1,576
edits
Changes
no edit summary
{{Admon/caution|Draft LabTHIS IS AN OLD VERSION OF THE LAB|'''This lab has NOT been released for regular distributionis an archived version. When the lab is ready to be released, Do not use this caution banner will disappearin your OPS235 course.'''}}
= Configuring a Network Using Virtual Machines =
* '''CentOS2 VM''' has 1 active interface (<code>'''eth0'''</code>) that receives a dynamic configuration from your CentOS Host
* '''CentOS3 VM''' has 1 active interface (<code>'''eth0'''</code>) that receives a dynamic configuration from your CentOS Host
== Configuring a Network Using Virtual Machines ==
=== Investigation 1: How do you create a new virtual network. ===
{{Admon/note | Use the f17host c6host | Complete the following steps on your '''f17hostc6host''' computer system.}}
Before configuring our network we want to turn off dynamic network configuration for our Virtual Machines by turning off the "default" virtual network.
# On Turn off your '''f17host''' machine start virtual machines# Start Virtual Machine Manager
# In the Virtual Machine Manager dialog box, Select '''Edit'''-> '''Connection Details'''.
# In the '''Hosts''' Details dialog box, select the '''Virtual Networks''' tab
# The destination should be '''Any physical device''' and the mode should be '''NAT'''
# Proceed with changes, and select '''Finish'''.
{{Admon/note | Repeat these steps for each VM | Complete the following steps on <u>each</u> of your virtual machines.}}
<ol>
<li value="15">Now we need to add reconfigure our 3 VMs to use our new virtual network '''network1''' to the 3 VM's
<ol type="a" style="margin-left:2cm">
<li value="1">Select the '''fedora1centos1''' VM and edit the '''Virtual Machine Details'''<br />(Note: the Virtual Machine window will appear - do not start virtual machine)</li>
<li>Under View select '''Details'''</li>
<li>In the '''left pane''' of the Virtual Machine window, select '''NIC:''' and note that this NIC is on the "default" virtual network</li>
<li>Click on the '''Remove''' button at the bottom right-side of the dialog box.</li> <li>Click on '''Add Hardware''' on the bottom left-side of the dialog box and add a new network</li> <li>For the host device, locate and select Change it to '''Virtual Network network1''' : NAT</li> <li>Click finish to exit the Virtual Machine Details dialog box.</li>
</ol>
</li>
</ol>
=== Investigation 2: How do you configure a static network using <code>system-config-network</code>. ===
{{Admon/note | Use fedora2 centos2 | Complete this investigation on your fedora2 centos2 VM.}}# Start '''fedora2centos2''' VM and login# On your '''fedora centos host''' run <code>ifconfig</code> and make note of the IP address assigned to the <code>virbr1</code> interface. This will be your the default gateway and DNS server for your Vm'sVMs.[[Image:new_network_dialog.png|thumb|350px]]# Make certain to return to your fedora2 VM.# To configure a new interface on fedora2 go to '''Applications'''->'''Other'''->'''Network Connections'''.# Make certain there are no '''"Wired"''' connections (even if you have to click on Edit the connection name and click the '''Delete''' button.# Create a new existing wired connection, with the "Connection Name" at the top to read '''eth1'''# Click on the '''Add''' button, and select In the '''IPv4 Settings''' tab.# Change change the method from "Automatic (DHCP)" to '''"Manual"'''.
# In the '''Addresses section''', click '''"Add"'''.
# Manually set the IP configuration to:
#: IP Address '''192.168.235.12'''
#: Subnet Mask '''255.255.255.0'''
#: Default Gateway '''192.168.235.1''' (The IP address of <code>virbr1</code> on your fedora centos host.)# Click on the '''DNS''' field and add '''192The IP address of <code>virbr1</code> on your centos host.168.235.1''' as the primary DNS server.# Click '''Save''' to Finish, and exit the Network Connections dialog box.# Your network connection may take a couple of minutes to reconfigure connect (view the Network Manager applet in the gnome panel at the top of the screen). If there is no connection after a few minutes, you should be able to right-click on the applet and click "eth1" to connect.# You should be able to use the systemctl command service commands to restart your network.#'''Restart your network''' on fedora2 by issuing the commands:#*<code>systemctl service network stop NetworkManager.service</code>#*<code>systemctl service network start NetworkManager.service</code>
# Verify your new interface by examining the output of <code>ifconfig</code>
# To verify that fedora2 centos2 has the correct default gateway configured, enter use the command: commands <code>route -n</code># Verify the network by using: , <code>ifconfig</code>, <code>nslookup</code>, and <code>ping 192.168.235.1</code>
'''Answer the Investigation 2 observations / questions in your lab log book.'''
