_server`
14 | if [ $? -ne 0 ]; then
15 | exit 1
16 | fi
17 | fi
18 |
19 | if isOSfreebsd; then
20 | comm="rtadvd"
21 | hasPackage "$router" "$eid" '^isc-dhcp.*-server'
22 | hasPackage "$router" "$eid" '^isc-dhcp.*-client'
23 | else
24 | comm="radvd"
25 | fi
26 |
27 | echo "Configuring server:"
28 | hcp $comm.conf ${router}@${eid}:/etc
29 | himage ${router}@${eid} killall $comm
30 | himage -b ${router}@${eid} $comm eth1
31 |
32 | sleep 1
33 | echo "Configuring clients:"
34 | for pc in $pcs; do
35 | echo "++++++ $pc ++++++"
36 | if isOSfreebsd; then
37 | himage ${pc}@${eid} ifconfig eth0 inet6 -ifdisabled
38 | himage ${pc}@${eid} ifconfig eth0 inet6 accept_rtadv
39 | himage ${pc}@${eid} rtsol -D eth0
40 | else
41 | himage ${pc}@${eid} rdisc6 eth0
42 | fi
43 | done
44 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/aRootServer/in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS aRootServer.
11 | @ IN NS bRootServer.
12 | @ IN NS cRootServer.
13 |
14 | 20.in-addr.arpa. IN NS dnsTel.tel.fer.hr.
15 | dnsTel.tel.fer.hr. IN A 20.0.0.2
16 |
17 | 30.in-addr.arpa. IN NS dnsZpm.zpm.fer.hr.
18 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
19 |
20 | 2.0.0.1.in-addr.arpa. IN PTR aRootServer.
21 | 2.0.0.2.in-addr.arpa. IN PTR bRootServer.
22 | 2.0.0.3.in-addr.arpa. IN PTR cRootServer.
23 |
24 | 2.0.0.4.in-addr.arpa. IN PTR hr2.com.
25 | 2.0.0.5.in-addr.arpa. IN PTR dnsCom.com.
26 | 2.0.0.6.in-addr.arpa. IN PTR dnsOrg.Org.
27 | 2.0.0.7.in-addr.arpa. IN PTR dnsHr.hr.
28 |
29 | 14.13.12.11.in-addr.arpa. IN PTR dnsNesto.nesto.com.
30 | 18.17.16.15.in-addr.arpa. IN PTR dnsMM.mm.com.
31 | 2.0.0.8.in-addr.arpa. IN PTR dnsFer.fer.hr.
32 | 114.113.112.111.in-addr.arpa. IN PTR dnsBlaBla.blabla.org.
33 |
34 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/aRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/aRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type master;
20 | file "root";
21 | allow-transfer {2.0.0.2; 3.0.0.2;};
22 | };
23 |
24 | zone "0.0.127.IN-ADDR.ARPA" {
25 | type master;
26 | file "localhost.rev";
27 | };
28 |
29 | zone "IN-ADDR.ARPA" {
30 | type master;
31 | file "in-addr.arpa";
32 | allow-transfer {2.0.0.2; 3.0.0.2;};
33 | };
34 |
35 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/aRootServer/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/aRootServer/root:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS aRootServer.
11 | @ IN NS bRootServer.
12 | @ IN NS cRootServer.
13 | aRootServer. IN A 1.0.0.2
14 | bRootServer. IN A 2.0.0.2
15 | cRootServer. IN A 3.0.0.2
16 |
17 | com. IN NS dnsCom.com.
18 | dnsCom.com. IN A 5.0.0.2
19 |
20 | org. IN NS dnsOrg.org.
21 | dnsOrg.Org. IN A 6.0.0.2
22 |
23 | hr. IN NS dnsHr.hr.
24 | hr. IN NS hr2.com.
25 | dnsHr.hr. IN A 7.0.0.2
26 | hr2.com. IN A 4.0.0.2
27 |
28 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/bRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/bRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type slave;
20 | masters { 1.0.0.2; };
21 | allow-notify { 1.0.0.2; 3.0.0.2;};
22 | file "root";
23 | };
24 |
25 | zone "0.0.127.IN-ADDR.ARPA" {
26 | type master;
27 | file "localhost.rev";
28 | };
29 |
30 | zone "IN-ADDR.ARPA" {
31 | type slave;
32 | masters { 1.0.0.2; };
33 | allow-notify { 1.0.0.2; 3.0.0.2;};
34 | file "in-addr.arpa";
35 | };
36 |
37 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/bRootServer/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/cRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/cRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type slave;
20 | masters { 1.0.0.2; };
21 | allow-notify { 1.0.0.2; 2.0.0.2; };
22 | file "root";
23 | };
24 |
25 | zone "0.0.127.IN-ADDR.ARPA" {
26 | type master;
27 | file "localhost.rev";
28 | };
29 |
30 | zone "IN-ADDR.ARPA" {
31 | type slave;
32 | masters { 1.0.0.2; };
33 | allow-notify { 1.0.0.2; 2.0.0.2; };
34 | file "in-addr.arpa";
35 | };
36 |
37 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/cRootServer/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsCom/com:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsCom.com. root.dnsCom.com. (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsCom.com.
13 | dnsCom.com. IN A 5.0.0.2
14 |
15 | hr2.com. IN A 4.0.0.2
16 |
17 | nesto.com. IN NS dnsNesto.nesto.com.
18 | dnsNesto.nesto.com. IN A 11.12.13.14
19 |
20 | mm.com. IN NS dnsMM.mm.com.
21 | dnsMM.mm.com. IN A 15.16.17.18
22 |
23 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsCom/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsCom/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "com" {
24 | type master;
25 | file "com";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsCom/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsCom/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsFer/fer:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsFer.fer.hr. root.dnsFer.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsFer.fer.hr.
13 | dnsFer.fer.hr. IN A 8.0.0.2
14 |
15 | tel.fer.hr. IN NS dnsTel.tel.fer.hr.
16 | dnsTel.tel.fer.hr. IN A 20.0.0.2
17 |
18 | zpm.fer.hr. IN NS dnsZpm.zpm.fer.hr.
19 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
20 |
21 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsFer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsFer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "fer.hr" {
24 | type master;
25 | file "fer";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsFer/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsFer/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsHr/hr:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsHr.hr. root.dnsHr.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsHr.hr.
13 | @ IN NS hr2.com.
14 | dnsHr.hr. IN A 7.0.0.2
15 | hr2.com. IN A 4.0.0.2
16 |
17 | fer.hr. IN NS dnsFer.fer.hr.
18 | dnsFer.fer.hr. IN A 8.0.0.2
19 |
20 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsHr/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsHr/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "hr" {
24 | type master;
25 | file "hr";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsHr/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsHr/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/15.in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA mm.com. root.mm.com (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsMM.mm.com.
11 | dnsMM.mm.com. IN A 15.16.17.18
12 |
13 | 18.17.16.15.in-addr.arpa. IN PTR dnsMM.mm.com.
14 | 80.17.16.15.in-addr.arpa. IN PTR wwwMM.mm.com.
15 | 25.17.16.15.in-addr.arpa. IN PTR smtpMM.mm.com.
16 |
17 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/mm:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsMM.mm.com. root.mm.com (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsMM.mm.com.
13 | @ IN MX 10 mail.mm.com.
14 |
15 | dnsMM IN A 15.16.17.18
16 | wwwMM IN A 15.16.17.80
17 | smtpMM IN A 15.16.17.25
18 |
19 | dns IN CNAME dnsMM.mm.com.
20 | www IN CNAME wwwMM.mm.com.
21 | mail IN CNAME smtpMM.mm.com.
22 |
23 | dnsMM.mm.com. IN MX 10 smtpMM.mm.com.
24 | wwwMM.mm.com. IN MX 10 smtpMM.mm.com.
25 |
26 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | // clients from DMZ:
8 | allow-recursion {
9 | 15.16.17.0/24;
10 | 192.168.1.0/24;
11 | localhost;
12 | };
13 | };
14 |
15 | key "rndc-key" {
16 | algorithm hmac-md5;
17 | secret "pUkeN0gBlageylNhNauKdQ==";
18 | };
19 |
20 | controls {
21 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
22 | };
23 |
24 |
25 | zone "." {
26 | type hint;
27 | file "named.root";
28 | };
29 |
30 | zone "mm.com" {
31 | type master;
32 | file "mm";
33 | };
34 |
35 | zone "0.0.127.IN-ADDR.ARPA" {
36 | type master;
37 | file "localhost.rev";
38 | };
39 |
40 | zone "15.IN-ADDR.ARPA" {
41 | type master;
42 | file "15.in-addr.arpa";
43 | };
44 |
45 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsMM/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsOrg/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsOrg/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "org" {
24 | type master;
25 | file "org";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsOrg/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsOrg/org:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA dnsOrg.org. root.dnsOrg.org (
3 | 2002102801 ; serial
4 | 28 ; refresh
5 | 14 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsOrg.org.
11 | dnsOrg.Org. IN A 6.0.0.2
12 |
13 | blabla.org. IN NS dnsBlaBla.blabla.org.
14 | dnsBlaBla.blabla.org. IN A 111.112.113.114
15 |
16 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsOrg/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/20.in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsTel.tel.fer.hr.
11 | dnsTel.tel.fer.hr. IN A 20.0.0.2
12 | 2.0.0.20.in-addr.arpa. IN PTR dnsTel.tel.fer.hr.
13 | 3.0.0.20.in-addr.arpa. IN PTR www.tel.fer.hr.
14 | 4.0.0.20.in-addr.arpa. IN PTR mm.tel.fer.hr.
15 |
16 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "tel.fer.hr" {
24 | type master;
25 | file "tel";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 | zone "20.IN-ADDR.ARPA" {
34 | type master;
35 | file "20.in-addr.arpa";
36 | };
37 |
38 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsTel/tel:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsTel.tel.fer.hr. root.dnsTel.tel.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsTel.tel.fer.hr.
13 | dnsTel IN A 20.0.0.2
14 |
15 | www IN A 20.0.0.3
16 | mm IN A 20.0.0.4
17 |
18 | @ IN MX 10 www.tel.fer.hr.
19 | mm IN MX 10 www.tel.fer.hr.
20 |
21 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/30.in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsZpm.zpm.fer.hr.
11 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
12 | 2.0.0.30.in-addr.arpa. IN PTR dnsZpm.zpm.fer.hr.
13 | 3.0.0.30.in-addr.arpa. IN PTR pc.zpm.fer.hr.
14 | 4.0.0.30.in-addr.arpa. IN PTR www.zpm.fer.hr.
15 |
16 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "zpm.fer.hr" {
24 | type master;
25 | file "zpm";
26 | };
27 |
28 | zone "0.0.127.IN-ADDR.ARPA" {
29 | type master;
30 | file "localhost.rev";
31 | };
32 |
33 | zone "30.IN-ADDR.ARPA" {
34 | type master;
35 | file "30.in-addr.arpa";
36 | };
37 |
38 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/dnsZpm/zpm:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsZpm.zpm.fer.hr. root.dnsZpm.zpm.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsZpm.zpm.fer.hr.
13 | dnsZpm IN A 30.0.0.2
14 |
15 | pc IN A 30.0.0.3
16 | zpmMail IN A 30.0.0.4
17 | www IN CNAME zpmMail.zpm.fer.hr.
18 |
19 | @ IN MX 10 zpmMail.zpm.fer.hr.
20 | pc IN MX 10 zpmMail.zpm.fer.hr.
21 |
22 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/hr2/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/hr2/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | key "rndc-key" {
10 | algorithm hmac-md5;
11 | secret "pUkeN0gBlageylNhNauKdQ==";
12 | };
13 |
14 | controls {
15 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
16 | };
17 |
18 | zone "." {
19 | type hint;
20 | file "named.root";
21 | };
22 |
23 | zone "hr" {
24 | type slave;
25 | masters { 7.0.0.2; };
26 | file "hr";
27 | };
28 |
29 | zone "0.0.127.IN-ADDR.ARPA" {
30 | type master;
31 | file "localhost.rev";
32 | };
33 |
34 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/hr2/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/hr2/rndc.conf:
--------------------------------------------------------------------------------
1 | # Start of rndc.conf
2 | key "rndc-key" {
3 | algorithm hmac-md5;
4 | secret "pUkeN0gBlageylNhNauKdQ==";
5 | };
6 |
7 | options {
8 | default-key "rndc-key";
9 | default-server 127.0.0.1;
10 | default-port 953;
11 | };
12 | # End of rndc.conf
13 |
14 | # Use with the following in named.conf, adjusting the allow list as needed:
15 | # key "rndc-key" {
16 | # algorithm hmac-md5;
17 | # secret "pUkeN0gBlageylNhNauKdQ==";
18 | # };
19 | #
20 | # controls {
21 | # inet 127.0.0.1 port 953
22 | # allow { 127.0.0.1; } keys { "rndc-key"; };
23 | # };
24 | # End of named.conf
25 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.dmzhosts:
--------------------------------------------------------------------------------
1 | domain mm.com
2 | nameserver 15.16.17.18
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.mm:
--------------------------------------------------------------------------------
1 | domain tel.fer.hr
2 | nameserver 20.0.0.2
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.pc:
--------------------------------------------------------------------------------
1 | domain zpm.fer.hr
2 | nameserver 30.0.0.2
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.smtpMM:
--------------------------------------------------------------------------------
1 | domain mm.com
2 | nameserver 15.16.17.18
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.www:
--------------------------------------------------------------------------------
1 | domain tel.fer.hr
2 | nameserver 20.0.0.2
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.wwwMM:
--------------------------------------------------------------------------------
1 | domain mm.com
2 | nameserver 15.16.17.18
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/resolv.zpmMail:
--------------------------------------------------------------------------------
1 | domain zpm.fer.hr
2 | nameserver 30.0.0.2
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/DNS_files/rndc.key:
--------------------------------------------------------------------------------
1 | key "rndc-key" {
2 | algorithm hmac-md5;
3 | secret "pUkeN0gBlageylNhNauKdQ==";
4 | };
5 |
6 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/FW_files/FWint-FreeBSD.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | ipfw -q flush
4 | cmd="ipfw add"
5 | ks="keep-state"
6 | skip="skipto 5000"
7 | pif=eth0
8 | good_tcpo="22,23,25,53,80,443,110"
9 |
10 | $cmd allow all from any to any via eth1 # LAN traffic
11 | $cmd allow all from any to any via lo0 # loopback
12 | $cmd deny all from any to 192.168.1.0/24 in via $pif # without NAT
13 | $cmd divert natd ip from any to any in via $pif
14 | $cmd check-state
15 |
16 | # Authorized inbound packets
17 | $cmd $skip tcp from 15.16.17.25 to 192.168.1.10 25 setup $ks
18 |
19 | # Authorized outbound packets
20 | $cmd $skip udp from any to 15.16.17.18 53 out via $pif $ks
21 | $cmd $skip tcp from any to any $good_tcpo out via $pif setup $ks
22 | $cmd $skip icmp from any to any out via $pif $ks
23 | $cmd deny log all from any to any
24 |
25 | # skipto location for outbound stateful rules
26 | $cmd 5000 divert natd ip from any to any out via $pif
27 | $cmd allow ip from any to any
28 |
29 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/FW_files/FWint.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | ipfw -q flush
4 | cmd="ipfw add"
5 | ks="keep-state"
6 | skip="skipto 5000"
7 | pif=eth0
8 | good_tcpo="22,23,25,53,80,443,110"
9 |
10 | $cmd allow all from any to any via eth1 # LAN traffic
11 | $cmd allow all from any to any via lo0 # loopback
12 | $cmd deny all from any to 192.168.1.0/24 in via $pif # without NAT
13 | $cmd divert natd ip from any to any in via $pif
14 | $cmd check-state
15 |
16 | # Authorized inbound packets
17 | $cmd $skip tcp from 15.16.17.25 to 192.168.1.10 25 setup $ks
18 |
19 | # Authorized outbound packets
20 | $cmd $skip udp from any to 15.16.17.18 53 out via $pif $ks
21 | $cmd $skip tcp from any to any $good_tcpo out via $pif setup $ks
22 | $cmd $skip icmp from any to any out via $pif $ks
23 | $cmd deny log all from any to any
24 |
25 | # skipto location for outbound stateful rules
26 | $cmd 5000 divert natd ip from any to any out via $pif
27 | $cmd allow ip from any to any
28 |
29 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.lan/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.lan/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.lan/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.mm/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.mm/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.mm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.tel/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.tel/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.tel/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/cone.zpm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.lan/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.lan/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.lan/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.lan/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.mm/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.mm/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.mm/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.mm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/addressbook
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/postfix.LAN-SMTP/local-host-names:
--------------------------------------------------------------------------------
1 | smtpMM.mm.com
2 | mail.mm.com
3 | www.mm.com
4 | mm.com
5 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/postfix.smtpMM/local-host-names:
--------------------------------------------------------------------------------
1 | smtpMM.mm.com
2 | mail.mm.com
3 | www.mm.com
4 | mm.com
5 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/postfix.www/local-host-names:
--------------------------------------------------------------------------------
1 | www.tel.fer.hr
2 | mm.tel.fer.hr
3 | tel.fer.hr
4 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/Mail_files/postfix.zpmMail/local-host-names:
--------------------------------------------------------------------------------
1 | zpmMail.zpm.fer.hr
2 | pc.zpm.fer.hr
3 | zpm.fer.hr
4 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/PREREQUISITES:
--------------------------------------------------------------------------------
1 | On FreeBSD:
2 |
3 | To activate IPFW without having to recompile a kernel add
4 | the following lines to /boot/loader.conf:
5 |
6 | net.inet.ip.fw.default_to_accept=1
7 | ipfw_load=YES
8 |
9 | After reboot, ipfw will be loaded with default to accept.
10 | If you had run "kldload ipfw" the default rule would be deny!
11 |
12 | -----------------------
13 | On Linux
14 |
15 | "iptables" must be installed on Docker image:
16 |
17 | # git clone https://github.com/imunes/vroot-linux.git
18 | # cd vroot-linux
19 | - add iptables to image/utilities.sh
20 | # ./build.sh
21 |
22 | Shell script (with firewall rules) generated using FirewallBuilder
23 | calls "modprobe". It must either be commented out or "kmod" must be
24 | added to Docker image.
25 | -----------------------
26 | Firewall rules for node FW are in FW-FreeBSD.fw and FW-Linux.fw.
27 | They were generated by FirewallBuilder from FW.fwb.
28 |
29 | Rules for FWint are in FWint-FreeBSD.sh (manually created)
30 | and FWint-Linux.fw (generated by FirewallBuilder from FWint.fwb)
31 |
32 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/README:
--------------------------------------------------------------------------------
1 | ########################
2 | # DMZ + DNS / Mail / WWW
3 | ########################
4 |
5 | This example is an extension of imunes-examples/DNS+Mail+WEB.
6 | Prerequisites are described in PREREQUISITES.
7 |
8 | -----------------------
9 | A new domain, mm.com is created on canvas mm.com and the appropriate
10 | configuration files are modified or added to DNS, Mail and Web servers.
11 |
12 | The whole mm.com network is behind firewall FW.
13 | There are 3 servers in DMZ that can be accessed from Internet:
14 | dnsMM - DNS server for mm.com (and relay for local hosts)
15 | smtpMM - Mail server for mm.com
16 | wwwMM - Web server for mm.com
17 |
18 | Hosts in LAN part of mm.com are behind another firewall, FWint
19 | that also performs NAT.
20 | Hosts from LAN can access anything on Internet (and on DMZ).
21 |
22 | Firewall rules for node FW are in FW-FreeBSD.fw and FW-Linux.fw.
23 | Rules for FWint are in FWint-FreeBSD.sh and FWint-Linux.fw.
24 | -------------------------
25 |
26 | The experiment can be started using instructions from the DNS+Mail+WEB
27 | example (README_DNS+Mail+WEB). Firewalls are started (at the begining
28 | or at the end) using script ./start_fw.
29 |
30 | Script start_all can be used to (re)start everything:
31 |
32 | # imunes -b NETWORK.imn
33 | # ./start_all
34 |
35 | Script test_fw starts nmap network scans from LAN, DMZ and Internet:
36 |
37 | # ./test_fw
38 |
39 | Check firewall rules:
40 |
41 | FreeBSD# himage FW ipfw list
42 | FreeBSD# himage FWint ipfw list
43 |
44 | Linux# himage FW iptables -L
45 | Linux# himage FWint iptables -L
46 |
47 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.www/form.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | HTML Form Example
4 |
5 |
6 |
7 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.www/freebsd.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/WEB_files/www.www/freebsd.gif
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.www/index.html:
--------------------------------------------------------------------------------
1 |
2 | Test file - www.tel.fer.hr
3 | 
4 | This is a starting page of Web servera www.tel.fer.hr
5 |
Just a few lines of text...
