start repo

lab1/baseimage/Dockerfile

@@ -0,0 +1,4 @@
+FROM ubuntu:20.04
+RUN apt update && apt install -y iproute2 iputils-ping tcpdump iptables dnsutils curl apache2-utils
+COPY sleep.sh /root/sleep.sh
+CMD /root/sleep.sh

lab1/baseimage/sleep.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+while true ; do /bin/sleep 5m; done

lab1/docker-compose.yml

@@ -0,0 +1,66 @@
+version: '1'
+
+services:
+
+  load-balancer:
+    container_name: load-balancer
+    hostname: load-balancer
+    build: ./load-balancer
+    privileged: true
+    ports:
+      - 80
+    networks:
+      server_net:
+        ipv4_address:
+          10.0.2.5
+    depends_on:
+    - servers
+
+  servers:
+    build: ./nginx
+    privileged: true
+    ports:
+      - 5050
+    deploy:
+      replicas: 3
+    networks:
+      server_net:
+
+  client:
+    build: ./baseimage
+    privileged: true
+    networks:
+      client_net:
+    deploy:
+      replicas: 2
+    command: >
+      sh -c "/sbin/ip route replace default via 10.0.1.254 && /root/sleep.sh"
+    tty: true
+    depends_on:
+    - router
+
+  router:
+    container_name: router
+    build: ./baseimage
+    privileged: true
+    hostname: router
+    networks:
+      client_net:
+        ipv4_address: 
+          10.0.1.254
+      server_net:
+        ipv4_address: 
+          10.0.2.254
+
+
+networks:
+  client_net:
+    ipam:
+      config:
+      - subnet: 10.0.1.0/24
+        gateway: 10.0.1.1
+  server_net:
+    ipam:
+      config:
+      - subnet: 10.0.2.0/24
+        gateway: 10.0.2.1

lab1/load-balancer/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx
+RUN apt update && apt install -y iproute2 iputils-ping tcpdump iptables dnsutils curl
+COPY start.sh /root/start.sh
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+ENTRYPOINT []
+CMD /root/start.sh

lab1/load-balancer/nginx.conf

@@ -0,0 +1,14 @@
+upstream backend {
+    server lab1-servers-1:5050;   
+    server lab1-servers-2:5050;
+    server lab1-servers-3:5050; 
+}
+
+server {
+
+    include /etc/nginx/mime.types;
+
+    location / {
+        proxy_pass http://backend;
+    }
+}

lab1/load-balancer/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+/sbin/ip route replace default via 10.0.2.254
+nginx -g "daemon off;"

lab1/nginx/Dockerfile

@@ -0,0 +1,5 @@
+FROM nginx
+RUN apt update && apt install -y iproute2 iputils-ping tcpdump iptables dnsutils curl apache2-utils
+COPY start.sh /root/start.sh
+ENTRYPOINT []
+CMD /root/start.sh

lab1/nginx/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+/sbin/ip route replace default via 10.0.2.254
+nginx -g "daemon off;"

lab3/baseimage/Dockerfile

@@ -0,0 +1,4 @@
+FROM ubuntu:20.04
+RUN apt update && apt install -y iproute2 iputils-ping tcpdump iptables dnsutils curl apache2-utils
+COPY sleep.sh /root/sleep.sh
+CMD /root/sleep.sh

lab3/baseimage/sleep.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+while true ; do /bin/sleep 5m; done

