APPENDIX A.

Intellectual Honesty Declaration Template

INTELLECTUAL HONESTY DECLARATION

I, Marianne Y. Balce, with student ID 11117583, declare:

That I personally prepared the attached report entitled Introduction to NAT and Firewalls, for the
course LBYEC57 EL
That I prepared the said document in about 4 hours,
That I properly identified in the said document all items that I did not originally produce myself
but included in the document, and provided citations for each of these.
Signed on April 15, 2016 at 5:00 AM.

_______________
Marianne Y. Balce

FINAL REPORT
for
Lab Activity 9:
Introduction to NAT and Firewalls

Submitted by:
Balce, Marianne Y.
LBYEC57 EL
On
April 15, 2016

Group 3
Balce, Marianne Y.
Laset, John Paul
Osea, Gicel Mari I.
Otani, Joji P.
Sarmiento, Adrian Paul M.

A. Introduction
i.

Abstract
This experiment helped the students to be more familiar about Network
Address Translation (NAT) and Firewalls. The students implemanted and tested
NAT using an emulated router in GNS3 and the characterize network traffic
between internal and external network when NAT is used. This activity also
helped the students broaden their understanding regarding the different functions
of a firewall. The group used two XPVMs for this experiment and each one of it
was configured according to the setting stated at the manual. With the help of the
GNS3 software, the group was able to simulate and configure a NAT network.

ii.

Significance of the Experiment

Because of the predominant use of the internet nowadays, it is important
to secure the privacy of every people who use it. Browsing the internet is already
part of the daily lives of most people, bacause of this the need for different IP
addresses also increases. The main use of NAT is to limit the number of public IP
addresses an organization or company must use, for both economy and security
purposes. NAT also translates an IP address of a network to one that is known in
another. It is similar to grouping one IP address for a group of devices of which
the grouped IP address is the one that communicates with the outside. It is used
for global-to-local and local-to-global mapping. NAT serves as a firewall for the
local network since the local cannot be accessed directly. Also adds to the security
of the network in a way that it filters the traffic within the network. It is also
possible to log the network traffic of the network using the NAT as well.

iii.

Relevant Concepts
Router
A router is a network device that forwards data packets from one network
to another. Based on the address of the destination network in the incoming packet
and an internal routing table, the router determines which port to send out the
packet. [1] A router is connected to at least two networks, commonly
two LANs or WANs or a LAN and its ISP's network. Routers are located
at gateways, the places where two or more networks connect. Routers
use headers and forwarding tables to determine the best path for forwarding the

packets, and they use protocols such as ICMP to communicate with each other and
configure the best route between any two hosts. [2]
Ping
Ping is an abbreviation for Packet Internet Groper.
It is a
basic Internet program that allows a user to verify that a particular IP address exists
and can accept requests. It is used diagnostically to ensure that a host computer the
user is trying to reach is actually operating. Ping works by sending an Internet
Control Message Protocol (ICMP) Echo Request to a specified interface on the
network and waiting for a reply. It can be used for troubleshooting to test
connectivity and determine response time. [3]
Network Address Translation
Network Address Translation (NAT) is designed for IP address
conservation. It enables private IP networks that use unregistered IP addresses to
connect to the Internet. NAT operates on a router, usually connecting two networks
together, and translates the private addresses in the internal network into legal
addresses, before packets are forwarded to another network. NAT allows a single
device, such as a router, to act as an agent between the Internet and a local
network, which means that only a single unique IP address is required to represent
an entire group of computers to anything outside their network. [4]
Firewall
A firewall is a network security system, either hardware- or software-based,
that controls incoming and outgoing network traffic based on a set of rules. [5]
Firewalls are frequently used to prevent unauthorized internetusers from accessing
private networks connected to the Internet, especially intranets. All messages
entering or leaving the intranet pass through the firewall, which examines each
message and blocks those that do not meet the specified security criteria. [6]

B. Data & Analysis

A. Preparatory Steps
3.b. Checking if the adapter is successfully assigned an ip address

4. Configuring and testing metwrking in guest XPVM2

5.d. Navigating to Network-interfaces page

5.e. Navigating to Network-Firewall-General Setting page

B. Exploring the network behavior in the basic NAT demonstration network

3. Analyzing the generated traffic

3.b. Identifying the ICMP requests

Do these appear in both capture session? Yes
3.c. CapSession1
Source: 192.168.1.105
Destination: 192.168.2.2
Do both the source ip and mac address refer to XP VM1? Yes
Do both the destination ip and mac addresses refer to XP VM2? No
Is this the expected behaviour? Yes
3.d. CapSession1
Source: 192.168.2.1
Destination: 192.168.2.2
Do both the source ip and mac address refer to XP VM1? no
Do both the destination ip and mac addresses refer to XP VM2? Yes
Is this the expected behaviour? Yes
3.e. Anaylzation
When VM2 pings VM1, the expected behaviour is that the source ip and
mac addresses refer to VM1 which was true. But, the ICMP request packets
captured in the VM1 capture session showed that the mac address of the
destination referred to the mac address of the router VM. Similarly in the
destination side, the ip and mac addresses both refer to VM2 but the source
mac address did not refer to VM1 but was referring to the WAN side of the
router VM. We therefore conclude that the ICMP packets coming from VM1
goes to the router and change the source ip and mac address first before
arriving at VM2, therefore explaining the discrepancy in the ip and mac
addresses shown in the CapSession 1 and CapSession2.
4.Pinging XPVM 1 from XPVM 2

Was there any request packet captured by CapSession2? Yes

Was there any request packet captured by CapSession1? None

Is this the expected behaviour? Yes, because the router acts as a firewall blocking
any incoming packets from sources outside the LAN.

