waldek
/
linux_course_doc
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity
linux_course_doc/modules/resources/exercise_networking.md

113 lines
4.9 KiB
Markdown
Raw Blame History

# Essential Networking on Debian
VirtualBox has multiple options when it comes to it's networking settings.
We've already used two different ones, *NAT* and *bridged*, but we'll now try to create our own *internal* network.
For this we'll need a few minimal Debian installations.
I invite you to install at the least two basic installations.
* One will become our router
* The other one our first client
## Static routing
The most basic way of setting your network settings in Debian can be found in the `/etc/network/interfaces` file.
When you open it you'll notice it mentions it sources a folder called `interfaces.d`.
The choice is up to you whether you set your networking settings in this file or create a new file in the folder but I advise you to go for the second way.
Don't just *copy/paste* the code below, check whether the interface names and ranges make sense!
```bash
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
gateway 10.0.0.1
```
![overview](./network_basic.png)
If you set both machines with addresses in the same range, you should be able to ping each other.
Have a go at this until you can make it work.
Which service do you have to restart of reload to apply your changes?
## Forwarding traffic
One of our machines is supposed to be a router and the other a client.
Right now we can just ping between both machines but the outside world is completely invisible to us.
How can we tackle this?
Do we need more equipment?
An overview of what we would like to accomplish can be seen below.
![overview](./network_large.png)
In VirtualBox we can add more than one network adapter.
On the router machine I would like you to add a second network interface and set it to *bridged mode*.
When you reboot you should notice you have two network cards.
Can you ping outside of your network now?
You could try and add a dhcp configuration to your `/etc/network/interfaces` file for this second interface.
Once this is done, how do you ask for an IP address from the dhcp server?
Have a look at the `dhclient` program to see how it works.
Now, if everything went OK your router should have two IP addresses, one in the 10.0.0.0/24 range and one in the 192.168.0.0/24 range.
Who gave you this second address?
Can the client ping both IP addresses?
Can the client now ping outside of the network?
The *easiest* way to achieve routing between your internal network and the outside world is to enable [NAT](https://en.wikipedia.org/wiki/Network_address_translation) on your router.
In order to do this, you need to do 2 things.
First enable the kernel to actually forward packages, secondly `iptables` needs to do masquerading.
You can do both these things with just to simple commands on you router.
1. IP forwarding needs to be setup on the router
2. NAT needs to be enabled
From here on out all your clients *should* have internet access but you won't be able to `ping` your clients from outside your network.
Your clients can ping each other and the internet at large but for clients **outside** of their mini network the router will **masquerade** the IP address.
This means that from outside your network, you'll never be able to ping a specific client, just the router itself.
```bash
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE
```
These settings won't save themselves so next time you reboot they'll be missing.
For the kernel option you should have a look at `/etc/sysctl.conf`.
In this file you can enable, disable or set kernel values.
To save `iptables` rules have a look online but [this](http://www.faqs.org/docs/iptables/iptables-save.html) and [this](https://zertrin.org/projects/iptables-persistent/).
### Extra Challenge
Your client machines are now behind a NAT.
Can you think of a way to ssh into them?
As you can only ping the router from outside of the network you'll have to setup [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding).
On Debian this is done with [iptables](https://serverfault.com/questions/532569/how-to-do-port-forwarding-redirecting-on-debian#532575).
## DHCP
We'll start from scratch again now.
I would like you to create a new mini network of machines.
You can install a few new Debian machines, each with a different `hostname`
![big network](./network_big.png)
## Solo labo
Try to go as far as you can with following the network layout below.
You'll have to create quite a few virtual machines machines so grouping them and having a consistent naming scheme is advised.
![solo labo layout](./network_solo.png)
I would break it down as such:
* 1 VM to be the bridge between all your clients and the LAN of the class
* 1 network interface in **bridged** mode (connects to my LAN)
* 2 network interfaces in **internal network** mode (they should be named differently **LSN/RSN**)
* 1 VM on the left side with:
* 4 network interfaces (**LSN/LSN1/LSN2/LSN3**)
* can run the DHCP for all these subnets'
* 4 VM as clients per subnet (so 3 * 4 = 12)
The setup is mirrored on the right side so rinse and repeat.
Reference in New Issue View Git Blame Copy Permalink