IFN507 Network Systems
P11: Addressing, Routing and Remote Filesystems in Linux
Practical 11
Addressing, Routing and Remote Filesystems in Linux
Introduction
This practical will cover some basic networking functions in Linux. You require the 4 Linux server virtual machines to complete this practical these are available on Blackboard and are already preinstalled on the computers in the lab. You are first going to construct a small network using the four server virtual machines. You will configure IP addressing (IPv4), routing and IP forwarding to allow all the server virtual machines to communicate with each other. See Figure 1 for the network topology. See Table 1 for the IP addressing information.
Figure 1 network topology
Table 1 IP addressing configuration
Device
Interface
Address
ifn507-server-1
enp0s3
192.168.41.1
enp0s8
192.168.42.1
ifn507-server-2
enp0s3
192.168.42.2
ifn507-server-3
enp0s3
192.168.41.3
enp0s8
192.168.43.3
ifn507-server-4
enp0s3
192.168.43.4
As you can see this small network consists of 4 PCs connected to three different subnets. You will notice that server-1 and server-3 have two network interface cards (NICs) which allows them to participate in two different subnets simultaneously. These 2 machines will act as routers. By the end of the lab activities, you will be able to communicate across the entire network, i.e. server-2 will be able to communicate with server-4.
The username and password for all the virtual machines is the same as the desktop virtual machine you have been using for the prior practical sessions. The details have been provided in Table 2 in case you need a refresher.
Table 2 virtual machine details
Hostnames
username
password
No. of NIC
Attached to
ifn507-desktop
ifn507
1qaz2wsx
2
NAT and Internal
ifn507-server-1
ifn507
1qaz2wsx
2
Internal
ifn507-server-2
ifn507
1qaz2wsx
1
Internal
ifn507-server-3
ifn507
1qaz2wsx
2
Internal
ifn507-server-4
ifn507
1qaz2wsx
1
Internal
The virtual machines have their NICs set to ‘Internal Network’. This keeps your virtual lab environment separate and isolated from your host PC environment and the rest of your network. This also means your virtual machines will not have access to the Internet. If you require Internet access to install packages, you will need to ensure you change the networking mode to be NAT and ensure your VM is set to obtain an IP address automatically rather than statically assigned. Table 3 shows a brief comparison of the different networking modes in Virtual Box.
Table 3 network modes in Virtual Box
Mode
VM to Host
Host to VM
VM to VM
VM to Internet/
LAN
Internet/
LAN to VM
Host-only
✔
✔
✔
❌
❌
Internal
❌
❌
✔
❌
❌
Bridged
✔
✔
✔
✔
✔
NAT
✔
✔
(with port forwarding)
❌
✔
✔
(with port forwarding)
You can read more about network modes in the Virtual Box User Manual.
Lab Activities
· Lab Activity 1: Configure Static IP addressing on Linux hosts
· Lab Activity 2: Configure routing to allow hosts to communicate
· Lab Activity 3: Verify routing settings
· Lab Activity 4: Examine locally mounted file systems
· Lab Activity 5: Creating and accessing remote SMB shares
· Lab Activity 6: Host Management using DHCP
Lab Activity 1: Configure Static IP Addressing on Linux Hosts
There are many relevant commands for setting up and testing networking configuration in a Linux environment. Browse through the man pages for the following commands relevant to this practical session:
· ip
· route
· ping
· traceroute
· netplan
With Linux networking configuration there are commands that can be used to change the settings that are temporary. There are also methods you can use to make permanent changes. We will cover both methods in this activity.
Configuring IP Addressing Temporarily
The ip command is used to configure and enable/disable the network interfaces. There is other functionality in the command which you can learn about on the man page. For this unit, you only need to understand how to:
· Display network interfaces of a system
· Bring up, or enable an interface
· Bring down, or disable an interface
· Configure the IP & netmask of an interface
These are the steps you must follow to configure all the IP addresses for all the interfaces as per the network topology in Figure 1 and the IP addresses in Table 1. You need to execute these commands on each virtual machine and for each network interface. These steps get you to disable the interface, check its status, configure its address and subnet mask, re-enable it, and check its status to verify the changes.
