Date post: | 08-Apr-2018 |
Category: |
Documents |
Upload: | sydneystar |
View: | 234 times |
Download: | 0 times |
of 22
8/7/2019 Vmware Instructions S2008 v1 6
1/22
Page 1
Firewall Lab Instructions (v 1.6)
Introduction
This lab involves using vmware. Vmware is a suite of programs capable of running
instances of entire operating systems inside another operating system. Vmware canrun specially configured images. Alternatively, it can boot up an instance of an
operating system from a bootable cd or from an iso file.
There are a number of VMware programs available. These include VM Server and
VM player. VM player is available on the linux PCs in the labs and it can be used to
create multiple instances of operating systems. The second Assignment will involve
the use of vmware as outlined in this guide.
We will create a set of VMware files that will be arranged into a simple network. The
network will look like this.
8/7/2019 Vmware Instructions S2008 v1 6
2/22
Page 2
Here is a more detailed picture of the virtual network
There are a number of possible approaches to setting up the virtual network.
(1) Create a set of directories in the directory with your login name in /images/netsec/
(2) Create a set of directories on a usb memory stick which is mounted on a one of the
pcs in the Labs running linux.
(3) If you have a laptop with at least one gigabyte of RAM, you can install VMware
server on it and do the exercise and assignment 2 on it. Option 3 is the most desirable,
but it may not be available to everyone.
Files used in the running of VMware
File extension Description
.vmx Basic VMware configuration file
.vmdk This file (or files) are the systems virtual hard drive(s).
.vmsn / .vmsd It is possible to take snapshots of the system while it is
running A vmsn file stores the state of the system when the
snapshot was taken. The vmsd file stores information about
the snapshots.
.nvram These files store the BIOS data for the virtual machine.
8/7/2019 Vmware Instructions S2008 v1 6
3/22
Page 3
Instructions for setting up and using VMware in the Labs
(1) Boot up into linux using KDE or Gnome.
(2) Open a terminal
(3) There is a directory called /images which is used for storing images for use with
vmware. Inside a /images there is a subdirectory called netsec. Inside that there is a
subdirectory with your login name. This is where you will keep your VMware images
and configuration files.
cd /images/netsec/your_user_name
(4) now make 3 directories
mkdir firewall
mkdir internal
mkdir external
(5) Get 3 copies of the basic vmx test file and put them in the directories you just
created.
cp /images/netsec/BBCtest3/BBCtest3.vmx ./firewall/firewall.vmx
cp /images/netsec/BBCtest3/BBCtest3.vmx ./internal/internal.vmx
cp /images/netsec/BBCtest3/BBCtest3.vmx ./external/external.vmx
(6) You need to alter the permissions of the vmx files as well. These need to readable
and writable for everyone as VMware alters the files.
chmod 666 ./firewall/firewall.vmx
chmod 666 ./internal/internal.vmx
chmod 666 ./external/external.vmx
You also need to get copies of the files BBCtest3.vmdk and BBCtest3-f001.vmdk
cp /images/netsec/BBCtest3/*vmdk ./firewall
cp /images/netsec/BBCtest3/*vmdk ./internal
cp /images/netsec/BBCtest3/*vmdk ./external
These also need to be made writable for everyone
chmod 666 ./firewall/*vmdk
chmod 666 ./internal/*vmdk
chmod 666 ./external/*vmdk
8/7/2019 Vmware Instructions S2008 v1 6
4/22
Page 4
You will need to alter the contents of each of the vmx files
The next page shows the contents of the unmodified BBCtest3.vmx file.