6 |
bla bla bla
7 |
Horizontal line
8 |
9 | Link on form
10 |
Link on ZPM
11 |
12 | Copyright (MM) 2008
13 |
14 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.www/lesson2.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use strict;
4 | use CGI;
5 | my $cgi = new CGI;
6 | print
7 | $cgi->header() .
8 | $cgi->start_html( -title => 'Form Results',
9 | -author => 'Craig Kelley',
10 | -style => '/~ink/perl_cgi/css/perlcgi.css') .
11 | $cgi->h1('Form Results') . "\n";
12 | my @params = $cgi->param();
13 | print '
' . "\n";
14 | foreach my $parameter (sort @params) {
15 | print "| $parameter | " . $cgi->param($parameter) . " |
|---|
\n";
16 | }
17 | print "
\n";
18 | print $cgi->end_html . "\n";
19 | exit (0);
20 |
21 |
22 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/form.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | HTML Form Example
4 |
5 |
6 |
7 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/freebsd.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/freebsd.gif
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/index.html:
--------------------------------------------------------------------------------
1 |
2 | Probni index fajl - wwwMM.mm.com
3 | Pocetna stranica web servera u domeni mm.com
4 |
(nalazi se iza firewall na routeru/hostu FW ...)
5 |
Link on ZZT
6 |
Link on ZPM
7 |
8 | Copyright (MM) 2015
9 |
10 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/lesson2.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use strict;
4 | use CGI;
5 | my $cgi = new CGI;
6 | print
7 | $cgi->header() .
8 | $cgi->start_html( -title => 'Form Results',
9 | -author => 'Craig Kelley',
10 | -style => '/~ink/perl_cgi/css/perlcgi.css') .
11 | $cgi->h1('Form Results') . "\n";
12 | my @params = $cgi->param();
13 | print '' . "\n";
14 | foreach my $parameter (sort @params) {
15 | print "| $parameter | " . $cgi->param($parameter) . " |
|---|
\n";
16 | }
17 | print "
\n";
18 | print $cgi->end_html . "\n";
19 | exit (0);
20 |
21 |
22 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/powerlogo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/WEB_files/www.wwwMM/powerlogo.gif
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.zpmMail/index.html:
--------------------------------------------------------------------------------
1 |
2 | Probni index fajl - zpmMail.zpm.fer.hr
3 | 
4 | >This is a starting page of Web servera zpmMail.zpm.fer.hr
5 |
bla bla bla ...
6 |
Link on ZZT
7 |
8 |
Horizonal ruler
9 |
10 | Copyright (MM) 2008
11 |
12 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/WEB_files/www.zpmMail/powerlogo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DMZ+DNS+Mail+WEB/WEB_files/www.zpmMail/powerlogo.gif
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/getMail:
--------------------------------------------------------------------------------
1 | USER imunes
2 | PASS imunes
3 | LIST
4 | QUIT
5 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/start_all:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | ./start_fw
4 | ./start_dns
5 | ./start_http
6 | ./start_mail
7 |
8 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/start_dns:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | dns_servers="aRootServer bRootServer cRootServer \
6 | dnsCom dnsOrg dnsHr hr2 \
7 | dnsFer \
8 | dnsTel dnsZpm dnsMM"
9 |
10 | hosts="mm www pc zpmMail smtpMM wwwMM"
11 | dmzhosts="pc1 pc2 pc3 LAN-SMTP"
12 |
13 | if test $# -eq 1; then
14 | eid=$1
15 | isEidRunning $eid
16 | else
17 | eid=`isNodeRunning aRootServer`
18 | if [ $? -ne 0 ]; then
19 | exit 1
20 | fi
21 | fi
22 |
23 | cd DNS_files
24 |
25 | for i in $dns_servers
26 | do
27 | # Stop named on all DNS servers
28 | himage ${i}@${eid} killall -9 named > /dev/null 2>&1
29 | himage $i@$eid mkdir -p /var/named/etc/namedb
30 | hcp $i/* $i@$eid:/var/named/etc/namedb
31 | # Start named on all DNS servers
32 | echo Starting named on $i...
33 | himage $i@$eid named -c /var/named/etc/namedb/named.conf
34 | if test -d /usr/local/etc/namedb; then
35 | himage $i@$eid cp /var/named/etc/namedb/rndc.conf /usr/local/etc/namedb
36 | fi
37 | if test -d /etc/namedb; then
38 | himage $i@$eid cp /var/named/etc/namedb/rndc.conf /etc/namedb/rndc.conf
39 | fi
40 | done
41 |
42 | echo
43 | echo Copy/Create resolv.conf on clients:
44 | for i in $hosts
45 | do
46 | hcp resolv.$i $i@$eid:/etc/resolv.conf
47 | done
48 |
49 | echo
50 | echo Copy/Create resolv.conf on clients in DMZ:
51 | for i in $dmzhosts
52 | do
53 | hcp resolv.dmzhosts $i@$eid:/etc/resolv.conf
54 | done
55 |
56 | echo
57 | echo Create empty resolv.conf on DNS servers:
58 | for i in $dns_servers
59 | do
60 | himage $i@$eid cp /dev/null /etc/resolv.conf
61 | done
62 |
63 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/start_fw:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | if test $# -eq 1; then
6 | eid=$1
7 | isEidRunning $eid
8 | else
9 | eid=`isNodeRunning aRootServer`
10 | if [ $? -ne 0 ]; then
11 | exit 1
12 | fi
13 | fi
14 |
15 | if isOSfreebsd; then
16 | kldstat -q -m ipfw
17 | if test $? -ne 0
18 | then
19 | kldload ipfw
20 | ipfw add 65534 allow ip from any to any
21 | fi
22 | kldload -n ipdivert
23 |
24 | svi="aRootServer bRootServer R3 hr2 dnsCom dnsHr dnsFer R7 R8 R9 \
25 | dnsTel www mm cRootServer dnsOrg dnsZpm pc zpmMail FW FWint \
26 | smtpMM wwwMM dnsMM LAN-SMTP pc1 pc2 pc3"
27 |
28 | for h in $svi
29 | do
30 | himage $h ipfw -q flush
31 | himage $h ipfw -q add 65534 allow ip from any to any
32 | done
33 |
34 | hcp FW_files/FW-FreeBSD.fw FW:/
35 | echo Pokrecem Firewall na FW:
36 | himage FW /FW-FreeBSD.fw
37 |
38 | himage FWint killall -q -9 natd
39 | himage FWint natd -interface eth0 -redirect_port tcp 192.168.1.10:25 25
40 |
41 | hcp FW_files/FWint-FreeBSD.sh FWint:/
42 | echo Pokrecem Firewall na FWint:
43 | himage FWint /FWint-FreeBSD.sh
44 | fi
45 |
46 | if isOSlinux; then
47 | hcp FW_files/FW-Linux.fw FW:/
48 | echo Pokrecem Firewall na FW:
49 | himage FW /FW-Linux.fw
50 |
51 | hcp FW_files/FWint-Linux.fw FWint:/
52 | echo Pokrecem Firewall na FWint:
53 | himage FWint /FWint-Linux.fw
54 | fi
55 |
56 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/start_http:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | http_servers="www zpmMail wwwMM"
6 |
7 | if test $# -eq 1; then
8 | eid=$1
9 | else
10 | for i in $http_servers
11 | do
12 | eid=`himage -e $i`
13 | if test $? -ne 0 ;then
14 | echo "Cannot find node $i"
15 | exit 2
16 | fi
17 | done
18 | fi
19 |
20 | if test $# -eq 1; then
21 | eid=$1
22 | isEidRunning $eid
23 | else
24 | eid=`isNodeRunning www`
25 | if [ $? -ne 0 ]; then
26 | exit 1
27 | fi
28 | fi
29 |
30 | if isOSfreebsd; then
31 | hasPackage www $eid '^lighttpd-'
32 | fi
33 |
34 | for serv in $http_servers
35 | do
36 | echo "Starting http server on $serv..."
37 | h=${serv}@${eid}
38 | himage $h killall -q -9 lighttpd
39 | himage $h mkdir -p /usr/local/etc/lighttpd
40 | himage $h mkdir -p /var/log/lighttpd
41 | if isOSlinux; then
42 | himage $h chown -R www-data:www-data /var/log/lighttpd
43 | else
44 | himage $h chown -R www:www /var/log/lighttpd
45 | fi
46 |
47 | hcp WEB_files/${serv}.lighttpd.conf $h:/usr/local/etc/lighttpd/lighttpd.conf
48 | himage $h chmod 755 /usr/local/etc/lighttpd/lighttpd.conf
49 | if isOSlinux; then
50 | hcp WEB_files/www.${serv} $h:/root
51 | himage -b $h lighttpd -f /usr/local/etc/lighttpd/lighttpd.conf
52 | else
53 | hcp -r WEB_files/www.${serv} $h:/root
54 | himage $h lighttpd -f /usr/local/etc/lighttpd/lighttpd.conf
55 | fi
56 | done
57 |
58 |
--------------------------------------------------------------------------------
/DMZ+DNS+Mail+WEB/test_fw.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | echo ""
4 | echo "Scan private address of LAN-SMTP in LAN from smtpMM in DMZ"
5 | echo "Everything should be filtered"
6 | himage smtpMM nmap -Pn -p20-25,53,80 192.168.1.10
7 |
8 | echo ""
9 | echo "Scan private address of LAN-SMTP in LAN from outside network"
10 | echo "Everything should be filtered"
11 | himage pc nmap -Pn -p20-25,53,80 192.168.1.10
12 |
13 | echo ""
14 | echo "Scan outside address of LAN-SMTP in LAN from smtpMM in DMZ"
15 | echo "NAT redirects 15.16.17.2:25 to 192.168.1.10:25"
16 | echo "Only smtp should be open"
17 | himage smtpMM nmap -Pn -p20-25,53,80 15.16.17.2
18 |
19 | echo ""
20 | echo "Scan outside address of LAN-SMTP in LAN from outside network"
21 | echo "(internal smtp server for LAN)"
22 | echo "Everything should be filtered"
23 | himage pc nmap -Pn -p20-25,53,80 15.16.17.2
24 |
25 | echo ""
26 | echo "Scan wwwMM.mm.com from outside network"
27 | echo "Open: http"
28 | himage pc nmap -Pn -p20-25,53,80 15.16.17.80
29 |
30 | echo ""
31 | echo "Scan dnsMM.mm.com from outside network"
32 | echo "Everything should be filtered"
33 | echo "Access to domain/tcp is allowed only from secondary server dnsTel"
34 | himage pc nmap -Pn -p20-25,53,80 15.16.17.18
35 |
36 | echo ""
37 | echo "Scan dnsMM.mm.com from dnsTel"
38 | echo "Open: domain (only from dnsTel: secundary server)"
39 | himage dnsTel nmap -Pn -p20-25,53,80 15.16.17.18
40 |
41 | echo ""
42 | echo "Scan smtpMM.mm.com from outside network"
43 | echo "Open: smtp"
44 | himage pc nmap -Pn -p20-25,53,80 15.16.17.25
45 |
46 | echo ""
47 | echo "Scan www.tel.fer.hr from DMZ"
48 | echo "Open: smtp (http is not allowed from DMZ)"
49 | himage smtpMM nmap -Pn -p20-25,53,80 20.0.0.3
50 |
51 | echo ""
52 | echo "Scan www.tel.fer.hr from LAN"
53 | echo "Open: smtp,http"
54 | himage pc1 nmap -Pn -p20-25,53,80 20.0.0.3
55 |
56 | echo ""
57 | echo "Scan UDP ports on dnsMM.mm.com from outside network"
58 | echo "Open: domain (63 open|filtered)"
59 | himage pc nmap -Pn -p7-70 -sU 15.16.17.18
60 |
61 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/aRootServer/in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS aRootServer.
11 | @ IN NS bRootServer.
12 | @ IN NS cRootServer.
13 |
14 | 20.in-addr.arpa. IN NS dnsTel.tel.fer.hr.
15 | dnsTel.tel.fer.hr. IN A 20.0.0.2
16 |
17 | 30.in-addr.arpa. IN NS dnsZpm.zpm.fer.hr.
18 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
19 |
20 | 2.0.0.1.in-addr.arpa. IN PTR aRootServer.
21 | 2.0.0.2.in-addr.arpa. IN PTR bRootServer.
22 | 2.0.0.3.in-addr.arpa. IN PTR cRootServer.
23 |
24 | 2.0.0.4.in-addr.arpa. IN PTR hr2.com.
25 | 2.0.0.5.in-addr.arpa. IN PTR dnsCom.com.
26 | 2.0.0.6.in-addr.arpa. IN PTR dnsOrg.Org.
27 | 2.0.0.7.in-addr.arpa. IN PTR dnsHr.hr.
28 |
29 | 14.13.12.11.in-addr.arpa. IN PTR dnsNesto.nesto.com.
30 | 18.17.16.15.in-addr.arpa. IN PTR dnsMM.mm.com.
31 | 2.0.0.8.in-addr.arpa. IN PTR dnsFer.fer.hr.
32 | 114.113.112.111.in-addr.arpa. IN PTR dnsBlaBla.blabla.org.
33 |
34 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/aRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/aRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type master;
11 | file "root";
12 | allow-transfer {2.0.0.2; 3.0.0.2;};
13 | };
14 |
15 | zone "0.0.127.IN-ADDR.ARPA" {
16 | type master;
17 | file "localhost.rev";
18 | };
19 |
20 | zone "IN-ADDR.ARPA" {
21 | type master;
22 | file "in-addr.arpa";
23 | allow-transfer {2.0.0.2; 3.0.0.2;};
24 | };
25 |
26 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/aRootServer/root:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS aRootServer.
11 | @ IN NS bRootServer.
12 | @ IN NS cRootServer.
13 | aRootServer. IN A 1.0.0.2
14 | bRootServer. IN A 2.0.0.2
15 | cRootServer. IN A 3.0.0.2
16 |
17 | com. IN NS dnsCom.com.
18 | dnsCom.com. IN A 5.0.0.2
19 |
20 | org. IN NS dnsOrg.org.
21 | dnsOrg.Org. IN A 6.0.0.2
22 |
23 | hr. IN NS dnsHr.hr.
24 | hr. IN NS hr2.com.
25 | dnsHr.hr. IN A 7.0.0.2
26 | hr2.com. IN A 4.0.0.2
27 |
28 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/bRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/bRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type slave;
11 | masters { 1.0.0.2; };
12 | allow-notify { 1.0.0.2; 3.0.0.2;};
13 | file "root";
14 | };
15 |
16 | zone "0.0.127.IN-ADDR.ARPA" {
17 | type master;
18 | file "localhost.rev";
19 | };
20 |
21 | zone "IN-ADDR.ARPA" {
22 | type slave;
23 | masters { 1.0.0.2; };
24 | allow-notify { 1.0.0.2; 3.0.0.2;};
25 | file "in-addr.arpa";
26 | };
27 |
28 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/cRootServer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/cRootServer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type slave;
11 | masters { 1.0.0.2; };
12 | allow-notify { 1.0.0.2; 2.0.0.2; };
13 | file "root";
14 | };
15 |
16 | zone "0.0.127.IN-ADDR.ARPA" {
17 | type master;
18 | file "localhost.rev";
19 | };
20 |
21 | zone "IN-ADDR.ARPA" {
22 | type slave;
23 | masters { 1.0.0.2; };
24 | allow-notify { 1.0.0.2; 2.0.0.2; };
25 | file "in-addr.arpa";
26 | };
27 |
28 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsCom/com:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsMM.mm.com. root.dnsMM.mm.com. (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsCom.com.
13 | dnsCom.com. IN A 5.0.0.2
14 |
15 | hr2.com. IN A 4.0.0.2
16 |
17 | nesto.com. IN NS dnsNesto.nesto.com.
18 | dnsNesto.nesto.com. IN A 11.12.13.14
19 |
20 | mm.com. IN NS dnsMM.mm.com.
21 | dnsMM.mm.com. IN A 15.16.17.18
22 |
23 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsCom/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsCom/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "com" {
15 | type master;
16 | file "com";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsCom/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsFer/fer:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsFer.fer.hr. root.dnsFer.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsFer.fer.hr.
13 | dnsFer.fer.hr. IN A 8.0.0.2
14 |
15 | tel.fer.hr. IN NS dnsTel.tel.fer.hr.
16 | dnsTel.tel.fer.hr. IN A 20.0.0.2
17 |
18 | zpm.fer.hr. IN NS dnsZpm.zpm.fer.hr.
19 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
20 |
21 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsFer/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsFer/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "fer.hr" {
15 | type master;
16 | file "fer";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsFer/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsHr/hr:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsHr.hr. root.dnsHr.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsHr.hr.
13 | @ IN NS hr2.com.
14 | dnsHr.hr. IN A 7.0.0.2
15 | hr2.com. IN A 4.0.0.2
16 |
17 | fer.hr. IN NS dnsFer.fer.hr.
18 | dnsFer.fer.hr. IN A 8.0.0.2
19 |
20 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsHr/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsHr/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "hr" {
15 | type master;
16 | file "hr";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsHr/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsOrg/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsOrg/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "org" {
15 | type master;
16 | file "org";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsOrg/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsOrg/org:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA dnsOrg.org. root.dnsOrg.org (
3 | 2002102801 ; serial
4 | 28 ; refresh
5 | 14 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsOrg.org.
11 | dnsOrg.Org. IN A 6.0.0.2
12 |
13 | blabla.org. IN NS dnsBlaBla.blabla.org.
14 | dnsBlaBla.blabla.org. IN A 111.112.113.114
15 |
16 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsTel/20.in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsTel.tel.fer.hr.
11 | dnsTel.tel.fer.hr. IN A 20.0.0.2
12 | 2.0.0.20.in-addr.arpa. IN PTR dnsTel.tel.fer.hr.
13 | 3.0.0.20.in-addr.arpa. IN PTR www.tel.fer.hr.
14 | 4.0.0.20.in-addr.arpa. IN PTR mm.tel.fer.hr.
15 |
16 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsTel/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsTel/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "tel.fer.hr" {
15 | type master;
16 | file "tel";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 | zone "20.IN-ADDR.ARPA" {
25 | type master;
26 | file "20.in-addr.arpa";
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsTel/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsTel/tel:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsTel.tel.fer.hr. root.dnsTel.tel.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsTel.tel.fer.hr.
13 | dnsTel IN A 20.0.0.2
14 |
15 | www IN A 20.0.0.3
16 | mm IN A 20.0.0.4
17 |
18 | @ IN MX 10 www.tel.fer.hr.
19 | mm IN MX 10 www.tel.fer.hr.
20 |
21 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsZpm/30.in-addr.arpa:
--------------------------------------------------------------------------------
1 | $TTL 60000
2 | @ IN SOA aRootServer. root.aRootServer (
3 | 2002102801 ; serial
4 | 28800 ; refresh
5 | 14400 ; retry
6 | 3600000 ; expire
7 | 0 ; default_ttl
8 | )
9 |
10 | @ IN NS dnsZpm.zpm.fer.hr.
11 | dnsZpm.zpm.fer.hr. IN A 30.0.0.2
12 | 2.0.0.30.in-addr.arpa. IN PTR dnsZpm.zpm.fer.hr.
13 | 3.0.0.30.in-addr.arpa. IN PTR pc.zpm.fer.hr.
14 | 4.0.0.30.in-addr.arpa. IN PTR www.zpm.fer.hr.
15 |
16 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsZpm/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsZpm/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "zpm.fer.hr" {
15 | type master;
16 | file "zpm";
17 | };
18 |
19 | zone "0.0.127.IN-ADDR.ARPA" {
20 | type master;
21 | file "localhost.rev";
22 | };
23 |
24 | zone "30.IN-ADDR.ARPA" {
25 | type master;
26 | file "30.in-addr.arpa";
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsZpm/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/dnsZpm/zpm:
--------------------------------------------------------------------------------
1 | ; Tu cu ubaciti SOA
2 | ;
3 | $TTL 60000
4 | @ IN SOA dnsZpm.zpm.fer.hr. root.dnsZpm.zpm.fer.hr (
5 | 2002102801 ; serial
6 | 28 ; refresh
7 | 14 ; retry
8 | 3600000 ; expire
9 | 0 ; default_ttl
10 | )
11 |
12 | @ IN NS dnsZpm.zpm.fer.hr.
