Difference between revisions of "OPS335 Lab 1"

From CDOT Wiki
Jump to: navigation, search
(Installing the first guest machine)
(Installing the first guest machine)
Line 65: Line 65:
 
***Change your hostname to "vm01.localdomain".
 
***Change your hostname to "vm01.localdomain".
 
{{Admon/important|Firstboot|For successful completion of the labs, please ensure the first user created is named using your Learn ID.}}
 
{{Admon/important|Firstboot|For successful completion of the labs, please ensure the first user created is named using your Learn ID.}}
During Firstboot create a user with the same name as your learn ID and the first user created on your host machine. This is important to ensure future labs work.
+
During Firstboot create a user with the same name as your learn ID and the first user created on your host machine. This is important to ensure future labs work. Now login and open a terminal window.
#Enter the correct date and time and click on the "Forward" button.
+
*Switch to root and update your VM guest machine  
#In the "Profile" window, click on the "Finish" button and "Do not send profile".
+
* yum update
#Now login as user "joker" and open a terminal window.
+
This could take a long time and you should reboot after it's done. Ensure your VM guest has internet access
#Switch to root and update your VM guest machine  
+
host cbc.ca
#*yum update
 
#*This could take a long time and you should reboot after it's done.
 
*Ensure your VM guest has internet access  
 
**host cbc.ca
 
  
 
=== Testing your Gateway ===
 
=== Testing your Gateway ===

Revision as of 17:08, 15 January 2012

Configure a Linux Gateway for Linux Hosts inside an Intranet

This lab will show you how to set up a simple intranet using one Fedora PC as a gateway. The same Fedora PC will be a host to a Fedora VM (Virtual Machine) which will act as a PC inside an intranet. Here is a diagram of your setup.
Lab01.png

Important.png
Requirement - Lab 0
Lab 0 should be completed and you should have a copy of Fedora 16, x86_64 LIVE ISO Image.

Instructions

Managing services using systemd

Boot up your Fedora 16 x86_64 system, login with your learn id and use Firefox to authenticate yourself on Senenet so you can download and install new software.

  • Open a terminal window and su to root.
  • Ensure your system date and time are correct.
  • Ensure your system is up to date
yum update
  • Start your ssh server
service sshd start
Redirecting to /bin/systemctl start sshd.service
  • Notice that your command was redirected to 'systemctl', the command executed was 'systemctl start sshd.service'. Record this in your lab book.
  • Enable sshd to start at boot
chkconfig sshd on
Note: Forwarding request to 'systemctl enable sshd.service'.
ln -s '/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'
  • Again notice your command was redirected to 'systemctl', the command executed was 'systemctl enable sshd.service'. A symbolic link was created as well, explain its purpose in your lab book.
  • Install the virtualization software
yum groupinstall virtualization
  • Start the libvirt daemon using 'systemctl'
 systemctl start libvirtd.service
  • Enable libvirtd to start at boot using 'systemctl'
systemctl enable libvirtd.service
libvirtd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig libvirtd on
Warning: unit files do not carry install information. No operation executed.

Create your personal network

Observe and record the output of the following command:

iptables -t nat -L

Start Virtual Machine Manager through Gnome or through command line. You will need to enter your root password.

virt-manager

Right click 'localhost (QEMU)' and select 'Details'. Click on the 'Virtual Networks' tab and use the plus sign to add a new virtual network using the following options.

  • Name your virtual network 'ops335'
  • Use the last two digits of your student number for the third octet of network IP address. Example, if your student number is 000-000-090, the network address would be 192.168.90.0/24.
  • Ensure the DHCP range will allow you to assign at least 3 static IP addresses.
  • Choose 'Forwarding to physical network' radio button, 'Destination: Any physical device' and 'Mode: NAT'
  • Ensure the network is started at boot.

Once completed open a terminal and observe and record the output of the following command:

iptables -t nat -L

Installing the first guest machine

With the virtualization software installed and your personal network created, you are now ready to create your first "Virtual Machine". Use the Fedora 16 x86 64 bit disk to install, or download an iso from Belmont (these links will only work at school).

 wget http://belmont.senecac.on.ca/fedora/releases/16/Live/x86_64/Fedora-16-x86_64-Live-Desktop.iso
 or
 wget http://belmont.senecac.on.ca/fedora/releases/16/Live/x86_64/Fedora-16-x86_64-Live-KDE.iso
  • Click on the icon "Create a new virtual machine" to begin.
  • Name your machine "f16-vm01" and choose your installation method - "Local install media". Choose the desired option to install from either the CD or iso. For "OS type" select "Linux" and for Version select "Fedora 16" then click on the "Forward" button.
  • Use the default memory and CPU options for use with lab computers (Depending available hardware these settings can be adjusted). Then click on the "Forward" button to proceed.
  • Leave the disk image size set at 8GB, ensure "Allocate entire disk now" is checked, then click on the "Forward" button.
  • At the "Ready to begin installation" window click on 'Advanced options' arrow to review available options.
    • Select the Virtual Network named 'ops335'. Make note of the other available options.

Once your Fedora Live CD boots up you will see a message that Gnome 3 has failed to load and is currently running in fallback mode. This is normal for a VM. Close the dialog window and click on the Applications menu.

  • Select Applications -> System Tools -> Install to Hard Disk
    • Click the "Next" button to begin your F13 installation. Select the appropriate default options.
      • Change your hostname to "vm01.localdomain".
Important.png
Firstboot
For successful completion of the labs, please ensure the first user created is named using your Learn ID.

During Firstboot create a user with the same name as your learn ID and the first user created on your host machine. This is important to ensure future labs work. Now login and open a terminal window.

  • Switch to root and update your VM guest machine
  • yum update

This could take a long time and you should reboot after it's done. Ensure your VM guest has internet access

host cbc.ca

Testing your Gateway

  • Try pinging each machine from the other.
  • Try pinging Matrix from each machine.
  • Start the ssh server on both machines
service sshd start
  • Enable the ssh server at startup on both machines
chkconfig --levels 2345 sshd on
  • Start Firefox on your host machine and authenticate yourself on Senenet.
  • Try to ssh from the guest to the host machine. This should work.
  • Try to ssh from the host to the guest machine. This should not work.
  • Try to ssh to your Matrix account from both the host and guest machines.
  • Try to ssh from your Matrix account back to your host and guest machines.
  • Add one iptables rule to the guest firewall that will accept new ssh connections to the guest machine.
  • Save your new firewall rules
service iptables save
  • Reboot your guest machine.
  • Try to ssh from the host to the guest machine. This should now work.
  • Start Firefox on the guest machine and try surfing the web without authicating yourself on Senenet. i.e. only the host machine is authenticated.

Completing the Lab

Important.png
Time for a new backup!
If you have successfully completed this lab, make a new backup of your virtual machines.

Answer the following questions in your logbook.

  1. What iptables rule was added to allow ssh connections to the guest vm?
  2. Explain how Network Address Translation is accomplished on the host. Refer and specifically explain the 3 rules in the POSTROUTING chain of the nat table on the host machine.
  3. How is ping and ssh affected (on both machines) if you disable ip forwarding on the host machine?
    • echo 0 > /proc/sys/net/ipv4/ip_forward
  4. Did you clean up your work area, power off your PC and push your chair under the table when you completed this lab?