Category Archives: Network

Virtualbox – Web Server ABC

Do you want to learn to make a website but don’t want to install http server on your host? In this guide I will show how to set up a guest OS and some popular tools for web servers.

Requirements:
virtualbox local network – see previous post

Time:
60 min

Table of content

Introduction


Without any doubt the most common http server is apache. What OS that is best to use it with is a bit more divided. In the Linux world the the most popular the free distros is probably CentOS. It’s based on RedHat Enterprise Linux which makes it a bit different from the Ubuntu clones we’ve used in the previous posts, and because we will make a web server we will not use any desktop environment. In matter fact to learn as much as possible we will install the minimum CentOS! Because we do it in a guest we can still use web browser in our host, something that is really nice when you need to ask google for help.
It might seem bothersome to have the server on a guest since you need to set up the VM environment properly to use network, but these days virtual servers is quite common: they use less power and you don’t have to turn your apartment into a storage room for computers.

Step 0 – Install CentOS


Download the iso from https://www.centos.org/download/. I use CentOS-7-x86_64-DVD-1503-01.iso in this guide.

CentOS will give you a warning if you don’t have more than one processor:
Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported

During the installation do the following options:

INSTALLATION DESTINATION
Encrypt my data:  enable.

SOFTWARE SELECTION
Minimal install

NETWORK & HOST NAME
Make sure you turn your connection on.

Create a user called ‘admin’ with administration privilege. The installation on my machine was really resource heavy and lags a lot, I have never experienced it with other distros.

Step 1 – Installing the environment


First thing is to update the system.
#yum update
#yum upgrade

If you have only used Ubuntu then you might wonder what yum is. It’s the package manager for RHEL (well, until recently when it switched to dnf). The basic usage is similar to apt-get.

We will only use console so we need a console based editor:
#yum install vim

Since we are going console mode it would be nice to multiplex. There are two options, tmux and screen . In this tutorial I will use screen.
The alternative is of course to use the different virtual consoles [ctrl alt F1 -F6], but you can do a lot of other nice things with screen so it is recommended.
#yum install screen
$screen

Now let’s change the default ssh port. In /etc/ssh/sshd_config find ‘#port 22’ and remove the ‘#’ and set the port to 50022:
port 50022

Find PermitRootLogin and set it to no
PermitRootLogin no

Save and exit.
You will need to restart the ssh server for the changes to take effect:
#systemctl restart sshd

Go a head and try it if you want:
$ssh admin@localhost
ssh: connection to host localhost port 22: Connection refused
$ssh root@localhost -p 50222
Permission denied, please try again
$ssh admin@localhost -p 50222

Step 2 – setting up network


We will open up one more guest. This guest needs a desktop environment since we will use a web browser. I will use a Xubuntu guest. Let’s call the CentOS guest C and the Xubuntu guest X.
First add both guest C and X to a local network like we did previous. Let C still have it’s NAT adapter, but remove the cable.

webserver_networki
Get the ip of C:
$ip addr
192.168.3.2

Make sure we can ssh from X to C:
$ssh admin@192.168.3.2 -p 50022
ssh: connect to host 192.168.3.2 port 50022: No route to host

Strange, let’s see if we can ping C:
$ping 192.168.3.2
4 packets transmitted, 4 received, 0% packet loss, time 3005ms

It seem as we can reach the host. The port seem to be closed. Something is blocking it, most likely a firewall.

Step 3 – iptables


Many Linux distros comes with a firewall/IP filter called iptables*. It’s a really complex and advanced module and I will only cover some basics in this tutorial. If you got some time check out this awesome tutorial.

Make sure your NAT adapter is unplugged for guest C. Now let’s turn of iptables:
#iptables -P INPUT ACCEPT
#iptables -F

The first line allows all input (so make sure internet adapter is unplugged!). The second line flushes the table.

Retry to ssh from X to C.
It works. Now we need to add some real rules to iptables.
We want to allow ssh connections on port 50022, and since we will set up a web server we will also open port 80.

#iptables -P INPUT DROP
This line adds a policy to drop all incoming traffic.
We still want to accept http and ssh so we need to add some exceptions:
#iptables -A INPUT -p tcp –dport 50022 -j ACCEPT
#iptables -A INPUT -p tcp –dport 80 -j ACCEPT
Both this lines makes the firewall accept port 50022 and 80 for tcp traffic.

#iptables -P FORWARD DROP
Drop all forwarding
#iptables -P OUTPUT DROP
Allow all outgoing traffic

Lastly we will allow incoming traffic for already established or related traffic.
#iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

* CentOS 7 uses firewallD – but I still had to open the port in iptables.

Step 4 -apache


Connect your adapter to internet again and install apache:
#yum install httpd
Then start the service:
#systemctl start httpd.service

Now from guest X open the web browser and enter the ip address of C.
You should see the default test page.

connected

 

Conclusion


It’s quite easy to create a web server on a virtual machine. Usually when you use a virtual machine for hosting you use the VM in a headless state and connect to it through ssh – there’s no point of having a GUI at all. This requires static IP and that the host forwards the traffic to the guest though. We will have a look in upcoming posts of some alternatives to connect to your virtual web server from the outside.

Virtuabox – Networks

VM makes it possible to have a network of different guests, an useful tool when studding network or server development. In this guide I show how to set up a network of guests.

