waldek
/
linux_course_doc
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity
linux_course_doc/modules/resources/exercise_networking.md

4.9 KiB
Raw Blame History

Essential Networking on Debian

VirtualBox has multiple options when it comes to it's networking settings. We've already used two different ones, NAT and bridged, but we'll now try to create our own internal network. For this we'll need a few minimal Debian installations. I invite you to install at the least two basic installations.

  • One will become our router
  • The other one our first client

Static routing

The most basic way of setting your network settings in Debian can be found in the /etc/network/interfaces file. When you open it you'll notice it mentions it sources a folder called interfaces.d. The choice is up to you whether you set your networking settings in this file or create a new file in the folder but I advise you to go for the second way. Don't just copy/paste the code below, check whether the interface names and ranges make sense!

auto eth0
iface eth0 inet static
	address 10.0.0.1
	netmask 255.255.255.0
	gateway 10.0.0.1

overview

If you set both machines with addresses in the same range, you should be able to ping each other. Have a go at this until you can make it work. Which service do you have to restart of reload to apply your changes?

Forwarding traffic

One of our machines is supposed to be a router and the other a client. Right now we can just ping between both machines but the outside world is completely invisible to us. How can we tackle this? Do we need more equipment?

An overview of what we would like to accomplish can be seen below.

overview

In VirtualBox we can add more than one network adapter. On the router machine I would like you to add a second network interface and set it to bridged mode. When you reboot you should notice you have two network cards. Can you ping outside of your network now?

You could try and add a dhcp configuration to your /etc/network/interfaces file for this second interface. Once this is done, how do you ask for an IP address from the dhcp server? Have a look at the dhclient program to see how it works.

Now, if everything went OK your router should have two IP addresses, one in the 10.0.0.0/24 range and one in the 192.168.0.0/24 range. Who gave you this second address? Can the client ping both IP addresses? Can the client now ping outside of the network?

The easiest way to achieve routing between your internal network and the outside world is to enable NAT on your router. In order to do this, you need to do 2 things. First enable the kernel to actually forward packages, secondly iptables needs to do masquerading. You can do both these things with just to simple commands on you router.

  1. IP forwarding needs to be setup on the router
  2. NAT needs to be enabled

From here on out all your clients should have internet access but you won't be able to ping your clients from outside your network. Your clients can ping each other and the internet at large but for clients outside of their mini network the router will masquerade the IP address. This means that from outside your network, you'll never be able to ping a specific client, just the router itself.

sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE

These settings won't save themselves so next time you reboot they'll be missing. For the kernel option you should have a look at /etc/sysctl.conf. In this file you can enable, disable or set kernel values.

To save iptables rules have a look online but this and this.

Extra Challenge

Your client machines are now behind a NAT. Can you think of a way to ssh into them? As you can only ping the router from outside of the network you'll have to setup port forwarding. On Debian this is done with iptables.

DHCP

We'll start from scratch again now. I would like you to create a new mini network of machines. You can install a few new Debian machines, each with a different hostname

big network

Solo labo

Try to go as far as you can with following the network layout below. You'll have to create quite a few virtual machines machines so grouping them and having a consistent naming scheme is advised.

solo labo layout

I would break it down as such:

  • 1 VM to be the bridge between all your clients and the LAN of the class
    • 1 network interface in bridged mode (connects to my LAN)
    • 2 network interfaces in internal network mode (they should be named differently LSN/RSN)
  • 1 VM on the left side with:
    • 4 network interfaces (LSN/LSN1/LSN2/LSN3)
    • can run the DHCP for all these subnets'
  • 4 VM as clients per subnet (so 3 * 4 = 12)

The setup is mirrored on the right side so rinse and repeat.