Merged PR 354: Network focussed dev config documentation

## Summary Built three networks, one is the minimal network, one is a basic LAN, and another is a nice beefy multi-LAN setup with ISP and DNS along with applications, services. Documented the process when building the config files. Included the config files as example configs for use. ## Test process Tested the shit out of the big multi-lan network. ## Checklist - [ ] PR is linked to a **work item** - [ ] **acceptance criteria** of linked ticket are met - [ ] performed **self-review** of the code - [ ] written **tests** for any new functionality added with this PR - [ ] updated the **documentation** if this PR changes or adds functionality - [ ] written/updated **design docs** if this PR implements new functionality - [ ] updated the **change log** - [ ] ran **pre-commit** checks for code style - [ ] attended to any **TO-DOs** left in the code Related work items: #2266
2024-04-30 13:53:28 +00:00
parent 137f2a9648 a141c8d212
commit a82ee2b8e1
17 changed files with 2142 additions and 19 deletions
--- a/docs/source/configuration/simulation.rst
+++ b/docs/source/configuration/simulation.rst
@@ -31,7 +31,13 @@ To see the configuration for these nodes, refer to the following:
    :maxdepth: 1
    :glob:

-    simulation/nodes/*
+    simulation/nodes/computer
+    simulation/nodes/firewall
+    simulation/nodes/router
+    simulation/nodes/server
+    simulation/nodes/switch
+    simulation/nodes/wireless_router
+    simulation/nodes/network_examples

 ``links``
 ---------
@@ -54,15 +60,13 @@ this results in:
 .. code-block:: yaml

    links:
-        - ref: computer_1___switch
-        endpoint_a_ref: computer_1
+        - endpoint_a_hostname: computer_1
        endpoint_a_port: 1 # port 1 on computer_1
-        endpoint_b_ref: switch
+        endpoint_b_hostname: switch
        endpoint_b_port: 1 # port 1 on switch
-        - ref: computer_2___switch
-        endpoint_a_ref: computer_2
+        - endpoint_a_hostname: computer_2
        endpoint_a_port: 1 # port 1 on computer_2
-        endpoint_b_ref: switch
+        endpoint_b_hostname: switch
        endpoint_b_port: 2 # port 2 on switch

 ``ref``
@@ -70,7 +74,7 @@ this results in:

 The human readable name for the link. Not used in code, however is useful for a human to understand what the link is for.

-``endpoint_a_ref``
+``endpoint_a_hostname``
 ^^^^^^^^^^^^^^^^^^

 The ``hostname`` of the node which must be connected.
@@ -78,10 +82,10 @@ The ``hostname`` of the node which must be connected.
 ``endpoint_a_port``
 ^^^^^^^^^^^^^^^^^^^

-The port on ``endpoint_a_ref`` which is to be connected to ``endpoint_b_port``.
+The port on ``endpoint_a_hostname`` which is to be connected to ``endpoint_b_port``.
 This accepts an integer value e.g. if port 1 is to be connected, the configuration should be ``endpoint_a_port: 1``

-``endpoint_b_ref``
+``endpoint_b_hostname``
 ^^^^^^^^^^^^^^^^^^

 The ``hostname`` of the node which must be connected.
@@ -89,5 +93,5 @@ The ``hostname`` of the node which must be connected.
 ``endpoint_b_port``
 ^^^^^^^^^^^^^^^^^^^