13 | dnsZpm IN A 30.0.0.2
14 |
15 | pc IN A 30.0.0.3
16 | zpmMail IN A 30.0.0.4
17 | www IN CNAME zpmMail.zpm.fer.hr.
18 |
19 | @ IN MX 10 zpmMail.zpm.fer.hr.
20 | pc IN MX 10 zpmMail.zpm.fer.hr.
21 |
22 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/hr2/localhost.rev:
--------------------------------------------------------------------------------
1 | ; localhost.rev
2 | ;
3 | $TTL 86400
4 | @ IN SOA localhost. root.localhost (
5 | 20041128 ; Serial
6 | 28800 ; Refresh
7 | 7200 ; Retry
8 | 3600000 ; Expire
9 | 86400 ; Minimum
10 | )
11 | IN NS localhost.
12 | 1 IN PTR localhost.
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/hr2/named.conf:
--------------------------------------------------------------------------------
1 | // named.conf
2 | //
3 |
4 | options {
5 | directory "/var/named/etc/namedb";
6 | dnssec-validation no;
7 | };
8 |
9 | zone "." {
10 | type hint;
11 | file "named.root";
12 | };
13 |
14 | zone "hr" {
15 | type slave;
16 | masters { 7.0.0.2; };
17 | file "hr";
18 | };
19 |
20 | zone "0.0.127.IN-ADDR.ARPA" {
21 | type master;
22 | file "localhost.rev";
23 | };
24 |
25 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/hr2/named.root:
--------------------------------------------------------------------------------
1 | ;
2 | ; Samo 2 root servera
3 | ; Vidi original u named.root.pravi
4 | ;
5 | . 3600000 IN NS aRootServer.
6 | aRootServer. 3600000 A 1.0.0.2
7 | ;
8 | . 3600000 IN NS bRootServer.
9 | bRootServer. 3600000 A 2.0.0.2
10 | ;
11 | . 3600000 IN NS cRootServer.
12 | cRootServer. 3600000 A 3.0.0.2
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/resolv.mm:
--------------------------------------------------------------------------------
1 | domain tel.fer.hr
2 | nameserver 20.0.0.2
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/resolv.pc:
--------------------------------------------------------------------------------
1 | domain zpm.fer.hr
2 | nameserver 30.0.0.2
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/resolv.www:
--------------------------------------------------------------------------------
1 | domain tel.fer.hr
2 | nameserver 20.0.0.2
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/DNS_files/resolv.zpmMail:
--------------------------------------------------------------------------------
1 | domain zpm.fer.hr
2 | nameserver 30.0.0.2
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/cone.tel/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DNS+Mail+WEB/Mail_files/cone/cone.tel/addressbook
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/cone.tel/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/cone.zpm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@FreeBSD7
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/addressbook
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.tel/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/addressbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/addressbook
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/cacherc:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/cone/linux-cone.zpm/conerc:
--------------------------------------------------------------------------------
1 |
2 | root@mm
3 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/postfix.www/local-host-names:
--------------------------------------------------------------------------------
1 | www.tel.fer.hr
2 | mm.tel.fer.hr
3 | tel.fer.hr
4 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/Mail_files/postfix.zpmMail/local-host-names:
--------------------------------------------------------------------------------
1 | zpmMail.zpm.fer.hr
2 | pc.zpm.fer.hr
3 | zpm.fer.hr
4 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.www/form.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | HTML Form Example
4 |
5 |
6 |
7 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.www/freebsd.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DNS+Mail+WEB/WEB_files/www.www/freebsd.gif
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.www/index.html:
--------------------------------------------------------------------------------
1 |
2 | Test file - www.tel.fer.hr
3 |
4 | This is a starting page of Web servera www.tel.fer.hr
5 |
Just a few lines of text...
6 |
bla bla bla
7 |
Horizontal line
8 |
9 | Link on form
10 |
Link on ZPM
11 |
12 | Copyright (MM) 2008
13 |
14 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.www/lesson2.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use strict;
4 | use CGI;
5 | my $cgi = new CGI;
6 | print
7 | $cgi->header() .
8 | $cgi->start_html( -title => 'Form Results',
9 | -author => 'Craig Kelley',
10 | -style => '/~ink/perl_cgi/css/perlcgi.css') .
11 | $cgi->h1('Form Results') . "\n";
12 | my @params = $cgi->param();
13 | print '
' . "\n";
14 | foreach my $parameter (sort @params) {
15 | print "| $parameter | " . $cgi->param($parameter) . " |
|---|
\n";
16 | }
17 | print "
\n";
18 | print $cgi->end_html . "\n";
19 | exit (0);
20 |
21 |
22 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.zpmMail/index.html:
--------------------------------------------------------------------------------
1 |
2 | Probni index fajl - zpmMail.zpm.fer.hr
3 |
4 | >This is a starting page of Web servera zpmMail.zpm.fer.hr
5 |
bla bla bla ...
6 |
Link on ZZT
7 |
8 |
Horizonal ruler
9 |
10 | Copyright (MM) 2008
11 |
12 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/WEB_files/www.zpmMail/powerlogo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/imunes/imunes-examples/9f76501b01e101bab8424f23dab3a900e679112f/DNS+Mail+WEB/WEB_files/www.zpmMail/powerlogo.gif
--------------------------------------------------------------------------------
/DNS+Mail+WEB/getMail:
--------------------------------------------------------------------------------
1 | USER imunes
2 | PASS imunes
3 | LIST
4 | QUIT
5 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/start_dns:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | dns_servers="aRootServer bRootServer cRootServer \
6 | dnsCom dnsOrg dnsHr hr2 \
7 | dnsFer \
8 | dnsTel dnsZpm"
9 |
10 | hosts="mm www pc zpmMail"
11 |
12 | if test $# -eq 1; then
13 | eid=$1
14 | isEidRunning $eid
15 | else
16 | eid=`isNodeRunning aRootServer`
17 | if [ $? -ne 0 ]; then
18 | exit 1
19 | fi
20 | fi
21 |
22 | cd DNS_files
23 |
24 | for i in $dns_servers
25 | do
26 | # Stop named on all DNS servers
27 | himage ${i}@${eid} killall -9 named > /dev/null 2>&1
28 | himage $i@$eid mkdir -p /var/named/etc/namedb
29 | hcp $i/* $i@$eid:/var/named/etc/namedb
30 | # Start named on all DNS servers
31 | echo Starting named on $i...
32 | himage $i@$eid named -c /var/named/etc/namedb/named.conf
33 | done
34 |
35 | echo
36 | echo Copy/Create resolv.conf on clients:
37 | for i in $hosts
38 | do
39 | hcp resolv.$i $i@$eid:/etc/resolv.conf
40 | done
41 |
42 | echo
43 | echo Create empty resolv.conf on DNS servers:
44 | for i in $dns_servers
45 | do
46 | himage $i@$eid cp /dev/null /etc/resolv.conf
47 | done
48 |
49 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/start_http:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | http_servers="www zpmMail"
6 |
7 | if test $# -eq 1; then
8 | eid=$1
9 | else
10 | for i in $http_servers
11 | do
12 | eid=`himage -e $i`
13 | if test $? -ne 0 ;then
14 | echo "Cannot find node $i"
15 | exit 2
16 | fi
17 | done
18 | fi
19 |
20 | if test $# -eq 1; then
21 | eid=$1
22 | isEidRunning $eid
23 | else
24 | eid=`isNodeRunning www`
25 | if [ $? -ne 0 ]; then
26 | exit 1
27 | fi
28 | fi
29 |
30 | if isOSfreebsd; then
31 | hasPackage www $eid '^lighttpd-'
32 | fi
33 |
34 | for serv in $http_servers
35 | do
36 | echo "Starting http server on $serv..."
37 | h=${serv}@${eid}
38 | himage $h mkdir -p /usr/local/etc/lighttpd
39 | himage $h mkdir -p /var/log/lighttpd
40 | if isOSlinux; then
41 | himage $h chown -R www-data:www-data /var/log/lighttpd
42 | else
43 | himage $h chown -R www:www /var/log/lighttpd
44 | fi
45 |
46 | hcp WEB_files/${serv}.lighttpd.conf $h:/usr/local/etc/lighttpd/lighttpd.conf
47 | himage $h chmod 755 /usr/local/etc/lighttpd/lighttpd.conf
48 | if isOSlinux; then
49 | hcp WEB_files/www.${serv} $h:/root
50 | himage -b $h lighttpd -f /usr/local/etc/lighttpd/lighttpd.conf
51 | else
52 | hcp -r WEB_files/www.${serv} $h:/root
53 | himage $h lighttpd -f /usr/local/etc/lighttpd/lighttpd.conf
54 | fi
55 | done
56 |
57 |
--------------------------------------------------------------------------------
/DNS+Mail+WEB/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | dns_servers="aRootServer bRootServer cRootServer \
6 | dnsCom dnsOrg dnsHr hr2 \
7 | dnsFer \
8 | dnsTel dnsZpm"
9 | hosts="mm www pc zpmMail"
10 | err=0
11 | legacy=""
12 | if test -n "$LEGACY"; then
13 | legacy=" -l"
14 | fi
15 |
16 | eid=`imunes$legacy -b NETWORK.imn | awk '/Experiment/{print $4; exit}'`
17 | startCheck "$eid"
18 |
19 | ./start_dns $eid
20 | if [ $? -ne 0 ]; then
21 | echo "********** START_DNS ERROR **********"
22 | err=1
23 | else
24 | sleep 60
25 | for h in $dns_servers $hosts; do
26 | dnsCheck $h@$eid zpmMail.zpm.fer.hr
27 | if [ $? -eq 0 ]; then
28 | dnsCheck $h@$eid mm.tel.fer.hr
29 | if [ $? -ne 0 ]; then
30 | err=1
31 | fi
32 | else
33 | err=1
34 | fi
35 | done
36 | fi
37 |
38 | ./start_mail $eid
39 | if [ $? -ne 0 ]; then
40 | echo "********** START_MAIL ERROR **********"
41 | err=2
42 | else
43 | himage www@$eid grep imunes /etc/passwd > /dev/null 2>&1
44 | if [ $? -eq 1 ]; then
45 | echo "User imunes should be created in virtual nodes."
46 | err=2
47 | fi
48 | sendMail www@$eid imunes@zpm.fer.hr
49 | if [ $? -ne 0 ]; then
50 | err=2
51 | else
52 | echo Wait 5 sec before reading e-mail...
53 | sleep 5
54 | getMail pc@$eid 30.0.0.4
55 | if [ $? -ne 0 ]; then
56 | err=2
57 | fi
58 | fi
59 | fi
60 |
61 | ./start_http $eid
62 | if [ $? -ne 0 ]; then
63 | echo "********** START_HTTP ERROR **********"
64 | err=3
65 | else
66 | sleep 1
67 | webCheck mm@$eid http://www.tel.fer.hr
68 | if [ $? -ne 0 ]; then
69 | err=3
70 | else
71 | webCheck mm@$eid http://www.zpm.fer.hr
72 | if [ $? -ne 0 ]; then
73 | err=3
74 | fi
75 | fi
76 | fi
77 |
78 | imunes$legacy -b -e $eid
79 |
80 | thereWereErrors $err
81 |
--------------------------------------------------------------------------------
/IS-IS/README.md:
--------------------------------------------------------------------------------
1 | ## IS-IS routing protocol example
2 | In this example "Custom Config" feature is used for IS-IS router's configuration.
3 |
4 | Double click on router or select "Configure" from right-click popup menu:
5 | - Custom startup config is "Enabled"
6 | - Selected custom config is "conf1"
7 | - Click on "Editor" button
8 |
9 | Configuration is inspired by "[Configuring IS-IS for IP on Cisco Routers](http://www.cisco.com/c/en/us/support/docs/ip/integrated-intermediate-system-to-intermediate-system-is-is/13795-is-is-ip-config.html "Configuring IS-IS for IP on Cisco Routers")".
10 |
11 |
--------------------------------------------------------------------------------
/IS-IS/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | slow=0
7 | legacy=""
8 | if test -n "$LEGACY"; then
9 | legacy=" -l"
10 | fi
11 |
12 | eid=`imunes$legacy -b IS-IS.imn | awk '/Experiment/{print $4; exit}'`
13 | startCheck "$eid"
14 |
15 | Wait 40
16 |
17 | n=1
18 | pingStatus=1
19 | while [ $n -le 20 ] && [ $pingStatus -ne 0 ]; do
20 | echo "Ping test $n / 20 ..."
21 | pingCheck pc1@$eid 172.16.3.20 2
22 | pingStatus=$?
23 | n=`expr $n + 1`
24 | done
25 |
26 | if [ $pingStatus -ne 0 ]; then
27 | err=1
28 | fi
29 |
30 | for r in R1 R2 R3
31 | do
32 | echo "########## $r@$eid routes"
33 | himage -nt $r@$eid vtysh << __END__
34 | show ip route
35 | exit
36 | __END__
37 | done
38 |
39 | imunes$legacy -b -e $eid
40 |
41 | thereWereErrors $err
42 |
43 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | sh testAll.sh
3 |
4 | clean:
5 | @rm -f */TESTRESULTS* */*/TESTRESULTS* */tcplog_err benchmark/start*log benchmark/term*log
6 |
7 | showtimes:
8 | grep "^Test took" */TESTRESULTS* */*/TESTRESULTS*
9 |
10 | showerrors:
11 | grep "^There were errors" */TESTRESULTS* */*/TESTRESULTS*
12 |
13 | bench:
14 | cd benchmark && ./benchmark.sh -w 1 *.imn
15 |
16 | bench_all:
17 | cd benchmark && ./benchmark.sh ../*/*.imn
18 |
--------------------------------------------------------------------------------
/OSPF/README:
--------------------------------------------------------------------------------
1 |
2 | *******************
3 | * OSPF.imn
4 | *******************
5 |
6 | The purpose of the example is to show what happens in the "quiet" network - how routers exchange information about their neighbours.
7 |
8 | Follow the same steps as in RIP.imn.
9 |
10 | Analyse the packets which are transmitted.
11 |
12 | *******************
13 | * OSPF1.imn
14 | *******************
15 |
16 | The purpose of the example is to show what happens after the router goes down, and then goes back up.
17 |
18 | Follow the same steps as in RIP1.imn, using the following router commands:
19 |
20 | show ip route - shows all routes
21 | show ip ospf route - shows ospf routes
22 | show ip ospf interface - show info about router's interfaces
23 | show ip ospf neighbor - show info about router's neighbours
24 |
25 | Notice the dead time in "show ip ospf neighbor" and check what happens after the router7 is shut down. Look at how the dead time changes.
26 |
27 |
28 | *******************
29 | * OSPF_RFC.imn
30 | *******************
31 |
32 | Network and configuration example from RFC 2328, "OSPF Version 2", figure 2, page 19.
33 | http://www.ietf.org/rfc/rfc2328.txt
34 |
35 |
--------------------------------------------------------------------------------
/Ping/README:
--------------------------------------------------------------------------------
1 |
2 | The purpose of this example is to demonstrate how ping works.
3 |
4 | Start the simulation.
5 |
6 | Start Ethereal on eth0 of pc1.
7 |
8 | Open capture, and check "Update list of packets in real time".
9 |
10 | Start capturing.
11 |
12 | Open shell window on pc1.
13 |
14 | Check the availability of the server (10.0.8.10). What is the response of the ping command? Stop the ping after several probes (Ctrl-C).
15 |
16 | Stop capturing.
17 |
18 | Analyse the traffic from the ping:
19 |
20 | - how many packets were recorded?
21 | - what are the first two packets?
22 | - what packets are involved with each probe?
23 | - what is Echo request?
24 | - what is Echo reply?
25 |
26 | Open the content of the ICMP header. Analyse it.
27 |
28 | Further work:
29 |
30 | Repeat the same procedure with the increased packet size (1000 bytes, 2000 bytes). Check 'man ping' for the info on how to use ping. What happens? Does the fragmentation occur? Analyse it.
31 |
32 |
--------------------------------------------------------------------------------
/Ping/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b ping.imn | awk '/Experiment/{print $4; exit}'`
12 | startCheck "$eid"
13 |
14 | netDump pc1@$eid eth0 icmp
15 | if [ $? -eq 0 ]; then
16 | n=1
17 | pingStatus=1
18 | while [ $n -le 20 ] && [ $pingStatus -ne 0 ]; do
19 | echo "Ping test $n / 20 ..."
20 | pingCheck pc1@$eid 10.0.8.10 2
21 | pingStatus=$?
22 | n=`expr $n + 1`
23 | done
24 | if [ $pingStatus -eq 0 ]; then
25 |
26 | sleep 2
27 | readDump pc1@$eid eth0
28 | err=$?
29 | else
30 | err=1
31 | fi
32 | else
33 | err=1
34 | fi
35 |
36 | imunes$legacy -b -e $eid
37 |
38 | thereWereErrors $err
39 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # imunes-examples
2 | Examples for the IMUNES network emulator.
3 |
4 | IMUNES is a lightweight network emulator that runs on top of the FreeBSD kernel
5 | which is used to create a virtual network topology by using FreeBSD
6 | [jails](https://www.freebsd.org/doc/handbook/jails.html) and
7 | [netgraph](https://www.freebsd.org/cgi/man.cgi?netgraph%284%29).
8 |
9 | To run the scenarios, after starting the virtual machine, just clone the git
10 | repository into the machine and follow the instructions.
11 |
12 | Additional instructions and explanations are available on our [wiki page](http://imunes.tel.fer.hr/trac/wiki/WikiImunesExamples).
13 |
14 | The table below shows which tests work on Linux and FreeBSD operating systems.
15 |
16 | | | Linux | FreeBSD |
17 | |------------------|:-----------:|:-----------:|
18 | | benchmark | YES | YES |
19 | | DHCP | YES | YES |
20 | | DNS+Mail+WEB | YES | YES |
21 | | functional_tests | NO | YES |
22 | | gif | NO | YES |
23 | | OSPF | YES | YES* |
24 | | Ping | YES | YES |
25 | | RIP | YES | YES |
26 | | services | YES | YES |
27 | | Traceroute | YES | YES |
28 |
29 | *problems with quagga OSPFv2 routing daemon on FreeBSD-9.3
30 |
--------------------------------------------------------------------------------
/RIP/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | slow=0
7 | legacy=""
8 | if test -n "$LEGACY"; then
9 | legacy=" -l"
10 | fi
11 |
12 | eid=`imunes$legacy -b RIP1.imn | awk '/Experiment/{print $4; exit}'`
13 | startCheck "$eid"
14 |
15 | sleep 10
16 | netDump router2@$eid eth2
17 | if [ $? -eq 0 ]; then
18 | pingCheck pc@$eid 10.0.4.10
19 | if [ $? -eq 0 ]; then
20 | echo "########## router2@$eid routes"
21 | himage -nt router2@$eid vtysh << __END__
22 | show ip rip
23 | show ipv6 ripng
24 | exit
25 | __END__
26 | sleep 30
27 | if [ $? -eq 0 ]; then
28 | ping6Check pc@$eid fc00:1::10
29 | if [ $? -eq 0 ]; then
30 | sleep 2
31 | echo ""
32 | readDump router2@$eid eth2
33 | if [ $? -ne 0 ]; then
34 | err=1
35 | fi
36 | else
37 | err=1
38 | fi
39 | else
40 | err=1
41 | fi
42 |
43 | if [ $slow -eq 1 ]; then
44 | stopNode router7@$eid
45 | if [ $? -eq 0 ]; then
46 | sleep 190
47 |
48 | echo ""
49 | echo "########## router2@$eid routes after 3 minutes"
50 | himage -nt router2@$eid vtysh << __END__
51 | show ip rip
52 | show ipv6 ripng
53 | exit
54 | __END__
55 |
56 | startNode router7@$eid
57 | if [ $? -eq 0 ]; then
58 | sleep 10
59 | pingCheck pc@$eid 10.0.4.10
60 | if [ $? -eq 0 ]; then
61 | sleep 4
62 | readDump router2@$eid eth2
63 | else
64 | err=1
65 | fi
66 | ping6Check pc@$eid fc00:1::10
67 | if [ $? -eq 0 ]; then
68 | sleep 4
69 | readDump router2@$eid eth2
70 | else
71 | err=1
72 | fi
73 | else
74 | err=1
75 | fi
76 | else
77 | err=1
78 | fi
79 | fi
80 | else
81 | err=1
82 | fi
83 | else
84 | err=1
85 | fi
86 |
87 | imunes$legacy -b -e $eid
88 |
89 | thereWereErrors $err
90 |
--------------------------------------------------------------------------------
/Traceroute/README:
--------------------------------------------------------------------------------
1 |
2 | The purpose of this example is to demonstrate how traceroute works.
3 |
4 | Start the simulation.
