1,576
edits
Changes
no edit summary
{{Admon/caution|THIS IS AN OLD VERSION OF THE LAB|'''This is an archived version. Do not use this in your OPS235 course.'''}}
=LAB PREPARATION=
==Purpose / Objectives of Lab 6==
[[Image:network.png|thumb|right|150px|Setting up networks is an essential operation for a system administrator. Maintaining network connectivity and securing the network are also essential operations for a system administrator.]]
In this lab, you will learn the basics of networking by using your '''Virtual Machines''' and your '''c7host''' machine. You will first set up a virtual private network among those machines. In addition, you will learn to set up '''network names''' (to associate with server's IP Addresses), '''associate network services with port numbers''' for troubleshooting purposes, and setup '''firewall policies''' via the '''iptables''' command.
# Make certain that <u>'''ALL'''</u> virtual machines are powered off.
# In the Virtual Machine Manager dialog box, Select '''Edit'''-> '''Connection Details'''.
# In the '''c6host c7host Connection Details''' dialog box, select the '''Virtual Networks''' tab
# Disable the default configuration from starting at boot by '''<u>deselecting</u>''' '''Autostart (on boot)''' check-box and click the '''Apply''' button.
# Then Stop the default network configuration by clicking on the '''stop''' button at the bottom left-side of the dialog box.
[[Image:new_network_dialog.png|right|thumb|250px|Although the private network has been setup via the '''Virtual Machine Manager''', each virtual machine requires to change its own network setting individually (either '''graphically''' or by '''command line''').]]
# On your '''c7host''' machine, run <b>ifconfig</b> and make note of the IP address assigned to the '''virbr1''' (i.e. "Virtual Bridge) interface. This will be the default gateway and DNS server for your VMs.
# Start your '''centos2centos1''' VM and login.
# Within your centos1 VM, click '''Applications''' menu, then select '''System Tools''', and then '''Settings'''.
# In the ''Settings'' Dialog Box, click on the '''Network''' icon.
# In the '''IPv4 Settings''' tab change the method from "Automatic (DHCP)" to '''"Manual"'''.
# In the Addresses section, enter the following information:
#: IP Address: '''192.168.235.1211'''
#: Subnet Mask: '''255.255.255.0'''
#: Default Gateway: The IP address of '''virbr1''' on your centos host.
# When finished, check your settings, and then click the '''Apply''' button.
# Open a terminal and issue the '''ifconfig''' command to confirm the IP ADDRESS settings change.
# Verify that '''centos2centos1'''VM is now connected to the VPN by issuing the following command from your '''c7host''' machine:<br><b><code><span style="color:#3366CC;font-size:1.2em;">ping 192.168.235.1211</span></code></b>
'''Answer Part 2 observations / questions in your lab log book.'''
== Part 3: Backing up Only Recent File Changes ==
This part is a repeat of part2, except we will be demonstrating how to use the '''find''' command to backup recent changes to files. In this case, we will save date/time stamp information in a file, configure to connect '''centos1centos2''' to the network, run the '''find''' command, and prove that the incremental backup worked (showing the files created as a result of the configuration of centos1 to the VPN).
{| width="40%" align="right" cellpadding="10"
|}
# Keep your '''centos2centos1''' VM running (you will need it running later in this lab).# Start the '''centos1centos2''' VM and login# Before we configure centos1 centos2 network configuration, we should create a timestamp file that can be used to see which files have changed as a result of using the GUI tool. Issue the following command:
#: <b><code><span style="color:#3366CC;font-size:1.2em;">date > /tmp/timestamp</span></code></b>
# Run the network configuration tool and enter the following static configuration in the same way that you configured '''centos2centos1'''.#* IP Address: '''192.168.235.1112'''
#* Subnetmask: '''255.255.255.0'''
#* Default Gateway: '''192.168.235.1'''