-The port on ``endpoint_b_ref`` which is to be connected to ``endpoint_a_port``.
+The port on ``endpoint_b_hostname`` which is to be connected to ``endpoint_a_port``.
 This accepts an integer value e.g. if port 1 is to be connected, the configuration should be ``endpoint_b_port: 1``
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_basic_lan_network_dark.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_basic_lan_network_dark.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_basic_lan_network_light.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_basic_lan_network_light.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_client_server_p2p_network_dark.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_client_server_p2p_network_dark.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_client_server_p2p_network_light.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_client_server_p2p_network_light.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_multi_lan_with_internet_network_dark.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_multi_lan_with_internet_network_dark.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_example_multi_lan_with_internet_network_light.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_example_multi_lan_with_internet_network_light.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_node_type_colour_key_dark.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_node_type_colour_key_dark.png
--- a/docs/source/configuration/simulation/nodes/images/primaite_node_type_colour_key_light.png
+++ b/docs/source/configuration/simulation/nodes/images/primaite_node_type_colour_key_light.png
--- a/docs/source/configuration/simulation/nodes/network_examples.rst
+++ b/docs/source/configuration/simulation/nodes/network_examples.rst
--- a/src/primaite/config/_package_data/basic_lan_network_example.yaml
+++ b/src/primaite/config/_package_data/basic_lan_network_example.yaml
@@ -0,0 +1,65 @@
+game:
+  ports:
+  - ARP
+  protocols:
+  - ICMP
+  - TCP
+  - UDP
+
+simulation:
+  network:
+    nodes:
+      - hostname: pc_1
+        type: computer
+        ip_address: 192.168.1.11
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+
+      - hostname: pc_2
+        type: computer
+        ip_address: 192.168.1.12
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+
+      - hostname: server_1
+        type: server
+        ip_address: 192.168.1.13
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+
+      - hostname: switch_1
+        type: switch
+        num_ports: 4
+
+      - hostname: router_1
+        type: router
+        num_ports: 1
+        ports:
+          1:
+            ip_address: 192.168.1.1
+            subnet_mask: 255.255.255.0
+        acl:
+          10:
+            action: PERMIT
+            src_ip: 192.168.1.0
+            src_wildcard_mask: 0.0.0.255
+            dst_ip: 192.168.1.1
+            dst_wildcard_mask: 0.0.0.0
+
+    links:
+      - endpoint_a_hostname: pc_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 1
+      - endpoint_a_hostname: pc_2
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 2
+      - endpoint_a_hostname: server_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 3
+      - endpoint_a_hostname: router_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 4
--- a/src/primaite/config/_package_data/client_server_p2p_network_example.yaml
+++ b/src/primaite/config/_package_data/client_server_p2p_network_example.yaml
@@ -0,0 +1,26 @@
+game:
+  ports:
+  - ARP
+  protocols:
+  - ICMP
+  - TCP
+  - UDP
+
+simulation:
+  network:
+    nodes:
+      - hostname: pc_1
+        type: computer
+        ip_address: 192.168.1.11
+        subnet_mask: 255.255.255.0
+
+      - hostname: server_1
+        type: server
+        ip_address: 192.168.1.13
+        subnet_mask: 255.255.255.0
+
+    links:
+      - endpoint_a_hostname: pc_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: server_1
+        endpoint_b_port: 1
--- a/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml
+++ b/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml
@@ -0,0 +1,439 @@
+game:
+  ports:
+  - ARP
+  - DNS
+  - HTTP
+  - POSTGRES_SERVER
+  protocols:
+  - ICMP
+  - TCP
+  - UDP
+
+simulation:
+  network:
+    nodes:
+      # Home/Office Network
+      - hostname: pc_1
+        type: computer
+        ip_address: 192.168.1.11
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+        dns_server: 8.8.8.2
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
+
+      - hostname: pc_2
+        type: computer
+        ip_address: 192.168.1.12
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+        dns_server: 8.8.8.2
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
+
+      - hostname: server_1
+        type: server
+        ip_address: 192.168.1.13