5 |
6 | Start Ethereal on eth0 of pc1.
7 |
8 | Open capture, and check "Update list of packets in real time".
9 |
10 | Start capturing.
11 |
12 | Open shell window on pc1.
13 |
14 | Check the route to the server (10.0.8.10). Analyse the response from the traceroute and compare it with the network. Check the IP addresses of router interfaces involved in traffic routing.
15 |
16 | Open shell window on the server.
17 |
18 | Check the route back to the pc1 (10.0.0.21). Analyse the response from the traceroute and compare it with the network. Check the IP addresses of router interfaces involved in traffic routing. Compare it with the IP address in the last traceroute.
19 |
20 | Stop capturing after approx. 10 seconds.
21 |
22 | Analyse the traffic from both traceroutes.
23 |
24 | The first trace should show all datagrams sent from pc1.
25 |
26 | The second trace should show only the datagrams that actually reached pc1. Where are the others? Explain!
27 |
28 | Further work:
29 |
30 | Start the capture on one of the router's interfaces along the path. What traffic does that router "see" on the selected interface? Why?
31 |
--------------------------------------------------------------------------------
/Traceroute/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b traceroute.imn | awk '/Experiment/{print $4; exit}'`
12 | startCheck "$eid"
13 |
14 | netDump pc1@$eid eth0
15 | if [ $? -eq 0 ]; then
16 | n=1
17 | traceStat=1
18 | while [ $n -le 20 ] && [ $traceStat -ne 0 ]; do
19 | sleep 1
20 | echo "Traceroute test $n / 20 ..."
21 | traceCheck pc1@$eid 10.0.8.10
22 | traceStat=$?
23 | n=`expr $n + 1`
24 | done
25 | if [ $traceStat -eq 0 ]; then
26 | traceCheck server@$eid 10.0.0.21
27 | if [ $? -eq 0 ]; then
28 | sleep 3
29 | readDump pc1@$eid eth0
30 | err=$?
31 | else
32 | err=1
33 | fi
34 | else
35 | err=1
36 | fi
37 | else
38 | err=1
39 | fi
40 |
41 | imunes$legacy -b -e $eid
42 |
43 | thereWereErrors $err
44 |
--------------------------------------------------------------------------------
/benchmark/h-s-h.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type host
3 | network-config {
4 | hostname host1
5 | !
6 | interface eth0
7 | ip address 10.0.0.10/24
8 | ipv6 address fc00::10/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/24
14 | ipv6 address ::1/128
15 | !
16 | }
17 | canvas c0
18 | iconcoords {120.0 216.0}
19 | labelcoords {120.0 257.0}
20 | interface-peer {eth0 n2}
21 | }
22 |
23 | node n1 {
24 | type host
25 | network-config {
26 | hostname host2
27 | !
28 | interface eth0
29 | ip address 10.0.0.11/24
30 | ipv6 address fc00::11/64
31 | mac address 42:00:aa:00:00:01
32 | !
33 | interface lo0
34 | type lo
35 | ip address 127.0.0.1/24
36 | ipv6 address ::1/128
37 | !
38 | }
39 | canvas c0
40 | iconcoords {792.0 216.0}
41 | labelcoords {792.0 257.0}
42 | interface-peer {eth0 n2}
43 | }
44 |
45 | node n2 {
46 | type lanswitch
47 | network-config {
48 | hostname switch2
49 | !
50 | }
51 | canvas c0
52 | iconcoords {456.0 216.0}
53 | labelcoords {456.0 244.0}
54 | interface-peer {e0 n0}
55 | interface-peer {e1 n1}
56 | }
57 |
58 | link l0 {
59 | nodes {n0 n2}
60 | bandwidth 0
61 | }
62 |
63 | link l1 {
64 | nodes {n2 n1}
65 | bandwidth 0
66 | }
67 |
68 | canvas c0 {
69 | name {Canvas0}
70 | }
71 |
72 | option show {
73 | interface_names yes
74 | ip_addresses yes
75 | ipv6_addresses no
76 | node_labels yes
77 | link_labels yes
78 | background_images no
79 | annotations yes
80 | grid yes
81 | iconSize normal
82 | zoom 1.0
83 | }
84 |
85 |
--------------------------------------------------------------------------------
/benchmark/p-p.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/24
14 | ipv6 address ::1/128
15 | !
16 | }
17 | canvas c0
18 | iconcoords {264.0 216.0}
19 | labelcoords {264.0 252.0}
20 | interface-peer {eth0 n1}
21 | }
22 |
23 | node n1 {
24 | type pc
25 | network-config {
26 | hostname pc2
27 | !
28 | interface eth0
29 | ip address 10.0.0.21/24
30 | ipv6 address fc00::21/64
31 | mac address 42:00:aa:00:00:01
32 | !
33 | interface lo0
34 | type lo
35 | ip address 127.0.0.1/24
36 | ipv6 address ::1/128
37 | !
38 | }
39 | canvas c0
40 | iconcoords {648.0 216.0}
41 | labelcoords {648.0 252.0}
42 | interface-peer {eth0 n0}
43 | }
44 |
45 | link l0 {
46 | nodes {n0 n1}
47 | bandwidth 0
48 | }
49 |
50 | canvas c0 {
51 | name {Canvas0}
52 | }
53 |
54 | option show {
55 | interface_names yes
56 | ip_addresses yes
57 | ipv6_addresses no
58 | node_labels yes
59 | link_labels yes
60 | background_images no
61 | annotations yes
62 | grid yes
63 | iconSize normal
64 | zoom 1.0
65 | }
66 |
67 |
--------------------------------------------------------------------------------
/benchmark/p-s-p.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type lanswitch
3 | network-config {
4 | hostname switch1
5 | !
6 | }
7 | canvas c0
8 | iconcoords {408.0 216.0}
9 | labelcoords {408.0 244.0}
10 | interface-peer {e0 n1}
11 | interface-peer {e1 n2}
12 | }
13 |
14 | node n1 {
15 | type pc
16 | network-config {
17 | hostname pc1
18 | !
19 | interface eth0
20 | ip address 10.0.0.20/24
21 | ipv6 address fc00::20/64
22 | mac address 42:00:aa:00:00:00
23 | !
24 | interface lo0
25 | type lo
26 | ip address 127.0.0.1/24
27 | ipv6 address ::1/128
28 | !
29 | }
30 | canvas c0
31 | iconcoords {120.0 216.0}
32 | labelcoords {120.0 252.0}
33 | interface-peer {eth0 n0}
34 | }
35 |
36 | node n2 {
37 | type pc
38 | network-config {
39 | hostname pc2
40 | !
41 | interface eth0
42 | ip address 10.0.0.21/24
43 | ipv6 address fc00::21/64
44 | mac address 42:00:aa:00:00:01
45 | !
46 | interface lo0
47 | type lo
48 | ip address 127.0.0.1/24
49 | ipv6 address ::1/128
50 | !
51 | }
52 | canvas c0
53 | iconcoords {696.0 216.0}
54 | labelcoords {696.0 252.0}
55 | interface-peer {eth0 n0}
56 | }
57 |
58 | link l0 {
59 | nodes {n1 n0}
60 | bandwidth 0
61 | }
62 |
63 | link l1 {
64 | nodes {n0 n2}
65 | bandwidth 0
66 | }
67 |
68 | canvas c0 {
69 | name {Canvas0}
70 | }
71 |
72 | option show {
73 | interface_names yes
74 | ip_addresses yes
75 | ipv6_addresses no
76 | node_labels yes
77 | link_labels yes
78 | background_images no
79 | annotations yes
80 | grid yes
81 | iconSize normal
82 | zoom 1.0
83 | }
84 |
85 |
--------------------------------------------------------------------------------
/benchmark/pp.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface lo0
7 | type lo
8 | ip address 127.0.0.1/24
9 | ipv6 address ::1/128
10 | !
11 | }
12 | canvas c0
13 | iconcoords {216.0 264.0}
14 | labelcoords {216.0 300.0}
15 | }
16 |
17 | node n1 {
18 | type pc
19 | network-config {
20 | hostname pc2
21 | !
22 | interface lo0
23 | type lo
24 | ip address 127.0.0.1/24
25 | ipv6 address ::1/128
26 | !
27 | }
28 | canvas c0
29 | iconcoords {648.0 264.0}
30 | labelcoords {648.0 300.0}
31 | }
32 |
33 | canvas c0 {
34 | name {Canvas0}
35 | }
36 |
37 | option show {
38 | interface_names yes
39 | ip_addresses yes
40 | ipv6_addresses no
41 | node_labels yes
42 | link_labels yes
43 | background_images no
44 | annotations yes
45 | grid yes
46 | iconSize normal
47 | zoom 1.0
48 | }
49 |
50 |
--------------------------------------------------------------------------------
/common/start_functions.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | os=`uname -s`;
4 |
5 | isOSlinux() {
6 | if test $os = "Linux"; then
7 | true;
8 | else
9 | false;
10 | fi
11 | }
12 |
13 | isOSfreebsd() {
14 | if test $os = "FreeBSD"; then
15 | true;
16 | else
17 | false;
18 | fi
19 | }
20 |
21 | # Error check
22 | error() {
23 | echo $*
24 | exit 2
25 | }
26 |
27 | # isEidRunning eid
28 | isEidRunning() {
29 | err=`himage -l | awk '{print $1}' | grep -x $1` \
30 | || error "Cannot find experiment $1. Is simulation started? Try: Experiment->Execute"
31 | }
32 |
33 | # isNodeRunning node eid
34 | isNodeRunning() {
35 | node=$1
36 | if [ $# -ne 1 ]; then
37 | isEidRunning $2
38 | else
39 | eid=`himage -e $1` \
40 | || error "Cannot find node $1. Is simulation started? Try: Experiment->Execute"
41 | echo "$eid"
42 | fi
43 | }
44 |
45 | # hasPackage node eid pkgName
46 | hasPackage() {
47 | pkg info > /dev/null 2>&1
48 | if [ $? -eq 0 ]; then
49 | himage $1@$2 pkg info | grep "$3" > /dev/null 2>&1
50 | err=$?
51 | else
52 | himage $1@$2 pkg_info | grep "$3" > /dev/null 2>&1
53 | err=$?
54 | fi
55 | if [ $err -ne 0 ]; then
56 | error "*** Package $3 is not installed on $1@$2"
57 | fi
58 | }
59 |
--------------------------------------------------------------------------------
/functional_tests/empty_ifaces/empty.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/8
14 | ipv6 address ::1/128
15 | !
16 | }
17 | auto_default_routes enabled
18 | canvas c0
19 | iconcoords {120 288}
20 | labelcoords {120 319}
21 | interface-peer {eth0 n1}
22 | }
23 |
24 | node n1 {
25 | type router
26 | model frr
27 | network-config {
28 | hostname router1
29 | !
30 | interface eth1
31 | ipv6 address fc00:1::1/64
32 | mac address 42:00:aa:00:00:02
33 | ip address 20.0.0.1/24
34 | !
35 | interface eth0
36 | ip address 10.0.0.1/24
37 | ipv6 address fc00::1/64
38 | mac address 42:00:aa:00:00:01
39 | !
40 | interface lo0
41 | type lo
42 | ip address 127.0.0.1/8
43 | ipv6 address ::1/128
44 | !
45 | router rip
46 | redistribute static
47 | redistribute connected
48 | redistribute ospf
49 | network 0.0.0.0/0
50 | !
51 | router ripng
52 | redistribute static
53 | redistribute connected
54 | redistribute ospf6
55 | network ::/0
56 | !
57 | }
58 | auto_default_routes enabled
59 | canvas c0
60 | iconcoords {648 288}
61 | labelcoords {648 313}
62 | interface-peer {eth0 n0}
63 | interface-peer {eth1 ""}
64 | }
65 |
66 | link l0 {
67 | nodes {n0 n1}
68 | ifaces {eth0 eth0}
69 | }
70 |
71 | canvas c0 {
72 | name {Canvas0}
73 | }
74 |
75 | option show {
76 | interface_names yes
77 | ip_addresses yes
78 | ipv6_addresses yes
79 | node_labels yes
80 | link_labels yes
81 | background_images no
82 | annotations yes
83 | hostsAutoAssign no
84 | grid yes
85 | iconSize normal
86 | zoom 1.0
87 | }
88 |
89 |
--------------------------------------------------------------------------------
/functional_tests/empty_ifaces/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b empty.imn | tail -1 | cut -d' ' -f4`
12 | startCheck "$eid"
13 |
14 | netDump pc1@$eid eth0 icmp
15 | if [ $? -eq 0 ]; then
16 | sleep 4
17 | pingCheck pc1@$eid 20.0.0.1 2
18 | if [ $? -eq 0 ]; then
19 | sleep 2
20 | readDump pc1@$eid eth0
21 | err=$?
22 | else
23 | err=1
24 | fi
25 | else
26 | err=1
27 | fi
28 |
29 | imunes$legacy -b -e $eid
30 |
31 | thereWereErrors $err
32 |
--------------------------------------------------------------------------------
/functional_tests/extelem/extelem.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/8
14 | ipv6 address ::1/128
15 | !
16 | }
17 | auto_default_routes enabled
18 | canvas c0
19 | iconcoords {144 96}
20 | labelcoords {144 127}
21 | interface-peer {eth0 n2}
22 | }
23 |
24 | node n1 {
25 | type pc
26 | network-config {
27 | hostname pc2
28 | !
29 | interface eth0
30 | mac address 42:00:aa:00:00:01
31 | ip address 10.0.0.21/24
32 | ipv6 address fc00::21/64
33 | !
34 | interface lo0
35 | type lo
36 | ip address 127.0.0.1/8
37 | ipv6 address ::1/128
38 | !
39 | }
40 | auto_default_routes enabled
41 | canvas c0
42 | iconcoords {144 456}
43 | labelcoords {144 487}
44 | interface-peer {eth0 n2}
45 | }
46 |
47 | node n2 {
48 | type extelem
49 | external-ifcs {{x0 extelem0} {x1 extelem1}}
50 | network-config {
51 | hostname xel1
52 | !
53 | }
54 | canvas c0
55 | iconcoords {528 264}
56 | labelcoords {528 289}
57 | interface-peer {x0 n0}
58 | interface-peer {x1 n1}
59 | }
60 |
61 | link l0 {
62 | nodes {n0 n2}
63 | ifaces {eth0 x0}
64 | }
65 |
66 | link l1 {
67 | nodes {n2 n1}
68 | ifaces {x1 eth0}
69 | }
70 |
71 | canvas c0 {
72 | name {Canvas0}
73 | }
74 |
75 | option show {
76 | interface_names yes
77 | ip_addresses yes
78 | ipv6_addresses yes
79 | node_labels yes
80 | link_labels yes
81 | background_images no
82 | annotations yes
83 | hostsAutoAssign no
84 | grid yes
85 | iconSize normal
86 | zoom 1.0
87 | }
88 |
89 |
--------------------------------------------------------------------------------
/functional_tests/extelem/extelem_directlink.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/8
14 | ipv6 address ::1/128
15 | !
16 | }
17 | auto_default_routes enabled
18 | canvas c0
19 | iconcoords {144 96}
20 | labelcoords {144 127}
21 | interface-peer {eth0 n2}
22 | }
23 |
24 | node n1 {
25 | type pc
26 | network-config {
27 | hostname pc2
28 | !
29 | interface eth0
30 | mac address 42:00:aa:00:00:01
31 | ip address 10.0.0.21/24
32 | ipv6 address fc00::21/64
33 | !
34 | interface lo0
35 | type lo
36 | ip address 127.0.0.1/8
37 | ipv6 address ::1/128
38 | !
39 | }
40 | auto_default_routes enabled
41 | canvas c0
42 | iconcoords {144 456}
43 | labelcoords {144 487}
44 | interface-peer {eth0 n2}
45 | }
46 |
47 | node n2 {
48 | type extelem
49 | external-ifcs {{x0 extelem0} {x1 extelem1}}
50 | network-config {
51 | hostname xel1
52 | !
53 | }
54 | canvas c0
55 | iconcoords {528 264}
56 | labelcoords {528 289}
57 | interface-peer {x0 n0}
58 | interface-peer {x1 n1}
59 | }
60 |
61 | link l0 {
62 | nodes {n0 n2}
63 | ifaces {eth0 x0}
64 | direct 1
65 | }
66 |
67 | link l1 {
68 | nodes {n2 n1}
69 | ifaces {x1 eth0}
70 | direct 1
71 | }
72 |
73 | canvas c0 {
74 | name {Canvas0}
75 | }
76 |
77 | option show {
78 | interface_names yes
79 | ip_addresses yes
80 | ipv6_addresses yes
81 | node_labels yes
82 | link_labels yes
83 | background_images no
84 | annotations yes
85 | hostsAutoAssign no
86 | grid yes
87 | iconSize normal
88 | zoom 1.0
89 | }
90 |
91 |
--------------------------------------------------------------------------------
/functional_tests/extelem/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | if isOSlinux; then
12 | ip link del extelem0 > /dev/null 2>&1
13 |
14 | ip link add name extelem0 type veth peer name extelem1
15 | ip link set extelem0 up
16 | ip link set extelem1 up
17 | else
18 | ngctl msg extlink: shutdown > /dev/null 2>&1
19 | ngctl msg extelem0: shutdown > /dev/null 2>&1
20 | ngctl msg extelem1: shutdown > /dev/null 2>&1
21 |
22 | test0=`printf "mkpeer eiface ether ether \n show .ether" | ngctl -f - | head -n1 | awk '{print $2}'`
23 | ngctl name $test0: extelem0
24 | ifconfig $test0 name extelem0
25 | ifconfig extelem0 up
26 | test1=`printf "mkpeer eiface ether ether \n show .ether" | ngctl -f - | head -n1 | awk '{print $2}'`
27 | ngctl name $test1: extelem1
28 | ifconfig $test1 name extelem1
29 | ifconfig extelem1 up
30 |
31 | ngctl mkpeer extelem0: pipe ether upper
32 | ngctl name extelem0:ether extlink
33 | ngctl connect extlink: extelem1: lower ether
34 | ngctl msg extlink: setcfg {header_offset=14}
35 | fi
36 |
37 | eid=`imunes$legacy -b extelem.imn | tail -1 | cut -d' ' -f4`
38 | startCheck "$eid"
39 |
40 | netDump pc1@$eid eth0 icmp
41 | if [ $? -eq 0 ]; then
42 | sleep 4
43 | pingCheck pc1@$eid 10.0.0.21 2
44 | if [ $? -eq 0 ]; then
45 | sleep 2
46 | readDump pc1@$eid eth0
47 | err=$?
48 | else
49 | err=1
50 | fi
51 | else
52 | err=1
53 | fi
54 |
55 | imunes$legacy -b -e $eid
56 |
57 | eid=`imunes$legacy -b extelem_directlink.imn | tail -1 | cut -d' ' -f4`
58 | startCheck "$eid"
59 |
60 | netDump pc1@$eid eth0 icmp
61 | if [ $? -eq 0 ]; then
62 | sleep 4
63 | pingCheck pc1@$eid 10.0.0.21 2
64 | if [ $? -eq 0 ]; then
65 | sleep 2
66 | readDump pc1@$eid eth0
67 | err=$?
68 | else
69 | err=1
70 | fi
71 | else
72 | err=1
73 | fi
74 |
75 | imunes$legacy -b -e $eid
76 |
77 | if isOSlinux; then
78 | ip link del extelem0
79 | else
80 | ngctl msg extlink: shutdown
81 | ngctl msg extelem0: shutdown
82 | ngctl msg extelem1: shutdown
83 | fi
84 |
85 | thereWereErrors $err
86 |
--------------------------------------------------------------------------------
/functional_tests/rj45/rj45.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00:2::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/24
14 | ipv6 address ::1/128
15 | !
16 | }
17 | canvas c0
18 | iconcoords {96.0 240.0}
19 | labelcoords {96.0 276.0}
20 | interface-peer {eth0 n2}
21 | }
22 |
23 | node n1 {
24 | type pc
25 | network-config {
26 | hostname pc2
27 | !
28 | interface eth0
29 | ipv6 address fc00:3::20/64
30 | mac address 42:00:aa:00:00:01
31 | ip address 10.0.0.21/24
32 | !
33 | interface lo0
34 | type lo
35 | ip address 127.0.0.1/24
36 | ipv6 address ::1/128
37 | !
38 | }
39 | canvas c0
40 | iconcoords {792.0 240.0}
41 | labelcoords {792.0 276.0}
42 | interface-peer {eth0 n3}
43 | }
44 |
45 | node n2 {
46 | type rj45
47 | network-config {
48 | hostname rj450
49 | !