8/7/2019 Vmware Instructions S2008 v1 6
5/22
Page 5
#!/usr/bin/vmware
config.version = "8"
virtualHW.version = "4"
scsi0.present = "TRUE"
scsi0.virtualDev = "lsilogic"
memsize = "32"
MemAllowAutoScaleDown = "FALSE"scsi0:0.present = "TRUE"
scsi0:0.fileName = "BBCtest3.vmdk"
scsi0:0.writeThrough = "FALSE"
ide1:0.present = "TRUE"
ide1:0.fileName = "/images/netsec/bbc/bbc-2.1.iso"
ide1:0.deviceType = "cdrom-image"
floppy0.startConnected = "FALSE"
floppy0.fileName = "/dev/fd0"
ethernet0.present = "TRUE"
usb.present = "FALSE"
sound.present = "FALSE"
sound.virtualDev = "es1371"
displayName = "BBCtest3"guestOS = "other26xlinux"
nvram = "BBCtest3.nvram"
ethernet1.present = "TRUE"
ethernet1.connectionType = "custom"
ethernet2.present = "TRUE"
ethernet2.connectionType = "custom"
ethernet2.vnet = "/dev/vmnet8"
floppy0.present = "FALSE"
ethernet1.vnet = "/dev/vmnet2"
scsi0:0.redo = ""
ethernet0.addressType = "generated"
ethernet1.addressType = "generated"
ethernet2.addressType = "generated"
uuid.location = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"
uuid.bios = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"
ethernet0.generatedAddress = "00:0c:29:53:6b:c9"
ethernet0.generatedAddressOffset = "0"
ethernet1.generatedAddress = "00:0c:29:53:6b:d3"
ethernet1.generatedAddressOffset = "10"
ethernet2.generatedAddress = "00:0c:29:53:6b:dd"
ethernet2.generatedAddressOffset = "20"
tools.remindInstall = "TRUE"
ethernet0.connectionType = "custom"
ethernet0.vnet = "/dev/vmnet1"
priority.grabbed = "normal"
priority.ungrabbed = "normal"
workingDir = "/images/tmp"
redoLogDir = "/images/tmp"
logging = "FALSE"
debug = "FALSE"
uuid.action = "keep"
snapshot.disabled = "TRUE"snapshot.action = "keep"
8/7/2019 Vmware Instructions S2008 v1 6
6/22
Page 6
You have to edit each of the .vmx files. We will start with the one for the firewall.
The lines that need to be altered are :
Original Becomes
ide1:0.fileName =
"/images/netsec/bbc/bbc-2.1.iso"
ide1:0.fileName =
"/images/netsec/bbc-2.1.iso"
displayName = "BBCtest3" displayName = "Firewall"
guestOS = "other26xlinux" guestOS = "other24xlinux"
ethernet1.connectionType =
"custom"
ethernet1.connectionType =
"hostonly"
Ethernet2.connectionType =
"custom"
Ethernet2.connectionType =
"hostonly"
Ethernet0.connectionType =
"custom"
Ethernet0.connectionType = "nat"
workingDir = "/images/tmp" workingDir =
"/images/netsec/your_login_name"
redoLogDir = "/images/tmp" redoLogDir ="/images/netsec/your_login_name"
The vmx files actually determine what hardware is present in the virtual machine.
This includes such things as Ethernet card MAC addresses. It is important that devices
that are communicating have different MAC addresses.
VMware has its own set of MAC addresses that you can use. These are
00:50:56:00:00:00 to 00:50:56:3F:FF:FF. It is important that you do this in the
internal and external machines otherwise they will not be able to communicate.
Another issue to be addressed is the type of network card used.
Type of Card Description
hostonly Network card is part of the
virtual vmware network
bridged Network card gets its own
Network address but works
through the local host
8/7/2019 Vmware Instructions S2008 v1 6
7/22
Page 7
nat Network card gets its own
Network address but works
through the local host
Changes for internal.vmx
Original Becomes
ide1:0.fileName =
"/images/netsec/bbc/bbc-2.1.iso"
ide1:0.fileName =
"/images/netsec/bbc-2.1.iso"
displayName = "BBCtest3" displayName = "Internal
guestOS = "other26xlinux" guestOS = "other24xlinux"
ethernet1.present = "TRUE"
ethernet1.connectionType =
"custom"
ethernet2.present = "TRUE"
ethernet2.connectionType =
"custom"
ethernet2.vnet = "/dev/vmnet8"
ethernet1.vnet = "/dev/vmnet2"
Delete all these lines or comment
out using #
ethernet0.addressType ="generated" ethernet0.addressType = "static"
ethernet1.addressType =
"generated"
ethernet2.addressType =
"generated"
Delete all these lines or comment out
using #
Ethernet0.connectionType =
"custom"
Ethernet0.connectionType =
"hostonly
ethernet0.generatedAddress ="00:0c:29:53:6b:c9" ethernet0.Address ="00:50:56:00:00:01"
