Professional Documents
Culture Documents
Introduction
This lab involves using vmware. Vmware is a suite of programs capable of running
instances of entire operating systems inside another operating system. Vmware can
run specially configured images. Alternatively, it can boot up an instance of an
operating system from a bootable cd or from an iso file.
There are a number of VMware programs available. These include VM Server and
VM player. VM player is available on the linux PCs in the labs and it can be used to
create multiple instances of operating systems. The second Assignment will involve
the use of vmware as outlined in this guide.
We will create a set of VMware files that will be arranged into a simple network. The
network will look like this.
Page 2
(1) Create a set of directories in the directory with your login name in /images/netsec/
(2) Create a set of directories on a usb memory stick which is mounted on a one of the
pcs in the Labs running linux.
(3) If you have a laptop with at least one gigabyte of RAM, you can install VMware
server on it and do the exercise and assignment 2 on it. Option 3 is the most desirable,
but it may not be available to everyone.
.vmdk This file (or files) are the system’s virtual hard drive(s).
.nvram These files store the BIOS data for the virtual machine.
Page 3
(3) There is a directory called /images which is used for storing images for use with
vmware. Inside a /images there is a subdirectory called netsec. Inside that there is a
subdirectory with your login name. This is where you will keep your VMware images
and configuration files.
cd /images/netsec/your_user_name
mkdir firewall
mkdir internal
mkdir external
(5) Get 3 copies of the basic vmx test file and put them in the directories you just
created.
cp /images/netsec/BBCtest3/BBCtest3.vmx ./firewall/firewall.vmx
cp /images/netsec/BBCtest3/BBCtest3.vmx ./internal/internal.vmx
cp /images/netsec/BBCtest3/BBCtest3.vmx ./external/external.vmx
(6) You need to alter the permissions of the vmx files as well. These need to readable
and writable for everyone as VMware alters the files.
You also need to get copies of the files BBCtest3.vmdk and BBCtest3-f001.vmdk
cp /images/netsec/BBCtest3/*vmdk ./firewall
cp /images/netsec/BBCtest3/*vmdk ./internal
cp /images/netsec/BBCtest3/*vmdk ./external
You will need to alter the contents of each of the vmx files
The next page shows the contents of the unmodified BBCtest3.vmx file.
Page 5
#!/usr/bin/vmware
config.version = "8"
virtualHW.version = "4"
scsi0.present = "TRUE"
scsi0.virtualDev = "lsilogic"
memsize = "32"
MemAllowAutoScaleDown = "FALSE"
scsi0:0.present = "TRUE"
scsi0:0.fileName = "BBCtest3.vmdk"
scsi0:0.writeThrough = "FALSE"
ide1:0.present = "TRUE"
ide1:0.fileName = "/images/netsec/bbc/bbc-2.1.iso"
ide1:0.deviceType = "cdrom-image"
floppy0.startConnected = "FALSE"
floppy0.fileName = "/dev/fd0"
ethernet0.present = "TRUE"
usb.present = "FALSE"
sound.present = "FALSE"
sound.virtualDev = "es1371"
displayName = "BBCtest3"
guestOS = "other26xlinux"
nvram = "BBCtest3.nvram"
ethernet1.present = "TRUE"
ethernet1.connectionType = "custom"
ethernet2.present = "TRUE"
ethernet2.connectionType = "custom"
ethernet2.vnet = "/dev/vmnet8"
floppy0.present = "FALSE"
ethernet1.vnet = "/dev/vmnet2"
scsi0:0.redo = ""
ethernet0.addressType = "generated"
ethernet1.addressType = "generated"
ethernet2.addressType = "generated"
uuid.location = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"
uuid.bios = "56 4d 54 72 f0 2a 88 c2-7d 54 7d 6c 57 53 6b c9"
ethernet0.generatedAddress = "00:0c:29:53:6b:c9"
ethernet0.generatedAddressOffset = "0"
ethernet1.generatedAddress = "00:0c:29:53:6b:d3"
ethernet1.generatedAddressOffset = "10"
ethernet2.generatedAddress = "00:0c:29:53:6b:dd"
ethernet2.generatedAddressOffset = "20"
tools.remindInstall = "TRUE"
ethernet0.connectionType = "custom"
ethernet0.vnet = "/dev/vmnet1"
priority.grabbed = "normal"
priority.ungrabbed = "normal"
workingDir = "/images/tmp"
redoLogDir = "/images/tmp"
logging = "FALSE"
debug = "FALSE"
uuid.action = "keep"
snapshot.disabled = "TRUE"
snapshot.action = "keep"
Page 6
You have to edit each of the .vmx files. We will start with the one for the firewall.
Original Becomes
ide1:0.fileName = ide1:0.fileName =
"/images/netsec/bbc/bbc-2.1.iso" "/images/netsec/bbc-2.1.iso"
ethernet1.connectionType = ethernet1.connectionType =
"custom" "hostonly"
Ethernet2.connectionType = Ethernet2.connectionType =
"custom" "hostonly"
The vmx files actually determine what hardware is present in the virtual machine.
This includes such things as Ethernet card MAC addresses. It is important that devices
that are communicating have different MAC addresses.
VMware has its own set of MAC addresses that you can use. These are
00:50:56:00:00:00 to 00:50:56:3F:FF:FF. It is important that you do this in the
internal and external machines otherwise they will not be able to communicate.