5. Running NCAT server using port 10000 at XPVM 2

6. Connecting XPVM1 using ncat client

Was connection successful? Yes

What is the expected behavior? It should be successful
7. XPVM 1 as server and XPVM 2 as client

Is the client able to connect to the server this time? No

Is this the expected behavior? Yes, because there is a firewall.

8. Comparing the network behavior with no NAT configured

e. Ping XPVM2 from XPVM1

Was ping successful? yes

f. Identify and select a request packet in CapSession1

Source: 192.168.1.105
Destination: 192.168.2.2
Do both the source ip and mac address refer to XP VM1? no
Do both the destination ip and mac addresses refer to XP VM2? Yes
Is this the expected behaviour? Yes
g. CapSession 2
Source: 192.168.2.2
Destination: 192.168.1.105
Do both the source ip and mac address refer to XP VM1? no
Do both the destination ip and mac addresses refer to XP VM2? Yes
Is this the expected behaviour? Yes
h. Pinging XPVM1 from XPVM2

Was ping successful? Yes

i. Identify and select a request packet in CapSession1
Source: 192.168.1.105
Destination: 192.168.2.2
Do both the source ip and mac address refer to XP VM2? no
Do both the destination ip and mac addresses refer to XP VM1? no
Is this the expected behaviour? Yes
j. CapSession 2
Source: 192.168.2.2
Destination: 192.168.1.105
Do both the source ip and mac address refer to XP VM2? no
Do both the destination ip and mac addresses refer to XP VM1? no
Is this the expected behaviour? Yes

C. Configuring the router to allow the outside network to access a server

behind NAT

1. test run an ncat server listening at port 10000 at XPVM1

2. From XPVM2, connect using an ncat client to the server at XPVM

8. From XPVM2, connect using an ncat client to the server at XPVM1

9. Identify and select a tcp packet generated by the ncat communications from
XPVM2 in CapSession2
Source: 192.168.2.2
Destination: 192.168.2.1
Do both the source ip and mac address refer to XP VM2? yes
Do both the destination ip and mac addresses refer to the router? yes
Is this the expected behaviour? Yes
10. Identify and select a tcp packet generated by the ncat communications destined
for XPVM2 in CapSession2
Source: 192.168.2.1
Destination: 192.168.2.2
Do both the source ip and mac address refer to the router? yes
Do both the destination ip and mac addresses refer to the XP VM2? yes
Is this the expected behaviour? Yes
11. Identify and select a tcp packet generated by the ncat communications destined
for XPVM1 in CapSession1
Source: 192.168.2.2
Destination: 192.168.1.105
Do both the source ip and mac address refer to XP VM2 or the router? yes
Do both the destination ip and mac addresses refer to the XP VM1? yes
Is this the expected behaviour? Yes
12. Identify and select a tcp packet generated by the ncat communications from
XPVM1 in CapSession1
Source: 192.168.2.2
Destination: 192.168.2.1
Do both the source ip and mac address refer to XP VM1? yes
Do both the destination ip and mac addresses refer to the XP VM2 or the
router? yes
Is this the expected behaviour? Yes
D. Opening a port on the router

1. Run a web browser at XPVM2 and specify 192.168.2.1

Are you able to connect to the router configuration pages?no
3. Open ports to the router

5. Refresh the browser page

Are you able to connect to the web configuration page? yes

C. Analysis and Conclusion

Due to the advancements in technology that we are currently enjoying, the use of
devices such as computers and internet are also in demand. Each computer must have a
unique IP address therefore we must utilize properly the available addresses that we have.
By using NAT, one can represent all the computers in a specific area with a single IP
address that you can use to connect to other private cloud.The security and privacy of
each user is also a priority when using the advancements stated earlier. One can ensure a
safe connection when NAT is implemented. This experiment helped the group to
understand how NAT works and showed its importance. The network we configured
consists of host and guess networks and using the NAT network, the host network is then
protected from other malicious connections. Lastly, firewall is also set in this experiment
to disallow network traffic by blocking all incoming ports excepts those ports that are
allowed.

D. References
[1] "router Definition from PC Magazine Encyclopedia", Pcmag.com, 2016. [Online]. Available:
http://www.pcmag.com/encyclopedia/term/50637/router. [Accessed: 17- Mar- 2016].
[2] V. Beal, "What is Router? A Webopedia Definition", Webopedia.com, 2016. [Online].
Available: http://www.webopedia.com/TERM/R/router.html. [Accessed: 17- Mar- 2016].
[3] M. Rouse, "What is Ping?", Tech Target, 2016. [Online]. Available:
http://searchnetworking.techtarget.com/definition/ping. [Accessed: 17- Mar- 2016].
[4] Network Address Translation (NAT) FAQ", Cisco, 2016. [Online]. Available:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq00.html. [Accessed: 14- Apr- 2016].
[5] "What is firewall? - Definition from WhatIs.com", SearchSecurity, 2016. [Online]. Available:
http://searchsecurity.techtarget.com/definition/firewall. [Accessed: 14- Apr- 2016].
[6] V. Beal, "What is Firewall (Firewall Techniques)? Webopedia Definition",Webopedia.com,
2016. [Online]. Available: http://www.webopedia.com/TERM/F/firewall.html. [Accessed: 14Apr- 2016].