Requirements:
Basic networking

Time:
Around 30 min

Table of content

Introduction


Sooner or later you want to connect to one of your guest OS. But they don’t have a physical network adapter and they are hidden behind your host. It’s actually not as tricky as it seem, virtualbox comes with its own DHCP server that you can configure and you can select different types of network adapters.

Because we will use multiple guests I will refer them to guest A and guest B. For this guide both will be Xubuntu, like we set up previously, but any kind of Ubuntu clone should work.

Step 0 – Setup ssh


To test that we can reach other machines we will connect with ssh. Start guest A.
The ssh client is already installed, but we will have to install the ssh server that makes it possible to connect to your machine.
#apt-get install openssh-server

The configuration for sshd is in /etc/ssh/sshd_config
We will edit it, so install your favorite editor – I prefer vim:
#apt-get install vim
Then:
#vim /etc/ssh/sshd_config

There’s a lot of settings but what I normally do right after installation is to set “PermitRootLogin no” and change the port. Both these changes are for security reasons. We will change the port in another post so for now just change PermitRootLogin.

Start it by*:
#service ssh start
To check the status of ssh on Xubuntu:
#service ssh status
ssh start/running, process 5283

Last thing to do is to test it by connecting to our self:
$ssh <username>@localhost

 

ssh_first


* On most modern Linux system you should use systemctl, however it is not adapted by xubuntu 14. If your distro use systemctl try:
#systemctl start sshd

Step 1 – Setup the Network


We need to know the IP of guest A:
$ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:c1:53:16 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0

That means the guest has IP 10.0.2.15 on eth0. The device id “eth0” will be important later when we use multiple network interfaces.

Start guest B and keep A running. Since we won’t connect to guest B only from it, it’s not necessary to install the ssh-server.
Try to connect to guest A from B:
$ssh <username>@10.0.2.15
ssh: connect to host 10.0.2.15 port 22: Connection refused

Refused, check what the ip for guest B is:
$ip addr
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0

Hm, that’s not good ,they have same IP.

The guests are also hidden from each other behind the host, so they’re given the same IP. The host doesn’t automatically route the traffic. What we need is a LAN where the guest can reach each other.

Step 2 – Setting dhcpserver


We need a DHCP Server. A DHCP Server is responsible for giving devices on a network a valid IP address, normally your wireless router does this for you at home.

Open terminal in your host:
(If you use windows go to your virtalbox installation folder, default is ‘program files\oracle\virtualbox’)

The parameters you need to set is the following:
–netname: This must be the same as the network name for adapter 3. I choose “inet-1”
ip: This is the IP to your DHCP server, Don’t choose the same as for your host’s network. My host has 192.168.0.1 so I picked 192.168.3.1 (I like to use the same digit as my adapter for the second last number).
–netmask: Depending on how big network you want, but should probably be 255.255.255.0
–lowerip: Lowest IP a connected machine can have. I choose 192.168.3.2 (avoid ending with 0 or 1).
–upperip: Highest IP a connection can have. I picked 192.168.3.254 (avoid ending with 255)
–enable: This flag must be set or the DHCP Server won’t be used.


See the manual
for further information about dhcpserver.

My command look like this:
>VBoxManage dhcpserver add –netname inet-1 -ip 192.168.3.1 –netmask 255.255.255.0 –lowerip 192.168.1.2 –upperip 192.168.3.254 –enable

Turn off the machines so that you can modify them. Select Guest A in virtualbox and go to Network. Adapter 1 shows attached to NAT, network address translation. In other words the adapter just translate the traffics destination to the guest. Disable it and select adapter 3.
Change the attach to internal network to “inet-1”.
Do the same for guest B.

inet
Restart the guests. Try ip addr on guest A and B:
A:
inet 192.168.3.3/24 brd 192.168.3.255 scope global eth0
B:
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0

Looks good, let’s try ssh from B to A now:
$ssh <username>@192.168.3.3
ssh_success

Step 3 – Where’s my internet?


If you start a web browser you notice that you cannot connect to internet anymore. Since your adapter is only connected to LAN you can’t reach to the outside world anymore. The easiest fix for this is to add adapter 1 again.
However if you do ip addr you will notice that you now have two network interface with their own IP:
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
inet 192.168.3.3/24 brd 192.168.3.255 scope global eth1

What we have done here is to plug one cable to the internet outlet and we one to our LAN router. Some times this is what we want, but it is not a very common setup. What we would like to do is to have our router connected to internet and then translating the addresses for all the machines in the LAN. This can be done by NAT Network.

Open a console on your host.

The parameters you need to set is the following:
–netname: the name of the NAT network. I choose nnet-1
–network: the ip of this network. This will also be the range of IP that the dhcp will give to connected machines. I choose 192.168.2.0/24
–enable: this flag must be set to use the network
–dhcp: If you want dhcp set it to “on”

See the manual for more information about natnetwork

My command line look like this:

>VBoxManage natnetwork add –netname nnet-1 –network 192.168.3.0/24 –enable –dhcp on
Disable adapter 1 and 3. Enable Adapter 2 and select attached to NAT Network and select the network we just created.

Start your guests again and make sure you can use internet.
Then try to connect from B to A again by ssh.

It works!

Conclusion


Now you can set up a network with several guests. It is much cheaper than buying several physical computers and requires less space and power. But what kind of Network should you choose? If you are playing around with a web server it is more secure to use the LAN solution, but it is also troublesome if you want to install software.
If you only want to use internet some times you could do the LAN solution with a NAT adapter. You can at any time uncheck the “Cable connected” and you will go offline.