50 | vlan
51 | enabled 0
52 | tag 123
53 | !
54 | }
55 | canvas c0
56 | iconcoords {336.0 264.0}
57 | labelcoords {336.0 298.0}
58 | interface-peer {0 n0}
59 | }
60 |
61 | node n3 {
62 | type rj45
63 | network-config {
64 | hostname rj451
65 | !
66 | vlan
67 | enabled 0
68 | tag 123
69 | !
70 | }
71 | canvas c0
72 | iconcoords {576.0 264.0}
73 | labelcoords {576.0 298.0}
74 | interface-peer {0 n1}
75 | }
76 |
77 | link l0 {
78 | nodes {n0 n2}
79 | ifaces {eth0 0}
80 | }
81 |
82 | link l1 {
83 | nodes {n1 n3}
84 | ifaces {eth0 0}
85 | }
86 |
87 | canvas c0 {
88 | name {Canvas0}
89 | }
90 |
91 | option show {
92 | interface_names yes
93 | ip_addresses yes
94 | ipv6_addresses no
95 | node_labels yes
96 | link_labels yes
97 | background_images no
98 | annotations yes
99 | hostsAutoAssign no
100 | grid yes
101 | iconSize normal
102 | zoom 1.0
103 | }
104 |
105 |
--------------------------------------------------------------------------------
/functional_tests/rj45/rj45_directlink.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00:2::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/24
14 | ipv6 address ::1/128
15 | !
16 | }
17 | canvas c0
18 | iconcoords {96.0 240.0}
19 | labelcoords {96.0 276.0}
20 | interface-peer {eth0 n2}
21 | }
22 |
23 | node n1 {
24 | type pc
25 | network-config {
26 | hostname pc2
27 | !
28 | interface eth0
29 | ipv6 address fc00:3::20/64
30 | mac address 42:00:aa:00:00:01
31 | ip address 10.0.0.21/24
32 | !
33 | interface lo0
34 | type lo
35 | ip address 127.0.0.1/24
36 | ipv6 address ::1/128
37 | !
38 | }
39 | canvas c0
40 | iconcoords {792.0 240.0}
41 | labelcoords {792.0 276.0}
42 | interface-peer {eth0 n3}
43 | }
44 |
45 | node n2 {
46 | type rj45
47 | network-config {
48 | hostname rj450
49 | !
50 | vlan
51 | enabled 0
52 | tag 123
53 | !
54 | }
55 | canvas c0
56 | iconcoords {336.0 264.0}
57 | labelcoords {336.0 298.0}
58 | interface-peer {0 n0}
59 | }
60 |
61 | node n3 {
62 | type rj45
63 | network-config {
64 | hostname rj451
65 | !
66 | vlan
67 | enabled 0
68 | tag 123
69 | !
70 | }
71 | canvas c0
72 | iconcoords {576.0 264.0}
73 | labelcoords {576.0 298.0}
74 | interface-peer {0 n1}
75 | }
76 |
77 | link l0 {
78 | direct 1
79 | nodes {n0 n2}
80 | ifaces {eth0 0}
81 | }
82 |
83 | link l1 {
84 | direct 1
85 | nodes {n1 n3}
86 | ifaces {eth0 0}
87 | }
88 |
89 | canvas c0 {
90 | name {Canvas0}
91 | }
92 |
93 | option show {
94 | interface_names yes
95 | ip_addresses yes
96 | ipv6_addresses no
97 | node_labels yes
98 | link_labels yes
99 | background_images no
100 | annotations yes
101 | hostsAutoAssign no
102 | grid yes
103 | iconSize normal
104 | zoom 1.0
105 | }
106 |
107 |
--------------------------------------------------------------------------------
/functional_tests/rj45/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | if isOSlinux; then
12 | ip link del rj450 > /dev/null 2>&1
13 |
14 | ip link add name rj450 type veth peer name rj451
15 | ip link set rj450 up
16 | ip link set rj451 up
17 | else
18 | ngctl msg rjlink: shutdown > /dev/null 2>&1
19 | ngctl msg rj450: shutdown > /dev/null 2>&1
20 | ngctl msg rj451: shutdown > /dev/null 2>&1
21 |
22 | test0=`printf "mkpeer eiface ether ether \n show .ether" | ngctl -f - | head -n1 | awk '{print $2}'`
23 | ngctl name $test0: rj450
24 | ifconfig $test0 name rj450
25 | ifconfig rj450 up
26 | test1=`printf "mkpeer eiface ether ether \n show .ether" | ngctl -f - | head -n1 | awk '{print $2}'`
27 | ngctl name $test1: rj451
28 | ifconfig $test1 name rj451
29 | ifconfig rj451 up
30 |
31 | ngctl mkpeer rj450: pipe ether upper
32 | ngctl name rj450:ether rjlink
33 | ngctl connect rjlink: rj451: lower ether
34 | ngctl msg rjlink: setcfg {header_offset=14}
35 | fi
36 |
37 | eid=`imunes$legacy -b rj45.imn | tail -1 | cut -d' ' -f4`
38 | startCheck "$eid"
39 |
40 | netDump pc1@$eid eth0 icmp
41 | if [ $? -eq 0 ]; then
42 | sleep 4
43 | pingCheck pc1@$eid 10.0.0.21 2
44 | if [ $? -eq 0 ]; then
45 | sleep 2
46 | readDump pc1@$eid eth0
47 | err=$?
48 | else
49 | err=1
50 | fi
51 | else
52 | err=1
53 | fi
54 |
55 | imunes$legacy -b -e $eid
56 |
57 | eid=`imunes$legacy -b rj45_directlink.imn | tail -1 | cut -d' ' -f4`
58 | startCheck "$eid"
59 |
60 | netDump pc1@$eid eth0 icmp
61 | if [ $? -eq 0 ]; then
62 | sleep 4
63 | pingCheck pc1@$eid 10.0.0.21 2
64 | if [ $? -eq 0 ]; then
65 | sleep 2
66 | readDump pc1@$eid eth0
67 | err=$?
68 | else
69 | err=1
70 | fi
71 | else
72 | err=1
73 | fi
74 |
75 | imunes$legacy -b -e $eid
76 |
77 | if isOSlinux; then
78 | ip link del rj450
79 | else
80 | ngctl msg rjlink: shutdown
81 | ngctl msg rj450: shutdown
82 | ngctl msg rj451: shutdown
83 | fi
84 |
85 | thereWereErrors $err
86 |
--------------------------------------------------------------------------------
/functional_tests/rj45_vlan/rj45vlan.imn:
--------------------------------------------------------------------------------
1 | node n0 {
2 | type pc
3 | network-config {
4 | hostname pc1
5 | !
6 | interface eth0
7 | ip address 10.0.0.20/24
8 | ipv6 address fc00:2::20/64
9 | mac address 42:00:aa:00:00:00
10 | !
11 | interface lo0
12 | type lo
13 | ip address 127.0.0.1/24
14 | ipv6 address ::1/128
15 | !
16 | }
17 | canvas c0
18 | iconcoords {96.0 240.0}
19 | labelcoords {96.0 276.0}
20 | interface-peer {eth0 n2}
21 | }
22 |
23 | node n1 {
24 | type pc
25 | network-config {
26 | hostname pc2
27 | !
28 | interface eth0
29 | ipv6 address fc00:3::20/64
30 | mac address 42:00:aa:00:00:01
31 | ip address 10.0.0.21/24
32 | !
33 | interface lo0
34 | type lo
35 | ip address 127.0.0.1/24
36 | ipv6 address ::1/128
37 | !
38 | }
39 | canvas c0
40 | iconcoords {792.0 240.0}
41 | labelcoords {792.0 276.0}
42 | interface-peer {eth0 n3}
43 | }
44 |
45 | node n2 {
46 | type rj45
47 | network-config {
48 | hostname rjvlan0
49 | !
50 | vlan
51 | enabled 1
52 | tag 123
53 | !
54 | }
55 | canvas c0
56 | iconcoords {336.0 264.0}
57 | labelcoords {336.0 298.0}
58 | interface-peer {0 n0}
59 | }
60 |
61 | node n3 {
62 | type rj45
63 | network-config {
64 | hostname rjvlan1
65 | !
66 | vlan
67 | enabled 1
68 | tag 123
69 | !
70 | }
71 | canvas c0
72 | iconcoords {576.0 264.0}
73 | labelcoords {576.0 298.0}
74 | interface-peer {0 n1}
75 | }
76 |
77 | link l0 {
78 | nodes {n0 n2}
79 | }
80 |
81 | link l1 {
82 | nodes {n1 n3}
83 | }
84 |
85 | canvas c0 {
86 | name {Canvas0}
87 | }
88 |
89 | option show {
90 | interface_names yes
91 | ip_addresses yes
92 | ipv6_addresses no
93 | node_labels yes
94 | link_labels yes
95 | background_images no
96 | annotations yes
97 | hostsAutoAssign no
98 | grid yes
99 | iconSize normal
100 | zoom 1.0
101 | }
102 |
103 |
--------------------------------------------------------------------------------
/gif/start_gif.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/start_functions.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | eid=$1
7 | isEidRunning $eid
8 | else
9 | eid=`isNodeRunning router1`
10 | if [ $? -ne 0 ]; then
11 | exit 1
12 | fi
13 | fi
14 |
15 | echo "Configuring gif tunnel on router1..."
16 | himage router1@$eid sysctl net.link.gif.max_nesting=2
17 | himage router1@$eid sysctl net.inet6.ip6.auto_linklocal=0
18 | gif1=`himage router1@$eid ifconfig gif create`
19 | himage router1@$eid ifconfig $gif1 tunnel 10.0.0.1 10.0.1.2
20 | himage router1@$eid ifconfig $gif1 inet6 fe80::1%$gif1 prefixlen 64
21 | himage router1@$eid ifconfig $gif1 inet6 fc00:1::100 fc00:3::100 prefixlen 128
22 | himage router1@$eid sysctl net.inet6.ip6.auto_linklocal=1
23 | echo "Done."
24 |
25 | echo "Configuring gif tunnel on router2..."
26 | himage router2@$eid sysctl net.link.gif.max_nesting=2
27 | himage router2@$eid sysctl net.inet6.ip6.auto_linklocal=0
28 | gif2=`himage router2@$eid ifconfig gif create`
29 | himage router2@$eid ifconfig $gif2 tunnel 10.0.1.2 10.0.0.1
30 | himage router2@$eid ifconfig $gif2 inet6 fe80::2%$gif2 prefixlen 64
31 | himage router2@$eid ifconfig $gif2 inet6 fc00:3::100 fc00:1::100 prefixlen 128
32 | himage router2@$eid sysctl net.inet6.ip6.auto_linklocal=1
33 | echo "Done."
34 |
--------------------------------------------------------------------------------
/gif/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | if isOSlinux; then
6 | echo "This example currently runs only on FreeBSD"
7 | thereWereErrors 1
8 | exit 0
9 | fi
10 |
11 | err=0
12 | legacy=""
13 | if test -n "$LEGACY"; then
14 | legacy=" -l"
15 | fi
16 |
17 | eid=`imunes$legacy -b gif.imn | awk '/Experiment/{print $4; exit}'`
18 | startCheck "$eid"
19 |
20 | ./start_gif.sh $eid
21 | echo "Waiting for 20 seconds..."
22 | sleep 20
23 |
24 | netDump pc1@$eid eth0 icmp6
25 | if [ $? -eq 0 ]; then
26 | n=1
27 | pingStatus=1
28 | while [ $n -le 20 ] && [ $pingStatus -ne 0 ]; do
29 | echo "Ping test $n / 20 ..."
30 | ping6Check pc1@$eid fc00:4::20 2
31 | pingStatus=$?
32 | n=`expr $n + 1`
33 | done
34 | if [ $pingStatus -eq 0 ]; then
35 | sleep 2
36 | readDump pc1@$eid eth0
37 | err=$?
38 | else
39 | err=1
40 | fi
41 | else
42 | err=1
43 | fi
44 |
45 | imunes$legacy -b -e $eid
46 |
47 | thereWereErrors $err
48 |
--------------------------------------------------------------------------------
/ipsec44/certs:
--------------------------------------------------------------------------------
1 | ../ipsec_common/certs
--------------------------------------------------------------------------------
/ipsec44/moon:
--------------------------------------------------------------------------------
1 | ../ipsec_common/moon
--------------------------------------------------------------------------------
/ipsec44/moon44_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net44-net44
17 | left=10.0.2.1
18 | leftsubnet=10.0.0.0/24
19 | leftcert=moonCert.pem
20 | leftid=@moon.strongswan.org
21 | leftfirewall=no
22 | right=10.0.3.1
23 | rightsubnet=10.0.1.0/24
24 | rightid=@sun.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec44/start44.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | moon="moon@$1"
7 | sun="sun@$1"
8 | else
9 | moon="moon"
10 | sun="sun"
11 | fi
12 |
13 | if isOSlinux; then
14 | DIR="/etc"
15 | else
16 | DIR="/usr/local/etc"
17 | kldload ipsec > /dev/null 2>&1
18 | fi
19 |
20 | hcp moon44_ipsec.conf ${moon}:${DIR}/ipsec.conf
21 | hcp sun44_ipsec.conf ${sun}:${DIR}/ipsec.conf
22 |
23 | hcp -r moon/* ${moon}:${DIR}/
24 | hcp -r sun/* ${sun}:${DIR}/
25 |
26 | himage -nt $moon ipsec start
27 | himage -nt $sun ipsec start
28 |
29 | steps=50
30 | for i in `seq 1 $steps`
31 | do
32 | himage $moon ipsec statusall 2>&1 | grep ^[[:space:]]*net44-net44: >/dev/null
33 | er1=$?
34 | himage $sun ipsec statusall 2>&1 | grep ^[[:space:]]*net44-net44: >/dev/null
35 | er2=$?
36 | [ $er1 -eq 0 -a $er2 -eq 0 ] && himage $moon ipsec up net44-net44 && exit 0
37 | sleep 0.1
38 | done
39 |
40 | exit 1
41 |
--------------------------------------------------------------------------------
/ipsec44/sun:
--------------------------------------------------------------------------------
1 | ../ipsec_common/sun
--------------------------------------------------------------------------------
/ipsec44/sun44_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net44-net44
17 | left=10.0.3.1
18 | leftsubnet=10.0.1.0/24
19 | leftcert=sunCert.pem
20 | leftid=@sun.strongswan.org
21 | leftfirewall=no
22 | right=%any
23 | rightsubnet=10.0.0.0/24
24 | rightid=@moon.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec44/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 | err=0
5 | legacy=""
6 | if test -n "$LEGACY"; then
7 | legacy=" -l"
8 | fi
9 |
10 | eid=`imunes$legacy -b ipsec44.imn | tail -1 | cut -d' ' -f4`
11 | startCheck "$eid"
12 |
13 | sleep 3
14 | ./start44.sh $eid
15 | if [ $? -eq 0 ]; then
16 | netDump routerX@$eid eth0 ip
17 | if [ $? -eq 0 ]; then
18 | pingCheck pc1@$eid 10.0.1.20 2
19 | if [ $? -eq 0 ]; then
20 | sleep 2
21 | esps=`readDump routerX@$eid eth0`
22 | if [ $? -eq 0 ]; then
23 | echo "$esps"
24 | echo $esps | grep -q "ESP"
25 | if [ $? -ne 0 ]; then
26 | echo ""
27 | echo "********* NO ESP ERROR ***********"
28 | err=1
29 | fi
30 | else
31 | echo $esps
32 | err=1
33 | fi
34 | else
35 | err=1
36 | fi
37 | else
38 | err=1
39 | fi
40 | else
41 | echo ""
42 | echo "********** START44 ERROR **********"
43 | err=1
44 | fi
45 |
46 | imunes$legacy -b -e $eid
47 |
48 | thereWereErrors $err
49 |
--------------------------------------------------------------------------------
/ipsec46/certs:
--------------------------------------------------------------------------------
1 | ../ipsec_common/certs
--------------------------------------------------------------------------------
/ipsec46/moon:
--------------------------------------------------------------------------------
1 | ../ipsec_common/moon
--------------------------------------------------------------------------------
/ipsec46/moon46_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net46-net46
17 | left=aaaa::1
18 | leftsubnet=10.0.0.0/24
19 | leftcert=moonCert.pem
20 | leftid=@moon.strongswan.org
21 | leftfirewall=no
22 | right=bbbb::1
23 | rightsubnet=10.0.1.0/24
24 | rightid=@sun.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec46/start46.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | moon="moon@$1"
7 | sun="sun@$1"
8 | else
9 | moon="moon"
10 | sun="sun"
11 | fi
12 |
13 | if isOSlinux; then
14 | DIR="/etc"
15 | else
16 | DIR="/usr/local/etc"
17 | kldload ipsec > /dev/null 2>&1
18 | fi
19 |
20 | hcp moon46_ipsec.conf $moon:${DIR}/ipsec.conf
21 | hcp sun46_ipsec.conf $sun:${DIR}/ipsec.conf
22 |
23 | hcp -r moon/* $moon:${DIR}/
24 | hcp -r sun/* $sun:${DIR}/
25 |
26 | himage -nt $moon ipsec start
27 | himage -nt $sun ipsec start
28 |
29 | steps=50
30 | for i in `seq 1 $steps`
31 | do
32 | himage $moon ipsec statusall 2>&1 | grep ^[[:space:]]*net46-net46: >/dev/null
33 | er1=$?
34 | himage $sun ipsec statusall 2>&1 | grep ^[[:space:]]*net46-net46: >/dev/null
35 | er2=$?
36 | [ $er1 -eq 0 -a $er2 -eq 0 ] && himage $moon ipsec up net46-net46 && exit 0
37 | sleep 0.1
38 | done
39 |
40 | exit 1
41 |
--------------------------------------------------------------------------------
/ipsec46/sun:
--------------------------------------------------------------------------------
1 | ../ipsec_common/sun
--------------------------------------------------------------------------------
/ipsec46/sun46_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net46-net46
17 | left=bbbb::1
18 | leftsubnet=10.0.1.0/24
19 | leftcert=sunCert.pem
20 | leftid=@sun.strongswan.org
21 | leftfirewall=no
22 | right=%any
23 | rightsubnet=10.0.0.0/24
24 | rightid=@moon.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec46/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b ipsec46.imn | tail -1 | cut -d' ' -f4`
12 | startCheck "$eid"
13 |
14 | sleep 3
15 | ./start46.sh $eid
16 | if [ $? -eq 0 ]; then
17 | netDump routerX@$eid eth0 ip6
18 | if [ $? -eq 0 ]; then
19 | pingCheck pc1@$eid 10.0.1.20 2
20 | if [ $? -eq 0 ]; then
21 | sleep 2
22 | esps=`readDump routerX@$eid eth0`
23 | if [ $? -eq 0 ]; then
24 | echo "$esps"
25 | echo $esps | grep -q "ESP"
26 | if [ $? -ne 0 ]; then
27 | echo ""
28 | echo "********* NO ESP ERROR ***********"
29 | err=1
30 | fi
31 | else
32 | echo $esps
33 | err=1
34 | fi
35 | else
36 | err=1
37 | fi
38 | else
39 | err=1
40 | fi
41 | else
42 | echo ""
43 | echo "********** START46 ERROR **********"
44 | err=1
45 | fi
46 |
47 | imunes$legacy -b -e $eid
48 |
49 | thereWereErrors $err
50 |
--------------------------------------------------------------------------------
/ipsec64/certs:
--------------------------------------------------------------------------------
1 | ../ipsec_common/certs
--------------------------------------------------------------------------------
/ipsec64/moon:
--------------------------------------------------------------------------------
1 | ../ipsec_common/moon
--------------------------------------------------------------------------------
/ipsec64/moon64_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net64-net64
17 | left=10.0.0.1
18 | leftsubnet=aaaa::0/64
19 | leftcert=moonCert.pem
20 | leftid=@moon.strongswan.org
21 | leftfirewall=no
22 | right=10.0.1.2
23 | rightsubnet=bbbb::0/64
24 | rightid=@sun.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec64/start64.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | moon="moon@$1"
7 | sun="sun@$1"
8 | else
9 | moon="moon"
10 | sun="sun"
11 | fi
12 |
13 | if isOSlinux; then
14 | DIR="/etc"
15 | else
16 | DIR="/usr/local/etc"
17 | kldload ipsec > /dev/null 2>&1
18 | fi
19 |
20 | hcp moon64_ipsec.conf $moon:${DIR}/ipsec.conf
21 | hcp sun64_ipsec.conf $sun:${DIR}/ipsec.conf
22 |
23 | hcp -r moon/* $moon:${DIR}/
24 | hcp -r sun/* $sun:${DIR}/
25 |
26 | if isOSfreebsd; then
27 | himage $moon ifconfig eth1 inet6 -ifdisabled
28 | himage $sun ifconfig eth0 inet6 -ifdisabled
29 | fi
30 |
31 | himage -nt $moon ipsec start
32 | himage -nt $sun ipsec start
33 |
34 | steps=50
35 | for i in `seq 1 $steps`
36 | do
37 | himage $moon ipsec statusall 2>&1 | grep ^[[:space:]]*net64-net64: >/dev/null
38 | er1=$?
