ITC-2000 Lab OpenWRT Router Exploration: Difference between revisions
BenFranske (talk | contribs) No edit summary |
BenFranske (talk | contribs) No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 40: | Line 40: | ||
** The device name for the router | ** The device name for the router | ||
** The device name, IPv4 address, and MAC address of each PC on your remote lab network | ** The device name, IPv4 address, and MAC address of each PC on your remote lab network | ||
** The WAN IPv4 Address (hint, it starts with 172.17...) | |||
** The router system log file | ** The router system log file | ||
** Traffic graphs in and out of each interface on the router | ** Traffic graphs in and out of each interface on the router | ||
Line 64: | Line 65: | ||
==Step 6: Configure Port Forwarding== | ==Step 6: Configure Port Forwarding== | ||
Port forwarding allows remote computers to connect to specific services on a specific device within a private local network based on the source IP address, destination TCP or UDP port number, and other characteristics of the traffic. Normally this is used to provide access to an internal (LAN) server from the public Internet. In our case things have been setup for security reasons so that your WAN address is only accessible by people connected to the ITC network (through a VPN or a classroom connection). | |||
* Login to your router from the web browser on PC 1 | |||
* Click the Network -> Firewall menu option, then click the "Port Forwards" tab. | |||
* Click the "Add" button to create a new port forward. | |||
* Set a name for the port forward, something like "PC 1 Webserver" would be a good idea. | |||
* Web servers just use TCP so change the protocol so that only "TCP" is selected. | |||
* Leave the source zone set to WAN | |||
* Set the "External port" (the port on the WAN interface) to "80" which is the port we want browsers to connect to. Port 80 is the default for HTTP. | |||
* Leave the destination zone set to LAN | |||
* Set the "Internal IP address" to the IP address of PC 1, this is the IP address the external port will be connected to. | |||
* Set the "Internal port" to the port we setup on the PC 1 webserver (port 80). | |||
* Click the green "Save" button on that dialog and then the blue "Save & Apply" button in the lower right. | |||
* We now should have a working port forward so that accessing port 80 on the WAN IP address of your router will display the same webserver page you saw from PC 2 above. Try accessing the WAN IP of your router in a web browser from your home system and verify the PC 1 webserver comes up. | |||
==Finishing Your Lab== | ==Finishing Your Lab== |
Latest revision as of 04:12, 16 February 2021
Objectives
In this lab, you will explore and configure the OpenWRT router software.
Background/Scenario
The OpenWRT router software is powerful small office and home network routing software which can be installed on many different brands of compatible home router devices. Your remote lab PC setup already contains a device with OpenWRT installed. Because the remote lab PC setup only supports wired connections we will be somewhat limited in what we can explore but when installed on a compatible home router it fully supports wireless connections as well.
Required Resources
- An ITCnet account for VPN access (your instructor should have provided you with a username and a temporary password)
- A IHCC Netlab account for remote pod access (your instructor should have provided you with a username and a temporary password)
- A remote lab equipment pod for this course consisting of:
- Two remote lab PCs which Windows 10 can be installed on
- One OpenWRT router system
- A computer which can have the OpenVPN software installed on it
- A reliable broadband internet connection
Instructions
Step 1: Get ITCnet Access Working
- If you are working from off campus you will need to connect to the ITCnet VPN.
Step 2: Sign In to the Netlab System and Make a Pod Reservation
- The ITC Netlab remote lab system can be accessed using a web browser when you are attached to the ITCnet. Simply point your web browser to https://ihcc-netlab.campus.ihitc.net
- Each time you want to work on a lab in Netlab you need to make a reservation to work on your equipment "pod". In some classes pods are shared with other students and in other classes pods are reserved just for you or your team.
- You will want to make a reservation for the "PC Hardware and Software Lab Access (2 Windows PCs with Network Access)" lab which we'll use several times throughout the course.
Step 3: Access Your OpenWRT Router and Enable Internet Access
- You will need to enter your reservation during the time you have access reserved in order to interact with your remote lab PCs.
- Note the "Topology" tab found in your remote lab setup. Topology diagrams are like maps of networks, they show how all the various components of the network are connected together. In our case you can see that PC 1 and PC 2 are connected to a network switch which is connected to the LAN port of your OpenWRT router. The WAN port of your OpenWRT router is connected to a network shared by others in your class, to a network printer we will use in a future lab, and eventually out to the Internet.
- Because home router software is designed to be fairly easy for people to configure it is typically configured through a web interface. This can be accessed by using a web browser from a PC on the LAN network side to go to the IP address of the router. Normally a real physical router has a reset button on it which can be used following instructions in the manual to reset the router back to it's default settings in case you don't know the IP address or password for the router or otherwise misconfigure it in some way which makes the web interface inaccessible. Unfortunately, we don't have an easy way for you to reset your router in the remote lab system so if it becomes misconfigured you will need to ask your instructor to reset it for you so we'll be careful with the settings you change.
