Prior to beginning this lab verify network connectivity between your host and your VMs.
* Boot up your host.* Login with your LearnID.* # Find out the MAC address of the virtual network device virbr0 on the host and the IP address assigned to it. Record this information on your lab log book.* # Start your VMs.* # On the VMseach VM:*#* Login with your LearnID to your VM and use "su -" to become as root.*#* Find out the MAC address of the virtual NIC (usually eth0 or ens3) and the IP address assigned to it. Record this information on your lab log book.# Back on your host open a terminal window and perform the following connectivity tests to each vm:#* ping -c 2 [ip-of-vm]#* ssh [LearnID]@[ip-of-vm]
*On your Host** Open a terminal window and perform the following connectivity tests to each vm:*** ping -c 2 [ip-of-vm]*** ssh [LearnID]@[ip-of-vm]= Automatic firewall updates =
*On both systems (Host and VMs)** Run the command "ip neighbour show", extract relevant information from the outputs and record them on your lab log book. Indicate clearly the system on which the information was obtained.** For a brief summary of the output format view the [http://linux-ip.net/gl/ip-cref/node61.html online documentation] *You will now modify the firewall on your host to be more secure. As several Several rules are automatically added for you because of the virtual network. As an exercise we'll figure out what those are exactly:# Run '''iptables -L''' and redirect the output to a text file, the next portion of the lab is will be done with your virtual network shut offso you can refer to it later.*# Shutdown your VMs*# Stop the libvirtd service on the host*# Restart the iptables service on # Rerun '''iptables -L''' to get a listing of the new state of the firewall and redirect the output to a second text file.# Now you have two text files representing the before and after states of your firewall. You can compare the files visually but it's often easier to use a diff tool:#* The command-line tool '''diff''' takes some time to get used to but you'll get used to it eventually, it's used a lot in the industry. Run '''diff -u before.txt after.txt''' and figure out how to read the hostoutput.#* You can also install a graphical tool that makes it much easier to see differences:
== IPTABLES ==