39 | himage $sun ipsec statusall 2>&1 | grep ^[[:space:]]*net64-net64: >/dev/null
40 | er2=$?
41 | [ $er1 -eq 0 -a $er2 -eq 0 ] && himage $moon ipsec up net64-net64 && exit 0
42 | sleep 0.1
43 | done
44 |
45 | exit 1
46 |
--------------------------------------------------------------------------------
/ipsec64/sun:
--------------------------------------------------------------------------------
1 | ../ipsec_common/sun
--------------------------------------------------------------------------------
/ipsec64/sun64_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net64-net64
17 | left=10.0.1.2
18 | leftsubnet=bbbb::0/64
19 | leftcert=sunCert.pem
20 | leftid=@sun.strongswan.org
21 | leftfirewall=no
22 | right=%any
23 | rightsubnet=aaaa::0/64
24 | rightid=@moon.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec64/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b ipsec64.imn | tail -1 | cut -d' ' -f4`
12 | startCheck "$eid"
13 |
14 | sleep 3
15 | ./start64.sh $eid
16 | if [ $? -eq 0 ]; then
17 | netDump routerX@$eid eth0 ip
18 | if [ $? -eq 0 ]; then
19 | ping6Check pc1@$eid bbbb::20 2
20 | if [ $? -eq 0 ]; then
21 | sleep 2
22 | esps=`readDump routerX@$eid eth0`
23 | if [ $? -eq 0 ]; then
24 | echo "$esps"
25 | echo $esps | grep -q "ESP"
26 | if [ $? -ne 0 ]; then
27 | echo ""
28 | echo "********* NO ESP ERROR ***********"
29 | err=1
30 | fi
31 | else
32 | echo $esps
33 | err=1
34 | fi
35 | else
36 | err=1
37 | fi
38 | else
39 | err=1
40 | fi
41 | else
42 | echo ""
43 | echo "********** START64 ERROR **********"
44 | err=1
45 | fi
46 |
47 | imunes$legacy -b -e $eid
48 |
49 | thereWereErrors $err
50 |
--------------------------------------------------------------------------------
/ipsec66/certs:
--------------------------------------------------------------------------------
1 | ../ipsec_common/certs
--------------------------------------------------------------------------------
/ipsec66/moon:
--------------------------------------------------------------------------------
1 | ../ipsec_common/moon
--------------------------------------------------------------------------------
/ipsec66/moon66_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net66-net66
17 | left=cccc::1
18 | leftsubnet=aaaa::0/64
19 | leftcert=moonCert.pem
20 | leftid=@moon.strongswan.org
21 | leftfirewall=no
22 | right=dddd::1
23 | rightsubnet=bbbb::0/64
24 | rightid=@sun.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec66/start66.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | moon="moon@$1"
7 | sun="sun@$1"
8 | else
9 | moon="moon"
10 | sun="sun"
11 | fi
12 |
13 | if isOSlinux; then
14 | DIR="/etc"
15 | else
16 | DIR="/usr/local/etc"
17 | kldload ipsec > /dev/null 2>&1
18 | fi
19 |
20 | hcp moon66_ipsec.conf $moon:${DIR}/ipsec.conf
21 | hcp sun66_ipsec.conf $sun:${DIR}/ipsec.conf
22 |
23 | hcp -r moon/* $moon:${DIR}/
24 | hcp -r sun/* $sun:${DIR}/
25 |
26 | himage -nt $moon ipsec start
27 | himage -nt $sun ipsec start
28 |
29 | steps=50
30 | for i in `seq 1 $steps`
31 | do
32 | himage $moon ipsec statusall 2>&1 | grep ^[[:space:]]*net66-net66: >/dev/null
33 | er1=$?
34 | himage $sun ipsec statusall 2>&1 | grep ^[[:space:]]*net66-net66: >/dev/null
35 | er2=$?
36 | [ $er1 -eq 0 -a $er2 -eq 0 ] && himage $moon ipsec up net66-net66 && exit 0
37 | sleep 0.1
38 | done
39 |
40 | exit 1
41 |
--------------------------------------------------------------------------------
/ipsec66/sun:
--------------------------------------------------------------------------------
1 | ../ipsec_common/sun
--------------------------------------------------------------------------------
/ipsec66/sun66_ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | esp=null-sha1!
14 | fragmentation=yes
15 |
16 | conn net66-net66
17 | left=dddd::0/64
18 | leftsubnet=bbbb::0/64
19 | leftcert=sunCert.pem
20 | leftid=@sun.strongswan.org
21 | leftfirewall=no
22 | right=%any
23 | rightsubnet=aaaa::0/64
24 | rightid=@moon.strongswan.org
25 | auto=add
26 |
--------------------------------------------------------------------------------
/ipsec66/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b ipsec66.imn | tail -1 | cut -d' ' -f4`
12 | startCheck "$eid"
13 |
14 | sleep 3
15 | ./start66.sh $eid
16 | if [ $? -eq 0 ]; then
17 | netDump routerX@$eid eth0 ip6
18 | if [ $? -eq 0 ]; then
19 | ping6Check pc1@$eid bbbb::20 2
20 | if [ $? -eq 0 ]; then
21 | sleep 2
22 | esps=`readDump routerX@$eid eth0`
23 | if [ $? -eq 0 ]; then
24 | echo "$esps"
25 | echo $esps | grep -q "ESP"
26 | if [ $? -ne 0 ]; then
27 | echo ""
28 | echo "********* NO ESP ERROR ***********"
29 | err=1
30 | fi
31 | else
32 | echo $esps
33 | err=1
34 | fi
35 | else
36 | err=1
37 | fi
38 | else
39 | err=1
40 | fi
41 | else
42 | echo ""
43 | echo "********** START66 ERROR **********"
44 | err=1
45 | fi
46 |
47 | imunes$legacy -b -e $eid
48 |
49 | thereWereErrors $err
50 |
--------------------------------------------------------------------------------
/ipsec_common/certs/Makefile:
--------------------------------------------------------------------------------
1 | #
2 | # make
3 | # make certs - make CA cert and certs for moon and sun
4 | # make copy_certs - copy created certificates to ${IPSEC_DIR}
5 | # make clean - cleanup
6 | #
7 |
8 | IPSEC_DIR="../"
9 |
10 | all:
11 | @make certs
12 | @make copy_certs
13 |
14 | certs:
15 | @sh make_certificates.sh
16 |
17 | copy_certs:
18 | @cp moonCert.pem ${IPSEC_DIR}/moon/ipsec.d/certs
19 | @cp moonKey.pem ${IPSEC_DIR}/moon/ipsec.d/private
20 | @cp sunCert.pem ${IPSEC_DIR}/sun/ipsec.d/certs
21 | @cp sunKey.pem ${IPSEC_DIR}/sun/ipsec.d/private
22 | @cp strongswanCert.pem ${IPSEC_DIR}/moon/ipsec.d/cacerts
23 | @cp strongswanCert.pem ${IPSEC_DIR}/sun/ipsec.d/cacerts
24 |
25 | clean:
26 | @rm -fr *.pem index.* serial* newcerts .rand
27 |
28 |
--------------------------------------------------------------------------------
/ipsec_common/certs/make_certificates.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | export SubjectAltName
4 | SubjectAltName=""
5 |
6 | #####
7 | # Create self-signed CA
8 | #
9 | openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:1234 \
10 | -subj "/C=CH/O=Linux strongSwan/CN=strongSwan Root CA" \
11 | -keyout strongswanKey.pem -out strongswanCert.pem \
12 | -days 1460 \
13 | -set_serial 0 \
14 | -config openssl.cnf
15 |
16 | #####
17 | # Required files and dirs
18 | #
19 | if test ! -f serial; then
20 | echo "01" > serial
21 | fi
22 | if test ! -f index.txt; then
23 | touch index.txt
24 | fi
25 | if test ! -f index.txt.attr; then
26 | echo "unique_subject = no" > index.txt.attr
27 | fi
28 | if test ! -d newcerts; then
29 | mkdir newcerts
30 | fi
31 |
32 | #####
33 | # Create and sign host certificates
34 | #
35 | hosts="sun moon"
36 |
37 | for host in $hosts; do
38 | SubjectAltName=${host}.strongswan.org
39 | openssl req -newkey rsa:2048 -keyout ${host}Key.pem \
40 | -out ${host}Req.pem \
41 | -nodes \
42 | -subj "/C=CH/O=Linux strongSwan/CN=${host}.strongswan.org" \
43 | -config openssl.cnf
44 |
45 | openssl ca -in ${host}Req.pem -days 730 -out ${host}Cert.pem -notext \
46 | -passin pass:1234 \
47 | -batch \
48 | -config openssl.cnf
49 |
50 | openssl rsa -in ${host}Key.pem -out tempkeyfile
51 | mv tempkeyfile ${host}Key.pem
52 | done
53 |
54 | #####
55 | # View created certificates:
56 | #
57 | # openssl x509 -in strongswanCert.pem -text -noout | less
58 | # openssl x509 -in sunCert.pem -text -noout | less
59 | # openssl x509 -in moonCert.pem -text -noout | less
60 |
61 | # Check public (cert) / private:
62 |
63 | # openssl x509 -in moonCert.pem -modulus -noout
64 | # openssl rsa -in moonKey.pem -modulus -noout
65 |
66 | # openssl x509 -in sunCert.pem -modulus -noout
67 | # openssl rsa -in sunKey.pem -modulus -noout
68 |
69 |
--------------------------------------------------------------------------------
/ipsec_common/certs/openssl.cnf:
--------------------------------------------------------------------------------
1 | # openssl.cnf - OpenSSL configuration file
2 | # :set tabstop=8
3 |
4 | [ ca ]
5 | default_ca = root_ca # The default ca section
6 |
7 | [ root_ca ]
8 | certs = ./certs # Where the issued certs are kept
9 | database = ./index.txt # database index file.
10 | new_certs_dir = ./newcerts # default place for new certs.
11 | certificate = ./strongswanCert.pem # The CA certificate
12 | serial = ./serial # The current serial number
13 | private_key = ./strongswanKey.pem # The private key
14 | RANDFILE = ./.randi # private random number file
15 | x509_extensions = host_ext # The extensions to add to the cert
16 | default_md = sha256 # which md to use.
17 | policy = policy_match # how similar the request must look
18 |
19 | [ policy_match ]
20 | countryName = match
21 | stateOrProvinceName = optional
22 | localityName = optional
23 | organizationName = match
24 | organizationalUnitName = optional
25 | userId = optional
26 | serialNumber = optional
27 | commonName = supplied
28 | emailAddress = optional
29 |
30 | [ req ]
31 | default_bits = 1024
32 | default_keyfile = privkey.pem
33 | distinguished_name = req_distinguished_name
34 | attributes = req_attributes
35 | x509_extensions = ca_ext # The ext to add to the self signed cert
36 | string_mask = nombstr
37 |
38 | [ req_distinguished_name ]
39 | [ req_attributes ]
40 |
41 | [ host_ext ]
42 | basicConstraints = CA:FALSE
43 | keyUsage = digitalSignature, keyEncipherment, keyAgreement
44 | subjectKeyIdentifier = hash
45 | authorityKeyIdentifier = keyid, issuer:always
46 | subjectAltName = DNS:$ENV::SubjectAltName
47 | extendedKeyUsage = serverAuth
48 | crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
49 |
50 | [ ca_ext ]
51 | basicConstraints = critical, CA:TRUE , pathlen:1
52 | keyUsage = cRLSign, keyCertSign
53 | subjectKeyIdentifier = hash
54 | authorityKeyIdentifier = keyid, issuer:always
55 |
56 |
--------------------------------------------------------------------------------
/ipsec_common/moon/ipsec.d/cacerts/strongswanCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDojCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTI0MDMwMzEzNDMzN1oXDTI4MDMwMjEzNDMzN1owRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
6 | Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/7
7 | Ute3Y2QqlsV4PwdLW9m1U39ew5Zz77gZI9NuOlLmCmKnX0uB8eUdd91c1WyN2pcB
8 | 6z0B178OFDlqUM9feS71ROZh7BA8SbKfZau58ewkCYMiWrfbWJ7iCndoznFa60v8
9 | Hr0FX49vMXGcxLIOTDZahqxwHQT+Po2Bx46fUU3YVCHWLQicKRJef5N4Mev7xzRq
10 | BZTIrBrCHuzaWKk9e5h+8gKhHIFu43ESjam4E73ebW8sCn11D0pTcgCoyLrptQPc
11 | 4TJ46kIiwolB6ITwrNrb6L/Me3755yjUFgCRhNdyRWnaAU86diOIM+jswuaafNcJ
12 | Kogk4CfKf+IAfg3TWYkCAwEAAaOBnDCBmTASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
13 | A1UdDwQEAwIBBjAdBgNVHQ4EFgQUgs6MgrN7A7j/sOoDkd0yeVYF6TowVwYDVR0j
14 | BFAwTqFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
15 | YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBADANBgkqhkiG9w0BAQsF
16 | AAOCAQEAMj1xSr7bpNQnNzHi5gtIJoerJEuVKYYaXtmyr5LoNtJ7rMBqtz0LWI2m
17 | I44EHiivZsiuTTN0RSSU8jzULguWU4Ra6est3E0iZao2/UUhtZ9R+UMosIx5eBuw
18 | vEj/jv4Ny2W5jm8chwxS3EWbfgRDybFgj1yuMVs2KIJZkHjXbq5R3w1gGLSJhDmr
19 | 6IwqFOku/MOgQHcu22wFwezGyEaaMLtVpL4SnSOptekqOQ7R6tq1XO1zYOF9UBMG
20 | NnJjzA7qP5ClBwQ0mfwkR2W7TlhQDHrobOOdL4QyhZ54M9sEbJzmr6ThEr8pogQ5
21 | vVJEQpJYJRiHzI4hpT3fp4HkmT3PFg==
22 | -----END CERTIFICATE-----
23 |
--------------------------------------------------------------------------------
/ipsec_common/moon/ipsec.d/certs/moonCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEIjCCAwqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTI0MDMwMzEzNDMzN1oXDTI2MDMwMzEzNDMzN1owRjELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
6 | c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg
7 | Fr17BykJLO5P4DSL23cwW+nRyA2MQ1Omq4X/L6tCiK2GOtMoWabqPZ7Fi96asQr5
8 | uueYB3pKIFie9NFOsX4rfRV8jWy/W+tLgWrsfv4d2Tymu7IilbKSeu6MbzuVhZHz
9 | 87wj/UgGbj7V7fuKvU4KeTnFkeeauyFeBCtLnb22Eu5w3nKYryZAPE2NkoLAAc24
10 | 5fGNXgQUPgIBkKxGuNaX2CC5TMbTayxQs1gKxDXX7gMy68+d2R7s/HIrk9+zdWBv
11 | lyerjXRSbMBnWthAgK7eY9C6a4ljdAT5v7pUEQCpI0/UDY9/Z/z52EB4E8jdfQM2
12 | hsS3sdj8s2kw/ssz0EY/AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
13 | AwIDqDAdBgNVHQ4EFgQUSGdt5sBlrL5xijwSsXHQJeazNYYwbQYDVR0jBGYwZIAU
14 | gs6MgrN7A7j/sOoDkd0yeVYF6TqhSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
15 | ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
16 | AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
17 | BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
18 | b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBueM3CIdm4Zk56
19 | l2SrXu48rEz9jTFjuoVO2Bvtw2gpkLVzNTcotRXW/+ibeBqbxKUfHkrPgLs9qd/w
20 | 74NbtbHw/JdNGYLlJdh6eG9rk/1eovydZ3JTx2uCZ1PT29qonn/I2Hfo6Hf7oRxa
21 | XenYBnzrCNP2j7Qz/sB6pKYRZKiUEC0U6aSy0JT/V/tyA4I5MkS/Cq09wW17FhYv
22 | wL3+HE7J93N7gfZ+uWiCK21Xz+vF5Y2oDGTzKmYgxjP9andyvT0Z418qNGA00zh6
23 | gURiwAdyyM3urmzSY1IQItaDqC/cnWfBS/euczKCXC28CgbjkmG0zciu2iH8bmVS
24 | 07VnfXG9
25 | -----END CERTIFICATE-----
26 |
--------------------------------------------------------------------------------
/ipsec_common/moon/ipsec.d/private/moonKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgFr17BykJLO5P
3 | 4DSL23cwW+nRyA2MQ1Omq4X/L6tCiK2GOtMoWabqPZ7Fi96asQr5uueYB3pKIFie
4 | 9NFOsX4rfRV8jWy/W+tLgWrsfv4d2Tymu7IilbKSeu6MbzuVhZHz87wj/UgGbj7V
5 | 7fuKvU4KeTnFkeeauyFeBCtLnb22Eu5w3nKYryZAPE2NkoLAAc245fGNXgQUPgIB
6 | kKxGuNaX2CC5TMbTayxQs1gKxDXX7gMy68+d2R7s/HIrk9+zdWBvlyerjXRSbMBn
7 | WthAgK7eY9C6a4ljdAT5v7pUEQCpI0/UDY9/Z/z52EB4E8jdfQM2hsS3sdj8s2kw
8 | /ssz0EY/AgMBAAECggEAMW20BWd5kR6xWjJEpyYVD/ZhJGebX0JucpilH9yNCVcA
9 | FODWz6+WrN5nxmDgU2z0kZTW6wbsCDUih7nZYm3FIhJV7wYPnKn55W9JH0o6lea8
10 | JlLvtmP4JegU/YFeqVT7cpI/9fC/K1Ugy5bWQskebndtkgXxt8GtlMS+xXMn3y5N
11 | vcuF3VglsF8N0uiI5XSNwv4CGzTtI4pNKnkX0wOnlz3R7sKigp268AaUocHtlAKE
12 | m7vP8AOn+TEZVW+kF5pySOe+gE/7XHYY2bOBWPMuowHflx7GDIFn8+DEmBEk3fB8
13 | pxaLMBCnkF2i6K6nrr09lU6qpx4XGx2gmDrA9+aYuQKBgQDckajdNaRcppLCScZ0
14 | cPtfZlHzSsBo+v4PVLaWv+836iSwmKj1JfMkF540+E3pn5gY8i0rD14Cqakuip7Q
15 | TpDUOJMcZgR4zdw0FzwlAN5PYv4pmtnBDsihkECgmWqv6wJp1oyZfxAIlh1Q8JtK
16 | vtycbo0U+xFv/BC9BEjUeDX5gwKBgQC5zfzLw5jZW3V39Zg2kL5AlL9fmNJOlwyZ
17 | j91H91C0CQnYMKy1o5kIUItUiNvlfe3wPxg+aWrneIkwsg/sxuVb22T1+otgspwY
18 | RwGm7tyC2lBNbOPPzd0W9NeKQ9GiazHHy/8d3uU5akF6sKGKqi8+Z13Sh9+tPcHp
19 | ks2BZV0vlQKBgEwQq4SGAEW3aDs6iAcWA4p11eMqL0rE7CLLWyCH1m6Y/8grDXFl
20 | ggE7Z+LqkqvzztcjhXIpHYmbiu2y/mvl/EpDrHAJupcSn1MThDlaoFAOWopsjZXn
21 | jEczYSZBYiqCyFVJmTlCOXxMkJWeNF/FjH0iHuNSZkQRUJBuztL/FdYTAoGBAI3c
22 | RNd6RlglqSFmxMlcZ7W9HAQsFN3mG7ufCK7ql5ZtlDOYrjScbLnZbRekymeEZ0dX
23 | lPYJ3JJQCEbCnMAF95XTg1j+6q1wkRdEF3HRy1CoyEjlC2ZcYiIl2+736rWcLEzE
24 | ZsrypIbappW7CAtr9lgp6YtVLCUEEup3qCnUL3qlAoGAWGHeFCpRkILybx4aE6zX
25 | tFCKGRuJ6kJPUzPKE7MGqpFYzGJnn72ZNlMlbEzDvrqE2z8rSVUa0Ga7V4HiM+zI
26 | 2aCNdhWpflXexFS+0csXzQau1xEj4Rzhq/cQ+zIcWk5sMYMvb6or6r4qBlhE63dj
27 | /R3Qqv6t4VNrNCAhmGT5jsE=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/ipsec_common/moon/ipsec.secrets:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.secrets - strongSwan IPsec secrets file
2 |
3 | : RSA moonKey.pem
4 |
--------------------------------------------------------------------------------
/ipsec_common/moon/strongswan.conf:
--------------------------------------------------------------------------------
1 | # strongswan.conf - strongSwan configuration file
2 |
3 | charon {
4 |
5 | filelog {
6 | charon {
7 | path = /var/log/charon.log
8 | # add a timestamp prefix
9 | time_format = %b %e %T
10 | # loggers to files also accept the append option to open files in
11 | # append mode at startup (default is yes)
12 | append = no
13 | # the default loglevel for all daemon subsystems (defaults to 1).