Original Becomes
ide1:0.fileName = ide1:0.fileName =
"/images/netsec/bbc/bbc-2.1.iso" "/images/netsec/bbc-2.1.iso"
ethernet1.vnet = "/dev/vmnet2"
Ethernet0.connectionType = Ethernet0.connectionType =
"custom" "hostonly”
ethernet0.generatedAddress = ethernet0.Address =
"00:0c:29:53:6b:c9" "00:50:56:00:00:01"
Original Becomes
ide1:0.fileName = ide1:0.fileName =
"/images/netsec/bbc/bbc-2.1.iso" "/images/netsec/bbc-2.1.iso"
ethernet1.vnet = "/dev/vmnet2"
Ethernet0.connectionType = Ethernet0.connectionType =
"custom" "hostonly”
ethernet0.generatedAddress = ethernet0.Address =
"00:0c:29:53:6b:c9" "00:50:56:00:00:02"
In the KDE GUI, select the K menu, then System then VMware Player. Then click on
“Open an existing virtual machine”
Navigate through the File System menu option till you get to your image files in
/images/netsec/your_user_name. Double-click on the .vmx file. The system will boot
up.
Useful Tips
(1) If VMplayer prints “/dev/vmnet0 not found” this may be due to a rogue vmware
process. Try closing down any running VMware images and reboot the computer,
then restarting again.
(2) If a system says that a lock file has been found, remove any files or directories
with the extension “.lck” from the directory containing your vmware configuration.
Page 10
Click on the window, key in 1 then press return. The system will boot up. Login as
root.
Page 11
Start up the internal and external vmx files in VMplayer as well. Choose the graphics
option when booting up for these machines.
Note : Entering text and using the mouse in the virtual machines.
Click on the virtual machine window. Input from the keyboard and mouse is then
captured by the VMware machine.
To release mouse and keyboard input from the machine press Cntrl-Alt
simultaneously.
Page 12
The firewall.
The system will identify the card types present and then ask you which one of the
three cards you want to configure.
Page 14
Firstly pick eth0 (This is the card that will be used with nat to connect to the real
internet). Configure eth0 using DHCP.
Page 15
The system will get an IP address using the faculty’s DHCP server. You now need to
configure the other 2 ethernet cards. Run trivial-net-setup again. The procedure is
exactly the same as for eth0 up to the point where you are given the choice of using
DHCP.
Page 16
Setting Value
IP Address 192.168.1.1
Netmask 255.255.255.0
no gateway
no default nameserver
Setting Value
IP Address 172.16.1.1
Netmask 255.255.0.0
no gateway
no default nameserver
Page 17
Once you have completed the network configuration of the firewall, you need to
configure the eth0 interface internal and external virtual machines.
This is done in exactly the same way as was done for the firewall. The details are set
out below.
IP Address 192.168.1.2
Netmask 255.255.255.0
Gateway 192.168.1.1
no default nameserver
Setting Value
IP Address 172.16.1.2
Netmask 255.255.0.0
Gateway 172.16.1.1
no default nameserver
The final step is to configure ip forwarding on the linux firewall. This is done from
the bash shell on the firewall.
Once this last step is completed, if everything else has been done correctly, the
machines should be able to ping each other. The screenshot below shows the external
host pinging the internal host through the firewall.
Page 18
If you wish, you may create more complex network topologies, e.g. a DMZ and/or
several external machines and/or several internal machines.
This can be setup on both the internal and external machine, but should not be run on
the firewall.
The web server on BBC Linux is thttpd (trivial http server). It can be started by
running
/etc/init.d/thttpd start
cd /mnt/rw/var
mkdir www
cd www
vi index.html
Page 19
<html>
<head><title>Main index Page</title>
</head>
<body>
This is an example page
</body>
</html>
You can create other html files as well e.g. test.html, test1.html, etc.
Starting X windows.
X –windows can be started by running the command startx. Note: X-windows is only
available if you booted up BBC-Linux with an option of 2 or greater. It should not be
run on the firewall.
Once selected, the browsex browser can be used to access the web server. The
screenshot below shows a browser running on external accessing the web server on
internal.
/etc/init.d/sshd start
By default, the root user has no password. In order for remote logins to be allowed,
the root user has to have a password. This is done by using the passwd command.
Page 21
There is a tftp server called atftp. Firstly you need to create a directory to hold the
files to be retrieved from and sent to the tftp server. The directory is /home/tftp
This can be done by the following unix commands from the command line.
cd /home
mkdir tftp
chmod 777 tftp
cd tftp
you should create some simple text files e.g. f1.txt, f2.txt, f3.txt etc. in the tftp
directory. This can be done by using vi or by executing the command for each of the
files you want to create.
This starts the tftp server and sets the directory containing files to be retrieved and
sent to the server to /home/tftp.
atftp
e.g.
connect 192.168.1.2
get <filename>
put <filename>
It is possible to use an sftp client to retrieve data from other hosts. In particular, this is
useful for retrieving scripts from your home directory on Charlie to the firewall host.
This connection goes through the eth0 (bridged or nat) network card on the firewall.
n.b. If you are unable to log in and receive a message “Received message too long”
try removing any welcome or other messages produced by your login scripts on
charlie.
Running netstat
You can check what ports are open by running the command
netstat –t -a
It is possible to download VMware Server from the internet and use it on your laptop.
To do this you will need at least one Gigabyte of RAM to run VMware Server.
There are a number of distributions of linux that can be used. These include :
Adios Linux
Backtrack Linux
DSL
plus many others.