A friend and I are working on a book on System Administration, not to mention it’s what we do for a living. In the course of these activities, a sandbox for experimenting with differing technologies is incredibly useful. The book uses CentOS/Fedora (http://www.centos.org/, http://fedoraproject.org/), but at my current job, we use Ubuntu (http://www.ubuntu.com/). And to make life more entertaining, the book and work use different technologies for monitoring, configuration management, source code control, etc.
So, in the course of my studies if all goes as planned, I’ll be presenting some How-To’s and insights for these technologies.
To start with, it is nice to have a network of virtual machines that can be standalone or have Internet connectivity, as needed. So, to start, I’ll with my run down of a great article from The Helpful Hacker website “A simple OpenBSD Router for your Virtual Machines” http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/
You ask, “Why yet another technology?”. It’s simple. Not really, with this article, it’s really simple to get a router rolling for my purposes. I’ll be exploring router/firewalls in CentOS and Ubuntu later, but for today: OpenBSD – quick and dirty. (http://www.openbsd.org/)
And because I like to work in the living room near my beautiful wife (http://ryu.k5ryu.com/gallery/view_album.php?set_albumName=CharriesHair and http://ryu.k5ryu.com/gallery/view_album.php?set_albumName=CharriesShodanTest), most of this will be done in VirtualBox (https://www.virtualbox.org/) on a Windows notebook.
- You are familiar with VirtualBox
- You have some basic system administration skills
Let’s get started. Download VirtualBox and install it on your favorite workstation. Next, go to OpenBSD and download the install54.iso from one of the mirrors.
First, let’s create our internal network. Under File>Preferences>Network, add a new Host-only network. Update the settings to have the following parameters:
- Adaptor Tab:
- IPv4 Address: 192.168.31.1
- IPv4 Network Mask: 255.255.255.0
- DHCP Server
- Enable Server
- Server Address: 192.168.31.2
- Server Mask: 255.255.255.0
- Lower Address Bound: 192.168.31.100
- Upper Address Bound: 192.168.31.200
From here, we’ll pretty much follow The Helpful Hacker article with some minor changes, and then wrap up with some networking in preparation for our sandbox.
Create a new machine:
- Name: Torii
- Type: BSD
- Version: OpenBSD (64 bit)
Couple of notes here. Unless needed, I’ll be creating all my virtual machines (VMs) as 64-bit machines. Also, you’ll note that my VM hostnames will follow a martial arts theme. For particular tasks, I’ll use canonical names (CNAMES) to assign services (WWW, MAIL, IMAP, etc) to a host.
- Memory: 64 M
- Disk: New VDI disk, Dynamically allocated, 20G
Leave the first network adaptor as a NAT. Add a second adaptor, enable it, and attach it to the Host-only Adaptor.
Now, attach the OpenBSD ISO to the CD/DVD Drive and start the machine.
- “default” keyboard
- Hostname: torii
- Configure em0
- IPv4 Address: dhcp
- IPv6 Address: none
- Choose “done” for network configuration.
- Choose a root password
- Start sshd by default: yes
- Start ntpd by default; yes
- Use default NTP server
- No to X windows
- No additional users
- I’m in US/Central timezone, but choose the appropriate one for you.
- Choose disk wd0 for the root disk
- Use DUIDs
- Use the (W)hole disk
- (A)uto layout
- Location of sets: cd
- Install media: cd0
- Pathname: 5.4/amd64
- Deselect the Xwindows sets: -x*
- Deselect the games: -g*
- And “done”
- When the sets load, choose “done”
- Set the time
And you are done! “Halt –p” the machine, unmount the disk, restart and log in as root.
Few more things, and we’ll be done:
- echo dhcp > /etc/hostname.em0
- echo “192.168.31.3 255.255.255.0” > /etc/hostname.em1
- echo “nameserver 188.8.131.52” > /etc/resolv.conf
- sh /etc/netstart
- edit /etc/sysctl.conf, and uncomment net.inet.ip.forwarding and set to 1 (Permit forwarding of IPv4 packets)
- edit /etc/rc.conf and set pf=YES (enable pf firewall)
- edit /etc/pf.conf and add to the end: “pass out on em0 from em1:network to any nat-to (em0)”
And you’re done.
If you want more details on the last steps, read the article at: http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/
For our purposes, the first step of our sandbox is done.
Next up will be the 2 sets of VMs for us to play with: four Ubuntu systems, and four CentOS systems, with one system each with a GUI for our convenience. We’ll also add 1 Fedora system to the CentOS group.
The GUI based systems will have a dual role as our workstation and as the central server for most things. More on that as we get to them.
I’m actually working on my website. First step is to see if I can get it to auto-publish to face book…