Difference between revisions of "SRT210 Lab 2"

From CDOT Wiki
Jump to: navigation, search
(PART 2: BASIC NETWORKING)
Line 23: Line 23:
  
 
= PART 2: BASIC NETWORKING =
 
= PART 2: BASIC NETWORKING =
 +
 +
== Simple commands ==
 +
 +
Use these commands to check the curent network settings on lin1:
 +
 +
* ip link (show interfaces)
 +
* ip address (the MAC address, IP address, and subnet mask for every interface)
 +
* ip route (the routing table)
 +
* cat /etc/resolv.conf (the DNS server you're configured to query)
 +
* arp -n (the ARP table)
 +
 +
Note if you're missing a command - you can figure out what package contains in by using <code>yum whatprovides</code>
  
 
== New virtual network ==
 
== New virtual network ==
Line 38: Line 50:
 
# Enable Network Forwarding by Selecting '''Forwarding to physical network''', the destination should be '''Any physical device''' and the mode should be '''NAT'''
 
# Enable Network Forwarding by Selecting '''Forwarding to physical network''', the destination should be '''Any physical device''' and the mode should be '''NAT'''
  
 +
== Network settings on lin1 ==
  
 +
* Now if you try to start lin1 - it will tell you that the network "default" is unavailable. Go into the lin1 VM settings and configure the NIC to use "network1" instead.
 +
* After starting the VM you'll find that your network interface is not configured (try all the commands above again to see their output).
 +
* Configure your wired interface by editing the file .
 +
* Change to the '''/etc/sysconfig/network-scripts''' directory.
 +
* List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
 +
* Look for the configuration file for your interface. It should have the name of the interface in the filename and the interface's MAC address in its contents.
 +
* Edit that file and give it the following settings:
 +
::DEVICE=eth0
 +
::IPADDR=192.168.210.11
 +
::NETMASK=255.255.255.0
 +
::GATEWAY=192.168.210.1
 +
::HWADDR=xx:xx:xx:xx:xx:xx '''# Make sure it's the right MAC address
 +
::DNS1=192.168.210.1
 +
::BOOTPROTO=static
 +
::ONBOOT=yes
 +
::NM_CONTROLLED=yes
 +
::IPV6INIT=no
 +
* Ask yourself where did the IP address 192.168.210.1 come from and why it's your default gateway and DNS server.
  
 
= PART 2: IPTABLES =
 
= PART 2: IPTABLES =

Revision as of 09:56, 14 January 2019

Objectives

  • Set up a nested virtual machine
  • Get familiar with basic networking setup and utilities used on Linux

PART 1: NESTED VIRTUAL MACHINE

Since we're forced to use a Windows machine as the main VM host, we're going to have to set up nested virtualisation. Luckily that's not too difficult.

  • Change the settings for your c7host to have at least 4GB of RAM, and enable "Virtual Intel VT-X/EPT or AMD-V/RVI" under VM/Settings/Processors.
  • Install the following packages: qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
  • Make sure (using systemctl enable) that the libvirtd service starts at boot.
  • Those will include both the KVM hypervisor and Virt Manager, which is a graphical tool used to administer it.
  • Create a new virtual machine with the following settings:

After you're done - you'll have a command-line-only CentOS machine (lin1) running inside a graphical CentOS desktop (c7host).

PART 2: BASIC NETWORKING

Simple commands

Use these commands to check the curent network settings on lin1:

  • ip link (show interfaces)
  • ip address (the MAC address, IP address, and subnet mask for every interface)
  • ip route (the routing table)
  • cat /etc/resolv.conf (the DNS server you're configured to query)
  • arp -n (the ARP table)

Note if you're missing a command - you can figure out what package contains in by using yum whatprovides

New virtual network

By default a KVM setup has a NAT network with a DHCP server. That works nicely out of the box but won't work for us because we'll need to configure network settings manually.

  1. Power off lin1
  2. In the Connection Details dialog box, select the Virtual Networks tab
  3. Click to de-select the Autostart (on boot) check-box options and click the Apply button.
  4. Stop the default network by clicking on the stop button at the bottom left-side of the dialog box.
  5. Click the add button to add a new network configuration.
  6. Leave the default network name network1.
  7. In the next screen, enter the new network IP address space called: 192.168.210.0/24
  8. Disable DHCPv4
  9. Enable Network Forwarding by Selecting Forwarding to physical network, the destination should be Any physical device and the mode should be NAT

Network settings on lin1

  • Now if you try to start lin1 - it will tell you that the network "default" is unavailable. Go into the lin1 VM settings and configure the NIC to use "network1" instead.
  • After starting the VM you'll find that your network interface is not configured (try all the commands above again to see their output).
  • Configure your wired interface by editing the file .
  • Change to the /etc/sysconfig/network-scripts directory.
  • List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
  • Look for the configuration file for your interface. It should have the name of the interface in the filename and the interface's MAC address in its contents.
  • Edit that file and give it the following settings:
DEVICE=eth0
IPADDR=192.168.210.11
NETMASK=255.255.255.0
GATEWAY=192.168.210.1
HWADDR=xx:xx:xx:xx:xx:xx # Make sure it's the right MAC address
DNS1=192.168.210.1
BOOTPROTO=static
ONBOOT=yes
NM_CONTROLLED=yes
IPV6INIT=no
  • Ask yourself where did the IP address 192.168.210.1 come from and why it's your default gateway and DNS server.

PART 2: IPTABLES

CentOS comes with firewalld installed by default. We will not be using that, instead we'll do all our firewall work with iptables. Therefore we'll need to uninstall firewalld and install iptables management tools:

  • Use systemctl to stop firewalld and disable it from starting on boot.
  • Use yum to uninstall firewalld and install iptables-services
  • Use systemctl to start the iptables service and configure it to be started on boot.