Home Linux Networking Lab (202) This Howto shows how to recreate the CIS Lab environment at home.



Similar documents
pp=pod number, xxx=static IP address assigned to your pod

50.XXX is based on your station number

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

NAT Using Source Routing through BGP Gateways

Chapter 7. Firewalls

How to Turn a Unix Computer into a Router and Firewall Using IPTables

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

LAB THREE STATIC ROUTING

Sample Configuration Using the ip nat outside source list C

Red Hat Linux Networking

Home Networking In Linux

Assignment 3 Firewalls

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Setting up a Raspberry Pi as a WiFi access point

Linux Routers and Community Networks

Virtual Cabling VMware Cabling

Computer Networks I Laboratory Exercise 1

Sample Configuration Using the ip nat outside source static

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

TCP/IP Configuration and DHCP Configuration For Red Hat Linux 9 (RHL9) Presentation Report

Deskpool Quick Start. Version: V2.1.x. Based on Hyper-V Server 2012 R2. Shenzhen Jieyun Technology Co., Ltd (

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Lab Configuring Access Policies and DMZ Settings

Table 1-1. PXE Server Side Requirements

Part 4: Virtual Private Networks

Linux TCP/IP Network Management

ICS 351: Today's plan

Linux Networking Basics

IP Address: the per-network unique identifier used to find you on a network

Corso di Configurazione e Gestione di Reti Locali

Topic 7 DHCP and NAT. Networking BAsics.

1 PC to WX64 direction connection with crossover cable or hub/switch

How to set up multiple web servers (VMs) on XenServer reusing host's static IP

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Network security Exercise 9 How to build a wall of fire Linux Netfilter

Setup Cisco Call Manager on VMware

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

Debugging Network Communications. 1 Check the Network Cabling

Lab - Using IOS CLI with Switch MAC Address Tables

Lab 1: Introduction to the network lab

Bringing the Eko VM Home (302)

Linux Virtual Server Administration. RHEL5: Linux Virtual Server (LVS)

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)

Vertigo's Running Dedicated Server HOWTO (v1.2)

Load Balancing Clearswift Secure Web Gateway

Lab Configuring the PIX Firewall as a DHCP Server

Linux Firewalls (Ubuntu IPTables) II

INSTALLATION GUIDE El Jefe 2.1 Document version: June 2014

Linux Virtual Server Administration. Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.2

Network Security Exercise 10 How to build a wall of fire

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.0

Chapter 1 Installing the Gateway

Chapter 10 Troubleshooting

Part A:Background/Preparation

Load Balancing Bloxx Web Filter. Deployment Guide

Smoothwall Web Filter Deployment Guide

Quick Installation Guide Network Management Card

BASIC ANALYSIS OF TCP/IP NETWORKS

HOWTO: Set up a Vyatta device with ThreatSTOP in router mode

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Load Balancing Trend Micro InterScan Web Gateway

Cloud Storage Quick Start Guide

What is included in the ATRC server support

LAB Configuring NAT. Objective. Background/Preparation

Installing RHEL 6.x from beginning to end using PXE and Kickstart

Cork Institute of Technology Master of Science in Computing in Education National Framework of Qualifications Level 9

Load Balancing Smoothwall Secure Web Gateway

Load Balancing Sophos Web Gateway. Deployment Guide

Configuring Static and Dynamic NAT Simultaneously

Linux Router and Firewall

Lab PC Network TCP/IP Configuration

2G1701 Advanced Internetworking Group 5 : KiStaNEt ISP Project Report

SUSE Linux Enterprise Server 11 SP2 for UEFI Clients

Firewalls. Chien-Chung Shen

Red Hat Enterprise Linux 7 Load Balancer Administration

Appliance Quick Start Guide v6.21

PasserellesNumeriquesCambodia (PNC)

Load Balancing Barracuda Web Filter. Deployment Guide

Semantic based Web Application Firewall (SWAF - V 1.6)

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

TB168 (Rev4) - Networking Linux Based Controls

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Appliance Quick Start Guide. v7.6

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Appliance Quick Start Guide. v7.6