+        subnet_mask: 255.255.255.0
+        default_gateway: 192.168.1.1
+        dns_server: 8.8.8.2
+
+      - hostname: switch_1
+        type: switch
+        num_ports: 4
+
+      - hostname: router_1
+        type: router
+        num_ports: 2
+        ports:
+          1:
+            ip_address: 192.168.1.1
+            subnet_mask: 255.255.255.0
+          2:
+            ip_address: 43.35.240.2
+            subnet_mask: 255.255.255.252
+        acl:
+          10:
+            action: PERMIT
+        default_route: # Default route to all external networks
+          next_hop_ip_address: 43.35.240.1 # NI 1 on icp_router
+
+      # ISP Network
+      - hostname: isp_rt
+        type: router
+        num_ports: 3
+        ports:
+          1:
+            ip_address: 43.35.240.1
+            subnet_mask: 255.255.255.252
+          2:
+            ip_address: 94.10.180.1
+            subnet_mask: 255.255.255.252
+          3:
+            ip_address: 8.8.8.1
+            subnet_mask: 255.255.255.252
+        acl:
+          10:
+            action: PERMIT
+        routes:
+          - address: 192.168.1.0 # Route to the Home/Office LAN
+            subnet_mask: 255.255.255.0
+            next_hop_ip_address: 43.35.240.2 # NI 2 on router_1
+          - address: 10.10.0.0 # Route to the SomeTech internal network
+            subnet_mask: 255.255.0.0
+            next_hop_ip_address: 94.10.180.2 # NI ext on some_tech_fw
+          - address: 94.10.180.6 # Route to the Web Server in the SomeTech DMZ
+            subnet_mask: 255.255.255.255
+            next_hop_ip_address: 94.10.180.2 # NI ext on some_tech_fw
+
+      - hostname: isp_dns_srv
+        type: server
+        ip_address: 8.8.8.2
+        subnet_mask: 255.255.255.252
+        default_gateway: 8.8.8.1
+        services:
+          - ref: dns_server
+            type: DNSServer
+            options:
+              domain_mapping:
+                sometech.ai: 94.10.180.6
+
+      # SomeTech Network
+      - hostname: some_tech_fw
+        type: firewall
+        ports:
+          external_port: # port 1
+            ip_address: 94.10.180.2
+            subnet_mask: 255.255.255.252
+          internal_port: # port 2
+            ip_address: 10.10.4.2
+            subnet_mask: 255.255.255.252
+          dmz_port: # port 3
+            ip_address: 94.10.180.5
+            subnet_mask: 255.255.255.252
+        acl:
+          internal_inbound_acl:
+            8: # Permit some_tech_web_srv to connect to Database service on some_tech_db_srv
+              action: PERMIT
+              src_ip: 94.10.180.6
+              src_wildcard_mask: 0.0.0.0
+              src_port: POSTGRES_SERVER
+              dst_ip: 10.10.1.11
+              dst_wildcard_mask: 0.0.0.0
+              dst_port: POSTGRES_SERVER
+            9: # Permit SomeTech to use HTTP
+              action: PERMIT
+              src_port: HTTP
+            10: # Permit SomeTech to use DNS
+              action: PERMIT
+              src_port: DNS
+              dst_port: DNS
+          internal_outbound_acl:
+            10: # Permit all internal outbound traffic
+              action: PERMIT
+          dmz_inbound_acl:
+            7: # Permit Database service on some_tech_db_srv to respond to some_tech_web_srv
+              action: PERMIT
+              src_ip: 10.10.1.11
+              src_port: POSTGRES_SERVER
+              src_wildcard_mask: 0.0.0.0
+              dst_ip: 94.10.180.6
+              dst_port: POSTGRES_SERVER
+              dst_wildcard_mask: 0.0.0.0
+            8: # Permit SomeTech DMZ to use ARP
+              action: PERMIT
+              src_port: ARP
+              dst_port: ARP
+            9: # Permit SomeTech DMZ to use DNS
+              action: PERMIT
+              src_port: DNS
+              dst_port: DNS
+            10: # Permit all inbound HTTP requests
+              action: PERMIT
+              dst_port: HTTP
+          dmz_outbound_acl:
+            7: # Permit some_tech_web_srv to connect to Database service on some_tech_db_srv
+              action: PERMIT
+              src_ip: 94.10.180.6
+              src_port: POSTGRES_SERVER
+              src_wildcard_mask: 0.0.0.0
+              dst_ip: 10.10.1.11
+              dst_port: POSTGRES_SERVER
+              dst_wildcard_mask: 0.0.0.0
+            8: # Permit SomeTech DMZ to use ARP
+              action: PERMIT
+              src_port: ARP
+              dst_port: ARP
+            9: # Permit SomeTech DMZ to use DNS
+              action: PERMIT
+              src_port: DNS
+              dst_port: DNS
+            10: # Permit all outbound HTTP requests
+              action: PERMIT
+              src_port: HTTP
+        default_route: # Default route to all external networks
+          next_hop_ip_address: 94.10.180.1 # NI 2 on isp_rt