(or some other address in the
acceptable range)
workingDir = "/images/tmp" workingDir =
"/images/netsec/your_login_name"
redoLogDir = "/images/tmp" redoLogDir =
"/images/netsec/your_login_name"
8/7/2019 Vmware Instructions S2008 v1 6
8/22
Page 8
Changes for external.vmx
Original Becomes
ide1:0.fileName ="/images/netsec/bbc/bbc-2.1.iso"
ide1:0.fileName ="/images/netsec/bbc-2.1.iso"
displayName = "BBCtest3" displayName = "External
guestOS = "other26xlinux" guestOS = "other24xlinux"
ethernet1.present = "TRUE"
ethernet1.connectionType =
"custom"
ethernet2.present = "TRUE"ethernet2.connectionType =
"custom"
ethernet2.vnet = "/dev/vmnet8"
ethernet1.vnet = "/dev/vmnet2"
Delete all these lines or comment
out using #
ethernet0.addressType =
"generated"
ethernet0.addressType = "static"
ethernet1.addressType =
"generated"
ethernet2.addressType ="generated"
Delete all these lines or comment out
using #
Ethernet0.connectionType =
"custom"
Ethernet0.connectionType =
"hostonly
ethernet0.generatedAddress =
"00:0c:29:53:6b:c9"
ethernet0.Address =
"00:50:56:00:00:02"
(or some other address in the
acceptable range, make sure its
not the same as the internal MACaddress)
workingDir = "/images/tmp" workingDir =
"/images/netsec/your_login_name"
redoLogDir = "/images/tmp" redoLogDir =
"/images/netsec/your_login_name"
8/7/2019 Vmware Instructions S2008 v1 6
9/22
Page 9
Booting up your Virtual Machines
In the KDE GUI, select the K menu, then System then VMware Player. Then click on
Open an existing virtual machine
Navigate through the File System menu option till you get to your image files in
/images/netsec/your_user_name. Double-click on the .vmx file. The system will boot
up.
Useful Tips
(1) If VMplayer prints /dev/vmnet0 not found this may be due to a rogue vmware
process. Try closing down any running VMware images and reboot the computer,then restarting again.
(2) If a system says that a lock file has been found, remove any files or directories
with the extension .lck from the directory containing your vmware configuration.
8/7/2019 Vmware Instructions S2008 v1 6
10/22
Page 10
Click on the window, key in 1 then press return. The system will boot up. Login as
root.
8/7/2019 Vmware Instructions S2008 v1 6
11/22
Page 11
Start up the internal and external vmx files in VMplayer as well. Choose the graphics
option when booting up for these machines.
Note : Entering text and using the mouse in the virtual machines.
Click on the virtual machine window. Input from the keyboard and mouse is then
captured by the VMware machine.
To release mouse and keyboard input from the machine press Cntrl-Alt
simultaneously.
8/7/2019 Vmware Instructions S2008 v1 6
12/22
Page 12
Configuring the Network Interfaces in the Virtual Machines.
The firewall.
Login as root on the firewall and run the program trivial-net-setup.
Use the OK through the various screens that appear.
8/7/2019 Vmware Instructions S2008 v1 6
13/22
Page 13
When prompted for what module to use, pick autoinsert
The system will identify the card types present and then ask you which one of the
three cards you want to configure.
8/7/2019 Vmware Instructions S2008 v1 6
14/22
8/7/2019 Vmware Instructions S2008 v1 6
15/22
Page 15
The system will get an IP address using the facultys DHCP server. You now need to
configure the other 2 ethernet cards. Run trivial-net-setup again. The procedure is
exactly the same as for eth0 up to the point where you are given the choice of usingDHCP.
8/7/2019 Vmware Instructions S2008 v1 6
16/22
Page 16
Pick the manual configuration option
For eth1, the following settings are recommended:
Setting Value
IP Address 192.168.1.1
Netmask 255.255.255.0
no gateway
no default nameserver
For eth2, the following settings are recommended:
Setting Value
IP Address 172.16.1.1
Netmask 255.255.0.0
no gateway
no default nameserver
8/7/2019 Vmware Instructions S2008 v1 6
17/22
Page 17
Once you have completed the network configuration of the firewall, you need to
configure the eth0 interface internal and external virtual machines.
