Changes

Jump to: navigation, search

SRT210 Lab 2

198 bytes added, 2 July
PART 1: NESTED VIRTUAL MACHINE
Since we're forced to use a Windows machine as the main VM host, we're going to have to set up nested virtualisation. Luckily that's not too difficult.
* Change the settings for your c7host to have at least 4GB of RAM(8 would be better), and enable "Virtual Intel VT-X/EPT or AMD-V/RVI" under VM/Settings/Processors.
* Install the following packages: qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
* Make sure (using <code>systemctl enablestatus</code>) that the libvirtd service starts at boot.
* Those will include both the KVM hypervisor and Virt Manager, which is a graphical tool used to administer it.
* Create a new virtual machine with the following settings:
** Will be installed from the network: https://mirror.senecacollege.ca/centos/7/os/x86_64/ or http://mirror.netflash.net/centos/7/os/x86_64/
** 2GB of RAM(needed for installation, you should change it to 512MB after the install is done)
** 10GB of disk
** NAT for networking
* Now if you try to start lin1 - it will tell you that the network "default" is unavailable. Go into the lin1 VM settings and configure the NIC to use "network1" instead.
* After starting the VM you'll find that your network interface is not configured (try all the commands above again to see their output).
* Configure your wired interface by editing the file as described in the steps below.
* Change to the '''/etc/sysconfig/network-scripts''' directory.
* List the contents of this directory. You should see 2 different types of files, network config scripts and network configuration files.
::::<pre>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</pre>
:* '''Rules are applied to:''' '''chains''' (e.g. ''input/output'') and contain information regarding the type of traffic they apply to. For example, '''protocols''' such as ''tcp/udp/icmp'', '''port numbers''' such as ''22 (SSH), 80 (HTTP), 443 (SHTTPHTTPS)'', '''addresses''', and many other things.
::Let's look at how these rules would apply to a simple web connection (HTTP - port 80):
::# For the ''request''(originating from browser on local machine), the '''source port (sport) for the example in the above diagram is 40112(browser on local machine)''' and the '''destination port (dport) is 80(webserver on remote machine)'''::# For the ''response''(originating from server on remote machine), the '''source port (sport) is 80(webserver on remote machine)''' and the '''destination port (dport) is 40112(browser on local machine)'''
::# Since the '''RELATED,ESTABLISHED''' rule already exists, we are only concerned about <u>'''controlling'''</u> the '''incoming traffic on the server''', which in our example, the '''chain is: INPUT''', the '''protocol is: tcp''', and the '''destination is: port 80'''.
* Install the Apache web server on lin1 (the package is called httpd).
* Enable and start that service.
* Install links elinks (a command-line web browser) and see if you can connect to http://localhost (it should work by default).* Try to use Using Firefox on c7host to see , check whether you can view the same webpage from in lin1 (by default you may need the IP address of lin1wont). Also, Firefox should not work be able to connect to that same webpage if lin1 wasn't configured to permit HTTP traffic through, which lin1 isn't configured to do by default.* Check your Next, check the iptables rules in lin1 and try to figure out why Firefox cannot could not connect to lin1 from c7host. Read by reading the output of <code>iptables -L</code> on lin1 carefully looking for clues that iptables on whether lin1 is letting inbound http traffic (TCP port 80) pass through.* If the output of <code>iptables -L</code> on lin1 isn't letting HTTP traffic through, which by default configuration it wontdoes not, add a rule on to the iptables in lin1 to allow inbound traffic to pass through to Apache (TCP port 80).* Go back to c7host after you verified that verifing lin1 is letting permits http traffic through and once again verify that test whether Firefox on c7host displays the webpage from lin1 (you may need to give Firefox the IP address of lin1to view the webpage). Now it should.
If you make such a mess that you don't know what you did any longer, there are a couple of things that can help you get back to normal:
# lin1 will allow access to Apache from any source.
# c7host will allow access to SSH from hosts on the 192.168.210.* subnet and deny it from why any other source.
= Lab completion =

Navigation menu