+        routes:
+          - address: 10.10.0.0 # Route to the SomeTech internal LAN
+            subnet_mask: 255.255.0.0
+            next_hop_ip_address: 10.10.4.1 # NI 1 on some_tech_rt
+
+
+      - hostname: some_tech_web_srv
+        type: server
+        ip_address: 94.10.180.6
+        subnet_mask: 255.255.255.252
+        default_gateway: 94.10.180.5
+        dns_server: 8.8.8.2
+        services:
+          - ref: web_server
+            type: WebServer
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+
+      - hostname: some_tech_rt
+        type: router
+        num_ports: 4
+        ports:
+          1:
+            ip_address: 10.10.1.1
+            subnet_mask: 255.255.255.0
+          2:
+            ip_address: 10.10.4.1
+            subnet_mask: 255.255.255.252
+          3:
+            ip_address: 10.10.3.1
+            subnet_mask: 255.255.255.0
+          4:
+            ip_address: 10.10.2.1
+            subnet_mask: 255.255.255.0
+
+        acl:
+          2: # Allow the some_tech_web_srv to connect to the Database Service on some_tech_db_srv
+            action: PERMIT
+            src_ip: 94.10.180.6
+            src_wildcard_mask: 0.0.0.0
+            src_port: POSTGRES_SERVER
+            dst_ip: 10.10.1.11
+            dst_wildcard_mask: 0.0.0.0
+            dst_port: POSTGRES_SERVER
+          3: # Allow the Database Service on some_tech_db_srv to respond to some_tech_web_srv
+            action: PERMIT
+            src_ip: 10.10.1.11
+            src_wildcard_mask: 0.0.0.0
+            src_port: POSTGRES_SERVER
+            dst_ip: 94.10.180.6
+            dst_wildcard_mask: 0.0.0.0
+            dst_port: POSTGRES_SERVER
+          4: # Prevent the Junior engineer from downloading files from the some_tech_storage_srv over FTP
+            action: DENY
+            src_ip: 10.10.2.12
+            src_wildcard_mask: 0.0.0.0
+            src_port: FTP
+            dst_ip: 10.10.1.12
+            dst_wildcard_mask: 0.0.0.0
+            dst_port: FTP
+          5: # Allow communication between Engineering and the DB & Storage subnet
+            action: PERMIT
+            src_ip: 10.10.2.0
+            src_wildcard_mask: 0.0.0.255
+            dst_ip: 10.10.1.0
+            dst_wildcard_mask: 0.0.0.255
+          6: # Allow communication between the DB & Storage subnet and Engineering
+            action: PERMIT
+            src_ip: 10.10.1.0
+            src_wildcard_mask: 0.0.0.255
+            dst_ip: 10.10.2.0
+            dst_wildcard_mask: 0.0.0.255
+          7: # Allow the SomeTech network to use HTTP
+            action: PERMIT
+            src_port: HTTP
+            dst_port: HTTP
+          8: # Allow the SomeTech internal network to use ARP
+            action: PERMIT
+            src_ip: 10.10.0.0
+            src_wildcard_mask: 0.0.255.255
+            src_port: ARP
+          9: # Allow the SomeTech internal network to use ICMP
+            action: PERMIT
+            src_ip: 10.10.0.0
+            src_wildcard_mask: 0.0.255.255
+            protocol: ICMP
+          10:
+            action: PERMIT
+            src_ip: 94.10.180.6
+            src_wildcard_mask: 0.0.0.0
+            src_port: HTTP
+            dst_ip: 10.10.0.0
+            dst_wildcard_mask: 0.0.255.255
+            dst_port: HTTP
+          11: # Permit SomeTech to use DNS
+            action: PERMIT
+            src_port: DNS
+            dst_port: DNS
+        default_route: # Default route to all external networks
+          next_hop_ip_address: 10.10.4.2 # NI int on some_tech_fw
+
+
+      - hostname: some_tech_data_sw
+        type: switch
+        num_ports: 3
+
+      - hostname: some_tech_hr_sw
+        type: switch
+        num_ports: 2
+
+      - hostname: some_tech_eng_sw
+        type: switch
+        num_ports: 3
+
+      - hostname: some_tech_db_srv
+        type: server
+        ip_address: 10.10.1.11
+        subnet_mask: 255.255.255.0
+        default_gateway: 10.10.1.1
+        dns_server: 8.8.8.2
+        services:
+          - type: DatabaseService
+            options:
+              backup_server_ip: 10.10.1.12 # The some_tech_storage_srv server
+          - type: FTPClient
+
+      - hostname: some_tech_storage_srv
+        type: server
+        ip_address: 10.10.1.12
+        subnet_mask: 255.255.255.0
+        default_gateway: 10.10.1.1
+        dns_server: 8.8.8.2
+        services:
+          - type: FTPServer
+
+      - hostname: some_tech_hr_1
+        type: computer
+        ip_address: 10.10.3.11
+        subnet_mask: 255.255.255.0
+        default_gateway: 10.10.3.1
+        dns_server: 8.8.8.2
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
+
+      - hostname: some_tech_snr_dev_pc
+        type: computer
+        ip_address: 10.10.2.11
+        subnet_mask: 255.255.255.0
+        default_gateway: 10.10.2.1
