1,234
edits
Changes
no edit summary
#* Find the MAC address of the '''Network Interface''' and the '''IP address''' assigned to it. Record this information on your lab log book.
# Change to your '''host machine''', open a terminal window, and perform the following connectivity tests for each vm:<br><br>
<source lang="bash">
ping -c 1 [ip-of-vm]
ssh [ip-of-vm]
'''Perform the following steps for your <u>host</u> machine:'''
# Make a backup of the original default rules: <source lang='bash'>cp /etc/sysconfig/iptables /etc/sysconfig/iptables.original</source>
# '''Stop libvirtd''' and '''restart iptables''' so that you have only the minimal default rules.
# Use the ifconfig or ip address command to determine the IP ADDRESS of your external facing address (i.e. IP address beginning with '''10.x.x.x''' or '''192.168.48.x''' if you are using an SSD).
# Issue '''iptables -L -v''' to view your firewall rules for your newly-created chains.
# Have your partner attempt to connect to your machine using the external facing address to ensure your rules are working.<br />They should not be able to connect, and the counters in iptables should show that packets are being caught in your MYICMP and MYSSH chains.<br><br>'''NOTE:''' Your system logs (such as: '''/var/log/messages''' or in the case (using a customized chains) the command: '''journalctl --dmesg | grep MYSSH''' should also show their failed attempts to '''ssh''' to you with your '''customized''' message.
# When you are confident the rules are working, save them by running <source lang='bash'>iptables-save > /etc/sysconfig/iptables</source><br />Note that this should not include the rules from the virtual network. They will always be added automatically when libvirtd starts.
# Now start libvirtd again, and test that your firewall still allows the VMs to connect to the host and each other (ping and ssh). Do not continue until it works.