Vmware Instructions S2008 v1 6

8/7/2019 Vmware Instructions S2008 v1 6

1/22

Page 1

Firewall Lab Instructions (v 1.6)

Introduction

This lab involves using vmware. Vmware is a suite of programs capable of running

instances of entire operating systems inside another operating system. Vmware canrun specially configured images. Alternatively, it can boot up an instance of an

operating system from a bootable cd or from an iso file.

There are a number of VMware programs available. These include VM Server and

VM player. VM player is available on the linux PCs in the labs and it can be used to

create multiple instances of operating systems. The second Assignment will involve

the use of vmware as outlined in this guide.

We will create a set of VMware files that will be arranged into a simple network. The

network will look like this.


2/22

Page 2

Here is a more detailed picture of the virtual network

There are a number of possible approaches to setting up the virtual network.

(1) Create a set of directories in the directory with your login name in /images/netsec/

(2) Create a set of directories on a usb memory stick which is mounted on a one of the

pcs in the Labs running linux.

(3) If you have a laptop with at least one gigabyte of RAM, you can install VMware

server on it and do the exercise and assignment 2 on it. Option 3 is the most desirable,

but it may not be available to everyone.

Files used in the running of VMware

File extension Description

.vmx Basic VMware configuration file

.vmdk This file (or files) are the systems virtual hard drive(s).

.vmsn / .vmsd It is possible to take snapshots of the system while it is

running A vmsn file stores the state of the system when the

snapshot was taken. The vmsd file stores information about

the snapshots.

.nvram These files store the BIOS data for the virtual machine.


3/22

Page 3

Instructions for setting up and using VMware in the Labs

(1) Boot up into linux using KDE or Gnome.

(2) Open a terminal

(3) There is a directory called /images which is used for storing images for use with

vmware. Inside a /images there is a subdirectory called netsec. Inside that there is a

subdirectory with your login name. This is where you will keep your VMware images

and configuration files.

cd /images/netsec/your_user_name

(4) now make 3 directories

mkdir firewall

mkdir internal

mkdir external

(5) Get 3 copies of the basic vmx test file and put them in the directories you just

created.

cp /images/netsec/BBCtest3/BBCtest3.vmx ./firewall/firewall.vmx

cp /images/netsec/BBCtest3/BBCtest3.vmx ./internal/internal.vmx

cp /images/netsec/BBCtest3/BBCtest3.vmx ./external/external.vmx

(6) You need to alter the permissions of the vmx files as well. These need to readable

and writable for everyone as VMware alters the files.

chmod 666 ./firewall/firewall.vmx

chmod 666 ./internal/internal.vmx

chmod 666 ./external/external.vmx

You also need to get copies of the files BBCtest3.vmdk and BBCtest3-f001.vmdk

cp /images/netsec/BBCtest3/*vmdk ./firewall

cp /images/netsec/BBCtest3/*vmdk ./internal

cp /images/netsec/BBCtest3/*vmdk ./external

These also need to be made writable for everyone

chmod 666 ./firewall/*vmdk

chmod 666 ./internal/*vmdk

chmod 666 ./external/*vmdk


4/22

Page 4

You will need to alter the contents of each of the vmx files

The next page shows the contents of the unmodified BBCtest3.vmx file.


5/22

Page 5

#!/usr/bin/vmware

config.version = "8"

virtualHW.version = "4"

scsi0.present = "TRUE"

scsi0.virtualDev = "lsilogic"

memsize = "32"

MemAllowAutoScaleDown = "FALSE"scsi0:0.present = "TRUE"

scsi0:0.fileName = "BBCtest3.vmdk"

scsi0:0.writeThrough = "FALSE"

ide1:0.present = "TRUE"

ide1:0.fileName = "/images/netsec/bbc/bbc-2.1.iso"

ide1:0.deviceType = "cdrom-image"

floppy0.startConnected = "FALSE"

floppy0.fileName = "/dev/fd0"

ethernet0.present = "TRUE"

usb.present = "FALSE"

sound.present = "FALSE"

sound.virtualDev = "es1371"

displayName = "BBCtest3"guestOS = "other26xlinux"

nvram = "BBCtest3.nvram"


ethernet1.connectionType = "custom"



ethernet2.vnet = "/dev/vmnet8"

floppy0.present = "FALSE"


scsi0:0.redo = ""

ethernet0.addressType = "generated"



uuid.location = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"

uuid.bios = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"

ethernet0.generatedAddress = "00:0c:29:53:6b:c9"

ethernet0.generatedAddressOffset = "0"

ethernet1.generatedAddress = "00:0c:29:53:6b:d3"


ethernet2.generatedAddress = "00:0c:29:53:6b:dd"


tools.remindInstall = "TRUE"



priority.grabbed = "normal"

priority.ungrabbed = "normal"

workingDir = "/images/tmp"

redoLogDir = "/images/tmp"

logging = "FALSE"

debug = "FALSE"

uuid.action = "keep"

snapshot.disabled = "TRUE"snapshot.action = "keep"


6/22

Page 6

You have to edit each of the .vmx files. We will start with the one for the firewall.