#: <b>nameserver 192.168.235.1</b>
# Save your editing session.
# Confirm your settings work by doing the following(you might need to do the steps '''3''' and '''4''' a few times before it works; keep checking with the commands below and wait a bit before each attempt):
#: <b><code><span style="color:#3366CC;font-size:1.2em;">ifconfig</span></code></b>
#:<b><code><span style="color:#3366CC;font-size:1.2em;">route -n</span></code></b>
#::NETMASK="255.255.255.0"
#::GATEWAY="192.168.235.1"
#::HWADDR="52:54:00:3f:5c:fa" <-- '''use the DO NOT COPY THIS VALUE! Use MAC address for YOUR interfaceusing:''' <code><span style="color:#3366CC;font-size:1.2em;">ifconfig eth0</span></code>
#::DNS1="192.168.235.1" '''
#::BOOTPROTO="static"
'''Answer Part 4 observations / questions in your lab log book.'''
=INVESTIGATION 2: VIRTUAL NETWORKING ENVIRONMENT TWEAKS AND OTHER USEFUL UTILITIES=
<li>This entry in the OUTPUT policy will therefore log all packets being sent out of the machine.</li>
<li>Try to access the Internet again. Because the policies have been set to DROP, you should be unsuccessful. However, every packet of data that your PC attempted to send out was logged. Let's have a look at the log file and analyze the data:<br><b><code><span style="color:#3366CC;font-size:1.2em;">tail /var/log/messages</span></code></b></li>
<li>This command shows us the last 10 lines of the file. While there are many things being logged to this file, the last thing we did was try to access the Internet so we should be able to see the data we need. Look for a line that looks similar to the following:<br /><blockquote><code>Jun 24 12:41:26 c6host c7host kernel: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16442 DF PROTO=TCP SPT=57151 DPT=5902 WINDOW=1024 RES=0x00 ACK URGP=0</code></blockquote></li>
<li>Your IP, host names and date will be different, but the one thing that should be the same is the DPT=80 value.</li>
<li>When your computer tried to send OUT a request to connect to the Internet using the WWW, the computer used a destination port of 80. This is the standard port for the WWW. Because we have set the default policy to DROP it drops these packets. The problem is we are dropping all packets. What if we just want to drop the WWW packets?</li>
=== Making iptables Policies Persistent ===
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded. When your iptables service starts or at boot time it has to load the rules from the file '''/etc/sysconfig/iptables-config'''.
The final section below teaches you to make your iptables settings permanent.
# Make a backup of the file '''/etc/sysconfig/iptables'''# Examine the file to see how rules are added.# Issue by issuing the command: <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables.bk</span></code></b> to save #To make the iptables rules '''persistent''' (i.e. keeps rules when system restarts), you added with issue the iptables command, above: <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables</span></code></b># Verify that the file ''''/etc/sysconfig/iptables''' was updated with your new rulesexists.
# Restart your iptables service and test your configuration.
'''Arrange proof of the following on the screen:'''
<ol><li><span style="color:green;font-size:1.5em;">✓</span> '''centos1centos2''' VM:<blockquote><ul><li>Contents of '''/tmp/lab6''' directory.</li></ul><li><span style="color:green;font-size:1.5em;">✓</span> '''centos2''' VM:<ul><li>'''ssh''' from centos2 to the CentOS host</li></ul></blockquote></li></li><li><span style="color:green;font-size:1.5em;">✓</span> '''<u>All</u> VMs''':<blockquote><ul><li>'''ifconfig''' information</li><li>Contents of '''/etc/hosthosts''' file</li></ul></blockquote></li><li><span style="color:green;font-size:1.5em;">✓</span>'''c7host''' machine<blockquote><ul><li>'''arp''' cache information</li><li>Contents of '''/etc/hosthosts''' file</li><li>Proof of backup</li><li>A list of your '''iptables''' rules</li></ul></blockquote></li><li><span style="color:green;font-size:1.5em;">✓</span> '''Lab6''' log-book filled out.</li></ol>
= Preparing for = Practice For Quizzes , Tests, Midterm & Final Exam ==
# What is a port?