=== Investigation 3: What files does the <code>system-config-network</code> GUI tool change?. ===
{{Admon/note | Use fedora1 centos1 | Complete this investigation on your fedora1 centos1 VM.}}
{{Admon/note | Backing up Files |One very important aspect of system admin is performing backups. There are many methods for backing up the data on a a computer system.<br />The following is an example of a common backup system used in Business Unix/Linux systems:<br /><br />'''Full Backup''': Backup all specified files (eg. configuration, data files, etc)<br />'''Incremental Backup''': Backup of only files that have changed since last (full) backup<br /><br />When the system is required to be fully restored, then the '''full backup''' is recovered, followed by each .<br />In this investigation, you will learn how to perform an '''incremental backup''' using the <code>find</code> utility|}}
# Start the '''fedora1centos1''' VM and login# Before we configure fedora1 centos1 we should create a timestamp file that can be used to see which files have changed as a result of using the GUI tool.
#* <code>date > /tmp/timestamp</code>
# Run the network configuration tool and enter the following static configuration in the same way that you configured '''fedora2centos2'''.
#* IP Address: '''192.168.235.11'''
#* Subnetmask: '''255.255.255.0'''
#* DNS Server: '''192.168.235.1'''
# Save and exit the network configuration tool.
# Restart You may have to restart the NetworkManager servicenetwork using the correct command.# Verify the configuration by pinging fedora centos host ('''192.168.235.1''') and fedora2 centos2 ('''192.168.235.12''')# To verify that fedora1 has the correct default gateway configured, enter the command <code>route -n</code>
{{Admon/note | Creating an Incremental Backup |
:*Copy those configuration files to a "specified" directory for backup purposes
Previously, you created a file called <code>/tmp/timestamp</code> that just contains the current date and time prior to running the network configuration toool for fedora2.centos1. Any files that were modified by the GUI network configuration program should have a timestamp later (or newer) than the "timestamp" file you created. All the Linux TCP/IP configuration files are stored under the '''/etc''' directory or its sub-directories. The <code>find</code> command (using the correct options) can be used to only list those files that have been recently created since the timestamp date contained in the <code>/tmp/timestamp</code> file.|}}
<ol>
=== Investigation 4: How do I configure the network without a GUI tool? ===
{{Admon/note | Use fedora3 centos3 | Complete this investigation on your fedora3 centos3 VM.}}# Start '''fedora3centos3''' VM and login as root
# Use the command <code>ifconfig</code> to list active interfaces, you should see one with a name of <code>eth0</code> or a similar name.
# To configure your card with a static address use the following command:
#* <code>ifconfig</code>
#* <code>route -n</code>
#* <code>ping</code> your other VM's and fedora centos host.
#* <code>ssh</code> to your matrix account to test DNS
# Restart the <code>fedora3centos3</code> VM, or just wait a few minutes.
# Login and test your configuration again. What happened?
# While we can configure network settings from the command line those settings are not persistent. To configure persistent network configurations we need to edit the configuration files:
#* List the contents of the directory and you should see 2 different types of files, network config scripts and network configuration files.
#* look Look for the config file for your original interface, it should be named <code>ifcfg-eth0</code>#* Copy that Make a backup of this file to <code>ifcfg-eth<b>N</b></code> where <b>N</b> relates to your current eth interface number (we will use <b>eth1</b> as an example)for later reference.#* Edit the new file for you interface and give it the following settings(or create a brand new file, might be easier than editing the old one):#**DEVICE="eth1eth0" <-- '''or the interface name YOU have '''
#**IPADDR="192.168.235.13"
#**NETMASK="255.255.255.0"
#**GATEWAY="192.168.235.1"
#**HWADDR="52:54:00:3f:5c:fa" <-- '''use the HWADDR MAC address for YOUR interface
#**DNS1="192.168.235.1" '''
#**BOOTPROTO="static"
#**NM_CONTROLLED="yes"
#**IPV6INIT="no"
# Save the file and then restart the network connection by issuing the commands: <code>ifdown eth1</code> and then <code>ifup eth1</code><br /><br ><b>NOTE: </b>If there are errors, check that the hardware address in the config file matches the hardware address of the device its configuring<br /><br />
