LoginSignup
@ike-hy

Are you sure you want to delete the question?

If your question is resolved, you may close it.

Leaving a resolved question undeleted may help others!

We hope you find it useful!

free5gcと複数のVM(Virtual Mashine)を使って閉じたネットワークを構築できますか?

Q&A

NetworkDDoSfree5GC

解決したいこと

・Oracle VM VirtualBoxで作成した複数のマシン間でfree5gcを使って通信がしたいです。(DDoS攻撃の再現実験のために)

現在、Oracle VM VirtualBoxを用いて以下の3つのマシンを構築しました。(右側は作成時に自身で設定した静的なIPアドレスです)
・DDoSを再現するためにリクエストを送信するマシン 192.168.56.106
・free5gcを動かすマシン 192.168.56.107
・Apacheサーバーを動かすマシン 192.168.56.109

ubuntu@free5gc:~/free5gc$ ifconfig
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fef7:887d prefixlen 64 scopeid 0x20
ether 08:00:27:f7:88:7d txqueuelen 1000 (Ethernet)
RX packets 863 bytes 1110174 (1.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 359 bytes 38884 (38.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s8: flags=4163 mtu 1500
inet 192.168.56.107 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::a00:27ff:fea5:67cf prefixlen 64 scopeid 0x20
ether 08:00:27:a5:67:cf txqueuelen 1000 (Ethernet)
RX packets 1001 bytes 81743 (81.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1042 bytes 678911 (678.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 4872 bytes 702582 (702.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4872 bytes 702582 (702.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

free5gcを使って以下の画像の様にリクエストの処理を行いたいと考えています。

risou.png

現在発生している問題

free5gcを起動して、DDoS用のマシンからApacheマシンに対してcurlコマンドを送信しました。
Apache側のログにはcurlコマンドがあったログが残るのですが、free5gc側には何のログも出ないため、free5gcを介して通信していないと考えています。

free5gcを使った通信の方法を自分なりに調査したのですが、有益な情報が得られなかったため、有識者の方にお聞きしたいと考えています。

自分で試したこと

現在の状況:各仮想マシン間でpingを送信可能なことから通信はできている

・DDoSマシンから
ubuntu@DDoS:~$ ping 192.168.56.107
PING 192.168.56.107 (192.168.56.107) 56(84) bytes of data.
64 bytes from 192.168.56.107: icmp_seq=1 ttl=64 time=0.262 ms
64 bytes from 192.168.56.107: icmp_seq=2 ttl=64 time=0.928 ms
64 bytes from 192.168.56.107: icmp_seq=3 ttl=64 time=0.944 ms
^C
--- 192.168.56.107 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2283ms
rtt min/avg/max/mdev = 0.262/0.711/0.944/0.317 ms

ubuntu@DDoS:~$ ping 192.168.56.109
PING 192.168.56.109 (192.168.56.109) 56(84) bytes of data.
64 bytes from 192.168.56.109: icmp_seq=1 ttl=64 time=0.379 ms
64 bytes from 192.168.56.109: icmp_seq=2 ttl=64 time=0.935 ms
64 bytes from 192.168.56.109: icmp_seq=3 ttl=64 time=0.885 ms
^C
--- 192.168.56.109 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2140ms
rtt min/avg/max/mdev = 0.379/0.733/0.935/0.251 ms

・free5gcマシンから
ubuntu@free5gc:~/free5gc$ ping 192.168.56.109
PING 192.168.56.109 (192.168.56.109) 56(84) bytes of data.
64 bytes from 192.168.56.109: icmp_seq=1 ttl=64 time=0.462 ms
64 bytes from 192.168.56.109: icmp_seq=2 ttl=64 time=0.423 ms
64 bytes from 192.168.56.109: icmp_seq=3 ttl=64 time=0.928 ms
^C
--- 192.168.56.109 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2047ms
rtt min/avg/max/mdev = 0.423/0.604/0.928/0.229 ms

ubuntu@free5gc:~/free5gc$ ping 192.168.56.106
PING 192.168.56.106 (192.168.56.106) 56(84) bytes of data.
64 bytes from 192.168.56.106: icmp_seq=1 ttl=64 time=0.270 ms
64 bytes from 192.168.56.106: icmp_seq=2 ttl=64 time=1.02 ms
64 bytes from 192.168.56.106: icmp_seq=3 ttl=64 time=0.942 ms
^C
--- 192.168.56.106 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2023ms
rtt min/avg/max/mdev = 0.270/0.743/1.019/0.336 ms

・Apacheマシンから
ubuntu@Apach:~$ ping 192.168.56.106
PING 192.168.56.106 (192.168.56.106) 56(84) bytes of data.
64 bytes from 192.168.56.106: icmp_seq=1 ttl=64 time=0.269 ms
64 bytes from 192.168.56.106: icmp_seq=2 ttl=64 time=0.872 ms
64 bytes from 192.168.56.106: icmp_seq=3 ttl=64 time=1.02 ms
64 bytes from 192.168.56.106: icmp_seq=4 ttl=64 time=0.878 ms
^C
--- 192.168.56.106 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3021ms
rtt min/avg/max/mdev = 0.269/0.759/1.017/0.288 ms
ubuntu@Apach:~$ ping 192.168.56.107
PING 192.168.56.107 (192.168.56.107) 56(84) bytes of data.
64 bytes from 192.168.56.107: icmp_seq=1 ttl=64 time=0.203 ms
64 bytes from 192.168.56.107: icmp_seq=2 ttl=64 time=0.397 ms
64 bytes from 192.168.56.107: icmp_seq=3 ttl=64 time=0.732 ms
^C
--- 192.168.56.107 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.203/0.444/0.732/0.218 ms

・free5gcマシンの設定
ubuntu@free5gc:~/free5gc$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

ubuntu@free5gc:~/free5gc$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

ubuntu@free5gc:~/free5gc$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
10.0.2.2 0.0.0.0 255.255.255.255 UH 100 0 0 enp0s3
192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8

ubuntu@free5gc:~/free5gc$ sudo ufw status
Status: inactive

・ddosの経路
ubuntu@DDoS:~$ ip route
default via 192.168.56.107 dev enp0s8
default via 10.0.2.2 dev enp0s3 proto dhcp src 10.0.2.15 metric 100
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
10.0.2.2 dev enp0s3 proto dhcp scope link src 10.0.2.15 metric 100
192.168.56.0/24 dev enp0s8 proto kernel scope link src 192.168.56.106

0 likes

No Answers yet.

Your answer might help someone💌

LoginSign Up