- Click on the "PC 1" tab and sign in to PC 1 if you haven't already.
- Open the Edge web browser on your remote lab PC and connect to http://192.168.1.1 and log in with the username "root" and password "pchardware"
- You are now at the administrative interface for OpenWRT. Before we begin let's make sure that the router is configured for working Internet access.
- Click the Network -> Interfaces menu option. Click the "Edit" button on the WAN interface and change the Protocol from "Unmanaged" to "DHCP Client".
- Click the green "Save" button on that dialog and then the blue "Save & Apply" button in the lower right.
- After about a minute you should have working Internet access from your remote lab PC. Test and make sure this is working.
- Click the OpenWRT logo in the upper left corner of the screen to return to the router homepage.
Step 4: View and Set Basic Router Information in OpenWRT
- Check out the router information and see if you can locate these pieces of useful information on your router:
- The device name for the router
- The device name, IPv4 address, and MAC address of each PC on your remote lab network
- The WAN IPv4 Address (hint, it starts with 172.17...)
- The router system log file
- Traffic graphs in and out of each interface on the router
- A list of IP connections currently passing through the router
- Change the hostname of the router to something of your choice other than OpenWrt.
- Fix the timezone so that the router has the correct local time for you
- See if you can find the LAN DHCP server settings and change the starting address from 192.168.1.100 to 192.168.1.50 and the ending address to 192.168.1.100 instead of 192.168.1.250
Step 5: Install and Configure a Webserver on PC 1
- Use the web browser on PC 1 to download a few files such as photos, documents, music, programs, etc. and make sure they are saved in the Downloads directory.
- On PC 1 open a new web browser tab and access: http://fenixwebserver.com
- Download and install the latest Windows version of Fenix Webserver
- Start the Fenix Webserver program on PC 1
- Go to the "Webservers" menu and choose "New"
- Set the "Descriptive Name" to "My Downloads"
- Click the folder icon on the "Directory" line to open a "Browse for Folder" dialog box.
- Click the arrow next to your user name, then click the "Downloads" folder, then click OK
- Make sure the bottom box says "80" then click the green "Create" button
- Go to the "Webservers" menu and choose "Start All"
- Open your web browser again and try going to the site "127.0.0.1"
- You should now see the contents of your downloads directory displayed in your web browser.
- Try accessing your web server on PC 1 from PC 2. To do this you will need to open a web browser on PC 2 and go to the IP address of PC 1 which you can find by using the "ipconfig" utility on PC 1.
- Congratulations you have a webserver running on PC 1 which can be accessed from other computers on the LAN like PC 2!
Step 6: Configure Port Forwarding
Port forwarding allows remote computers to connect to specific services on a specific device within a private local network based on the source IP address, destination TCP or UDP port number, and other characteristics of the traffic. Normally this is used to provide access to an internal (LAN) server from the public Internet. In our case things have been setup for security reasons so that your WAN address is only accessible by people connected to the ITC network (through a VPN or a classroom connection).
- Login to your router from the web browser on PC 1
- Click the Network -> Firewall menu option, then click the "Port Forwards" tab.
- Click the "Add" button to create a new port forward.
- Set a name for the port forward, something like "PC 1 Webserver" would be a good idea.
- Web servers just use TCP so change the protocol so that only "TCP" is selected.
- Leave the source zone set to WAN
- Set the "External port" (the port on the WAN interface) to "80" which is the port we want browsers to connect to. Port 80 is the default for HTTP.
- Leave the destination zone set to LAN
- Set the "Internal IP address" to the IP address of PC 1, this is the IP address the external port will be connected to.
- Set the "Internal port" to the port we setup on the PC 1 webserver (port 80).
- Click the green "Save" button on that dialog and then the blue "Save & Apply" button in the lower right.
- We now should have a working port forward so that accessing port 80 on the WAN IP address of your router will display the same webserver page you saw from PC 2 above. Try accessing the WAN IP of your router in a web browser from your home system and verify the PC 1 webserver comes up.
Finishing Your Lab
- Once you are done with the lab activity you can shut down both PC 1 and PC 2. It's always a good habit to properly shutdown a computer using the shutdown command in the operating system before you turn off the power. In Windows this can be done by clicking the Start Menu in the lower left of each PC and choosing the "Power" button followed by "Shutdown". Doing this prevents data corruption which can occur if the power is suddenly removed from a PC.
- However, if you forget to do this in Netlab and you have properly installed the VMware Tools Drivers Netlab will take care of safely shutting down your PCs for you.
- If you still have time remaining in your Netlab reservation it's polite to click on the "Reservation" menu in the upper right corner of your browser and choose "End Reservation Now" which will free your spot on the Netlab system immediately for someone else to use.