+        dns_server: 8.8.8.2
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
+
+      - hostname: some_tech_jnr_dev_pc
+        type: computer
+        ip_address: 10.10.2.12
+        subnet_mask: 255.255.255.0
+        default_gateway: 10.10.2.1
+        dns_server: 8.8.8.2
+        applications:
+          - type: DatabaseClient
+            options:
+              db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
+
+    links:
+      # Home/Office Lan Links
+      - endpoint_a_hostname: pc_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 1
+      - endpoint_a_hostname: pc_2
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 2
+      - endpoint_a_hostname: server_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 3
+      - endpoint_a_hostname: router_1
+        endpoint_a_port: 1
+        endpoint_b_hostname: switch_1
+        endpoint_b_port: 4
+
+      # ISP Links
+      - endpoint_a_hostname: isp_rt
+        endpoint_a_port: 1
+        endpoint_b_hostname: router_1
+        endpoint_b_port: 2
+      - endpoint_a_hostname: isp_rt
+        endpoint_a_port: 2
+        endpoint_b_hostname: some_tech_fw
+        endpoint_b_port: 1
+      - endpoint_a_hostname: isp_rt
+        endpoint_a_port: 3
+        endpoint_b_hostname: isp_dns_srv
+        endpoint_b_port: 1
+
+
+      # SomeTech LAN Links
+      - endpoint_a_hostname: some_tech_fw
+        endpoint_a_port: 3
+        endpoint_b_hostname: some_tech_web_srv
+        endpoint_b_port: 1
+      - endpoint_a_hostname: some_tech_fw
+        endpoint_a_port: 2
+        endpoint_b_hostname: some_tech_rt
+        endpoint_b_port: 2
+      - endpoint_a_hostname: some_tech_rt
+        endpoint_a_port: 1
+        endpoint_b_hostname: some_tech_data_sw
+        endpoint_b_port: 3
+      - endpoint_a_hostname: some_tech_rt
+        endpoint_a_port: 3
+        endpoint_b_hostname: some_tech_hr_sw
+        endpoint_b_port: 2
+      - endpoint_a_hostname: some_tech_rt
+        endpoint_a_port: 4
+        endpoint_b_hostname: some_tech_eng_sw
+        endpoint_b_port: 3
+      - endpoint_a_hostname: some_tech_data_sw
+        endpoint_a_port: 1
+        endpoint_b_hostname: some_tech_db_srv
+        endpoint_b_port: 1
+      - endpoint_a_hostname: some_tech_data_sw
+        endpoint_a_port: 2
+        endpoint_b_hostname: some_tech_storage_srv
+        endpoint_b_port: 1
+      - endpoint_a_hostname: some_tech_hr_sw
+        endpoint_a_port: 1
+        endpoint_b_hostname: some_tech_hr_1
+        endpoint_b_port: 1
+      - endpoint_a_hostname: some_tech_eng_sw
+        endpoint_a_port: 1
+        endpoint_b_hostname: some_tech_snr_dev_pc
+        endpoint_b_port: 1
+      - endpoint_a_hostname: some_tech_eng_sw
+        endpoint_a_port: 2
+        endpoint_b_hostname: some_tech_jnr_dev_pc
+        endpoint_b_port: 1
--- a/src/primaite/game/game.py
+++ b/src/primaite/game/game.py
@@ -244,7 +244,7 @@ class PrimaiteGame:
                    hostname=node_cfg["hostname"],
                    ip_address=node_cfg["ip_address"],
                    subnet_mask=IPv4Address(node_cfg.get("subnet_mask", "255.255.255.0")),
-                    default_gateway=node_cfg["default_gateway"],
+                    default_gateway=node_cfg.get("default_gateway"),
                    dns_server=node_cfg.get("dns_server", None),
                    operating_state=NodeOperatingState.ON
                    if not (p := node_cfg.get("operating_state"))
@@ -255,7 +255,7 @@ class PrimaiteGame:
                    hostname=node_cfg["hostname"],
                    ip_address=node_cfg["ip_address"],
                    subnet_mask=IPv4Address(node_cfg.get("subnet_mask", "255.255.255.0")),
-                    default_gateway=node_cfg["default_gateway"],
+                    default_gateway=node_cfg.get("default_gateway"),
                    dns_server=node_cfg.get("dns_server", None),
                    operating_state=NodeOperatingState.ON
                    if not (p := node_cfg.get("operating_state"))
--- a/src/primaite/simulator/network/hardware/nodes/network/firewall.py
+++ b/src/primaite/simulator/network/hardware/nodes/network/firewall.py
@@ -330,7 +330,7 @@ class Firewall(Router):
        # check if External Inbound ACL Rules permit frame
        permitted, rule = self.external_inbound_acl.is_permitted(frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at external inbound by rule {rule}")
            return
        self.software_manager.arp.add_arp_cache_entry(
            ip_address=frame.ip.src_ip_address,
@@ -360,7 +360,7 @@ class Firewall(Router):
        # check if External Outbound ACL Rules permit frame
        permitted, rule = self.external_outbound_acl.is_permitted(frame=frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at external outbound by rule {rule}")
            return

