1,576
edits
Changes
no edit summary
{{Admon/caution|THIS IS AN OLD VERSION OF THE LAB|'''This is an archived version. Do not use this in your OPS235 course.'''}}
=LAB PREPARATION=
==Purpose / Objectives of Lab 6==
[[Image:network.png|thumb|right|150px|Setting up networks is an essential operation for a system administrator. Maintaining network connectivity and securing the network are also essential operations for a system administrator.]]
In this lab, you will learn the basics of networking by using your '''Virtual Machines''' and your '''c7host''' machine. You will first set up a virtual private network among those machines. In addition, you will learn to set up '''network names''' (to associate with server's IP Addresses), '''associate network services with port numbers''' for troubleshooting purposes, and setup '''firewall policies''' via the '''iptables''' command.
# Make certain that <u>'''ALL'''</u> virtual machines are powered off.
# In the Virtual Machine Manager dialog box, Select '''Edit'''-> '''Connection Details'''.
# In the '''c6host c7host Connection Details''' dialog box, select the '''Virtual Networks''' tab
# Disable the default configuration from starting at boot by '''<u>deselecting</u>''' '''Autostart (on boot)''' check-box and click the '''Apply''' button.
# Then Stop the default network configuration by clicking on the '''stop''' button at the bottom left-side of the dialog box.
# When finished, check your settings, and then click the '''Apply''' button.
# Open a terminal and issue the '''ifconfig''' command to confirm the IP ADDRESS settings change.
'''Answer Part 2 observations / questions in your lab log book.'''
== Part 3: Backing up Only Recent File Changes ==
This part is a repeat of part2, except we will be demonstrating how to use the '''find''' command to backup recent changes to files. In this case, we will save date/time stamp information in a file, configure to connect '''centos2 ''' to the network, run the '''find ''' command, and prove that the incremental backup worked (showing the files created as a result of the configuration of centos2 centos1 to the private networkVPN).
{| width="40%" align="right" cellpadding="10"
|}
# Keep your '''centos1''' VM running (you will need it running later in this lab).# Start the '''centos1centos2''' VM and login# Before we configure centos1 centos2 network configuration, we should create a timestamp file that can be used to see which files have changed as a result of using the GUI tool. Issue the following command:
#: <b><code><span style="color:#3366CC;font-size:1.2em;">date > /tmp/timestamp</span></code></b>
# Run the network configuration tool and enter the following static configuration in the same way that you configured '''centos2centos1'''.#* IP Address: '''192.168.235.1112'''
#* Subnetmask: '''255.255.255.0'''
#* Default Gateway: '''192.168.235.1'''
# Save and exit the network configuration tool.
# You may have to restart the network using the correct command.
# Verify the configuration by pinging centos host ('''192.168.235.1''') the VMs and centos2 ('''192.168.235c7host using their IP addresses.12''')#We will now create an '''Incremental Backup'''.#Run the following Linux commandas root:
#: <b><code><span style="color:#3366CC;font-size:1.2em;">find /etc -newer /tmp/timestamp > /root/netcfg.lst</span></code></b>
#View the '''/root/netcfg.lst''' file. What does it contain?</li>
Our centos3 VM is a '''text-based only''' system, thus we cannot use a graphical tool to configure centos3 to connect to our private network. Therefore we will learn how to perform this task by using command-line tools.
# Start Leave your '''centos1''' and '''centos2''' VM running, but start your '''centos3''' VM , login, and login as su to '''root'''.# Use the command <code>'''ifconfig</code> ''' to list active interfaces, you should see one with a name of <code>'''eth0</code> ''' or a similar name.
# To configure your card with a static address use the following command:
#:<b><code><span style="color:#3366CC;font-size:1.2em;">ifconfig eth0 192.168.235.13 netmask 255.255.255.0</span></code></b>
# To configure a default gateway for that interface enter the command:
#: <b><code><span style="color:#3366CC;font-size:1.2em;">route add default gw 192.168.235.1</span></code></b>
# To configure a DNS server for this VM, edit the file <code>'''/etc/resolv.conf</code>'''. Change the <code>nameserver</code> line to beread:#: <b><code><span style="color:#3366CC;font-size:1.2em;">nameserver 192.168.235.1</span></code></b># Save your editing session.# Confirm your settings work by doing the following(you might need to do the steps '''3''' and '''4''' a few times before it works; keep checking with the commands below and wait a bit before each attempt):
#: <b><code><span style="color:#3366CC;font-size:1.2em;">ifconfig</span></code></b>
#:<b><code><span style="color:#3366CC;font-size:1.2em;">route -n</span></code></b>
#: <b><code><span style="color:#3366CC;font-size:1.2em;">ping</span></code></b> (your other VM's and centos hostc7host)#: <b><code><span style="color:#3366CC;font-size:1.2em;">ssh</span></code></b> ( to your matrix Seneca's Matrix account to test your DNS)
# Restart the <code>centos3</code> VM, or just wait a few minutes.
# Login and test your configuration again. What happened?
# While we can configure network settings from the command line those settings are not persistent. To configure persistent network configurations we need to edit the configuration files. #:* Change to the '''/etc/sysconfig/network-scripts''' directory on <code></code><br>[[Image:new-network-config.png|thumb|300px|right|This diagram should show the newer network configuration of your '''c7host''' machine in relation to your '''Virtual Machines'''.]]# List the contents of the this directory and you . You should see 2 different types of files, network config scripts and network configuration files.
