1,234
edits
Changes
→LAB PREPARATION
=LAB PREPARATION=
[[Image:my-network.png|thumb|right|350px|Setting up networks is an essential operation for a system administrator. Maintaining network connectivity and securing the network are also essential operations. In this lab, we will '''configure a Virtual Private Network private virtual network using static IP addresses''' (eg. wired workstation connections). We will learn how to setup a DHCP network (eg. for notebook, table and smartphones) in lab 8.]]
===Purpose / Objectives of Lab 6===
In this lab, you will learn the basics of networking by using your '''Virtual Machines'''. You will first set up a '''virtual private network (VPN)''' among those machines. In addition, you will learn to set up '''network names''' (to associate with server's IP Addresses), '''associate network services with port numbers''' for troubleshooting purposes, and use shell scripts with arrays to store network configuration data.
<u>Main Objectives</u>
# Configure a private (virtual) network for your '''VMs''' and your '''c7host''' machine
# Configure network interfaces for your Virtual Machines using both '''graphical''' and '''command-line''' utilities.
# Use '''local hostname resolution''' to resolve simple server names with their corresponding IP Addresses
|style="padding-left:20px;" | Networking Utilities<br>
[http://man7.org/linux/man-pages/man8/ifconfig.8.html ifconfig]<br>
[http://man7.org/linux/man-pages/man8/ip.8.html ip]<br>
[http://www.serverlab.ca/tutorials/linux/administration-linux/configure-centos-6-network-settings/ system-config-network]<br>
[http://man7.org/linux/man-pages/man8/route.8.html route]<br>
[http://man7.org/linux/man-pages/man8/ping.8.html ping]<br>
[http://man7.org/linux/man-pages/man8/arp.8.html arp]<br>
[http://man7.org/linux/man-pages/man8/netstat.8.html netstat]|style="padding-left:20px;" | Networking Configuration Files<br>[httphttps://zenitwww.senecaccentos.onorg/docs/5/html/Deployment_Guide-en-US/s1-networkscripts-interfaces.cahtml Interface Configuration]<br>[https:/wiki/indexlinux.die.phpnet/IPTables iptablesman/5/resolv.conf resolv.conf]<br>
|style="padding-left:20px;" |Additional Utilities<br>
[http://man7.org/linux/man-pages/man1/find.1.html find]<br>
|}
=INVESTIGATION 1: CONFIGURING A VIRTUAL PRIVATE NETWORK (VPN)=
For the remainder of this course, we will focus on networking involving our VMs. This lab will focus on setting up a virtual private network ('''VPN'''), connecting our VMs and c7host machine to the VPNnetwork, and configuring our VPN private network to make more convenient to use, troubleshoot and protect. '''Lab 7''' will focus on configuring SSH and making access to the VPN private network more secure. Finally, '''lab 8''' will focus on configuring mobile (as well as wired devices) via DHCP to automatically assign an IP address.
There are several reasons for creating '''VPNs'''virtual networks. The main reason is to '''safely connect servers together''' (i.e. to safely limit but allow the sharing of information among computer network users). This allows for a secure connection of computers yet controlling access to and monitoring (protecting) access to permitted users (discussed later in '''lab7''').
If we are going to setup a private network, there are a number of steps to perform: First, '''define a new private network in the Virtual Manager application'''; and second, '''configure each of our VMs to connect to this new private network'''. In Part 1, we will be perform the first operation. In part 2, we will be performing the second operation for all VMS (graphical and command-line).
Before configuring our network, we want to '''turn off dynamic network configuration for our Virtual Machines''' by turning off the '''"default"''' virtual network. We will then define our virtual private network.
:'''Perform the following steps:'''
# In the '''Connection Details''' dialog box, select the '''Virtual Networks''' tab
# Click to <u>de-select</u> the '''Autostart (on boot)''' check-box options and click the '''Apply''' button.
# Stop the default network configuration by clicking on the '''stop''' button at the bottom left-side of the dialog box.
# Click the '''add''' button (the button resembles a "plus sign") to add a new network configuration.
# Type the network name called: '''network1''', and then click the '''Forward''' button.
<li value="1">Let's start with our '''centos1 VM'''. Double-click on your '''centos1''' VM, but instead of running the VM, click on the '''view''' menu, and select: '''Details'''<br />(Note: the Virtual Machine window will appear - do not start virtual machine)</li>
<li>In the '''left pane''' of the Virtual Machine window, select '''NIC:''' and note that this NIC is on the "default" virtual network</li>
<li>Change it to '''Virtual Network network1: NAT''' (i.e. the VPN network that you just created) and click the '''Apply''' button.</li>
</ol>
</li>
[[Image:new_network_dialog.png|right|thumb|300px|Although the private network has been setup via the '''Virtual Machine Manager''', each virtual machine requires to change its own network setting individually (either '''graphically''' or by '''command line''').]]
=== Part 2: Configuring Network For centos1 VM===
# When finished, check your settings, and then click the '''Apply''' button.
# Open a terminal and issue the '''ifconfig''' command to confirm the IP ADDRESS settings change.
# Verify that '''centos1'''VM is now connected to the VPN private network by issuing the following command from your '''c7host''' machine:<br><b><code><span style="color:#3366CC;font-size:1.2em;">ping 192.168.235.11</span></code></b>
[[Image:network-scripts.png|thumb|right|250px|Although you can use the '''ifconfig''' command to temporarily create a static IP address connection to a network, you need to add the network settings in the '''/etc/sysconfig/network-scripts''' directory to automatically connect to the network upon Linux system boot-up.]]