14 | default = 1
15 | # flush each line to disk
16 | flush_line = yes
17 | }
18 | stderr {
19 | # more detailed loglevel for a specific subsystem, overriding the
20 | # default loglevel.
21 | ike = 3
22 | knl = 3
23 | dmn = 3
24 | mgr = 3
25 | ike = 3
26 | chd = 3
27 | job = 3
28 | cfg = 3
29 | knl = 3
30 | net = 3
31 | asn = 3
32 | enc = 3
33 | lib = 3
34 | esp = 3
35 | tls = 3
36 | tnc = 3
37 | imc = 3
38 | imv = 3
39 | pts = 3
40 | # prepend connection name, simplifies grepping
41 | ike_name = yes
42 | }
43 | }
44 |
45 | # number of worker threads in charon
46 | threads = 16
47 |
48 | # send strongswan vendor ID?
49 | # send_vendor_id = yes
50 |
51 | plugins {
52 |
53 | sql {
54 | # loglevel to log into sql database
55 | loglevel = -1
56 |
57 | # URI to the database
58 | # database = sqlite:///path/to/file.db
59 | # database = mysql://user:password@localhost/database
60 | }
61 | }
62 |
63 | # ...
64 | }
65 |
66 | pluto {
67 |
68 | }
69 |
70 | libstrongswan {
71 |
72 | # set to no, the DH exponent size is optimized
73 | # dh_exponent_ansi_x9_42 = no
74 | }
75 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | fragmentation=yes
14 |
15 | conn net-net
16 | left=10.0.0.1
17 | leftsubnet=aaaa::0/64
18 | leftcert=moonCert.pem
19 | leftid=@moon.strongswan.org
20 | leftfirewall=no
21 | right=10.0.1.2
22 | rightsubnet=bbbb::0/64
23 | rightid=@sun.strongswan.org
24 | auto=add
25 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/ipsec.d/cacerts/strongswanCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTE4MDkwNTA3MTUxNVoXDTIyMDkwNDA3MTUxNVowRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
6 | Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT6
7 | 6txGbwhENUAG6MdTtIZy6FctQo7vrmHd7F1UC/gZY4F2SYdE4vf0fWir4SvrQThW
8 | sLxnYCfKZdRC+lqcR/QUcaIb8n5N0/bIypOsSe9URxUvU0b5ft8rl8Bddn2u/QaG
9 | RfQPIMSP7iNtvhQ2h3VatbW8ZHOTIjYtnMkWDtRGhJd5kJdO21r8P0/R8J6yhQi3
10 | fpL6MeJNKJ2bI0ttttc519BtiaJ1Y0Ri2Z8ZEsjsLy4/2MxWhp2fi9z627tD3B9N
11 | AIWYEZm2+R8fyzl9sNBOGql2yMUSBCMCh/gs1dIZtqnY1DoRQRLBA2Q74FO/Lkf4
12 | EamE6tyUZ+FlgMqALzECAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
13 | A1UdDwQEAwIBBjAdBgNVHQ4EFgQU9v0z9I0AKd8Ycidfx6kz5247hv4wbQYDVR0j
14 | BGYwZIAU9v0z9I0AKd8Ycidfx6kz5247hv6hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
15 | FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
16 | b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAFG+PJxuDnvcONaoXfsWvWjrrGvG
17 | 9EZcB1KCGy0WYMQyhhxTkM9/M27g0iyLTdGJH4qg319dHKTKrfXMZ6bJXrues4dJ
18 | Wg5mETH8uuNbz1naMI1RMvwtp+Byih/sxSkt8JjtZXGyu9OCFj+JSky+yogs16Fv
19 | ihpQf9VcR9z2tDycDD7YFd+kBCM4JzolZtM6WbL0rBnFeRztKWLegS44Uof+peYj
20 | 1p1viJCAJnpI8fbe5gf3pIATrfCBywvyr0MM0PeKO4t/AD74RZk5EJQhhlRrlEZn
21 | H/MLGq3PYQ/M83qQ2XxWo9PY7+MtpxwzCkeOsjpiUN1gIyUY/IRkN8Z8xXA=
22 | -----END CERTIFICATE-----
23 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/ipsec.d/certs/moonCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEIjCCAwqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTE4MDkwNTA3MTUxNloXDTIwMDkwNDA3MTUxNlowRjELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
6 | c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ
7 | GRT8cHcTvORdy4FhciVBQQ1zKpfla9pOLvOl40SpfuHglubkCZzIslFlkTfKJTnK
8 | euuXaCcQaoEMyMDcC5VHBRcewmKlfkG/wj5lOK0foCOLHzRZeIsKIqo32ilOgQYS
9 | KW+PkajiztvPnbW2J93+FzkU2aKDzsIDB09kp4FgLb0BcB+d0GCtkLH7Fa2nWVBu
10 | 4nxfhvr2aYaDlS8sTc8+UqzS74/18mff3tiuo/u56VzMvKZR1UQJjMs2tNDVAA4Y
11 | 9JH4ow++NZWJjwf7n4naQ0Im+6QDt84KnIgvRx3ANk7dAoQhpYdBKrBtOjGCzsgw
12 | pzoJwfXIWRgzse4QYxDxAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
13 | AwIDqDAdBgNVHQ4EFgQUMkQcGSWrOYqVTJ8RMl+CHbG8/9owbQYDVR0jBGYwZIAU
14 | 9v0z9I0AKd8Ycidfx6kz5247hv6hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
15 | ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
16 | AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
17 | BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
18 | b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAfNkrkgSYGHs0T
19 | TUSWOozItT3G61m0qrmYhaUbfwPEajJNaKtPVIPT32ahBwm3tX84DDEXJJCI4Cft
20 | ZW/gv6TBjsyEbOSQ+FD9Pl08XGKdviZq3Hw26qqf6HeVhTDo7abMO8qvZY0m3qTx
21 | dV6uNCVO8r7E8dKTKQ7h3OegNGSkG5rpftF6uRzMnz5cqCZEcelVtftV0Urmrjhl
22 | 3FH2uII86taFstoMTMr1uXuKMSMnvusWJ5ifsqMWaWiwPMBRw/cdglhOxkeWj6b3
23 | u6aDaP86qGv3Le9BHwjmjilUMn7dskyY7D/nM2zCSmoxdpl8OyKBx5ZE20DQYXq+
24 | 1uquHSjQ
25 | -----END CERTIFICATE-----
26 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/ipsec.d/private/moonKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpgIBAAKCAQEA0BkU/HB3E7zkXcuBYXIlQUENcyqX5WvaTi7zpeNEqX7h4Jbm
3 | 5AmcyLJRZZE3yiU5ynrrl2gnEGqBDMjA3AuVRwUXHsJipX5Bv8I+ZTitH6Ajix80
4 | WXiLCiKqN9opToEGEilvj5Go4s7bz521tifd/hc5FNmig87CAwdPZKeBYC29AXAf
5 | ndBgrZCx+xWtp1lQbuJ8X4b69mmGg5UvLE3PPlKs0u+P9fJn397YrqP7uelczLym
6 | UdVECYzLNrTQ1QAOGPSR+KMPvjWViY8H+5+J2kNCJvukA7fOCpyIL0cdwDZO3QKE
7 | IaWHQSqwbToxgs7IMKc6CcH1yFkYM7HuEGMQ8QIDAQABAoIBAQCOa6wePQZyHsQY
8 | oW/x9kIjD9eZq1v76z2kZqPgM9PJQQpsQDrTdPS1srzci2+oTKPpvQjCPckGhi2+
9 | RyMfNlo7GfPB3H3RD8EF8XXspsZtr5bD315foY1fKWxf/1Jn5Qv3oB43HxR77eEo
10 | jaJQgaaAAPrTF0QPe5Dyq60dkTqNTGRwLxDpq4gHlTPzvxELhMuARBg28x6rt8hO
11 | LgWkScQfADw1xetePnECROzv3NxwjJWF2QSHnv4AJVdXn21cP0ELKSfJZuxg6zU2
12 | jU+vmuxsmdSJiM9OBGRo86mk0LgnSxMrUsXAP68unZLC9HGvj9HwX4FyPp696oAO
13 | JEgsvwiFAoGBAOezKd3v/HW99q6lmrarEKBbomDWOUMzcLoxYDOclJ593d0nEDDP
14 | UP7kDbbCJq6ifZblgth4k6Iu3nOUrpGh0rfHPONyDoF7qiirwNKqAOQ2HmirNYWZ
15 | nlD0sN5cXkiBKACAPUlw406KBUo0RZ5jteWdgMtvyxOnAUDgrQEJc3KjAoGBAOXs
16 | PSzh3GDEbyhmH5afMeokrvwtzGpywuVjifOkr1Hczbdc6e4ISN4gcUpZ+PbsKdhN
17 | Rf5EibQT3OPiY7sMrpacuYruKwB39UVNnPNueTj6aW+p6tYW7l2imXRRl4Mhx9gN
18 | 6lyvNZ6lANQ4g8Rws1y/yUTdGJSnM1X86GLr93tbAoGBAIJBQ5kkMC5VA9f8+3QT
19 | yT4NJcUAyaJQyd+yoF2Dej17jv2j10NJWURiGp+SmEJ20NnC3wMpDf4QETiy7kyq
20 | x5ZPaJiI50S9q9Q/ciA8OFITZpb7IRShXtIuLTxkexCRo1ZcwZeG4hKmHwEvT7AS
21 | aBDUsbIsf+LlcRvy8u9xS7i3AoGBAJc/2N51letyTU1eINmMz+EfUJ1D430DEYKl
22 | AFLuuwY3InzE+n5DpOu6m8w1c7m7katg6fJiU9PKXTzr6H9b0F3zq3rhQhiE0SxN
23 | 6jmZKtV4pXN3a6x6WUPvetMx+WGiDzzpqopeF//Mu8bfho7rNJKG93f9mfXwJ60h
24 | Oh4Y7CyRAoGBANy2l1zLhdos8OeEdFJV2SvIKg9KNsyvbNItn+KjoKKjd5rk2ogq
25 | RKq2o16p4neEhBjWC7UuocqdpmATLuSeUD0hNoGzMBqjq4Hw1QEi95espajVX7Mq
26 | cMrXFIgGDX+WrOTJxA0wltt2At0HeSKLQ3saVb7KWAqR5NTdn7Dscu2j
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/ipsec.secrets:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.secrets - strongSwan IPsec secrets file
2 |
3 | : RSA moonKey.pem
4 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/moon/strongswan.conf:
--------------------------------------------------------------------------------
1 | # strongswan.conf - strongSwan configuration file
2 |
3 | charon {
4 |
5 | filelog {
6 | /var/log/charon.log {
7 | # add a timestamp prefix
8 | time_format = %b %e %T
9 | # loggers to files also accept the append option to open files in
10 | # append mode at startup (default is yes)
11 | append = no
12 | # the default loglevel for all daemon subsystems (defaults to 1).
13 | default = 1
14 | # flush each line to disk
15 | flush_line = yes
16 | }
17 | stderr {
18 | # more detailed loglevel for a specific subsystem, overriding the
19 | # default loglevel.
20 | ike = 3
21 | knl = 3
22 | dmn = 3
23 | mgr = 3
24 | ike = 3
25 | chd = 3
26 | job = 3
27 | cfg = 3
28 | knl = 3
29 | net = 3
30 | asn = 3
31 | enc = 3
32 | lib = 3
33 | esp = 3
34 | tls = 3
35 | tnc = 3
36 | imc = 3
37 | imv = 3
38 | pts = 3
39 | # prepend connection name, simplifies grepping
40 | ike_name = yes
41 | }
42 | }
43 |
44 | # number of worker threads in charon
45 | threads = 16
46 |
47 | # send strongswan vendor ID?
48 | # send_vendor_id = yes
49 |
50 | plugins {
51 |
52 | sql {
53 | # loglevel to log into sql database
54 | loglevel = -1
55 |
56 | # URI to the database
57 | # database = sqlite:///path/to/file.db
58 | # database = mysql://user:password@localhost/database
59 | }
60 | }
61 |
62 | # ...
63 | }
64 |
65 | pluto {
66 |
67 | }
68 |
69 | libstrongswan {
70 |
71 | # set to no, the DH exponent size is optimized
72 | # dh_exponent_ansi_x9_42 = no
73 | }
74 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/nat.rules:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | cmd="ipfw -q add"
3 | pif=eth1
4 |
5 | ipfw -q -f flush
6 |
7 | $cmd divert natd log all from any to any via $pif
8 | $cmd allow log all from any to any
9 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/nat.rules.linux:
--------------------------------------------------------------------------------
1 | *nat
2 | :PREROUTING ACCEPT [0:0]
3 | :INPUT ACCEPT [0:0]
4 | :OUTPUT ACCEPT [0:0]
5 | :POSTROUTING ACCEPT [0:0]
6 | -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j SNAT --to-source 10.0.3.2
7 | -A POSTROUTING -s 10.0.2.0/24 -o eth1 -j SNAT --to-source 10.0.3.2
8 | COMMIT
9 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/start_ipsec.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | if [ $# -eq 1 ]; then
6 | moon="moon@$1"
7 | sun="sun@$1"
8 | else
9 | moon="moon"
10 | sun="sun"
11 | fi
12 |
13 | if isOSlinux; then
14 | DIR="/etc"
15 | else
16 | DIR="/usr/local/etc"
17 | fi
18 |
19 | hcp -r moon/* ${moon}:${DIR}/
20 | hcp -r sun/* ${sun}:${DIR}/
21 |
22 | himage -nt $moon ipsec start
23 | himage -nt $sun ipsec start
24 |
25 | sleep 1
26 |
27 | himage $moon ipsec up net-net
28 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/start_nat.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | error() {
6 | echo $*
7 | exit 2
8 | }
9 |
10 | himage nat@$1 hostname \
11 | || error "Is simulation started? Try: Experiment->Execute"
12 |
13 | if isOSlinux; then
14 | himage nat@$eid iptables-restore < nat.rules.linux
15 | else
16 | kldload -n ipfw
17 | kldload -n ipdivert
18 | sleep 2
19 | himage nat@$1 natd -l -interface eth1
20 | hcp nat.rules nat@$1:/root
21 | himage nat@$1 sh /root/nat.rules
22 | fi
23 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/ipsec.conf:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.conf - strongSwan IPsec configuration file
2 |
3 | config setup
4 | #charondebug="dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net 3, asn 3, enc 3, lib 3, esp 3, tls 3, tnc 3, imc 3, imv 3, pts 3"
5 |
6 | conn %default
7 | ikelifetime=60m
8 | keylife=20m
9 | rekeymargin=3m
10 | keyingtries=1
11 | keyexchange=ikev2
12 | mobike=no
13 | fragmentation=yes
14 |
15 | conn net-net
16 | left=10.0.1.2
17 | #left=%any
18 | leftsubnet=bbbb::0/64
19 | leftcert=sunCert.pem
20 | leftid=@sun.strongswan.org
21 | leftfirewall=no
22 | #right=10.0.0.1
23 | right=%any
24 | #rightsourceip=10.0.0.1
25 | rightsubnet=aaaa::0/64
26 | rightid=@moon.strongswan.org
27 | auto=add
28 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/ipsec.d/cacerts/strongswanCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTE4MDkwNTA3MTUxNVoXDTIyMDkwNDA3MTUxNVowRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
6 | Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT6
7 | 6txGbwhENUAG6MdTtIZy6FctQo7vrmHd7F1UC/gZY4F2SYdE4vf0fWir4SvrQThW
8 | sLxnYCfKZdRC+lqcR/QUcaIb8n5N0/bIypOsSe9URxUvU0b5ft8rl8Bddn2u/QaG
9 | RfQPIMSP7iNtvhQ2h3VatbW8ZHOTIjYtnMkWDtRGhJd5kJdO21r8P0/R8J6yhQi3
10 | fpL6MeJNKJ2bI0ttttc519BtiaJ1Y0Ri2Z8ZEsjsLy4/2MxWhp2fi9z627tD3B9N
11 | AIWYEZm2+R8fyzl9sNBOGql2yMUSBCMCh/gs1dIZtqnY1DoRQRLBA2Q74FO/Lkf4
12 | EamE6tyUZ+FlgMqALzECAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
13 | A1UdDwQEAwIBBjAdBgNVHQ4EFgQU9v0z9I0AKd8Ycidfx6kz5247hv4wbQYDVR0j
14 | BGYwZIAU9v0z9I0AKd8Ycidfx6kz5247hv6hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
15 | FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
16 | b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAFG+PJxuDnvcONaoXfsWvWjrrGvG
17 | 9EZcB1KCGy0WYMQyhhxTkM9/M27g0iyLTdGJH4qg319dHKTKrfXMZ6bJXrues4dJ
18 | Wg5mETH8uuNbz1naMI1RMvwtp+Byih/sxSkt8JjtZXGyu9OCFj+JSky+yogs16Fv
19 | ihpQf9VcR9z2tDycDD7YFd+kBCM4JzolZtM6WbL0rBnFeRztKWLegS44Uof+peYj
20 | 1p1viJCAJnpI8fbe5gf3pIATrfCBywvyr0MM0PeKO4t/AD74RZk5EJQhhlRrlEZn
21 | H/MLGq3PYQ/M83qQ2XxWo9PY7+MtpxwzCkeOsjpiUN1gIyUY/IRkN8Z8xXA=
22 | -----END CERTIFICATE-----
23 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/ipsec.d/certs/sunCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEIDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTE4MDkwNTA3MTUxNloXDTIwMDkwNDA3MTUxNlowRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
6 | dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtD
7 | a/JJtABG4RxXrzicjhdwOfqQxaVBxAulu7AoJN7kanU8/Or0c6PHhWBwsVy+GZ61
8 | qnJhoc6aV4Zi4GvPgaS8zQs+9ps6HOvu1RAaNP/otxOyPe4LYvA0A5ryTm8fD1gA
9 | GSi17soUnLjcyZZ7+26duR5vmeYXIJWozcgZozjaRNu/ODKmBpP71dugbq14LYzu
10 | awOd+Ka1DIY544OJvwy3Snp1Gb9A62qsqtR1a1J8xODsrDdmNCDKQ/2URNEl/ztA
11 | vrZSCRDsf+cAxdJMvLAMJ8TAlcZvuP2QM/3UDr9VTZGMD9aLJCxUllYozRDt6lqN
12 | W6Gm4mJ8o/NNlflQcosCAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
13 | AgOoMB0GA1UdDgQWBBSEQRt8lwT3tHcZM1FMU1LmYX4jbDBtBgNVHSMEZjBkgBT2
14 | /TP0jQAp3xhyJ1/HqTPnbjuG/qFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
15 | EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
16 | ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
17 | BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
18 | Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAqPiQeub0ysRTmYCe
19 | 08+pGmLuchs0WGpgCPMYcOevgdDnBrIiui063CdjeBpT98XfW4tWiT2ifkUdwOdc
20 | eYuqDz0sNxIi/2QJFafsgtz92Ver+Yd00tHv5Lw0CHzUyrqvoGF+aJ+rjPbMmWa9
21 | bAYmUHgZM+mZ+wucEYnljEMfWh6A15T4QDaxIHu+NwR5ebmKSrltYqjhzzwrUgoy
22 | ic1JyV0EMxYIcpA5AyUXOE+FQYGoDcM/58ysAGv24ur//lG4CmN8Z3niIU8lszZ+
23 | he/cAiyrFftYDQyG5aZLcPQiJgQgv/aRivLbyrOKO98VBeMnnp22L+RLhQOtckkr
24 | RnLiuQ==
25 | -----END CERTIFICATE-----
26 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/ipsec.d/private/sunKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpQIBAAKCAQEA20Nr8km0AEbhHFevOJyOF3A5+pDFpUHEC6W7sCgk3uRqdTz8
3 | 6vRzo8eFYHCxXL4ZnrWqcmGhzppXhmLga8+BpLzNCz72mzoc6+7VEBo0/+i3E7I9
4 | 7gti8DQDmvJObx8PWAAZKLXuyhScuNzJlnv7bp25Hm+Z5hcglajNyBmjONpE2784
5 | MqYGk/vV26BurXgtjO5rA534prUMhjnjg4m/DLdKenUZv0Draqyq1HVrUnzE4Oys
6 | N2Y0IMpD/ZRE0SX/O0C+tlIJEOx/5wDF0ky8sAwnxMCVxm+4/ZAz/dQOv1VNkYwP
7 | 1oskLFSWVijNEO3qWo1boabiYnyj802V+VByiwIDAQABAoIBAQDX84CGwiaBu02N
8 | X6MZC8A6v3KrIRk4mRxgKFxBtFgUGz3quCWVtyuJ3EG16WgWIrkTAnOcciIuXP7l
9 | Qc8s/9P9D2KXt+ykl8jSaoj4cgdPIMHnqT6rjBVm5KPEYO/1K88t6fLdkMpdx41P
10 | 2UzGZNgPa1Je8qXN42tZW0dJ1E5Y93UwODxdVe3hW7THs30mK9WfHAhujXtZrz+k
11 | vOBdgVdwHI7wHmFY/P/slcWjtmaH9/nzpcTFjzLXI5Y3NEFoyPpJYdOxzci0Nj90
12 | hQRxs42z2ucHeoiz/mE9ib6rzW6aTh8VsYQVnqpq2/18z5LwP5+mLyzMBX3cHdS2
13 | DLQTncZZAoGBAPsA/ZTqmfF5R8nMlbD4gLvWPSx+q8HLG7kJLNMC4adgvEyx9FkM
14 | M1lKlIRs89gbbNwdklcv920HafXyiKd16Lm/WWp8YqsgREHcshhpzRrxEuJZVZdl
15 | p1P3Zoky+4yEuHlfFc65zT0kaNYVcRGq06iz/VKKc7PCSlwEFOsWG0AtAoGBAN+g
16 | sefrpdLVZLJeIgXM0p+sTXNy11sxz8qTINXHaLjpcXFYRdu1BdVSGqfcJSTidIqd
17 | AHNfVGC1ee+10eTAAzMQYdRnfeMGz+GCD9m5/nlelERT0UFCo9ynaJ7J7NlnqSNc
18 | evuaEVJDqypk+LrAyQbw8ZDlqYPmBVd+c5dmmviXAoGBALBzLtCb52J4Zr33Axgo
19 | aZ8iaVi5J5cRaEi4qXkhIm6es2CbDPH4gLR5mFRLn1PBW9KVO0XtY1uTBasvN1+5
20 | pMPHP117WYWBJlrCgbRl1BjndeYG9QN8I5gEaGF0pJ9QwboY3OS5ew1LZiNxaU4J
21 | L8f918xJpjKtF8b925KztK51AoGAd5FzLh7YFeeVJK2iIVnHkCpPaxgPP6pdgOGz
22 | 37n0K1JeHo1lJLkgelOg/vl9PsB6MZcKo6Vn9yFxJhMgO9/Slh3/QNNpAtcklV22
23 | XeLNxlUkj3gFXZBlDtjP3n72zbNYQxjyhM52znZx8YP1Xd0wXy666o9xWJ3HY2Ww
24 | JlZtK9cCgYEA4eLakRSndfOlCyvOIYN6s13u408qu/srqs7Wp5AE6FO7jT/nEboQ
25 | buj7Oa0YSWLI6kluA0k9fMh++HAL08+509JVUKvQWKtg05aTVvT1NEdFCoNxvMPC
26 | uZVtXXlbjRywXuCxn3jA2Qc9lnic4eNsFUlMvcq5NDCK5swaNgLYAK0=
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/ipsec.secrets:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.secrets - strongSwan IPsec secrets file
2 |
3 | : RSA sunKey.pem
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/sun/strongswan.conf:
--------------------------------------------------------------------------------
1 | # strongswan.conf - strongSwan configuration file
2 |
3 | charon {
4 |
5 | filelog {
6 | /var/log/charon.log {
7 | # add a timestamp prefix
8 | time_format = %b %e %T
9 | # loggers to files also accept the append option to open files in
10 | # append mode at startup (default is yes)
11 | append = no
12 | # the default loglevel for all daemon subsystems (defaults to 1).