lab3/docker-compose.yml

@@ -0,0 +1,127 @@
+version: '1'
+
+services:
+
+  #server:
+    #build: ./nginx
+    #container_name: www
+    #privileged: true
+    #ports:
+      #- 5050
+    #networks:
+      #server_net:
+        #ipv4_address: 
+          #10.0.2.101
+
+  client-1:
+    build: ./baseimage
+    container_name: client-1
+    privileged: true
+    networks:
+      client_net_1:
+        ipv4_address: 
+          10.0.1.2
+    command: >
+      sh -c "/sbin/ip route replace default via 10.0.1.254 && /root/sleep.sh"
+    tty: true
+    depends_on:
+    - router
+
+
+  client-2:
+    build: ./baseimage
+    container_name: client-2
+    privileged: true
+    networks:
+      client_net_2:
+        ipv4_address: 
+          10.0.2.2
+    command: >
+      sh -c "/sbin/ip route replace default via 10.0.2.254 && /root/sleep.sh"
+    tty: true
+    depends_on:
+    - router  
+
+
+  external-host:
+    build: ./baseimage
+    container_name: external-host
+    privileged: true
+    networks:
+      public_net:
+        ipv4_address: 
+          172.31.255.100
+    command: >
+      sh -c "/sbin/ip r a 172.16.123.128/28 via 172.31.255.253 && /root/sleep.sh"
+    tty: true
+    depends_on:
+    - router  
+
+  #proxy:
+    #build: ./proxy
+    #container_name: proxy
+    #privileged: true
+    #networks:
+      #client_net:
+        #ipv4_address: 
+          #10.0.1.253
+
+  router:
+    container_name: router
+    build: ./baseimage
+    privileged: true
+    hostname: router
+    networks:
+      client_net_1:
+        ipv4_address: 
+          10.0.1.254
+      client_net_2:
+        ipv4_address: 
+          10.0.2.254
+      dmz_net:
+        ipv4_address: 
+          172.16.123.142
+    command: >
+      sh -c "/sbin/ip r r default via 172.16.123.139 && /root/sleep.sh"
+
+  edge_router:
+    container_name: edge_router
+    build: ./baseimage
+    privileged: true
+    hostname: edge_router
+    networks:
+      dmz_net:
+        ipv4_address: 
+          172.16.123.139
+      public_net:
+        ipv4_address: 
+          172.31.255.253
+    command: >
+      sh -c "/sbin/ip r d default via 172.16.123.129 && /sbin/ip r a default via 172.31.255.254 && /sbin/ip r a 10.0.0.0/16 via 172.16.123.142 && /root/sleep.sh"
+
+networks:
+  client_net_1:
+    ipam:
+      config:
+      - subnet: 10.0.1.0/24
+        gateway: 10.0.1.1
+  client_net_2:
+    ipam:
+      config:
+      - subnet: 10.0.2.0/24
+        gateway: 10.0.2.1
+  public_net:
+    ipam:
+      config:
+      - subnet: 172.31.255.0/24
+        gateway: 172.31.255.254
+  dmz_net:
+    ipam:
+      config:
+      - subnet: 172.16.123.128/28
+        gateway: 172.16.123.129
+  #server_net:
+    #ipam:
+      #config:
+      #- subnet: 10.0.2.0/24
+        #gateway: 10.0.2.1

lab3/nat.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+sudo docker exec edge_router /bin/bash -c 'iptables -t nat -F; iptables -t filter -F'
+sudo docker exec edge_router /bin/bash -c 'iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth1 -j MASQUERADE'
+sudo docker exec edge_router /bin/bash -c 'iptables -P FORWARD DROP'
+sudo docker exec edge_router /bin/bash -c 'iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT'
+sudo docker exec edge_router /bin/bash -c 'iptables -A FORWARD -m state --state NEW -i eth0 -j ACCEPT'
+sudo docker exec edge_router /bin/bash -c 'iptables -A FORWARD -m state --state NEW -i eth1 -d 172.16.123.128/28 -j ACCEPT'

lab3/nginx/Dockerfile

@@ -0,0 +1,5 @@
+FROM nginx
+RUN apt update && apt install -y iproute2 iputils-ping tcpdump iptables dnsutils curl apache2-utils
+COPY start.sh /root/start.sh
+ENTRYPOINT []
+CMD /root/start.sh

lab3/nginx/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+/sbin/ip route replace default via 10.0.2.254
+nginx -g "daemon off;"

lab3/proxy/Dockerfile

@@ -0,0 +1,6 @@
+FROM ubuntu/squid:latest
+RUN apt update && apt install -y vim iproute2 iputils-ping
+COPY ectsquid/squid.conf etc/squid/squid.conf
+#COPY start.sh /root/start.sh
+#ENTRYPOINT []
+#CMD /root/start.sh

lab3/proxy/ectsquid/squid.conf

@@ -0,0 +1,6 @@
+acl Safe_ports port 80
+acl localnet src 10.0.1.0/24
+http_access deny !Safe_ports
+http_access allow localnet
+http_access deny all
+http_port 3128

lab3/proxy/ip.sh

@@ -0,0 +1,2 @@
+sudo docker exec proxy ip r d default via 10.0.1.1
+sudo docker exec proxy ip r a default via 10.0.1.254

lab3/proxy/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+/sbin/ip r d default via 10.0.1.1
+/sbin/ip r a default via 10.0.1.254
+
+while true ; do /bin/sleep 5m; done