# Verify your configuration as you did before.
# Login and attempt to <code>ssh</code> to your matrix account to verify the settings.
=== Investigation 5: How do I setup local hostname resolution? ===
{{Admon/note | Use each machine | Complete this investigation on all of your VM's and the Fedora centos host.}}
{{Admon/note | Hosts files vs. the Domain Name System | On large public networks like the Internet or even large private networks we use a network service called [http://en.wikipedia.org/wiki/Domain_Name_System Domain Name System (DNS)] to resolve the human friendly hostnames like '''fedoraprojectcentos.org''' to the numeric addresses used by the IP protocol. On smaller networks we can use the <code>/etc/hosts</code> on each system to resolve names to addresses.}}
# Use the <code>hostname</code> and <code>ifconfig</code> commands on your fedora centos host and all 3 VM's to gather the information needed to configure the <code>/etc/hosts</code> file on the fedora centos host and the 3 VM's.# Edit the <code>/etc/hosts</code> file on <u>each</u> of the '''virtual machines and the fedora centos host'''. Refer to the table below for information to enter in the <code>/etc/hosts</code> file.
|
<pre>
# hostname fedora1 centos1 added to /etc/hosts by anaconda127.0.0.1 localhost.localdomain localhost fedora1centos1::1 localhost6.localdomain6 localhost6 fedora1centos1
192.168.235.1 f17hostc6host192.168.235.11 fedora1centos1192.168.235.12 fedora2centos2192.168.235.13 fedora3centos3
</pre>
|}
=== Investigation 6: How do I collect the MAC (Hardware) addresses of computers on my network? ===
{{Admon/note | Use your Fedora CentOS Host | Complete this investigation on your Fedora CentOS host.}}
{{Admon/note | Obtaining Remote MAC Addresses| The term '''MAC''' address stands for '''Media Access Control''' address, which provides a unique ID to prevent confusion among computer systems within a network. While we use '''32bit IP addresse'''s to communicate over an internetworkinternet, on the local ethernet network packets are delivered to a '''48bit hardware address''' (sometimes called a MAC address). The '''ARP''' protocol resolves 32bit IP addresses to 48bit MAC addresses by using a broadcast and caching the results. We can examine the ARP cache to get the MAC addresses of other computers on our local network.<br /><br />Being able to determine remote MAC address information is useful from troubleshooting networking programs to using '''WOL''' (Wake up on Lan) to automatically boot remote workstations via the network. In this investigation, you will learn how to obtain MAC address information for various network cards.}}
# On the fedora centos host <code>ping</code> each of your VM's
# Examine the contents of the ARP cache by using the command <code>arp</code>
# Check the contents of the cache again by using the command <code>arp -n</code>
# What was the difference in output? For what other command did -n have a similar effect?
'''Answer the Investigation 6 observations / questions in your lab log book.'''
=== Investigation 7: How can I see what network services or ports are active on my CentOS system? ===
{{Admon/note | Use Network Ports | When our CentOS system provides any services on a network, those services are accessible through a port number. All Machines | Complete this investigation network services are configured to be accessed on a particular port number. By examining which ports are active on all our system we can know what services (and points of your VM's attack) are available on our system. The ability to examine this information is important for troubleshooting network services and securing our systems. One great tool for this is the Fedora host<code>netstat</code> command.}}
# This command will list all active TCP ports. Note the state of your ports.
# TCP is a connection oriented protocol that uses a handshaking mechanism to establish a connection. Those ports that show a state of LISTEN are waiting for connection requests to a particular service. For example you should see the <code>ssh</code> service in a LISTEN state as it is waiting for connections.
# From one of your VM's login to your host using <code>ssh</code>
# On the fedora CentOS host rerun the command and in addition to the LISTEN port it should list a 2nd entry with a state of ESTABLISHED. This shows that there is a current connection to your ssh server.# Exit your ssh connection from the VM and rerun the command on the fedora CentOS host. Instead of ESTABLISHED it should now show a state of CLOSE_WAIT. Indicating that the TCP connection is being closed.# On your fedora CentOS host try the command <code>netstat -atn</code>. How is this output different?
