On the following pages you find additional information regarding our Server and how to set it up.

The computer is configured to act as a router and a gateway between the internal network connecting all devices of the experimental setup and the rest of the UZH infrastructure. Effectively, devices on the internal network are hidden from the outside, while they can still access the internet.

SELinux is not installed while AppArmor, a security policy software does not interfere with normal operations and thus must be left active. To allow remote connection ssh has to be installed:

  sudo apt install openssh-server
  sudo nano /etc/ssh/sshd_config
  uncomment the follogwing lines:
      Port 22
      PermitRootLogin yes
      PasswordAuthentication yes

To allow for replies to ping requests, the system fierwall has to bedisabled:

  sudo systemctl stop firewalld
  sudo systemctl disable firewalld
  sudo systemctl status firewalld   

The following rules have to also be configured in the iptables service:

  sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
  sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
  sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

After these modifications, one must save the settings and restart the network manager:

  sudo iptables-save
  sudo systemctl restart NetworkManager

To ensure that ICMP is allowed and replies to pings are issued, the following must also be set:

  sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0
  sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0

If additional debugging is needed, tcpdump is a great utility to monitor traffic on the tcp protocol of all network ports. If not pre-installed, it can be downloaded using zypper:

  sudo apt update
  sudo apt install tcpdump

Once tcpdump is present, once can continuously monitor traffic by issuing:

  sudo tcpdump -i any icmp