=== Part 3: Configuring VM Network Setup via Command Line ('''centos3''' and '''centos2''') ===
# Configure your '''centos3''' VM (in the '''View''' -> '''Details''' menu of Virtual Machine Manager) to configure the NIC interface to '''network1''', click '''Apply''', and switch your centos3 VM view from ''details'' to '''console'''.
# Start your '''centos3''' VM, login, and su to '''root'''.
# Use the command called: '''ifconfig''' to list active interfaces, you should see one with a name of '''eth0''' or a similar name.<br><br>NOTE: If the '''ifconfig''' command is NOT available in your centos3 vm, issue the command:<br>'''yum install net-tools'''<br><br>
# To configure your card with a static address use the following command:
#:<b><code><span style="color:#3366CC;font-size:1.2em;">ifconfig eth0 192.168.235.13 netmask 255.255.255.0</span></code></b>
# List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
# Look for the configuration file for your original interface, it should be named '''ifcfg-eth0'''
# Edit the new file for you your interface and give it the following settings (or create a brand new file, might be easier than editing the old one):
#::DEVICE=eth0
#::IPADDR=192.168.235.13
'''Answer INVESTIGATION 1 observations / questions in your lab log book.'''
=INVESTIGATION 2: MANAGING YOUR NEWLY-CREATED NETWORK=
|{{Admon/note | Hosts files vs. the Domain Name System | On large public networks like the Internet or even large private networks we use a network service called [http://en.wikipedia.org/wiki/Domain_Name_System Domain Name System (DNS)] to resolve the human friendly hostnames like '''centos.org''' to the numeric addresses used by the IP protocol. On smaller networks we can use the <code>/etc/hosts</code> on each system to resolve names to addresses.}}
|}
=== Part 1: Using /etc/host hosts File for Local Hostname Resolution ===
After setting up a private network, it can be hard to try to remember IP addresses. In this section, we will setup your network to associate easy-to-remember server names with IP ADDRESSES.
#Switch to your '''c7host''' machine.
#Issue the '''ping''' command to test connectivity to your '''centos1''', '''centos2''', and '''centos3''' VMs.
#Examine the contents of the ARP cache by using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">arp</span></code></b>arp What is the purpose of ARP?
#Check the contents of the cache again by using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">arp -n</span></code></b> What was the difference in output?
#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">netstat -at</span></code></b> This command will list all active TCP ports. Note the state of your ports.
#<br>
# Purpose: Creates system info report<br>
#<br># USAGE: ./network-info.bash [full pathname to ifcfg-eno* eth0 file]<br>
<br>
if [ $USER != "root" ] # only runs if logged in as root<br>
if [ $# -ne 1 ]<br>
then<br>
echo "You need to provide the full pathname to ifcfg-eno eth0 file (eg eno1 or eno followed by numbers)" >&2<br> echo "USAGE: $0 [full pathname to ifcfg-eno* eth0 file]" >&2<br>
exit 0<br>
fi
</code>
<br><br>
<ol><li value="7">Give this shell script execute permissions and run this shell script.</li><li>You will need to determine the full pathname of the '''ifcfg-en0ens33''' file in the /etc/sysconfig/network-scripts directory to use as an argument for this shell script.</li><li>Run the shell script. What do you notice from the report that the shell script generated?</li><li>The the Then use wget command to download another variation of the network-info.bash shell script using the awk command to separate the variables and values into separate columns:<br><b><code><span style="color:#3366CC;font-size:1.2em;">httphttps://csict.senecac.onsenecacollege.ca/~murray.saulops235/labs/network-info-2.bash</span></code></b><br></li></ol>
'''Answer INVESTIGATION 2 observations / questions in your lab log book.'''
= LAB 6 SIGN-OFF (SHOW INSTRUCTOR) =
# Switch to your '''c7host''' VM.
# Change to the '''/root/bin''' directory.
# Issue the Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">wget httphttps://matrixict.senecac.onsenecacollege.ca/~murray.saulops235/ops235labs/lab6-check.bash</span></code></b>
# Give the '''lab6-check.bash''' file execute permissions (for the file owner).
# Run the shell script and if any warnings, make fixes and re-run shell script until you receive "congratulations" message.
#Arrange proof of the following on the screen:<br><blockquote><span style="color:green;font-size:1.5em;">✓</span> '''centos2''' VM:<blockquote><ul><li>'''ssh''' from '''centos2''' to '''c7host''' VM.</li></ul></blockquote><span style="color:green;font-size:1.5em;">✓</span>'''c7host''' machine<blockquote><ul><li>A list of your '''iptables''' rules</li><li>Output from running the '''network-info.bash''' shell script</li><li>Run the '''lab6-check.bash''' script in front of your instructor (must have all <b><code><span style="color:#66cc00;border:thin solid black;font-size:1.2em;"> OK </span></code></b> messages)</li></ul></blockquote><span style="color:green;font-size:1.5em;">✓</span> '''Lab6''' log-book filled out.
= Practice For Quizzes, Tests, Midterm & Final Exam =
[[Category:OPS235]]
[[Category:OPS235 Labs]]
[[Category:CentOS 7]]
[[Category:SSD2]]