Step 1: Use the ip command to disable network interfaces on each virtual machine
Step 2: Check the network interface status using ip address or ip link show
Step 3: Configure static IP addressing using the ip command.
ip address [ add | del ] address dev interface
Step 4: Use the ip command to enable the network interfaces.
Step 5: Verify the configuration result using the ip command.
Configuring IP Addressing Permanently
Using the ip command to configure IP addressing will NOT persist after a system restart. To configure IP addressing permanently, you need to use one of text editors (e.g. nano) to edit the interface configuration, i.e. /etc/network/interfaces (prior to Ubuntu 18.04) or use netplan tool for Ubuntu 18.04 onwards.
As we are using Ubuntu 18.04 in these practical sessions, we will learn how to use netplan. To configure netplan, edit and save configuration files under /etc/netplan with a .yaml extension file, for example /etc/netplan/config.yaml. Netplan will evaluate ALL files in the netplan folder that have a .yaml extension and try to apply the configuration from all of them. In the example provided in Figure 2, the default file 50-cloud-init.yaml has been amended without the need to create any additonal .yaml files.
Some notes about netplan:
· It is extremely senstive about correct spacing. It needs to be consistent throughout the .yaml file or it will fail. I would strongly discourage the use of tabs in the whitespace. Use spaces instead, as any combination of tabs and spaces will fail.
· There are examples of netplan usage for just about every scenario you could think of on the Netplan Examples page.
· When you use your text editor to edit the .yaml file, make sure you use sudo, or you wont be able to save it! E.g. sudo nano /etc/netplan/50-cloud.init.yaml
· Once you have completed the configuration in the .yaml file, you must run sudo netplan apply to apply the changes to the system.
· IMPORTANT: Leave the dhcp4:true directive inside the file as shown in the example. This will allow you to change between internal network and NAT network in the Virtual Box settings when you require Internet access to download packages without editing the .yaml file again. When you change between these modes, you will be required to run sudo netplan apply to force the system to detect the change and obtain or discard the dhcp address.
The example configuration has been provided for server-1 in Figure 2. Take this example and apply the syntax to help you to configure all the virtual machines.
Figure 2 server-1 .yaml configuration file
Lab Activity 2: Configure Routing to Allow Hosts to Communicate
You must have successfully completed Lab Activity 1 to continue. If the addressing has not been setup correctly, the routing will not work. The task is not to setup routes so that every device on the network can communicate with every other device.
As you can see from the topology, server-1 and server-3 will be acting as routers, which will enable server-2 and server-4 to be able to communicate with each other. As the packets will be passing though server-1 and server-3, they will require IP forwarding to be enabled (see the lecture slides). Even though these machines have two NICs, they will not act as routers unless you explicitly give them instructions to do so.
Your task in this activity is to determine what routing entries need to exist on each host, as well as default routes if needed.
Using the “route” command, place the necessary remote route entries in each virtual machine routing table. To add and remove routes, you can use the syntax:
# sudo ip route [add|del] ROUTE
Remember to add the necessary return routes as well. To enable every host to reach every other host you only need to configure two (2) hosts as routers (i.e., enable IP Forwarding). Configure ifn507-server-1 and ifn507-server-3 as routers (these are the hosts that have more than one network connection. The remaining two hosts (ifn507-server-2 and ifn507-server-4) only have one network connection and therefore only need a default route added.
Note: Another approach you could use for the two end point nodes (server-2 and server-4) is to setup a default gateway using netplan, rather than adding a default route in the routing table.
Step 1: Add 1 static route to ifn507-server-1, and then check the configuration result. Namely add 192.168.43.0/24 via next hop 192.168.41.3.
Step 2: Add 1 static route to ifn507-server-3 and then check the configuration result. Namely add 192.168.42.0/24 via next hop 192.168.41.1.
Step 3: Add a default route to ifn507-server-2 and then check the configuration result. Namely add the default route via next hop 192.168.42.1.
Step 4: Add a default route to ifn507-server4 and then check the configuration result. Namely add the default route via next hop 192.168.43.3.
Step 5: Use the sysctl command to switch on IP forwarding in the kernel of hosts that will be required to route packets between networks (ifn507-server-1 and ifn507-Server3).
