1,576
edits
Changes
m
* Learn how to use the VMWare EXSi web console to access your VMs
Protected "Ops535-online-lab-routing": OER transfer ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
=Objectives:=
* Learn and respect the DOs and DON'Ts in the OPS535 Virtual Lab
* Configure VMs and routing in your Virtual LAN segment for building and testing web services (e.g. DNS, and SMTP)
:** iptables/firewalld services:
:*** VM1: iptables (do not perform any NAT at this stage.)
:*** VM2-VM4: firewalld Enable (Enabled
:** SELinux: in enforcing mode
:* Identification and authorization: verify and confirm that you have the "student" and your "Seneca user name" accounts. Make sure that both account allow you to ssh from matrix without prompting for login password.
: There are more than thirty virtual LAN segments (VLS) in the OPS535 Virtual Lab, each Virtual LAN segment should use the private network address space 192.168.x.0/24 for local traffic. VMs in each local LAN segment should be reachable via the gateway (your VM1) with the IP address 172.20.x.1 from VMs in other VLSs in the lab. The value of x is also ranging from 1 to 43.
* On each VM in your VLS, you can either add a custom route for each other VLS in the lab using your VM1's private IP (192.168.x.1) as the gateway. In this case, you need to add a maximum of 42 routes in order to reach all the VMs in the other 42 VLS. You <b>DO NOT</b> need a custom route to your own VLS. You can also simply add a single route to 192.168.0.0/16 using your VM1's private IP as the gateway.
* You can either use the nmtui utility to add a static custom route for each VLS y that you want to reach or use the nmcli command as given in [[VLS2VLS-Routing| herethe wiki page on VLS to VLS routing]]
* Before moving on to the next step, use the "ip route" command to confirm your current kernel routing table on your VM1.
=== ON each VM VM2, VM3, and VM4 ===* Use the command "ip route -n" or "netstat -rnshow" to verify the default route in all your VMs' kernel routing table. It should point to 172.16.255.1. Report to your professor if it is not.* Add the same custom route(s) to each virtual LAN segement y managed by VM2, VM3, and VM4 in your classmate (talk VLS to other VLSs your classmates want to find out their assigned network numbers) using reach. Each custom route should use 192.168.x.1 as the gateway (different from the NOT as a default gateway) in each of your VMsVM2 to VM4. You can either use the nmtui utility or the nmcli command.For details, consult [[VLS2VLS-Routing | this wiki page on VLS to VLS routing]]
= Network Connectivity Testing =
Pair up with one of the member student in your group class who has completed the routing configuration. The following steps assume that your network number is "x" and his/her network number is "y".Perform the following test with him/her:# Ping from your gateway to his/her gateway's external IP address: 172.1620.y.1. Move on to the next step if the result is positive.
# Ping from your gateway to his/her gateway's internal IP address: 192.168.y.1. Move on to the next step if the result is positive.
# Ping from your VM to your gateway's internal IP address: 192.168.x.1. Move on to the next step if the result is positive. (from VM2, VM3, VM4, one at a time, same below)
# Ping from your VM to your gateway's external IP address: 172.1620.x.1. Move on to the next step if the result is positive.# Ping from your VM to his/her gateway's external IP address: 172.1620.y.1. Move on to the next step if the result is positive.
# Ping from your VM to his/her gateway's internal IP address: 192.168.y.1. Move on to the next step if the result is positive.
# Ping from your VM to his/her VM's IP address: 192.168.y.z. (z: 2,3,4)
# Ask your partner to repeat the same steps above.
If any of the tests mentioned above failed, you need to check the IP address assignment and/or the routing configuration on all VMs (yours and your partner's) and fix any mistakes until all the tests mentioned above are successful. <font color='red'>Make sure that <b>netfilter (iptables service)</b> is not blocking the trafficand both you and your classmate have enable <b>ip_forward</b> on VM1s.</font>
=Completing the Lab=
* On Run the script provided on Blackboard and run it on all your gateway (the one with 3 network adaptors )four VMs, generate a public/private rsa key pair for SSH under your regular user account. Copy capture the public key to each of your VM to enable passwordless SSH session. Copy your public key to a file named [student_id].pub output and upload to blackboard. Make sure to secure your private key.name them as* Provide evidence to show that you have the followings in a PDF file name "student_id-lab2-ss* lab6vm1.pdf":txt on VM1,** your VMs have connectivity to your partner's VMslab6vm2.txt on VM2,** a screen shot of the generation of your public/private key pairlab6vm3.txt on VM3, and* Capture the output of the commands "sestatus", "ip addr", "ip route", and "iptables -L -v -n" on your gateway to a text file named "student_id-lab2* lab6vm4.txt".Please add appropriate heading to each section in the text fileon VM4. * Note: replace "student_id" with your actual Seneca user name. * Upload the pdf, pub, and txt file Submit all four files to blackboard Blackboard by the due date.
[[Category:OPS535]][[Category:rchan]]