1,576
edits
Changes
no edit summary
# Read through the Week 5 slides, and have them handy as a reference for concepts
# Your Azure-based Linux VM
# Your Azure-based Windows VM
# Your [[File:OPS705_Lab_Logbook | OPS705 Lab Logbook]]
# Open the text file, and write the same HTML code as Lab 5, changing the title tag to ''OPS705 IIS Web Server - Fall 2020''.
# Refresh your browser page from ''Part 1''. You should see your new code.
# On your host computer, open a browser and navigate to the URL you used to remotely connect to your Windows Server VM. Unlike the Linux Server in Lab 5, the web page you created does not appear. We still have some work to do.
= INVESTIGATION 2: Routing Through Your Linux Server =
In this investigation, you'll set up your Linux Server VM to forward requests to your Windows VM's IIS web server. This is an advanced topic. Reviewing the Week 5 and Week 6 material is highly recommended. The following investigation assumes you understand the concepts discussed in those lectures.
== Part 1: Enabling Forwarding on Your Linux Server ==
# Remote SSH into your Linux Server VM.
# Elevate to root.
# Use vim to open '''/etc/sysctl.conf'''
# Add the line: <code>net.ipv4.ip_forward = 1</code> Make sure it's a new line, and that it '''doesn't''' start with a ''#'' symbol.
# Save and quit vim.
# At the command prompt, run: <code>sysctl -p</code>
== Part 2: Port Forwarding Using NAT ==
# Remote into your Windows Server VM, open Command Prompt, and run <code>ipconfig</code> Write down the 10.x.x.x IP address displayed.
# Remote SSH into your Linux Server VM, and elevate to root.
# Confirm you can access the web server on your Windows VM by running: <code>curl '''IP-address-from-step-1'''</code> If you see plain HTML code displayed, move to the next step.
# Set up a port forwarding rule so all requests to your Linux VM on port 8080 get sent to your Windows VM on port 80. Run the following: <code>iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination ''windows-server-ip-from-step-1'':80</code>
# Set up NAT for all forwarded traffic: <code>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</code>
== Part 3: Adding Forwarding Firewall Rule Exceptions ==
# Create a firewall rule to allow forwarded traffic destined for TCP port 8080: <code>iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT</code>
# Create a firewall rule to allow forwarded traffic sent from TCP port 8080: <code>iptables -A FORWARD -p tcp --sport 8080 -j ACCEPT</code>
# Watch your firewall rules and their packet counters with the following command: <code>watch iptables -L -vn --line-numbers</code>
# In a browser on your own computer, paste the URL for your Linux VM, adding ''':8080''' to the end of the address, then hit Enter.
# If you've done your work right, the Windows IIS web page should appear!
# Review the packet count from your watch command in Step 3. Notice the new forward rules are working! Keep this in mind for troubleshooting.
# In your SSH session, use the keyboard combination '''Ctrl''' and '''c''' to halt the watch program.
# Now that you know your new rules work, '''save your new rules'''
= Lab Submission =
Submit to Blackboard full-desktop screenshots (PNG/JPG) of the following:
# Browser window showing the Windows IIS page (on your computer, not a VM).
# SSH session window with your iptables rules listed.
Your professor will review your page directly; the screenshots are a backup in case of catastrophic issues.
'''Your professor will not check your lab until the screenshot has been submitted.'''
Make sure to shut down your virtual machines when you're done!
[[Category:OPS705]]
[[Category:OPS705 Labs]]
[[Category:Digital Classroom]]
[[Category:Fall 2020]]
[[Category:Draft]]