Lab Activity 3: Verify Routing Settings
Step 1: Once all the routing entries are entered, use ping to test the connectivity between nodes. Use the following table with the ping utility to test the connectivity between network hosts.
To
From
ifn507-server1
(192.168.41.1)
(192.168.42.1)
ifn507-server2
(192.168.42.2)
ifn507-server3
(192.168.41.3)
(192.168.43.3)
ifn507-server4
(192.168.43.4)
ifn507-server1
(192.168.41.1)
(192.168.42.1)
❌
ifn507-server2
(192.168.42.2)
❌
ifn507-server3
(192.168.41.3)
(192.168.43.3)
❌
ifn507-server4
(192.168.43.4)
❌
Step 2: Use the following table with the traceroute command to observe the path packets take.
Server 1 to Server2
Server 1 to server4
Server 2 to Server3
Server 2 to Server4
Server 3 to Server1
Server 3 to Server2
Server 4 to Server1
Server 4 to Server2
Lab Activity 4: Examine Locally Mounted File Systems
Unlike Microsoft operating systems which treat each device or partition as a separate drive; all partitions are mounted onto the filesystem in Unix/Linux. As such managing local and remote file systems is another important system administration task. Common remote file system protocols are Network File System (NFS) and Common Internet File System/Server Message Block (CIFS/SMB).
· NFS is basically developed for sharing of files and folders between Linux/Unix systems by Sun Microsystems in 1980. It allows you to mount your local file systems over a network and remote hosts to interact with them as they are mounted locally on the same system.
· CIFS/SMB is an application-level network protocol used for resources sharing, such as provide shared access to files and printer on a network. You can access CIFS/SMB share from Linux (using SAMBA – the Linux implementation of SMB) and mount them as a regular filesystem.
Browse the man pages for the following commands, these are the commands you will need to use for the remaining activities:
· mount
· umount
· exports
· showmount
· smbclient
Note: If the nfs-kernel-server package is NOT installed, you will only be able to view the man page for exports inside the virtual machines.
Note:
From this week on most of the commands and programs we use will log error messages to the system logger syslogd. As part of your debugging process to work out why commands or programs don’t work the way you expect, consider looking in the system log files. A good practice maybe to use tail to get the last 10 or 20 lines from the log file, as that is most likely where the error log messages are. The log files that are most relevant are:
· /var/log/daemon.log
· /var/log/messages
· /var/log/syslog
Q1. Examine the output of the mount command without any options. Explain what you see.
Lab Activity 5: Creating and Accessing Remote SMB Shares
In this exercise you will create and mount SMB/CIFS server using ifn507-server-1 and ifn507-server-3. Note that you need to make sure the first interface is set to NAT mode so you can download the necessary packages and connections.
Reference: https://help.ubuntu.com/lts/serverguide/samba-fileserver.html.en-AU
You will require to install some packages from the Internet on both server-1 and server-3.
Installing Packages
Ifn507-server-1 will act as the SMB Samba server, while ifn507-server-3 will act as the Samba client.
From ifn507-server-1:
1. Change the network interface from internal network to NAT for adapter 1 in virtual box settings and run sudo netplan apply. Ensure you have left the dhcp4:true directive in the .yaml file in Activity 1.
2. Update the apt package manager with the latest list of available packages with the sudo apt update command.
3. Install the Samba server by running sudo apt install samba
4. Once setup is complete, change the interface back to Internal network and rerun the sudo netplan apply command.
From ifn507-server-3:
1. Exactly as per server-1 except in step 3, the command will be sudo apt install samba-client cifs-utils
Setup Samba Server
This activity is all performed on the Samba server which is ifn507-server-1
Step 1: The main Samba configuration file is in /etc/samba/smb.conf. Edit and add the file such that:
workgroup = IFN507
…
security = user
…
[share]
comment = IFN507 SMB Share Folder
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755
Step 2: Create the share folder /srv/samba/share and change the owner to nobody:nogroup and the permissions to allow all full control.
