:** Netfilteriptables/firewalld services::*** VM1: iptables:Enable (enable iptables and disable firewalld, do not perform any NAT at this stage.):*** VM2-VM4: firewalld Enabled

:* Identification and authorization: create a regular user account (using verify and confirm that you have the "student" and your "Seneca user name) and configure your " accounts. Make sure that both account to allow you to ssh from matrix without prompting for login password.

:Please based on this [https://scs.senecac.on.ca/~raymond.chan/spr500ops535/ndnetwork/SPR500-virtual-lab-v1ops535_virtual_lab_network_diagram.pdf SPR500 OPS535 Virtual-lab Network Diagram] to figure out the necessary network configuration so that all your VMs are reachable from all other VMs (i.e. all the VMs in our SPR500 OPS535 Virtual-lab using the 192.168.x.y address space. Click [https://ictgithub.senecacollege.cacom/rayfreeping/ops535/raw/~raymond.chanmaster/spr500vitrual_lab/SVL_routing_slidesops535_VLS_routing_slides.pdf here] for more details network diagram for routing configuration.

: Sample routing scripts (for reference only, do not use it as is) can be found [[VN2VNVLS2VLS-Routing|here]].

: <font color='red'>IMPORTANT:</font> All the IP address 172.1620.x.y (where 172.1620.x is your network number, and y is the host part of the IP address) are assignment to your VMs by the DHCP server in the SPR500 OPS535 Virtual-lab. This range of IP addresses are normally assigned to the virtual network adaptor named ens192 (may be changed in the future) on each VM. Please do not change these IP addresses, otherwise, you will cut the VM off from the network and you won't be able to ssh back into it againfrom matrix.

: The VM1 on each student's LAN segment has three virtual network adaptorsadapters: ens192, ens224, and ens256 and this VM will be used as the gatewayfrom now on. All incoming network traffic to 192.168.x.0/24 network (i.e. to VM2, VM3 and VM4) must go through your gateway. The three virtual network adaptors adapters on VM1 are 'wired' for the following purpose::* ens192 for connecting to the Internet and also for gateway to gateway connection within the SPR500 OPS535 Virtual Lab

:** leave the 172.1620.x.y IP address that is assigned to your gateway's (VM1) ens192 intact. Do not change it.

:** we will may config the ens256 interface in later lab.

:** Leave the 172.1620.x.y IP address that is assigned to your VMs (VM2, VM3, and VM4) on ens192 intact. Do not change it.

: There are more than thirty network virtual LAN segments (VLS) in the SPR500 OPS535 Virtual Lab, each network Virtual LAN segment should use the private network address space 192.168.x.0/24 for local traffic. VMs in each local LAN segment should be reachable via the gateway using (your VM1) with the IP address 172.1620.x.1 from VMs in other LAN segment VLSs in the lab. The value of x is also ranging from 1 to 3043.* On each VM in your LAN segmentVLS, you can either add a custom route for each LAN segment other VLS in the labusing your VM1's private IP (192.168.x.1) as the gateway. You may In this case, you need to add a maximum of 29 42 routes in order to reach all the VMs in the other 29 LAN segments managed by your classmates42 VLS. You <b>DO NOT</b> need a custom route to your own LAN segmentVLS. * Use the command "You can also simply add a single route add -net to 192.168.x.0 netmask 255.255.255.0 gw 172./16using your VM1's private IP as the gateway.x.1" * You can either use the nmtui utility to add a static custom route for each network x VLS y that you want to reach. Replace x with or use the actual value when running nmcli command as given in [[VLS2VLS-Routing| the route command.wiki page on VLS to VLS routing]]* Use Before moving on to the next step, use the "ip route -n" command or "netstat -rn" command to check confirm your current kernel routing tableon your VM1.

=== ON each VM VM2, VM3, and VM4 ===* Use the command "ip route -n" or "netstat -rnshow" to verify the default route in all your VMs' kernel routing table. It should point to 172.16.255.1. Report to your professor if it is not.* Add the same custom route(s) to each virtual LAN segement y managed by VM2, VM3, and VM4 in your classmate (talk VLS to other VLSs your classmates want to find out their assigned network numbers) using reach. Each custom route should use 192.168.x.1 as the gateway (different from the NOT as a default gateway) in each of your VMsVM2 to VM4. You can either use the nmtui utility or the nmcli command.For details, consult [[VLS2VLS-Routing | this wiki page on VLS to VLS routing]]

Pair up with one of the member student in your group class who has completed the routing configuration. The following steps assume that your network number is "x" and his/her network number is "y".Perform the following test with him/her:# Ping from your gateway to his/her gateway's external IP address: 172.1620.y.1. Move on to the next step if the result is positive.

# Ping from your VM to your gateway's external IP address: 172.1620.x.1. Move on to the next step if the result is positive.# Ping from your VM to his/her gateway's external IP address: 172.1620.y.1. Move on to the next step if the result is positive.

If any of the tests mentioned above failed, you need to check the IP address assignment and/or the routing configuration on all VMs (yours and your partner's) and fix any mistakes until all the tests mentioned above are successful. <font color='red'>Make sure that <b>netfilter (iptables service)</b> is not blocking the trafficand both you and your classmate have enable <b>ip_forward</b> on VM1s.</font>

* On Run the script provided on Blackboard and run it on all your gateway (the one with 3 network adaptors )four VMs, generate a public/private rsa key pair for SSH under your regular user account. Copy capture the public key to each of your VM to enable passwordless SSH session. Copy your public key to a file named [student_id].pub output and upload to blackboard. Make sure to secure your private key.name them as* Provide evidence to show that you have the followings in a PDF file name "student_id-lab2-ss* lab6vm1.pdf":txt on VM1,** your VMs have connectivity to your partner's VMslab6vm2.txt on VM2,** a screen shot of the generation of your public/private key pairlab6vm3.txt on VM3, and* Capture the output of the commands "sestatus", "ip addr", "ip route", and "iptables -L -v -n" on your gateway to a text file named "student_id-lab2* lab6vm4.txt".Please add appropriate heading to each section in the text fileon VM4. * Note: replace "student_id" with your actual Seneca user name. * Upload the pdf, pub, and txt file Submit all four files to blackboard Blackboard by the due date.