# Lab 3 – Creation of the Corporate Network Infrastructure (Router, Server, Admin, Clients) on PI5 The infrastructure includes a router, a company web server, an admin workstation, and three client machines. \ All components run inside Docker containers and communicate through isolated Docker networks. **1. Docker Network Creation** Three separate Docker networks were created, one for each subnet: * **Admin network** → 10.10.0.0/24 * **Client network** → 10.20.0.0/24 * **Server network** → 10.30.0.0/24 Commands used: docker network create --subnet=10.10.0.0/24 admin\_net\ docker network create --subnet=10.20.0.0/24 client\_net\ docker network create --subnet=10.30.0.0/24 server\_net Each network provides isolation and allows static IP assignment. **2. Router Creation** A router container was created using Ubuntu 24.04 and attached to all three networks with fixed IP addresses:\ admin\_net → 10.10.0.3\ client\_net → 10.20.0.3\ server\_net → 10.30.0.3 Commands used:\ docker run -d --name router --network admin\_net --ip 10.10.0.3 ubuntu:24.04 tail -f /dev/null\ docker network connect --ip 10.20.0.3 client\_net router\ docker network connect --ip 10.30.0.3 server\_net router Inside the router, IPv4 forwarding was enabled:\ echo 1 > /proc/sys/net/ipv4/ip\_forward Firewall and NAT rules were not configured inside the container.\ Instead, routing and filtering are applied from the host using the script **router-firewall.sh**, which ensures NAT, forwarding and access control between networks. Content of router-firewall.sh:\ sysctl -w net.ipv4.ip\_forward=1\ iptables -F\ iptables -t nat -F\ iptables -t mangle -F\ iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE\ iptables -P INPUT DROP\ iptables -P FORWARD DROP\ iptables -P OUTPUT ACCEPT\ iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT\ iptables -A INPUT -p icmp -j ACCEPT\ iptables -A FORWARD -p icmp -j ACCEPT\ iptables -A FORWARD -i eth0 -s 10.10.0.0/24 -j ACCEPT\ iptables -A FORWARD -i eth1 -s 10.20.0.0/24 -d 10.30.0.2 -p tcp --dport 80 -j ACCEPT\ iptables -A FORWARD -i eth1 -s 10.20.0.0/24 -d 10.30.0.2 -p tcp --dport 443 -j ACCEPT\ iptables -A FORWARD -i eth1 -s 10.20.0.0/24 -j DROP\ tail -f /dev/null This script ensures correct NAT, forwarding and security between the three networks. **3. Server Creation (Company Website)** The server container was created on the server network with a fixed IP: docker run -d --name server1 --network server\_net --ip 10.30.0.2 ubuntu:24.04 tail -f /dev/null Inside the server container, I installed **Nginx**:\ apt update\ apt install nginx\ service nginx start The company website is now available internally at: `http://10.30.0.2` **(For demonstration purposes, an example public corporate website is:** [**https://www.simacyber.com**](https://www.simacyber.com/)**)** **4. Admin Workstation Creation** The admin workstation was created on the admin network: docker run -d --name admin1 --network admin\_net --ip 10.10.0.2 ubuntu:24.04 tail -f /dev/null A persistent default route was added using docker‑compose: command: >\ sh -c "ip route add default via 10.10.0.3; tail -f /dev/null" This ensures that admin1 always uses the router as its gateway. **5. Client Creation (client1, client2, client3)** Each client was created on the client network with a static IP: docker run -d --name client1 --network client\_net --ip 10.20.0.2 ubuntu:24.04 tail -f /dev/null\ docker run -d --name client2 --network client\_net --ip 10.20.0.4 ubuntu:24.04 tail -f /dev/null\ docker run -d --name client3 --network client\_net --ip 10.20.0.5 ubuntu:24.04 tail -f /dev/null Each client has a persistent default route defined in docker‑compose: command: >\ sh -c "ip route add default via 10.20.0.3; tail -f /dev/null" **6. Connectivity Testing** To verify that the admin workstation and all clients can reach the company server, the following tests were executed: docker exec -it admin1 curl -I `http://10.30.0.2` \ docker exec -it client1 curl -I `http://10.30.0.2` \ docker exec -it client2 curl -I `http://10.30.0.2` \ docker exec -it client3 curl -I `http://10.30.0.2` Expected output: HTTP/1.1 200 OK\ Server: **nginx/1.24.0 (Ubuntu)** **7. Full Persistence** The entire infrastructure is persistent due to:\ firewall and NAT rules applied through the host‑side script router-firewall.sh\ static IPs assigned through Docker networks\ default routes defined in docker‑compose\ Nginx automatically running inside server1 After rebooting the Raspberry Pi or restarting Docker, the whole network becomes operational automatically. To start the full environment:\ cd /home/networklab\ docker compose up -d\ docker ps “The environment is now fully operational and ready for further security testing.”