Step 3: Restart the samba services to enable the new configuration
sudo systemctl restart smbd.service nmbd.service
Setup Samba Client and Access the Samba Server
This activity is performed on the Samba client which is ifn507-server-3. Step 5 is performed on ifn507-server-1 to verify the connection.
Step 1: Display a list of exported (shared) directories from the file server, which are available for mounting using the smbclient command
Step 2: Create a directory to mount the remote file system on (also known as a mount point). Make the mount point /mnt/smb
Step 3: Mount the share folder from the Samba server to /mnt/smb.
Step 4: View the contents (list of files) of the /mnt/smb. Copy any file from your local machine to /mnt/smb.
Step 5: View the contents of the folder /srv/samba/share on ifn507-server-1. You should see the file you copied, which verifies you were able to access the share and copy files to the remote server.
Step 6: Unmount the share from the file system on ifn507-server-3.
Lab Activity 6: Host Management Using DHCP
You will configure a DHCP server in this activity on ifn507-server-1. This server will provide network configuration to the client ifn507-server-2. The network topology can be seen in Figure 1 as well as the network addressing table. Ensure you have installed the required packages BEFORE you commence the activity.
Required Packages:
Ifn507-server-1
isc-dhcp-server
Figure 3 Network topology for Lab Activity 6
Addressing table:
Device
Interface
IP address
Network Mode
ifn507-server-1
enp0s3
Automatically assigned by VirtualBox
NAT
enp0s8
192.168.1.1/24
Internal
ifn507-server-2
enp0s3
Assigned by the DHCP server (ifn507-server-1)
Internal
The DHCP server will need to provide the following configuration to the clients:
· An IP address in the range 192.168.1.10 to 192.168.1.50
· A default gateway of 192.168.1.1 (ifn507-server-1, enp0s8)
· An appropriate and subnet mask
· The addresses of the Google DNS servers (8.8.8.8 and 8.8.4.4)
Note: Care should be taken to ensure the DHCP server only listens for requests on enp0s8 (internal network) and NOT enp0s3 (outside network). Failure to ensure this could lead to the DHCP server becoming live on the network, which could cause other devices to lose their network connection.
Step 1. Configure the IP addresses on the ifn507-server-1.
Step 2. Configure the IP addresses on the ifn507-server-2.
Step 3. Enable NAT on ifn507-server-1 by using the following command
~$ sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o enp0s3 -j MASQUERADE
Step 4. Ensure ifn507-server-1 is configured to forward packets between networks by using the following command
~$ sudo sysctl net.ipv4.ip_forward=1
Step 5. Modify the default /etc/dhcp/dhcpd.conf on ifn507-server-1 to suit the above requirements.
Step 6. Restart the isc-dhcp-server service on ifn507-server-
Step 7. On ifn507-server-2, force it to request an IP address using ‘sudo netplan apply’
Step 8. On ifn507-server-2 to verify that an IP address was assigned. What address was assigned?
Using DHCP to Assign a Fixed Address
In the previous exercise you configured the DHCP server to allocate a random address from a pool of available addresses. In this exercise, you will configure the DHCP server to allocate a fixed IP address to a specific host based on the hosts MAC address.
Step 1. Use the ip address command on ifn507-server-2 to determine the MAC or Hardware Address of enp0s3 (referred to as link/ether)
Step 2. On ifn507-server-1, modify /etc/dhcp/dhcpd.conf to contain a fixed address entry for ifn507-server-2, with the IP address 192.168.1.99
Step 3. Restart isc-dhcp-server on ifn507-server-1 and reapply the ifn507-server-2 netplan. What is the new IP address on ifn507-server-2?
End of Practical
1
ifn507-server-2 ifn507-server-1 ifn507-server-3 ifn507-server-4
enp0s3 enp0s3 enp0s3 enp0s3enp0s8 enp0s8
192.168.42.2 192.168.42.1 192.168.41.1 192.168.41.3 192.168.43.3 192.168.43.4
ifn507-server-2ifn507-server-1ifn507-server-3ifn507-server-4
enp0s3 enp0s3enp0s3 enp0s3enp0s8 enp0s8
192.168.42.2192.168.42.1192.168.41.1192.168.41.3192.168.43.3192.168.43.4