The lines that need to be altered are :

Original Becomes

ide1:0.fileName =

"/images/netsec/bbc/bbc-2.1.iso"

ide1:0.fileName =

"/images/netsec/bbc-2.1.iso"

displayName = "BBCtest3" displayName = "Firewall"

guestOS = "other26xlinux" guestOS = "other24xlinux"

ethernet1.connectionType =

"custom"


"hostonly"

Ethernet2.connectionType =

"custom"


"hostonly"


"custom"

Ethernet0.connectionType = "nat"

workingDir = "/images/tmp" workingDir =

"/images/netsec/your_login_name"

redoLogDir = "/images/tmp" redoLogDir ="/images/netsec/your_login_name"

The vmx files actually determine what hardware is present in the virtual machine.

This includes such things as Ethernet card MAC addresses. It is important that devices

that are communicating have different MAC addresses.

VMware has its own set of MAC addresses that you can use. These are

00:50:56:00:00:00 to 00:50:56:3F:FF:FF. It is important that you do this in the

internal and external machines otherwise they will not be able to communicate.

Another issue to be addressed is the type of network card used.

Type of Card Description

hostonly Network card is part of the

virtual vmware network

bridged Network card gets its own

Network address but works

through the local host


7/22

Page 7

nat Network card gets its own

Network address but works

through the local host

Changes for internal.vmx

Original Becomes

ide1:0.fileName =

"/images/netsec/bbc/bbc-2.1.iso"

ide1:0.fileName =

"/images/netsec/bbc-2.1.iso"

displayName = "BBCtest3" displayName = "Internal




"custom"



"custom"



Delete all these lines or comment

out using #

ethernet0.addressType ="generated" ethernet0.addressType = "static"

ethernet1.addressType =

"generated"


"generated"

Delete all these lines or comment out

using #


"custom"


"hostonly

ethernet0.generatedAddress ="00:0c:29:53:6b:c9" ethernet0.Address ="00:50:56:00:00:01"

(or some other address in the

acceptable range)



redoLogDir = "/images/tmp" redoLogDir =



8/22

Page 8

Changes for external.vmx

Original Becomes

ide1:0.fileName ="/images/netsec/bbc/bbc-2.1.iso"

ide1:0.fileName ="/images/netsec/bbc-2.1.iso"

displayName = "BBCtest3" displayName = "External




"custom"

ethernet2.present = "TRUE"ethernet2.connectionType =

"custom"



Delete all these lines or comment

out using #


"generated"

ethernet0.addressType = "static"


"generated"

ethernet2.addressType ="generated"

Delete all these lines or comment out

using #


"custom"


"hostonly

ethernet0.generatedAddress =

"00:0c:29:53:6b:c9"

ethernet0.Address =

"00:50:56:00:00:02"

(or some other address in the

acceptable range, make sure its

not the same as the internal MACaddress)



redoLogDir = "/images/tmp" redoLogDir =



9/22

Page 9

Booting up your Virtual Machines

In the KDE GUI, select the K menu, then System then VMware Player. Then click on

Open an existing virtual machine

Navigate through the File System menu option till you get to your image files in

/images/netsec/your_user_name. Double-click on the .vmx file. The system will boot

up.

Useful Tips

(1) If VMplayer prints /dev/vmnet0 not found this may be due to a rogue vmware

process. Try closing down any running VMware images and reboot the computer,then restarting again.

(2) If a system says that a lock file has been found, remove any files or directories

with the extension .lck from the directory containing your vmware configuration.


10/22

Page 10

Click on the window, key in 1 then press return. The system will boot up. Login as

root.


11/22

Page 11

Start up the internal and external vmx files in VMplayer as well. Choose the graphics

option when booting up for these machines.

Note : Entering text and using the mouse in the virtual machines.

Click on the virtual machine window. Input from the keyboard and mouse is then

captured by the VMware machine.

To release mouse and keyboard input from the machine press Cntrl-Alt

simultaneously.


12/22

Page 12

Configuring the Network Interfaces in the Virtual Machines.

The firewall.

Login as root on the firewall and run the program trivial-net-setup.

Use the OK through the various screens that appear.


