Author Archive

Building a Virtual Sandbox (Part I)

Updated: 11/27/2013

A friend and I are working on a book on System Administration, not to mention it’s what we do for a living.  In the course of these activities, a sandbox for experimenting with differing technologies is incredibly useful.  The book uses CentOS/Fedora (http://www.centos.org/, http://fedoraproject.org/), but at my current job, we use Ubuntu (http://www.ubuntu.com/).  And to make life more entertaining, the book and work use different technologies for monitoring, configuration management, source code control, etc.

So, in the course of my studies if all goes as planned, I’ll be presenting some How-To’s and insights for these technologies.

To start with, it is nice to have a network of virtual machines that can be standalone or have Internet connectivity, as needed.  So, to start, I’ll with my run down of a great article from The Helpful Hacker website “A simple OpenBSD Router for your Virtual Machines” http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/

You ask, “Why yet another technology?”.  It’s simple.  Not really, with this article, it’s really simple to get a router rolling for my purposes.  I’ll be exploring router/firewalls in CentOS and Ubuntu later, but for today: OpenBSD – quick and dirty. (http://www.openbsd.org/)

And because I like to work in the living room near my beautiful wife (http://ryu.k5ryu.com/gallery/view_album.php?set_albumName=CharriesHair and http://ryu.k5ryu.com/gallery/view_album.php?set_albumName=CharriesShodanTest), most of this will be done in VirtualBox (https://www.virtualbox.org/) on a Windows notebook.

Some assumptions:

  1. You are familiar with VirtualBox
  2. You have some basic system administration skills

Let’s get started.  Download VirtualBox and install it on your favorite workstation.  Next, go to OpenBSD and download the install54.iso from one of the mirrors.

First, let’s create our internal network.  Under File>Preferences>Network, add a new Host-only network.  Update the settings to have the following parameters:

  1. Adaptor Tab:
    1. IPv4 Address: 192.168.31.1
    2. IPv4 Network Mask: 255.255.255.0
  2. DHCP Server
    1. Enable Server
    2. Server Address: 192.168.31.2
    3. Server Mask: 255.255.255.0
    4. Lower Address Bound: 192.168.31.100
    5. Upper Address Bound: 192.168.31.200

From here, we’ll pretty much follow The Helpful Hacker article with some minor changes, and then wrap up with some networking in preparation for our sandbox.

Create a new machine:

  1. Name: Torii
  2. Type: BSD
  3. Version: OpenBSD (64 bit)

Couple of notes here.  Unless needed, I’ll be creating all my virtual machines (VMs) as 64-bit machines.  Also, you’ll note that my VM hostnames will follow a martial arts theme.  For particular tasks, I’ll use canonical names (CNAMES) to assign services (WWW, MAIL, IMAP, etc) to a host.

Host parameters:

  1. Memory: 64 M
  2. Disk: New VDI disk, Dynamically allocated, 20G

Leave the first network adaptor as a NAT.   Add a second adaptor, enable it, and attach it to the Host-only Adaptor.

Now, attach the OpenBSD ISO to the CD/DVD Drive and start the machine.

  1. (I)nstall
  2. “default” keyboard
  3. Hostname: torii
  4. Configure em0
  5. IPv4 Address: dhcp
  6. IPv6 Address: none
  7. Choose “done” for network configuration.
  8. Choose a root password
  9. Start sshd by default: yes
  10. Start ntpd by default; yes
  11. Use default NTP server
  12. No to X windows
  13. No additional users
  14. I’m in US/Central timezone, but choose the appropriate one for you.
  15. Choose disk wd0 for the root disk
  16. Use DUIDs
  17. Use the (W)hole disk
  18. (A)uto layout
  19. Location of sets: cd
  20. Install media: cd0
  21. Pathname: 5.4/amd64
  22. Deselect the Xwindows sets: -x*
  23. Deselect the games: -g*
  24. And “done”
  25. When the sets load, choose “done”
  26. Set the time

And you are done!  “Halt –p” the machine, unmount the disk, restart and log in as root.

Few more things, and we’ll be done:

  1. echo dhcp > /etc/hostname.em0
  2. echo “192.168.31.3 255.255.255.0” > /etc/hostname.em1
  3. echo “nameserver 8.8.8.8” > /etc/resolv.conf
  4. sh /etc/netstart
  5. edit /etc/sysctl.conf, and uncomment net.inet.ip.forwarding and set to 1 (Permit forwarding of IPv4 packets)
  6. edit /etc/rc.conf and set pf=YES (enable pf firewall)
  7. edit /etc/pf.conf and add to the end: “pass out on em0 from em1:network to any nat-to (em0)”
  8. reboot

And you’re done.

 

If you want more details on the last steps, read the article at: http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/

For our purposes, the first step of our sandbox is done.

Next up will be the 2 sets of VMs for us to play with: four Ubuntu systems, and four CentOS systems, with one system each with a GUI for our convenience.  We’ll also add 1 Fedora system to the CentOS group.

The GUI based systems will have a dual role as our workstation and as the central server for most things.  More on that as we get to them.

Believe it or not…

I’m actually working on my website. First step is to see if I can get it to auto-publish to face book…

Hello world!

Welcome  to my new home on the Web.   You can find most of my old files from http://www.ryu.com, now under lease to Respect Your Universe, LLC, at http://ryu.k5ryu.com Over time, this site will subsume all the old files, but that will take a while…

More later, as I have time.

JRSM