932
edits
Changes
m
<ul><li>Due to a [https://bugzilla.redhat.com/show_bug.cgi?id=1468914 known issue], you will have to restart the NetworkManager service before this change becomes apparent.</li></ul>
→Investigation 2: Advanced uses of FirewallD: - removing note about old bug
[[Category: OPS535]][[Category: OPS535 LABS-Labs]][[Category: peter.callaghan]]
=OPS535 Lab 1=
== Resources ==
* [https://scswiki.senecaccdot.onsenecacollege.ca/~raymond.chan/images/ndwiki/File:OPS535-network-diagram-for-routing-config.png Link to Network Diagram for Labs/Assignments]
* [https://wiki.cdot.senecacollege.ca/wiki/Virtual-Lan Link to virtual-lan setup]
* [http://zenit.senecac.on.ca/wiki/index.php/OPS535_Network_Address Link for assigned network address lookup]
</ul>
<li>Boot each virtual machine and provide it a static address according to the following table. Do not alter the address it already has for your internal network.</li></ol>
{| class="wikitable" | style="margin-left:50px; style="border: 2px solid black;" | "|- style="font-weight:bold; text-align:center;"| style="border: 2px solid black;" | Hostname | style="border: 2px solid black;" | Address for external network|-| style="background-color:#66cccc; border: 2px solid black;" | vm1.<yourdomain>.ops | style="background-color:#66cccc; border: 2px solid black;" | 192.168.X.53/24|-| style="background-color:#66cccc; border: 2px solid black;" | vm2.<yourdomain>.ops | style="background-color:#66cccc; border: 2px solid black;" | 192.168.X.2/24|-| style="background-color:#66cccc; border: 2px solid black;" | vm3.<yourdomain>.ops | style="background-color:#66cccc; border: 2px solid black;" | 192.168.X.3/24|}
==Investigation 2: Advanced uses of FirewallD==
Having removed the default network, you have also removed the firewall settings it was providing for you that allowed your machines to communicate with the outside world. Perform the following steps on your host.
<ol><li>Set the virtual interface that is assigned to your new virtual network to be part of the ‘external’ zone. Make sure the change will be permanent.</li>
<li>Ensure Masquerading is set to off for this zone.</li>
<ul><li>While masquerading would allow our machines to reach the network outside by hiding their internal addresses behind the host machine’s address, it would not help us allow new connections to be made to the servers inside our network. We will have to set that up ourselves.</li></ul>
<li>Make sure these changes persist past rebooting.</li></ul>
</ol>
==Investigation 3: Routing==
In the previous investigation you configured the firewall on the host to allow your virtual machines to communicate with other students’ networks as well as the outside world, but they can not actually reach
<li>On each virtual machine make sure that the interface that is set in the 'external' zone is the only one that has a default route set, and that it is directed to your host machine's address in the same network.</li>
<li>From your host and all VMs, ping another student’s host and VMs. You should get responses back. If not, go back and trouble shoot your routing rules.</li>
<li>Make sure that this behaviour continues past reboot.</li>
</ol>
==Completing the Lab==
You should now have a better network configuration for your VMs. Each machine has access to the internal-only network it already had, but now has the second network interface configured to allow
