13,420
edits
Changes
no edit summary
[[Category:OPS235]]{{Admon/caution|DraftLab|This lab has NOT been released for regular distribution. When the lab is ready to be released, this caution banner will disappear.}}
= Configuring a Network Using Virtual Machines =
==Overview==
* In this lab, you will learn the basics of networking by using your Virtual Machines and your f16host f17host machine.
* In addition, you will learn to associate network services with port numbers, and learn how to backup files by date/time.
==Required Materials (Bring to All Labs)==
* '''Fedora 16 17 LIVE CD''' - You can burn this onto a CD-R in the Open Lab* '''Fedora 16 x_64 17 x86_64 Installation DVD''' - You can burn this onto a DVD-R in the Open Lab (or burn image onto a DVD+R if you are using the Freedom Toaster).* '''SATA Hard Disk''' (in removable disk tray)* '''USB Memory Stick''' (minimum 64M)* '''Lab Logbook (Lab5 Reference Sheet)''' (to make notes and observations).
==Prerequisites==
== Lab Preparation ==
{{Admon/important | Live disc installations and system-config-network | The '''fedora1''' VM was installed from Live CD. It is missing the GUI Network Configuration tool we will be using. Use the command <code>yum install system-config-network</code> to install it.}}
{{Admon/important | Backup your VMs before proceeding | Stop all of your VMs and backup your VM disk images. Do not start the VMs until told to start them.}}
== Configuring a Network Using Virtual Machines ==
=== Investigation 1: How do you create a new virtual network. ===
{{Admon/note | Use the f16host f17host | Complete the following steps on your '''f16hostf17host''' computer system.}}
Before configuring our network we want to turn off dynamic network configuration for our Virtual Machines by turning off the "default" virtual network.
# On your '''f16hostf17host''' machine start Virtual Machine Manager
# In the Virtual Machine Manager dialog box, Select '''Edit'''-> '''Connection Details'''.
# In the '''Hosts''' Details dialog box, select the '''Virtual Networks''' tab
# '''Close''' the Virtual Manager, '''reboot''' your f16host, '''log-back into your f16host computer''', and '''restart''' the Virtual Machine Manager.
{{Admon/note | Repeat these steps for each VM | Complete the following steps on <u>each</u> of your virtual machines.}}
'''Answer the Investigation 1 observations / questions in your lab log book.'''
# To configure a new interface on fedora2 go to '''Applications'''->'''Other'''->'''Network Connections'''.
# Make certain there are no '''"Wired"''' connections (even if you have to click on the connection name and click the '''Delete''' button.
# Change Create a new wired connection, with the "Connection Name" at the top to read '''eth1'''
# Click on the '''Add''' button, and select the '''IPv4 Settings''' tab.
# Change the method from "Automatic (DHCP)" to '''"Manual"'''.
#: Subnet Mask '''255.255.255.0'''
#: Default Gateway '''192.168.235.1''' (The IP address of <code>virbr1</code> on your fedora host.)
# Click on the '''DNS''' tab field and add '''192.168.235.1''' as the primary DNS server.
# Click '''Save''' to Finish, and exit the Network Connections dialog box.
# Your network connection may connect (view the Network Manager applet in the gnome panel at the top of the screen). If there is no connection after a few minutes, you should be able to right-click on the applet and click "eth1" to connect.
# You should be able to use the systemctl command to restart your network.
#'''Restart your network''' on fedora2 by issuing the commands:#* <code><span style="background-color:yellow">systemctl stop NetworkManager.service</span></code>#*<code><span style="background-color:yellow">systemctl start NetworkManager.service</span></code>
# Verify your new interface by examining the output of <code>ifconfig</code>
# To verify that fedora2 has the correct default gateway configured, enter the command: <code>route -n</code>
{{Admon/note | Backing up Files |One very important aspect of system admin is performing backups. There are many methods for backing up the data on a a computer system.<br />The following is an example of a common backup system used in Business Unix/Linux systems:<br /><br />'''Full Backup''': Backup all specified files (eg. configuration, data files, etc)<br />'''Incremental Backup''': Backup of only files that have changed since last (full) backup<br /><br />When the system is required to be fully restored, then the '''full backup''' is recovered, followed by each .<br />In this investigation, you will learn how to perform an '''incremental backup''' using the <code>find</code> utility|}}
# Start '''fedora1''' VM and login
Previously, you created a file called <code>/tmp/timestamp</code> that just contains the current date and time prior to running the network configuration toool for fedora2.. Any files that were modified by the GUI network configuration program should have a timestamp later (or newer) than the "timestamp" file you created. All the Linux TCP/IP configuration files are stored under the '''/etc''' directory or its sub-directories. The <code>find</code> command (using the correct options) can be used to only list those files that have been recently created since the timestamp date contained in the <code>/tmp/timestamp</code> file.|}}
<ol>
<li>View the <code>/root/netcfg.lst</code> file. What does it contain?</li>
<li>Create a new directory called: <code>/tmp/lab6</code></li>
<li>Issue the following commandcommands:
<ul>
<li><code>mkdir -p /tmp/lab6</code></li>
<li><code>find /etc -newer /tmp/timestamp -exec cp {} /tmp/lab6 \;</code></li>
</ul>
{{Admon/tip | Tip | Just for interest, it is relatively simple to automate your backups. You just create a Bash Shell script file using the <code>find</code> command above, give the shell script executable permissions, and use the <code>crontab</code> command to schedule when this script is to be run. If you want to learn more about shell scripting, you can take or refer to the course called '''OPS435''' .}}
'''Answer the Investigation 3 observations / questions in your lab log book.'''