# Look for the configuration file for your original interface, it should be named '''ifcfg-eth0'''
# Edit the new file for you interface and give it the following settings (or create a brand new file, might be easier than editing the old one):
#::NETMASK="255.255.255.0"
#::GATEWAY="192.168.235.1"
#::HWADDR="52:54:00:3f:5c:fa" <-- '''use the DO NOT COPY THIS VALUE! Use MAC address for YOUR interfaceusing:''' <code><span style="color:#3366CC;font-size:1.2em;">ifconfig eth0</span></code>
#::DNS1="192.168.235.1" '''
#::BOOTPROTO="static"
'''Answer Part 4 observations / questions in your lab log book.'''
=INVESTIGATION 2: VIRTUAL NETWORKING ENVIRONMENT TWEAKS AND OTHER USEFUL UTILITIES=
<li>This entry in the OUTPUT policy will therefore log all packets being sent out of the machine.</li>
<li>Try to access the Internet again. Because the policies have been set to DROP, you should be unsuccessful. However, every packet of data that your PC attempted to send out was logged. Let's have a look at the log file and analyze the data:<br><b><code><span style="color:#3366CC;font-size:1.2em;">tail /var/log/messages</span></code></b></li>
<li>This command shows us the last 10 lines of the file. While there are many things being logged to this file, the last thing we did was try to access the Internet so we should be able to see the data we need. Look for a line that looks similar to the following:<br /><blockquote><code>Mar 3 09Jun 24 12:2141:03 koala-laptop 26 c7host kernel: [90775.407304] IN= OUT=wlan0 lo SRC=192127.0.1680.1.107 DST=66127.2490.900.104 1 LEN=1470 52 TOS=0x00 PREC=0x00 TTL=64 ID=19752 16442 DF PROTO=TCP SPT=45431 57151 DPT=80 5902 WINDOW=108 1024 RES=0x00 ACK PSH URGP=0</code></blockquote></li>
<li>Your IP, host names and date will be different, but the one thing that should be the same is the DPT=80 value.</li>
<li>When your computer tried to send OUT a request to connect to the Internet using the WWW, the computer used a destination port of 80. This is the standard port for the WWW. Because we have set the default policy to DROP it drops these packets. The problem is we are dropping all packets. What if we just want to drop the WWW packets?</li>
<li>Once you have confirmed that ssh is running on the host machine, insert an iptables rule on the host machine to prevent access to the ssh server from all VM's on the virtual network.</li>
<li>Confirm that your rule works by testing from your VM's</li>
<li>Does iptables close the port? Check using <code>'''netstat</code>'''</li>
<li>Now insert a rule on the CentOS host that would ACCEPT connections from the centos2 VM only.</li>
<li>Fully test your configuration.</li>
=== Making iptables Policies Persistent ===
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded. When your iptables service starts or at boot time it has to load the rules from the file '''/etc/sysconfig/iptables-config'''.
The final section below teaches you to make your iptables settings permanent.
# Make a backup of the file '''/etc/sysconfig/iptables'''# Examine the file to see how rules are added.# Issue by issuing the command: <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables.bk</span></code></b> to save #To make the iptables rules '''persistent''' (i.e. keeps rules when system restarts), you added with issue the iptables command, above: <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables</span></code></b># Verify that the file ''''/etc/sysconfig/iptables''' was updated with your new rulesexists.
# Restart your iptables service and test your configuration.
'''Arrange proof of the following on the screen:'''
<ol><li><span style="color:green;font-size:1.5em;">✓</span> '''centos1centos2''' VM:<blockquote><ul><li>Contents of '''/tmp/lab6''' directory.</li></ul><li><span style="color:green;font-size:1.5em;">✓</span> '''centos2''' VM:<ul><li>'''ssh''' from centos2 to the CentOS host</li></ul></blockquote></li></li><li><span style="color:green;font-size:1.5em;">✓</span> '''<u>All</u> VMs''':<blockquote><ul><li>'''ifconfig''' information</li><li>Contents of '''/etc/hosthosts''' file</li></ul></blockquote></li><li><span style="color:green;font-size:1.5em;">✓</span>'''c7host''' machine<blockquote><ul><li>'''arp''' cache information</li><li>Contents of '''/etc/hosthosts''' file</li><li>Proof of backup</li><li>A list of your '''iptables''' rules</li></ul></blockquote></li><li><span style="color:green;font-size:1.5em;">✓</span> '''Lab6''' log-book filled out.</li></ol>
= Preparing for = Practice For Quizzes , Tests, Midterm & Final Exam ==
# What is a port?
