Solving some specific requirement in networking
So, today we are going to cover two things.
- Create a Setup so that you can ping Google but not able to ping Facebook from same system.
- Myth: If system A can ping to system B and system C, then B can also ping to C.
So, lets start our journey. So first we have to setup like this, so we can do both tasks. For the simplicity i have created one new host-only adaptor. Here i am using Oracle virtual box and RHEL as a OS, so some commands may be OS specific.
Task 1: Create a Setup so that you can ping google but not able to ping Facebook from same system.
Step 1: Open your terminal inside rhel system, and check all the routes.
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 enp0s3192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Step 2: Now let’s check the IP of Google and Facebook server.
[root@localhost ~]# nslookup facebook.com & nslookup goo.glName: goo.gl
Address: 172.217.174.238Name: facebook.com
Address: 69.171.250.35
So, let’s talk about how we can ping to Google and Facebook?
When you ping to google (172.217.174.238), it will send your packet to the google. But for creating packet you must have rule for this server range. So, if this rules are not available in routing table then we cannot ping to google or any other server. But it is there in (0.0.0.0), so packet will go through Destination = 0.0.0.0 and Gateway = 192.168.1.1 routing table rule. So, if we can remove this then we can not ping google or any other server.
[root@localhost ~]# route del -net 0.0.0.0[root@localhost ~]# ping 172.217.174.238
connect: Network is unreachable
So, now we can not ping to any of the outside server / network, because we don’t have any gateway.
Step3: Create rule in routing table, so we can ping to google.
[root@localhost ~]# route add -net 172.217.174.0 netmask 255.255.255.0 gw 192.168.1.1 enp0s3Here, we have created rule for 172.217.174.0/24 network, so we can only ping to those server which belongs to this range (172.217.174.0–255).
[root@localhost ~]# ping 172.217.174.238PING 172.217.174.238 (172.217.174.238) 56(84) bytes of data.
64 bytes from 172.217.174.238: icmp_seq=1 ttl=119 time=22.1 ms
So, as you see we can easily ping to google, but lets see we can ping to to Facebook or not?
[root@localhost ~]# ping 69.171.250.35
connect: Network is unreachableSo, we cannot ping to Facebook (69.171.250.35) because we do not have any rule for this IP range. You can again create above deleted rule and allow to ping / connect to any outside system.
Using this approach you can restrict ping command or any other thing to allow only from specific IP range.
Task 2: If system A can ping to system B and system C, then B can also ping to C. Prove this wrong!!
Description: Create a network Topology Setup in such a way so that System A can ping to two Systems System B and System C but both these systems should not be pinging each other without using any security rule e.g firewall etc
Step 1: While creating host-only adaptor disable auto assign IP using dhcp server. Here i am using Adaptor #3.
Step 2: Now start three systems namely A, B and C with host-only network and using Adaptor #3.
Step 3: Now remove any routing table if you have. For this you can follow below steps.
[root@localhost ~]# ip route show192.168.1.0/24 dev enp0s3 scope link
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
So, it will show you all routing tables, and you can delete all the rules one by one using this command.
[root@localhost ~]# ip route del 192.168.1.0/24 dev enp0s3Follow this steps in all three system, you don’t need to remove last table (192.168.122.0/24 dev virbr0).
Step 4: Create new routing table rule and assign new static IP to it.
System A
[root@localhost ~]# route add -net 192.168.1.0 netmask 255.255.255.252 enp0s3Here we have to use longer range for system A and small range for other 2 Systems.
[root@localhost ~]# ifconfig enp0s3 192.168.1.1Network name - 192.168.1.0, IP Address - 192.168.1.1
Netmask - 255.255.255.252
So, available hosts = 4 [192.168.1.0 to 192.168.1.3]
System B
[root@localhost ~]# route add -net 192.168.1.0 netmask 255.255.255.254 enp0s3
[root@localhost ~]# ifconfig enp0s3 192.168.1.2
Network name — 192.168.1.0, IP Address — 192.168.1.2
Netmask — 255.255.255.254
So, available hosts = 2 [192.168.1.0, 192.168.1.1]
System C
[root@localhost ~]# route add -net 192.168.1.0 netmask 255.255.255.254 enp0s3
[root@localhost ~]# ifconfig enp0s3 192.168.1.3
Network name — 192.168.1.0, IP Address — 192.168.1.3
Netmask — 255.255.255.254
So, available hosts = 2 [192.168.1.0, 192.168.1.1]
So, Lets check it’s working or not.
First check from system A connectivity to both system.
Check system B can connect to C or not.
So, Why B can not able to ping C but A can ping to both? For this you have to know how ping internally works!!
When you ping to any IP (System B,C), it will first check IP belongs to routing table range or not. Then packet go to that system and in that system it will again check our main system IP belongs to their system or not and then send packet to the our system. When this complete cycle complete we can say we can ping to system B or C.
Here when we ping to B and C, it will check routing table rule for 192.168.1.2 & 192.168.1.3, which are available in our route. Now packet is sent to the IP 192.168.1.2 and their again packet created for 192.168.1.1, this is belongs to range (192.168.1.0–1), so packet can go back to the system A. But in case of B &C last octet of IP is (2,3) which does not belongs to range (192.168.1.0 -1), so packet cannot be created to no meaning of pinging.
In short you can say another system IP must belongs to routing table rule / network for pinging.
Eg, System B (192.168.1.2) ping to C (192.168.1.3)
Netmask of B is 255.255.255.254, so we can have only four IP.
- 192.168.1.0
- 192.168.1.1
But we want to ping 192.168.1.3, which does not belongs to same network, so we can not ping to it.
Hope your all doubts and myths related to this is solved. If you have any other doubts you can ping me.