=== Investigation 4: How do I configure the network without a GUI tool?. ===
{{Admon/note | Use fedora3 | Complete this investigation on your fedora3 VM.}}
# Start '''fedora3''' VM and login as root
# Use the command <code>ifconfig</code> to list active interfaces, you should see one with a name of <code><span style="background-color:yellow">eth0</span></code> or a similar name.# To configure your card with a static address use the following command:#* <code><span style="background-color:yellow">ifconfig eth0 192.168.235.13 netmask 255.255.255.0</span></code>
# To configure a default gateway for that interface enter the command:
#* <code>route add default gw 192.168.235.1</code>
#* Change to the <code>/etc/sysconfig/network-scripts</code> directory on <code>fedora3</code>
#* List the contents of the directory and you should see 2 different types of files, network config scripts and network configuration files.
#* look for the config file for your original interface, it should be named <code><span style="background-color:yellow">ifcfg-eth0</span></code>#* Copy that file to <code>ifcfg-eth<span style="background-color:yellow"b>ifcfg-eth1N</spanb></code> or whatever name matches where <b>N</b> relates to your current eth interfacenumber (we will use <b>eth1</b> as an example).
#* Edit the new file for you interface and give it the following settings:
# Verify your configuration as you did before.
# Finally the kickstart file used to install this VM did not set the hostname. Edit the file <code>/etc/sysconfig/network</code> and set the hostname to <code>fedora3</code>
# Restart the <code>fedora3</code> VM.
# Login and attempt to <code>ssh</code> to your matrix account to verify the settings.
'''Answer the Investigation 4 observations / questions in your lab log book.'''
::1 localhost6.localdomain6 localhost6 fedora1
192.168.235.1 f13hostf17host
192.168.235.11 fedora1
192.168.235.12 fedora2
<li value="3">Confirm that each host can ping all three of the other hosts by name.</li>
</ol>
'''Answer the Investigation 5 observations / questions in your lab log book.'''
== Obtaining MAC Address / Service Port / Firewall Information ==
=== Investigation 6: How do I collect the MAC (Hardware) addresses of computers on my network? ===
# What was the difference in output?
'''Answer the Investigation 6 observations / questions in your lab log book.'''
=== <span style="background-color:yellow">Investigation 7: How can I see what network services or ports are active on my Fedora system?</span> ===
{{Admon/note | Use All Machines | Complete this investigation on all of your VM's and the Fedora host.}}
#* -aun
#* -autnp
'''Answer the Investigation 7 observations / questions in your lab log book.'''
=== Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration ===
{{Admon/note | Use the f17host | Complete the following steps on your '''f17host''' computer system.}}
{{Admon/note | | [http://en.wikipedia.org/wiki/Iptables Iptables] is the built-in firewall for LINUX. While this program can be controlled by different GUI's, we are going to investigate the powerful command line interface for this program to choose what data is allowed into, out of and through our computer.
'''FORWARD''' – LINUX PC's are often used as routers or gateways for other PC's. This means that data may have to be passed through this LINUX box, but the data is not intended for the LINUX PC nor is it being sent by the LINUX PC. Even though the data will go into this PC and it will exit this PC, the INPUT and OUTPUT chains do not apply here. Because the PC is acting as a router it does not actually send or receive data, it FORWARDS data from one machine to another. When this process happens, the data is checked against the FORWARD chain to see if it is allowed through. If it is the router will forward the data to it's destination. If not, the packet is dropped.}}
{{Admon/important | Non-Persistent Changes to your Host System | Complete this lab on your host system (f13hostf16host).
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded.}}
}}
==== Additional Exercises Final Tasks ====
# Using the information you have learned, try on your own to achieve the same goal as above (block www access to your computer) by using the INPUT chain instead of the OUTPUT chain.
{{Admon/note | iptables Service |When your iptables service starts or at boot time it has to load the rules from the file <code>/etc/sysconfig/iptables</code>.}}
<ol>
<li value="9">'''Make a backup of the file <code>/etc/sysconfig/iptables</code>'''</li>
<li>Examine the file to see how rules are added.</li>
<li>Issue the command: <code>iptables-save > /etc/sysconfig/iptables</code> to save the rules you added with the iptables command, above.</li>
<li>Verify that the file <code>/etc/sysconfig/iptables</code> was updated with your new rules.</li>
<li>Restart your iptables service and test your configuration. </li>
<li>Write a short bash script to add a rule allowing the fedora1 and fedora3 VM's to connect to <code>ssh</code> on the fedora host.</li>
</ol>
'''Answer the Investigation 8 observations / questions in your lab log book.'''
== New Configuration ==
[[Image:network-config2.png]]
* '''Fedora host''' has 1 active network interface (probably <code><span style="background-color:yellow">em0</span>'''em1'''</code>)that receives IP configuration from the School's DHCP server.* '''Fedora host''' has 1 active network interface (<code>'''virbr1'''</code>) that has a static default configuration of '''192.168.235.1/255.255.255.0'''* '''Fedora1''' VM has 1 active interface (<code><span style="background-color:yellow">em1</span>1'''eth1'''</code>) that has a static configuration of '''192.168.235.11/255.255.255.0'''* '''Fedora2''' VM has 1 active interface (<code><span style="background-color:yellow">em1</span>'''eth1'''</code>) that has a static configuration of '''192.168.235.12/255.255.255.0'''* '''Fedora3''' VM has 1 active interface (<code><span style="background-color:yellow">em1</span>'''eth1'''</code>) that has a static configuration of '''192.168.235.13/255.255.255.0'''
# Contents of <code>/tmp/lab6</code> directory.
# Fresh backup of the virtual machines.
== Preparing for Quizzes ==