# Without the <code>-n</code> option <code>netstat</code> attempts to resolve IP addresses to host names (using /etc/hosts) and port numbers to service names (using /etc/services)
# Examine the <code>/etc/services</code> file and find which ports are used for the services: <code>ssh, ftp, http</code>
'''Answer the Investigation 7 observations / questions in your lab log book.'''
=== Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration ===
{{Admon/note | Use the f17host c6host | Complete the following steps on your '''f17hostc6host''' computer systemmachine.}}
{{Admon/note | | [http://en.wikipedia.org/wiki/Iptables Iptables] is the built-in firewall for LINUX. While this program can be controlled by different GUI'sGUIs, we are going to investigate the powerful command line interface for this program to choose what data is allowed into, out of and through our computer.
Essentially, Iptables is a list of rules. Each rule is placed into a particular chain and when data is sent into, out of or through a PC the data is checked against these rules. If the data matches a particular rule, it then must “jump” to a condition. Simple conditions include ACCEPT, DROP and LOG but there are also more complex conditions that can be applied and there is even the option to create your own conditions.
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded.}}
# As root on the fedora CentOS host enter the following commands at the prompt:
#* <code>iptables -F</code> (This flushes out or clears all of your rules from the chains)
#* <code>iptables -L</code>
# Confirm that your rule works by testing from your VM's
# Does iptables close the port? Check using <code>netstat</code>
# Now insert a rule on the fedora CentOS host that would ACCEPT connections from the fedora2 centos2 VM only.
# Fully test your configuration.
<li>Verify that the file <code>/etc/sysconfig/iptables</code> was updated with your new rules.</li>
<li>Restart your iptables service and test your configuration. </li>
<li>Write a short bash script to add a rule allowing the fedora1 centos1 and fedora3 centos3 VM's to connect to <code>ssh</code> on the fedora CentOS host.</li>
</ol>
Now you should have the following network configuration:<br /><br />
[[Image:new-network-config2config.png]] * '''Fedora host''' has 1 active network interface (probably <code>'''em1'''</code>)that receives IP configuration from the School's DHCP server.* '''Fedora host''' has 1 active network interface (<code>'''virbr1'''</code>) that has a static default configuration of '''192.168.235.1/255.255.255.0'''* '''Fedora1''' VM has 1 active interface (<code>'''eth1'''</code>) that has a static configuration of '''192.168.235.11/255.255.255.0'''* '''Fedora2''' VM has 1 active interface (<code>'''eth1'''</code>) that has a static configuration of '''192.168.235.12/255.255.255.0'''* '''Fedora3''' VM has 1 active interface (<code>'''eth1'''</code>) that has a static configuration of '''192.168.235.13/255.255.255.0'''
* '''CentOS host''' has 1 active network interface (probably <code>'''em1'''</code>)that receives IP configuration from the School's DHCP server.
* '''CentOS host''' has 1 active network interface (<code>'''virbr1'''</code>) that has a static default configuration of '''192.168.235.1/255.255.255.0'''
* '''centos1''' VM has 1 active interface (<code>'''eth0'''</code>) that has a static configuration of '''192.168.235.11/255.255.255.0'''
* '''centos2''' VM has 1 active interface (<code>'''eth0'''</code>) that has a static configuration of '''192.168.235.12/255.255.255.0'''
* '''centos3''' VM has 1 active interface (<code>'''eth0'''</code>) that has a static configuration of '''192.168.235.13/255.255.255.0'''
== Completing the lab ==
Arrange proof of the following on the screen:
# A list <code>ifconfig</code> from all 3 VM's# The contents of your <code>iptables/etc/hosts</code> rules.on each machine
# The contents of your <code>arp</code> cache.
# <code>ssh</code> from fedora2 centos2 to fedora the CentOS host.# <code>ifconfig</code> from all 3 VM's
# Contents of <code>/tmp/lab6</code> directory.
# Fresh backup of the virtual machines.
# A list of your <code>iptables</code> rules.
== Preparing for Quizzes ==
