1,234
edits
Changes
no edit summary
=== Investigation 2: How do you configure a static network using <code>system-config-network</code>. ===
{{Admon/note | Use fedora2 centos2 | Complete this investigation on your fedora2 centos2 VM.}}
# Start '''centos2''' VM and login
# On your '''centos host''' run <code>ifconfig</code> and make note of the IP address assigned to the <code>virbr1</code> interface. This will be the default gateway and DNS server for your VMs.[[Image:new_network_dialog.png|thumb|350px]]
#: IP Address '''192.168.235.12'''
#: Subnet Mask '''255.255.255.0'''
#: Default Gateway The IP address of <code>virbr1</code> on your fedora centos host.# Click on the '''DNS''' field and add The IP address of <code>virbr1</code> on your fedora centos host. as the primary DNS server.
# Your network connection may take a couple of minutes to reconfigure connect (view the Network Manager applet in the gnome panel at the top of the screen).
# You should be able to use the systemctl command to restart your network.
#'''Restart your network''' on fedora2 centos2 by issuing the commands:
#*<code>service network stop</code>
#*<code>service network start</code>
=== Investigation 4: How do I configure the network without a GUI tool? ===
{{Admon/note | Use fedora3 centos3 | Complete this investigation on your fedora3 centos3 VM.}}
# Start '''centos3''' VM and login as root
# Use the command <code>ifconfig</code> to list active interfaces, you should see one with a name of <code>eth0</code> or a similar name.
#* <code>ifconfig</code>
#* <code>route -n</code>
#* <code>ping</code> your other VM's and fedora centos host.
#* <code>ssh</code> to your matrix account to test DNS
# Restart the <code>centos3</code> VM, or just wait a few minutes.
=== Investigation 5: How do I setup local hostname resolution? ===
{{Admon/note | Use each machine | Complete this investigation on all of your VM's and the Fedora centos host.}}
{{Admon/note | Hosts files vs. the Domain Name System | On large public networks like the Internet or even large private networks we use a network service called [http://en.wikipedia.org/wiki/Domain_Name_System Domain Name System (DNS)] to resolve the human friendly hostnames like '''centos.org''' to the numeric addresses used by the IP protocol. On smaller networks we can use the <code>/etc/hosts</code> on each system to resolve names to addresses.}}
# Use the <code>hostname</code> and <code>ifconfig</code> commands on your centos host and all 3 VM's to gather the information needed to configure the <code>/etc/hosts</code> file on the centos host and the 3 VM's.
# Edit the <code>/etc/hosts</code> file on <u>each</u> of the '''virtual machines and the fedora centos host'''. Refer to the table below for information to enter in the <code>/etc/hosts</code> file.
|
<pre>
# hostname fedora1 centos1 added to /etc/hosts by anaconda127.0.0.1 localhost.localdomain localhost fedora1centos1::1 localhost6.localdomain6 localhost6 fedora1centos1
192.168.235.1 c6host
=== Investigation 6: How do I collect the MAC (Hardware) addresses of computers on my network? ===
{{Admon/note | Use your Fedora CentOS Host | Complete this investigation on your Fedora CentOS host.}}
{{Admon/note | Obtaining Remote MAC Addresses| The term '''MAC''' address stands for '''Media Access Control''' address, which provides a unique ID to prevent confusion among computer systems within a network. While we use '''32bit IP addresse'''s to communicate over an internet, on the local ethernet network packets are delivered to a '''48bit hardware address''' (sometimes called a MAC address). The '''ARP''' protocol resolves 32bit IP addresses to 48bit MAC addresses by using a broadcast and caching the results. We can examine the ARP cache to get the MAC addresses of other computers on our local network.<br /><br />Being able to determine remote MAC address information is useful from troubleshooting networking programs to using '''WOL''' (Wake up on Lan) to automatically boot remote workstations via the network. In this investigation, you will learn how to obtain MAC address information for various network cards.}}
=== Investigation 7: How can I see what network services or ports are active on my CentOS system? ===
{{Admon/note | Use All Machines | Complete this investigation on all of your VM's and the Fedora CentOS host.}}
{{Admon/note | Network Ports | When our CentOS system provides any services on a network, those services are accessible through a port number. All network services are configured to be accessed on a particular port number. By examining which ports are active on our system we can know what services (and points of attack) are available on our system. The ability to examine this information is important for troubleshooting network services and securing our systems. One great tool for this is the <code>netstat</code> command.}}
# TCP is a connection oriented protocol that uses a handshaking mechanism to establish a connection. Those ports that show a state of LISTEN are waiting for connection requests to a particular service. For example you should see the <code>ssh</code> service in a LISTEN state as it is waiting for connections.
# From one of your VM's login to your host using <code>ssh</code>
# On the fedora CentOS host rerun the command and in addition to the LISTEN port it should list a 2nd entry with a state of ESTABLISHED. This shows that there is a current connection to your ssh server.# Exit your ssh connection from the VM and rerun the command on the fedora CentOS host. Instead of ESTABLISHED it should now show a state of CLOSE_WAIT. Indicating that the TCP connection is being closed.# On your fedora CentOS host try the command <code>netstat -atn</code>. How is this output different?
# Without the <code>-n</code> option <code>netstat</code> attempts to resolve IP addresses to host names (using /etc/hosts) and port numbers to service names (using /etc/services)
# Examine the <code>/etc/services</code> file and find which ports are used for the services: <code>ssh, ftp, http</code>
It should be noted that all of the commands that we do here with iptables will not be persistent unless you have your configuration. That means if you re-boot, the default iptables configuration will be loaded.}}
# As root on the fedora CentOS host enter the following commands at the prompt:
#* <code>iptables -F</code> (This flushes out or clears all of your rules from the chains)
#* <code>iptables -L</code>
# Confirm that your rule works by testing from your VM's
# Does iptables close the port? Check using <code>netstat</code>
# Now insert a rule on the fedora CentOS host that would ACCEPT connections from the fedora2 centos2 VM only.
# Fully test your configuration.
