→PART 1: NESTED VIRTUAL MACHINE
Since we're forced to use a Windows machine as the main VM host, we're going to have to set up nested virtualisation. Luckily that's not too difficult.
* Change the settings for your c7host to have at least 4GB of RAM, and enable "Virtual Intel VT-X/EPT or AMD-V/RVI" under VM/Settings/Processors.
* Install the following packages: qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
* Make sure (using <code>systemctl
enable</code>) that the libvirtd service starts at boot.
* Those will include both the KVM hypervisor and Virt Manager, which is a graphical tool used to administer it.
* Create a new virtual machine with the following settings:
** Will be installed from the network: https://mirror.senecacollege.ca/centos/7/os/x86_64/ or http://mirror.netflash.net/centos/7/os/x86_64/
** 2GB of RAM
** 10GB of disk
** NAT for networking
* Now if you try to start lin1 - it will tell you that the network "default" is unavailable. Go into the lin1 VM settings and configure the NIC to use "network1" instead.
* After starting the VM you'll find that your network interface is not configured (try all the commands above again to see their output).
* Configure your wired interface by editing the file .
* Change to the '''/etc/sysconfig/network-scripts''' directory.
* List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
::::<pre>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</pre>
:* '''Rules are applied to:''' '''chains''' (e.g. ''input/output'') and contain information regarding the type of traffic they apply to. For example, '''protocols''' such as ''tcp/udp/icmp'', '''port numbers''' such as ''22 (SSH), 80 (HTTP), 443 (
SHTTP)'', '''addresses''', and many other things.
::Let's look at how these rules would apply to a simple web connection (HTTP - port 80):
::# For the ''request'', the '''source port (sport) for the example in the above diagram is 40112''' and the '''destination port (dport) is 80'''::# For the ''response'', the '''source port (sport) is 80''' and the '''destination port (dport) is 40112'''
::# Since the '''RELATED,ESTABLISHED''' rule already exists, we are only concerned about <u>'''controlling'''</u> the '''incoming traffic on the server''', which in our example, the '''chain is: INPUT''', the '''protocol is: tcp''', and the '''destination is: port 80'''.
* Install the Apache web server on lin1 (the package is called httpd).
* Enable and start that service.
links (a command-line web browser) and see if you can connect to http://localhost (it should work by default).* Try to use Firefox on c7host to see the same webpage from lin1 (you may need the IP address of lin1) . Also, Firefox should not work be able to connect to that same webpage if lin1 wasn't configured to permit HTTP traffic through, which lin1 isn't configured to do by default.* Check your iptables rules and try to figure out why Firefox cannot connect to lin1 from c7host . Read the output of <code>iptables -L</code> on lin1 carefully looking for clues that iptables on lin1 is letting inbound http traffic (TCP port 80) pass through.* If the output of <code>iptables -L</code> on lin1 isn't letting HTTP traffic through, which by default configuration it wont, add a rule on lin1 to allow inbound traffic to Apache (TCP port 80).* Go back to c7host after you verified that lin1 is letting http traffic through and once again verify that Firefox displays the webpage from lin1 (you may need to give Firefox the IP address of lin1).
If you make such a mess that you don't know what you did any longer, there are a couple of things that can help you get back to normal:
# lin1 will allow access to Apache from any source.
# c7host will allow access to SSH from hosts on the 192.168.210.* subnet and deny it from
why other source.
= Lab completion =