→PART 1: NESTED VIRTUAL MACHINE
* Set up a nested virtual machine
* Get familiar with basic networking setup and utilities used on Linux
= PART 1: NESTED VIRTUAL MACHINE =
Since we're forced to use a Windows machine as the main VM host, we're going to have to set up nested virtualisation. Luckily that's not too difficult.
* Change the settings for your c7host to have at least 4GB of RAM, and enable "Virtual Intel VT-X/EPT or AMD-V/RVI" under VM/Settings/Processors.
* Install the following packages: qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
* Make sure (using <code>systemctl
enable</code>) that the libvirtd service starts at boot.
* Those will include both the KVM hypervisor and Virt Manager, which is a graphical tool used to administer it.
* Create a new virtual machine with the following settings:
** Will be installed from the network: https://mirror.senecacollege.ca/centos/7/os/x86_64/ or http://mirror.netflash.net/centos/7/os/x86_64/
** 2GB of RAM
** 10GB of disk
** NAT for networking
* Now if you try to start lin1 - it will tell you that the network "default" is unavailable. Go into the lin1 VM settings and configure the NIC to use "network1" instead.
* After starting the VM you'll find that your network interface is not configured (try all the commands above again to see their output).
* Configure your wired interface by editing the file .
* Change to the '''/etc/sysconfig/network-scripts''' directory.
* List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
::::<pre>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</pre>
:* '''Rules are applied to:''' '''chains''' (e.g. ''input/output'') and contain information regarding the type of traffic they apply to. For example, '''protocols''' such as ''tcp/udp/icmp'', '''port numbers''' such as ''22 (SSH), 80 (HTTP), 443 (
SHTTP)'', '''addresses''', and many other things.
::Let's look at how these rules would apply to a simple web connection (HTTP - port 80):
::# For the ''request'', the '''source port (sport) for the example in the above diagram is 40112''' and the '''destination port (dport) is 80'''::# For the ''response'', the '''source port (sport) is 80''' and the '''destination port (dport) is 40112'''
::# Since the '''RELATED,ESTABLISHED''' rule already exists, we are only concerned about <u>'''controlling'''</u> the '''incoming traffic on the server''', which in our example, the '''chain is: INPUT''', the '''protocol is: tcp''', and the '''destination is: port 80'''.
* Install the Apache web server on lin1 (the package is called httpd).
* Enable and start that service.
links (a command-line web browser) and see if you can connect to http://localhost (it should work by default).* Try to use Firefox on c7host to see the same webpage from lin1 ( it should not work by default).* If you check your iptables rules you should be able to figure out why you can't connect.* Add a rule on lin1 to allow inbound traffic to Apache (TCP port 80) .