        self.process_frame(frame=frame, from_network_interface=from_network_interface)
@@ -380,7 +380,7 @@ class Firewall(Router):
        # check if Internal Inbound ACL Rules permit frame
        permitted, rule = self.internal_inbound_acl.is_permitted(frame=frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at internal inbound by rule {rule}")
            return

        self.process_frame(frame=frame, from_network_interface=from_network_interface)
@@ -398,7 +398,7 @@ class Firewall(Router):
        """
        permitted, rule = self.internal_outbound_acl.is_permitted(frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at internal outbound by rule {rule}")
            return
        self.software_manager.arp.add_arp_cache_entry(
            ip_address=frame.ip.src_ip_address,
@@ -432,7 +432,7 @@ class Firewall(Router):
        # check if DMZ Inbound ACL Rules permit frame
        permitted, rule = self.dmz_inbound_acl.is_permitted(frame=frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at DMZ inbound by rule {rule}")
            return

        self.process_frame(frame=frame, from_network_interface=from_network_interface)
@@ -452,7 +452,7 @@ class Firewall(Router):
        """
        permitted, rule = self.dmz_outbound_acl.is_permitted(frame)
        if not permitted:
-            self.sys_log.info(f"Frame blocked at interface {from_network_interface} by rule {rule}")
+            self.sys_log.info(f"Frame blocked at DMZ outbound by rule {rule}")
            return
        self.software_manager.arp.add_arp_cache_entry(
            ip_address=frame.ip.src_ip_address,
@@ -688,4 +688,9 @@ class Firewall(Router):
                    next_hop_ip_address=IPv4Address(route.get("next_hop_ip_address")),
                    metric=float(route.get("metric", 0)),
                )
+        if "default_route" in cfg:
+            next_hop_ip_address = cfg["default_route"].get("next_hop_ip_address", None)
+            if next_hop_ip_address:
+                firewall.route_table.set_default_route_next_hop_ip_address(next_hop_ip_address)
+
        return firewall
--- a/src/primaite/simulator/network/networks.py
+++ b/src/primaite/simulator/network/networks.py
@@ -1,5 +1,9 @@
 from ipaddress import IPv4Address

