OPS245 Lab 6: Difference between revisions

From Littlesvr Wiki
Jump to navigation Jump to search
Line 81: Line 81:


* Test that you can ping server1 from the workstation, and ping the workstation from server1.
* Test that you can ping server1 from the workstation, and ping the workstation from server1.
* Test that you can use ssh to connect from the workstation to server1, and from server1 to the workstation, for example:
* Test that you can use ssh to connect from the workstation to server1, and from server1 to the workstation, for example:<syntaxhighlight lang="bash">ssh yourusername@10.2.45.11</syntaxhighlight>
** Note that by default in these operating systems the ssh server does not allow remote login as root. This makes brute-force SSH attacks much more difficult.
Note that by default in these operating systems the ssh server does not allow remote login as root. This makes brute-force SSH attacks much more difficult.

Revision as of 13:08, 12 March 2023

!!!THIS LAB IS NOT READY YET!!!

The default networking setup in VirtualBox works fine for accessing the internet from guests, but it's not very good for communicating between the guests and the host.

In this lab we'll set up a new virtual network, and a very basic name resolution mechanism.

Basic concepts

Your machine needs these four things configured correctly in order to be able to connect to the internet. Nearly all networking problems you'll run into in this course are due to one of these things being misconfigured:

  1. IP address. This address is used to connect to anything else on the local network. You'll be using an address on a private subnet, which means that your IP address cannot be used outside your subnet. All communication protocols on the internet work over IP.
  2. Subnet Mask. No matter which notation you use: the subnet mask does the same thing. It specifies and implies some important technical details about the network you're connected to. Any machines in the same subnet can communicate directly with each other using broadcasts.
  3. Default gateway. As soon as you want to connect to anything outside your own subnet: you need to go through a gateway. In this course you'll only have one gateway. The gateway is a router which must be inside your subnet.
  4. DNS server. Provides a service which translates domain names into IP addresses. Though all communication on the internet is done with IP addresses: people are very bad at remembering numbers, so everything is built with the assumption that DNS works.

Basic commands

  • ip address will show you all the network interfaces on your system, including their MAC address, IP address, and subnet mask.
  • ip route will show you your routing table. In this course you'll only ever care about the first line (the default gateway).
  • The /etc/resolv.conf file contains a nameserver line which specifies which DNS server your machine will use.
    • If the resolv.conf isn't helpful: you can use nmcli dev show | grep DNS instead.
  • ping will send ICMP packets to a machine you specify. It's usually the first troubleshooting tool an administrator uses.

New network: ops245net

  • Use a terminal in your host machine to run this command:
    VBoxManage natnetwork add --netname ops245net --network "10.2.45.0/24" --dhcp off --enable
    
    If your host is Linux: run that as a regular user, not as root.
  • Run VBoxManage natnetwork list to check that it worked.
  • For each of your 4 virtual machines: change their network settings for Adapter 1 from NAT to NAT Network (ops245net).
NatNetwork.png
  • On your workstation open the graphical Network Connections tool via the network icon in the system tray.
  • You can read more about the various virtual network types available in VirtualBox in the VirtualBox manual.

Graphical network configuration

  • On your workstation: modify the IPv4 settings for the existing wired connection from DHCP to Manual, with the following settings:
    • IP address 10.2.45.10
    • Netmask 255.255.255.0
    • Gateway 10.2.45.1
    • DNS server 10.2.45.1
WorkstationWiredConnection.png
  • Confirm that all the settings were set correctly and that your internet connection works again:
Workstation-ops245net.png
  • After you configure your networking successfully: install openssh-server and confirm that the sshd service is running and enabled.

Command-line network configuration

Configuring the networking on a server is tricky, especially if the server is not physically accessible and you can only administer it via SSH. In this course you have access to the console (the equivalent of the physical machine) so you can tolerate making a mistake, but in the real world you will rarely be able to remotely fix a networking problem you've created, since you need a working network connection to connect to that remote server.

Unfortunately in Linux there is more than one way to give network interfaces a permanent configuration. Even though we're using the files and services for Debian: the concepts will apply to other distributions, you'll just need to figure out the equivalents for those other distributions.

  • The ip and route commands work on all modern Linux machines. Use the ip address command to find the name of your wired interface (it's virtual but it's simulating a wired interface). In the screenshots the interface is named enp0s3 but it could be different on your machine.

IP, Subnet mask, Gateway

These three settings are set in the /etc/network/interfaces file.

By default the enp0s3 interface is configured to use a DHCP server to get its network configuration (meaning it will get the IP addres, subnet mask, default gateway, and DNS server from a DHCP server.

  • On server1: Modify /etc/network/interfaces to change:
    • The configuration to static,
    • The IP address to 10.2.45.11
    • The subnet mask to 255.255.255.0 (that's /24)
    • The default gateway to 10.2.45.1 (your host)
DebianModifyInterfaces.png
  • The DNS server isn't set in the interfaces file. in simple installations you change it by editing the /etc/resolv.conf file. Edit it and change the contents to have just nameserver 10.2.45.1 in it (again, that's the IP of your host).
DebianModifyResolvConf.png
  • Check with ip address to see that no configuration has changed yet. You'll need to bring your network interface down and back up to reconfigure it. Use the ifdown and ifup commands to do that.
DebianRestartenp0s3.png
  • Give some thought to what would happen if you used the ifdown command when you're connected to the server you're configuring via ssh.
  • Test the network connectivity on server1 to make sure it still works.

SSH between VMs

You now have a static network configuration on your workstation and server1.

  • Test that you can ping server1 from the workstation, and ping the workstation from server1.
  • Test that you can use ssh to connect from the workstation to server1, and from server1 to the workstation, for example:
    ssh yourusername@10.2.45.11
    

Note that by default in these operating systems the ssh server does not allow remote login as root. This makes brute-force SSH attacks much more difficult.