This is done in exactly the same way as was done for the firewall. The details are set
out below.
For internal eth0
Setting Value
IP Address 192.168.1.2
Netmask 255.255.255.0
Gateway 192.168.1.1
no default nameserver
For external eth0, the following settings are recommended:
Setting Value
IP Address 172.16.1.2
Netmask 255.255.0.0
Gateway 172.16.1.1
no default nameserver
Enabling forwarding on the firewall.
The final step is to configure ip forwarding on the linux firewall. This is done from
the bash shell on the firewall.
echo 1 > /proc/sys/net/ipv4/ip_forward
Once this last step is completed, if everything else has been done correctly, the
machines should be able to ping each other. The screenshot below shows the external
host pinging the internal host through the firewall.
8/7/2019 Vmware Instructions S2008 v1 6
18/22
Page 18
If you wish, you may create more complex network topologies, e.g. a DMZ and/or
several external machines and/or several internal machines.
Setting up the Servers on BBC Linux
Starting the web server
This can be setup on both the internal and external machine, but should not be run onthe firewall.
The web server on BBC Linux is thttpd (trivial http server). It can be started by
running
/etc/init.d/thttpd start
From the command line.
Creating simple web pages for the web server
From the command line enter the following commands
cd /mnt/rw/var
mkdir www
cd www
vi index.html
8/7/2019 Vmware Instructions S2008 v1 6
19/22
Page 19
index.html might look like this
Main index Page
This is an example page
You can create other html files as well e.g. test.html, test1.html, etc.
Starting X windows.
X windows can be started by running the command startx. Note: X-windows is only
available if you booted up BBC-Linux with an option of 2 or greater. It should not be
run on the firewall.
Starting a browser in x-windows
8/7/2019 Vmware Instructions S2008 v1 6
20/22
Page 20
Once selected, the browsex browser can be used to access the web server. The
screenshot below shows a browser running on external accessing the web server on
internal.
Note : the browser is quite slow.
Starting the ssh server
To start the ssh server run
/etc/init.d/sshd start
Note : the ssh server should be started on all of the hosts.
By default, the root user has no password. In order for remote logins to be allowed,
the root user has to have a password. This is done by using the passwd command.
8/7/2019 Vmware Instructions S2008 v1 6
21/22
Page 21
Starting the tftp server
There is a tftp server called atftp. Firstly you need to create a directory to hold the
files to be retrieved from and sent to the tftp server. The directory is /home/tftp
This can be done by the following unix commands from the command line.
cd /home
mkdir tftp
chmod 777 tftp
cd tftp
you should create some simple text files e.g. f1.txt, f2.txt, f3.txt etc. in the tftp
directory. This can be done by using vi or by executing the command for each of the
files you want to create.
echo this is f1.txt > f1.txt
To start the tftp server type in
atfpd -daemon /home/tftp
from the command line.
This starts the tftp server and sets the directory containing files to be retrieved and
sent to the server to /home/tftp.
The tftp server should NOT be run on the firewall.
Using the tftp client
To start the tftp client, type in
atftp
at the command line.
The prompt will change to the > character.
To connect to a particular server type in
connect
e.g.
connect 192.168.1.2
will connect to a tftp server on the host at 192.168.1.2
8/7/2019 Vmware Instructions S2008 v1 6
22/22
Page 22
To retrieve files from the server type in
get
to send files type in
put
to get further information type in ? or help at the > prompt.
Type in quit to quit from the client.
Using an sftp (secure ftp) client.
It is possible to use an sftp client to retrieve data from other hosts. In particular, this is
useful for retrieving scripts from your home directory on Charlie to the firewall host.This connection goes through the eth0 (bridged or nat) network card on the firewall.
n.b. If you are unable to log in and receive a message Received message too long
try removing any welcome or other messages produced by your login scripts on
charlie.
Running netstat
You can check what ports are open by running the command
netstat t -a
An alternative approach to setting up a VMware network
It is possible to download VMware Server from the internet and use it on your laptop.
To do this you will need at least one Gigabyte of RAM to run VMware Server.
There are a number of distributions of linux that can be used. These include :
Adios Linux
Backtrack Linux
DSLplus many others.