Chapter 2 Preparing Your Network

Linux Networking: IP Packet Filter Firewalling

Load Balancing McAfee Web Gateway. Deployment Guide

McAfee Web Filter Deployment Guide

Getting started with ARM-Linux

LAN TCP/IP and DHCP Setup

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

Preparing the Computers for TCP/IP Networking

Transcription:

Liinux Howttos Home Liinux Nettworrkiing Lab ((202)) CIIS 192 Sprriing 2010 Home Linux Networking Lab (202) This Howto shows how to recreate the CIS Lab environment at home. Supplies: A fast PC 2 GB memory minimum 50 GB free disk space minimum VMWare Server 1.08 or later http://www.vmware.com/products/server/ VMs (available in the CIS Lab) Treebeard, Celebrian, Arwen, Frodo, Elrond, Sniffer, Legolas, Sauron, Fang and Nosmo USB drive (to transport VMs from school to home) Overview Here is the network environment used in the CIS Lab and CTC: The network environment in the CIS Lab can be recreated at home. The lab assignments make use a number of systems running on virtual machines that can be cabled together in

a variety of way using virtual networks and virtual serial connections. In the Lab assignments you will often be asked to ping the router at 172.30.4.1, use 207.62.187.53 as the DNS server, and power on Shire hosts that are using DHCP. To do this at home, there are some resources that need to be simulated so you can use the same network commands and configuration settings at home that you would use at school: A router at 172.30.4.1. Cabrillo s DNS server, bubbles.cabrillo.edu at 207.62.187.53 The DHCP service on Snickers that assigns IP addresses on the Shire network in the range 172.30.4.150 to 172.30.4.199. The Nosmo VM uses good old Red Hat 9. Nosmo is named after the Cisco router we use in the 2500 building. The Nosmo VM has two interfaces and forwards packets between them. On one side is your regular home network. On the other side is the 172.30.4.0 /24 Shire network which uses VMnet2. You cannot use Bubbles, the Cabrillo DNS server, from home. Nosmo uses iptables to translate any DNS packets for Bubbles at 207.62.187.53 to your home router (or whatever DNS address you normally use at home). Nosmo uses iptables to provide a NAT service (using masquerade) so VM s can access the Internet and your home LAN. Unlike the real Nosmo at school, static routes have been configured to direct packets to the Rivendell and Mordor networks used in the labs. Nosmo provides a DHCP service to assign IP addresses (172.30.4.150 to 199) for hosts in the Shire network. At school this is done by the Snickers server. The Nosmo VM will need some modifications to properly work with your home networking environment. Specifically it s eth0 interface will need to join your home network and requests to the Cabrillo DNS server need to be modified to go to your DNS service at home.

Step 1 Setup VMware at Home You will need to obtain and install the free VMware Server product on either a Windows or Linux PC. Make sure you meet the minimum hardware requirements noted above. Step 2 Obtain the Linux Networking VMs At the time of writing this document the VMs above take about 45 GB. Using USB drives of sufficient size or quantity is the best way to transport these VM s home. You may have to make multiple trips. 1. Get pristine versions of the VM s at school. Use Revert to snapshot or get fresh copies from the NAS server at \\172.30.4.12\depot 2. When you run the school VMs at home for the first time, VMware will prompt you to either create or move the VM. Choose Create so you will have unique MAC addresses on your interfaces. 3. It s a good idea to run the /root/bin/init-network script on each VM. This will undo any changes VMware made to the network setting and remove any persistent links to previous MAC addresses. 4. It s also a good idea to make a fresh snapshot of your VMs. Remove the lock on the current snapshot (in Virtual Machine Sttings) then take a new shnapshot. Step 3 Configure Nosmo VM with a static IP address on your home network Without any modification, the Nosmo eth0 interface will be configured with a static IP address of 192.168.0.2, a network mask of 255.255.255.0 and a default gateway of 192.168.0.1. To change this you will need to edit the following file and change the information in red to an available address on your home network.

cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.0.255 IPADDR=192.168.0.2 NETMASK=255.255.255.0 NETWORK=192.168.0.0 ONBOOT=yes Note, the red text above must be customized to your home LAN settings! Step 4 Translate DNS requests to Cabrillo s DNS server to your DNS server Without any modification, the Nosmo VM will redirect any packets sent to the Cabrillo DNS server (207.62.187.53) to 192.168.0.1. If you use a different DNS address for your home systems then you must modify the firewall (iptables) on Nosmo. You can do this by editing this file: cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [4229:434875] :FORWARD ACCEPT [1481:444016] :OUTPUT ACCEPT [3340:350240] *nat :PREROUTING ACCEPT [8414:1265541] :POSTROUTING ACCEPT [226:15381] :OUTPUT ACCEPT [95:7826] -A PREROUTING -d 207.62.187.53 -j DNAT --to-destination 192.168.0.1 -A POSTROUTING -o eth0 -j MASQUERADE Note, the red text above must be customized to your home LAN settings! Set this IP address to your normal DNS server IP address setting. Restart the service to have the change take effect: service iptables restart Step 5 Configure Nosmo s DNS server Without any modification, the Nosmo VM will use 192.168.0.1 as its DNS server. If you use a different DNS address for your home systems then you must modify the /etc/resolv.conf on Nosmo. You can do this with the following command and change the red 192.168.0.1 to the DNS address you use at home: echo nameserver 192.168.0.1 > /etc/resolv.conf

Note, the red text above must be customized to your home LAN settings! Step 6 Recable bridged VM s to use VMnet2 In the CTC and the CIS Lab, the Frodo and Elrond VMs have their Ethernet device configured to be bridged (to use the physical Shire network). At home the Shire network is virtual, so you must reconfigure these devices to use VMnet2 instead as follows: Frodo Elrond This recabling to VMnet2 must be done in general for any VM s that are required to be bridged to the Shire network for a lab assignment. Step 7 Verify your changes. Make sure that the Nosmo VM is up and running. Select the Frodo VM and revert it to its snapshot. Finally start up Frodo and check the following: Use ipconfig eth0 to check it was assigned an IP address between 172.30.4.150 to 172.30.4.199. Make sure you can ping the lab router now at 172.30.4.1. Check DNS by pinging an Internet host like google.com. Check you can Putty into Nosmo and from there to Frodo from your physical host PC or any other system on your home network. Likewise, check you can connect Filezilla on a system on your home network to Frodo. Appendix The configurations shown below are for a home network of 192.168.0.0/24 with the home router at 192.168.0.1 and Nosmo eth0 interface set to 192.168.0.2. Providing a fake Bubbles DNS server and NAT service: cat /etc/sysconfig/iptables

*filter :INPUT ACCEPT [4229:434875] :FORWARD ACCEPT [1481:444016] :OUTPUT ACCEPT [3340:350240] *nat :PREROUTING ACCEPT [8414:1265541] :POSTROUTING ACCEPT [226:15381] :OUTPUT ACCEPT [95:7826] -A PREROUTING -d 207.62.187.53 -j DNAT --to-destination 192.168.0.1 -A POSTROUTING -o eth0 -j MASQUERADE NIC configuration: cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.0.255 IPADDR=192.168.0.2 NETMASK=255.255.255.0 NETWORK=192.168.0.0 ONBOOT=yes cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static BROADCAST=172.30.4.255 IPADDR=172.30.4.1 NETMASK=255.255.255.0 NETWORK=172.30.4.0 ONBOOT=yes cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=nosmo GATEWAY=192.168.0.1 Static Routes (to networks used in labs): cat /etc/sysconfig/network-scripts/route-eth1 192.168.2.0/24 via 172.30.4.107 192.168.3.0/24 via 172.30.4.107 10.0.0.0/8 via 172.30.4.107

Forwarding: cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 DHCP server: cat /etc/dhcpd.conf ddns-update-style interim; ignore client-updates; option time-offset -25200; #PDT # # Shire # subnet 172.30.4.0 netmask 255.255.255.0 { option routers 172.30.4.1; option subnet-mask 255.255.255.0; option domain-name "Shire"; option domain-name-servers 207.62.187.53; range dynamic-bootp 172.30.4.150 172.30.4.199; default-lease-time 21600; max-lease-time 43200; }

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information