+import yaml
+
+from primaite import getLogger, PRIMAITE_PATHS
+from primaite.game.game import PrimaiteGame
 from primaite.simulator.network.container import Network
 from primaite.simulator.network.hardware.nodes.host.computer import Computer
 from primaite.simulator.network.hardware.nodes.host.host_node import NIC
@@ -15,6 +19,8 @@ from primaite.simulator.system.services.dns.dns_server import DNSServer
 from primaite.simulator.system.services.ftp.ftp_server import FTPServer
 from primaite.simulator.system.services.web_server.web_server import WebServer

+_LOGGER = getLogger(__name__)
+

 def client_server_routed() -> Network:
    """
@@ -279,3 +285,34 @@ def arcd_uc2_network() -> Network:
    router_1.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.HTTP, dst_port=Port.HTTP, position=3)

    return network
+
+
+def _get_example_network(path: str) -> Network:
+    try:
+        with open(path, "r") as file:
+            cfg = yaml.safe_load(file)
+    except FileNotFoundError:
+        msg = f"Failed to locate example network config {path}. Run `primaite setup` to load the example config files."
+        _LOGGER.error(msg)
+        raise FileNotFoundError(msg)
+    game = PrimaiteGame.from_config(cfg)
+
+    return game.simulation.network
+
+
+def client_server_p2p_network_example() -> Network:
+    """Get the Client-Server P2P example network."""
+    path = PRIMAITE_PATHS.user_config_path / "example_config" / "client_server_p2p_network_example.yaml"
+    return _get_example_network(path)
+
+
+def basic_lan_network_example() -> Network:
+    """Get the basic LAN example network."""
+    path = PRIMAITE_PATHS.user_config_path / "example_config" / "basic_network_network_example.yaml"
+    return _get_example_network(path)
+
+
+def multi_lan_internet_network_example() -> Network:
+    """Get Multi-LAN with Internet example network."""
+    path = PRIMAITE_PATHS.user_config_path / "example_config" / "multi_lan_internet_network_example.yaml"
+    return _get_example_network(path)
--- a/tests/integration_tests/network/test_multi_lan_internet_example_network.py
+++ b/tests/integration_tests/network/test_multi_lan_internet_example_network.py
@@ -0,0 +1,199 @@
+from primaite.simulator.network.hardware.nodes.host.computer import Computer
+from primaite.simulator.network.hardware.nodes.host.server import Server
+from primaite.simulator.network.networks import multi_lan_internet_network_example
+from primaite.simulator.system.applications.database_client import DatabaseClient
+from primaite.simulator.system.services.dns.dns_client import DNSClient
+from primaite.simulator.system.services.ftp.ftp_client import FTPClient
+from src.primaite.simulator.system.applications.web_browser import WebBrowser
+
+
+def test_all_with_configured_dns_server_ip_can_resolve_url():
+    network = multi_lan_internet_network_example()
+
+    for node in network.nodes.values():
+        dns_client: DNSClient = node.software_manager.software.get("DNSClient")
+
+        if not dns_client:
+            continue
+
+        if dns_client.dns_server:
+            assert dns_client.check_domain_exists("sometech.ai")
+
+
+def test_external_pcs_can_access_sometech_website():
+    network = multi_lan_internet_network_example()
+
+    pc_1_browser: WebBrowser = network.get_node_by_hostname("pc_1").software_manager.software["WebBrowser"]
+    pc_2_browser: WebBrowser = network.get_node_by_hostname("pc_2").software_manager.software["WebBrowser"]
+
+    assert pc_1_browser.get_webpage()
+    assert pc_2_browser.get_webpage()
+
+
+def test_external_pcs_cannot_access_sometech_db():
+    network = multi_lan_internet_network_example()
+
+    pc_1_db_client: DatabaseClient = network.get_node_by_hostname("pc_1").software_manager.software["DatabaseClient"]
+    pc_2_db_client: DatabaseClient = network.get_node_by_hostname("pc_2").software_manager.software["DatabaseClient"]
+
+    assert not pc_1_db_client.get_new_connection()
+    assert not pc_2_db_client.get_new_connection()
+
+
+def test_external_pcs_cannot_access_ftp_on_sometech_storage_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_storage_srv = network.get_node_by_hostname("some_tech_storage_srv")
+    some_tech_storage_srv.file_system.create_file(file_name="test.png")
+
+    pc_1_ftp_client: FTPClient = network.get_node_by_hostname("pc_1").software_manager.software["FTPClient"]
+    pc_2_ftp_client: FTPClient = network.get_node_by_hostname("pc_2").software_manager.software["FTPClient"]
+
+    assert not pc_1_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )
+
+    assert not pc_2_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )
+
+
+def test_sometech_webserver_can_access_sometech_db_server():
+    network = multi_lan_internet_network_example()
+
+    web_db_client: DatabaseClient = network.get_node_by_hostname("some_tech_web_srv").software_manager.software[
+        "DatabaseClient"
+    ]
+
+    assert web_db_client.get_new_connection()
+
+
+def test_sometech_webserver_cannot_access_ftp_on_sometech_storage_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_storage_srv = network.get_node_by_hostname("some_tech_storage_srv")
+    some_tech_storage_srv.file_system.create_file(file_name="test.png")
+
+    web_server: Server = network.get_node_by_hostname("some_tech_web_srv")
+
+    web_ftp_client: FTPClient = web_server.software_manager.software["FTPClient"]
+
+    assert not web_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )
+
+
+def test_sometech_dev_pcs_can_access_sometech_website():
+    network = multi_lan_internet_network_example()
+
+    some_tech_snr_dev_pc: Computer = network.get_node_by_hostname("some_tech_snr_dev_pc")
+
+    snr_dev_browser: WebBrowser = some_tech_snr_dev_pc.software_manager.software["WebBrowser"]
+
+    assert snr_dev_browser.get_webpage()
+
+    some_tech_jnr_dev_pc: Computer = network.get_node_by_hostname("some_tech_jnr_dev_pc")
+
+    jnr_dev_browser: WebBrowser = some_tech_jnr_dev_pc.software_manager.software["WebBrowser"]
+
+    assert jnr_dev_browser.get_webpage()
+
+
+def test_sometech_dev_pcs_can_connect_to_sometech_db_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_snr_dev_pc: Computer = network.get_node_by_hostname("some_tech_snr_dev_pc")
+    snr_dev_db_client: DatabaseClient = some_tech_snr_dev_pc.software_manager.software["DatabaseClient"]
+
+    assert snr_dev_db_client.get_new_connection()
+
+    some_tech_jnr_dev_pc: Computer = network.get_node_by_hostname("some_tech_jnr_dev_pc")
+    jnr_dev_db_client: DatabaseClient = some_tech_jnr_dev_pc.software_manager.software["DatabaseClient"]
+
+    assert jnr_dev_db_client.get_new_connection()
+
+
+def test_sometech_snr_dev_can_access_ftp_on_sometech_storage_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_storage_srv = network.get_node_by_hostname("some_tech_storage_srv")
+    some_tech_storage_srv.file_system.create_file(file_name="test.png")
+
+    some_tech_snr_dev_pc: Computer = network.get_node_by_hostname("some_tech_snr_dev_pc")
+    snr_dev_ftp_client: FTPClient = some_tech_snr_dev_pc.software_manager.software["FTPClient"]
+
+    assert snr_dev_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )
+
+
+def test_sometech_jnr_dev_cannot_access_ftp_on_sometech_storage_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_storage_srv = network.get_node_by_hostname("some_tech_storage_srv")
+    some_tech_storage_srv.file_system.create_file(file_name="test.png")
+
+    some_tech_jnr_dev_pc: Computer = network.get_node_by_hostname("some_tech_jnr_dev_pc")
+    jnr_dev_ftp_client: FTPClient = some_tech_jnr_dev_pc.software_manager.software["FTPClient"]
+
+    assert not jnr_dev_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )
+
+
+def test_sometech_hr_pc_can_access_sometech_website():
+    network = multi_lan_internet_network_example()
+
+    some_tech_hr_pc: Computer = network.get_node_by_hostname("some_tech_hr_1")
+
+    hr_browser: WebBrowser = some_tech_hr_pc.software_manager.software["WebBrowser"]
+
+    assert hr_browser.get_webpage()
+
+
+def test_sometech_hr_pc_cannot_access_sometech_db():
+    network = multi_lan_internet_network_example()
+
+    some_tech_hr_pc: Computer = network.get_node_by_hostname("some_tech_hr_1")
+
+    hr_db_client: DatabaseClient = some_tech_hr_pc.software_manager.software["DatabaseClient"]
+
+    assert not hr_db_client.get_new_connection()
+
+
+def test_sometech_hr_pc_cannot_access_ftp_on_sometech_storage_server():
+    network = multi_lan_internet_network_example()
+
+    some_tech_storage_srv = network.get_node_by_hostname("some_tech_storage_srv")
+    some_tech_storage_srv.file_system.create_file(file_name="test.png")
+
+    some_tech_hr_pc: Computer = network.get_node_by_hostname("some_tech_hr_1")
+    hr_ftp_client: FTPClient = some_tech_hr_pc.software_manager.software["FTPClient"]
+
+    assert not hr_ftp_client.request_file(
+        dest_ip_address=some_tech_storage_srv.network_interface[1].ip_address,
+        src_folder_name="root",
+        src_file_name="test.png",
+        dest_folder_name="root",
+        dest_file_name="test.png",
+    )