13/22

Page 13

When prompted for what module to use, pick autoinsert

The system will identify the card types present and then ask you which one of the

three cards you want to configure.


14/22


15/22

Page 15

The system will get an IP address using the facultys DHCP server. You now need to

configure the other 2 ethernet cards. Run trivial-net-setup again. The procedure is

exactly the same as for eth0 up to the point where you are given the choice of usingDHCP.


16/22

Page 16

Pick the manual configuration option

For eth1, the following settings are recommended:

Setting Value

IP Address 192.168.1.1

Netmask 255.255.255.0

no gateway

no default nameserver

For eth2, the following settings are recommended:

Setting Value


Netmask 255.255.0.0

no gateway



17/22

Page 17

Once you have completed the network configuration of the firewall, you need to

configure the eth0 interface internal and external virtual machines.

This is done in exactly the same way as was done for the firewall. The details are set

out below.

For internal eth0

Setting Value


Netmask 255.255.255.0

Gateway 192.168.1.1


For external eth0, the following settings are recommended:

Setting Value


Netmask 255.255.0.0

Gateway 172.16.1.1


Enabling forwarding on the firewall.

The final step is to configure ip forwarding on the linux firewall. This is done from

the bash shell on the firewall.

echo 1 > /proc/sys/net/ipv4/ip_forward

Once this last step is completed, if everything else has been done correctly, the

machines should be able to ping each other. The screenshot below shows the external

host pinging the internal host through the firewall.


18/22

Page 18

If you wish, you may create more complex network topologies, e.g. a DMZ and/or

several external machines and/or several internal machines.

Setting up the Servers on BBC Linux

Starting the web server

This can be setup on both the internal and external machine, but should not be run onthe firewall.

The web server on BBC Linux is thttpd (trivial http server). It can be started by

running

/etc/init.d/thttpd start

From the command line.

Creating simple web pages for the web server

From the command line enter the following commands

cd /mnt/rw/var

mkdir www

cd www

vi index.html


19/22

Page 19

index.html might look like this

Main index Page

This is an example page

You can create other html files as well e.g. test.html, test1.html, etc.

Starting X windows.

X windows can be started by running the command startx. Note: X-windows is only

available if you booted up BBC-Linux with an option of 2 or greater. It should not be

run on the firewall.

Starting a browser in x-windows


20/22

Page 20

Once selected, the browsex browser can be used to access the web server. The

screenshot below shows a browser running on external accessing the web server on

internal.

Note : the browser is quite slow.

Starting the ssh server

To start the ssh server run

/etc/init.d/sshd start

Note : the ssh server should be started on all of the hosts.

By default, the root user has no password. In order for remote logins to be allowed,

the root user has to have a password. This is done by using the passwd command.


21/22

Page 21

Starting the tftp server

There is a tftp server called atftp. Firstly you need to create a directory to hold the

files to be retrieved from and sent to the tftp server. The directory is /home/tftp

This can be done by the following unix commands from the command line.

cd /home

mkdir tftp

chmod 777 tftp

cd tftp

you should create some simple text files e.g. f1.txt, f2.txt, f3.txt etc. in the tftp

directory. This can be done by using vi or by executing the command for each of the

files you want to create.

echo this is f1.txt > f1.txt

To start the tftp server type in

atfpd -daemon /home/tftp

from the command line.

This starts the tftp server and sets the directory containing files to be retrieved and

sent to the server to /home/tftp.

The tftp server should NOT be run on the firewall.

Using the tftp client

To start the tftp client, type in

atftp

at the command line.

The prompt will change to the > character.

To connect to a particular server type in

connect

e.g.

connect 192.168.1.2

will connect to a tftp server on the host at 192.168.1.2


22/22

Page 22

To retrieve files from the server type in

get

to send files type in

put

to get further information type in ? or help at the > prompt.

Type in quit to quit from the client.

Using an sftp (secure ftp) client.

It is possible to use an sftp client to retrieve data from other hosts. In particular, this is

useful for retrieving scripts from your home directory on Charlie to the firewall host.This connection goes through the eth0 (bridged or nat) network card on the firewall.

n.b. If you are unable to log in and receive a message Received message too long

try removing any welcome or other messages produced by your login scripts on

charlie.

Running netstat

You can check what ports are open by running the command

netstat t -a

An alternative approach to setting up a VMware network

It is possible to download VMware Server from the internet and use it on your laptop.

To do this you will need at least one Gigabyte of RAM to run VMware Server.

There are a number of distributions of linux that can be used. These include :

Adios Linux

Backtrack Linux

DSLplus many others.

Vmware Instructions S2008 v1 6

Documents

Transcript of Vmware Instructions S2008 v1 6