13 | default = 1
14 | # flush each line to disk
15 | flush_line = yes
16 | }
17 | stderr {
18 | # more detailed loglevel for a specific subsystem, overriding the
19 | # default loglevel.
20 | ike = 3
21 | knl = 3
22 | dmn = 3
23 | mgr = 3
24 | ike = 3
25 | chd = 3
26 | job = 3
27 | cfg = 3
28 | knl = 3
29 | net = 3
30 | asn = 3
31 | enc = 3
32 | lib = 3
33 | esp = 3
34 | tls = 3
35 | tnc = 3
36 | imc = 3
37 | imv = 3
38 | pts = 3
39 | # prepend connection name, simplifies grepping
40 | ike_name = yes
41 | }
42 | }
43 |
44 | # number of worker threads in charon
45 | threads = 16
46 |
47 | # send strongswan vendor ID?
48 | # send_vendor_id = yes
49 |
50 | plugins {
51 |
52 | sql {
53 | # loglevel to log into sql database
54 | loglevel = -1
55 |
56 | # URI to the database
57 | # database = sqlite:///path/to/file.db
58 | # database = mysql://user:password@localhost/database
59 | }
60 | }
61 |
62 | # ...
63 | }
64 |
65 | pluto {
66 |
67 | }
68 |
69 | libstrongswan {
70 |
71 | # set to no, the DH exponent size is optimized
72 | # dh_exponent_ansi_x9_42 = no
73 | }
74 |
--------------------------------------------------------------------------------
/ipsec_common/nat-ipsec/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b nat-ipsec64.imn | tail -1 | cut -d' ' -f4`
12 | startCheck "$eid"
13 |
14 | ./start_nat.sh $eid > /dev/null
15 |
16 | if [ $? -eq 0 ]; then
17 | sleep 4
18 | netDump nat@$eid eth1
19 | if [ $? -eq 0 ]; then
20 | pingCheck moon@$eid 10.0.1.2 1
21 | if [ $? -eq 0 ]; then
22 | sleep 2
23 | pings=`readDump nat@$eid eth1`
24 | if [ $? -eq 0 ]; then
25 | echo "$pings"
26 | pings=`echo "$pings" | grep "echo request"`
27 | natsrc=`echo "$pings" | cut -f3 -d' '`
28 | natdst=`echo "$pings" | cut -f5 -d' '`
29 |
30 | if [ "$natsrc" = "10.0.3.2" ]; then
31 | ./start_ipsec.sh $eid
32 | if [ $? -eq 0 ]; then
33 | sleep 2
34 | netDump nat@$eid eth1 ip
35 | if [ $? -eq 0 ]; then
36 | ping6Check pc1@$eid bbbb::20 2
37 | if [ $? -eq 0 ]; then
38 | sleep 2
39 | esps=`readDump nat@$eid eth1`
40 | if [ $? -eq 0 ]; then
41 | echo "$esps"
42 | echo "$esps" | grep -q "ESP"
43 | if [ $? -ne 0 ]; then
44 | echo ""
45 | echo "********* NO ESP ERROR ***********"
46 | err=1
47 | fi
48 | else
49 | echo "$esps"
50 | err=1
51 | fi
52 | else
53 | err=1
54 | fi
55 | else
56 | err=1
57 | fi
58 | else
59 | echo ""
60 | echo "********** START_IPSEC ERROR **********"
61 | err=1
62 | fi
63 | else
64 | if [ "$natsrc" = "10.0.0.1" ]; then
65 | echo ""
66 | echo "********** NAT ERROR **********"
67 | echo "********** IS NAT TURNED ON? **********"
68 | else
69 | echo ""
70 | echo "********** CONNECTION ERROR **********"
71 | fi
72 | err=1
73 | fi
74 | else
75 | echo "$pings"
76 | err=1
77 | fi
78 | else
79 | err=1
80 | fi
81 | fi
82 | else
83 | echo "********* START_NAT ERROR ***********"
84 | err=1
85 | fi
86 |
87 | imunes$legacy -b -e $eid
88 |
89 | thereWereErrors $err
90 |
--------------------------------------------------------------------------------
/ipsec_common/sun/ipsec.d/cacerts/strongswanCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDojCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTI0MDMwMzEzNDMzN1oXDTI4MDMwMjEzNDMzN1owRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
6 | Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/7
7 | Ute3Y2QqlsV4PwdLW9m1U39ew5Zz77gZI9NuOlLmCmKnX0uB8eUdd91c1WyN2pcB
8 | 6z0B178OFDlqUM9feS71ROZh7BA8SbKfZau58ewkCYMiWrfbWJ7iCndoznFa60v8
9 | Hr0FX49vMXGcxLIOTDZahqxwHQT+Po2Bx46fUU3YVCHWLQicKRJef5N4Mev7xzRq
10 | BZTIrBrCHuzaWKk9e5h+8gKhHIFu43ESjam4E73ebW8sCn11D0pTcgCoyLrptQPc
11 | 4TJ46kIiwolB6ITwrNrb6L/Me3755yjUFgCRhNdyRWnaAU86diOIM+jswuaafNcJ
12 | Kogk4CfKf+IAfg3TWYkCAwEAAaOBnDCBmTASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
13 | A1UdDwQEAwIBBjAdBgNVHQ4EFgQUgs6MgrN7A7j/sOoDkd0yeVYF6TowVwYDVR0j
14 | BFAwTqFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
15 | YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBADANBgkqhkiG9w0BAQsF
16 | AAOCAQEAMj1xSr7bpNQnNzHi5gtIJoerJEuVKYYaXtmyr5LoNtJ7rMBqtz0LWI2m
17 | I44EHiivZsiuTTN0RSSU8jzULguWU4Ra6est3E0iZao2/UUhtZ9R+UMosIx5eBuw
18 | vEj/jv4Ny2W5jm8chwxS3EWbfgRDybFgj1yuMVs2KIJZkHjXbq5R3w1gGLSJhDmr
19 | 6IwqFOku/MOgQHcu22wFwezGyEaaMLtVpL4SnSOptekqOQ7R6tq1XO1zYOF9UBMG
20 | NnJjzA7qP5ClBwQ0mfwkR2W7TlhQDHrobOOdL4QyhZ54M9sEbJzmr6ThEr8pogQ5
21 | vVJEQpJYJRiHzI4hpT3fp4HkmT3PFg==
22 | -----END CERTIFICATE-----
23 |
--------------------------------------------------------------------------------
/ipsec_common/sun/ipsec.d/certs/sunCert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEIDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3 | MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4 | b290IENBMB4XDTI0MDMwMzEzNDMzN1oXDTI2MDMwMzEzNDMzN1owRTELMAkGA1UE
5 | BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
6 | dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoi
7 | Yg0Sw1kwtMTzWtAU3ldHg1S1+CnSnz9UFRrjuI+bmyKd3gT7mjLerGFJ8SnRjR05
8 | hHm3oe2VAFk3WgvxWxp2J/lD1A+cwTuoFqJQz9nMShwb7x5N4e1lu1XpTTTDMXRx
9 | RfVE7wxXa+BF6IrHcqyWhRchdFIMgSi9IZaOPF4Gxtbkg/+o6BemiumvBG0oQUqq
10 | QNyDviMmYwGSJjef/dWHkfTp8oL7lvHeLuIT0QNSc1bMQPqTdYTddeK1ktm54Bmr
11 | AnRG1QRFOGNI9A9idWf08/AxO4SZLzkymP9mzKeFAsizqcQvTpUzmdJMeH0o38yC
12 | QJnrVgrwnEpQupg0xGMCAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
13 | AgOoMB0GA1UdDgQWBBSz9i5goIFKkpaVn8NthQSD3SH5ITBtBgNVHSMEZjBkgBSC
14 | zoyCs3sDuP+w6gOR3TJ5VgXpOqFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
15 | EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
16 | ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
17 | BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
18 | Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEALRVnAAt2P51fPLji
19 | REfMtJIjYpMZWquhe1HsJ0pBH2cG2I/iOz8dz8ytn2313/mfcULczzKv35+JrKq4
20 | 3N5bQJSJUXWcOI54yhOdSvn9J6gWoOwWei86S6ZQSnq5wf2vbMdooC5CsEBPtzuP
21 | C6o3FjgFVPkKJfkuXgrLyc6wu7UoSHUBqH0YQ2WWwYEH33ItFmom5jKaStLMOiA+
22 | yFXsSbD/ltpOesNN6ul9JJbrihvABEAVKtU0dlsWpiU3qbkPGzvIVgy2ksO0ZWpG
23 | F+g7EImYSzp5BtblES6HyiK69ZJHmF8QXAyTTyDhyo0kWGU1r+dLqCis0olgF25e
24 | adhHaw==
25 | -----END CERTIFICATE-----
26 |
--------------------------------------------------------------------------------
/ipsec_common/sun/ipsec.d/private/sunKey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKImINEsNZMLTE
3 | 81rQFN5XR4NUtfgp0p8/VBUa47iPm5sind4E+5oy3qxhSfEp0Y0dOYR5t6HtlQBZ
4 | N1oL8Vsadif5Q9QPnME7qBaiUM/ZzEocG+8eTeHtZbtV6U00wzF0cUX1RO8MV2vg
5 | ReiKx3KsloUXIXRSDIEovSGWjjxeBsbW5IP/qOgXporprwRtKEFKqkDcg74jJmMB
6 | kiY3n/3Vh5H06fKC+5bx3i7iE9EDUnNWzED6k3WE3XXitZLZueAZqwJ0RtUERThj
7 | SPQPYnVn9PPwMTuEmS85Mpj/ZsynhQLIs6nEL06VM5nSTHh9KN/MgkCZ61YK8JxK
8 | ULqYNMRjAgMBAAECggEAFlNW3hfI8MRy6t/wE1SCvEQfSs9wcfob8awxSo+FVoM6
9 | zsd9+rHpdZ3njzVSCCrneaddLO5t2aZf6/qznOcTB2iugJcPyIupQhQOL+5aDrXE
10 | J7ekIQY8InLejp4ek2nNwA00y2LKPmQ3e4VtKkreLRbQ612cEeXkrCG7oHvkSgQm
11 | IyTbkZ3ZsxWF590CzDhXQxbe1ufAfkeE2sZeP3hOR6qQGTP49HjywIWTBB1RF1OC
12 | zu/0KYM/t3GbfBhadu4AqyLfBfbHd0vmdzWelQV4zvPylUWbgC0F8Gv9dcPCZ5qw
13 | H8nTuKs0ttCNvAPsxPM53zbYGOMvCPJQ82UgQXUp+QKBgQD5Roz1Kf6mAhyRswn1
14 | FpS5M99okzB2cqYL8ez21tL0NCgqsWgNNU7gMJl43KbBNrLAXWwUQKFNVkBkLY7E
15 | 4Ql0SwApcO/le7tVapvfsxn6clLU2Hw4plH3lzosMvCNVKX30gv8mJMRS4uvX9/p
16 | 1Z2xS/BqAJH9fgJtitTtsAFSuQKBgQDPlkikujS04sxEq/nT3IENopvheNG3+hAn
17 | KiB4wGT/llgJrLhWNnXDoSBe46gv6DA4JfanyPrU0QpIhLkT/KtFlsTxR77KrcjC
18 | RW+aMyZpJ7iGWtfxkGaDNnV8I4I2gS4qy0wl0rglzb14TKEekKBa0YiUNUCFep2o
19 | J0yQLg1x+wKBgAfnYsTLRhXBb2J3SNOKmcCdknHgaOL4k6dBToAtI5c2qCdiZKg2
20 | jn+xSsx4QplRwK00yR6DRhoLqBMFFsfLUt9rGWA3AoRGPhRhQvv+084LHfE9xAKP
21 | 032EQAXyv4nbqz+GW3bw54je2lj/MzxY150tiTvzNK3S9wS+KC45LHGRAoGAOvp7
22 | 0TGGYA4/8xLZfDQeBn24xCrLivXlOPtjFmuzRlq00KreBMCcXOSeidcspc/WQ12l
23 | 4q3bdjOeNFRhMSiMkMzxT4wOzQ7rBycrOihmNWIvrxyIVf2s4oLKhmagTFQPheEU
24 | 1Xo1D6iQuGktLb3xkVwO7ezjVAkuWeQwgJZVA5kCgYAs2Rwlctsa3nSK7nonG/VH
25 | vjAWhoAF8a3pqxkV9diRKhXzKmXzHpH8NkGpZYFHWDCO432O+PoZ2xvpkdneK/4d
26 | 8l/OoTEw3Z8LaAdzn/LY/iTPPjIOYlxAsbOtC1ipOEk0rxBWJbt9Zl3u1PpkMFkj
27 | agI889A3Zj24SLLRT848Zg==
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/ipsec_common/sun/ipsec.secrets:
--------------------------------------------------------------------------------
1 | # /etc/ipsec.secrets - strongSwan IPsec secrets file
2 |
3 | : RSA sunKey.pem
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/ipsec_common/sun/strongswan.conf:
--------------------------------------------------------------------------------
1 | # strongswan.conf - strongSwan configuration file
2 |
3 | charon {
4 |
5 | filelog {
6 | charon {
7 | path = /var/log/charon.log
8 | # add a timestamp prefix
9 | time_format = %b %e %T
10 | # loggers to files also accept the append option to open files in
11 | # append mode at startup (default is yes)
12 | append = no
13 | # the default loglevel for all daemon subsystems (defaults to 1).
14 | default = 1
15 | # flush each line to disk
16 | flush_line = yes
17 | }
18 | stderr {
19 | # more detailed loglevel for a specific subsystem, overriding the
20 | # default loglevel.
21 | ike = 3
22 | knl = 3
23 | dmn = 3
24 | mgr = 3
25 | ike = 3
26 | chd = 3
27 | job = 3
28 | cfg = 3
29 | knl = 3
30 | net = 3
31 | asn = 3
32 | enc = 3
33 | lib = 3
34 | esp = 3
35 | tls = 3
36 | tnc = 3
37 | imc = 3
38 | imv = 3
39 | pts = 3
40 | # prepend connection name, simplifies grepping
41 | ike_name = yes
42 | }
43 | }
44 |
45 | # number of worker threads in charon
46 | threads = 16
47 |
48 | # send strongswan vendor ID?
49 | # send_vendor_id = yes
50 |
51 | plugins {
52 |
53 | sql {
54 | # loglevel to log into sql database
55 | loglevel = -1
56 |
57 | # URI to the database
58 | # database = sqlite:///path/to/file.db
59 | # database = mysql://user:password@localhost/database
60 | }
61 | }
62 |
63 | # ...
64 | }
65 |
66 | pluto {
67 |
68 | }
69 |
70 | libstrongswan {
71 |
72 | # set to no, the DH exponent size is optimized
73 | # dh_exponent_ansi_x9_42 = no
74 | }
75 |
--------------------------------------------------------------------------------
/services/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | . ../common/procedures.sh
4 |
5 | err=0
6 | legacy=""
7 | if test -n "$LEGACY"; then
8 | legacy=" -l"
9 | fi
10 |
11 | eid=`imunes$legacy -b services.imn | awk '/Experiment/{print $4; exit}'`
12 | startCheck "$eid"
13 |
14 | # wait for the services to start
15 | sleep 5
16 |
17 | # ftp
18 | himage FTP@$eid netstat -an | grep LISTEN | grep -q "21"
19 | if [ $? -ne 0 ]; then
20 | echo "FTP error"
21 | err=1
22 | fi
23 |
24 | # ssh
25 | himage SSH@$eid netstat -an | grep LISTEN | grep -q "22"
26 | if [ $? -ne 0 ]; then
27 | echo "SSH error"
28 | err=1
29 | fi
30 |
31 | # telnet
32 | himage TELNET@$eid netstat -an | grep LISTEN | grep -q "23"
33 | if [ $? -ne 0 ]; then
34 | echo "TELNET error"
35 | err=1
36 | fi
37 |
38 | imunes$legacy -b -e $eid
39 |
40 | # tcpdump
41 | # testing after termination because that's when the file is saved in /tmp/$eid
42 | file /tmp/$eid/TCPDUMP_n3_eth0.pcap | grep -q "capture file"
43 | if [ $? -ne 0 ]; then
44 | echo "TCPDUMP error"
45 | err=1
46 | fi
47 |
48 | thereWereErrors $err
49 |
--------------------------------------------------------------------------------