CS183: Lab 6

CS183 Lab 6: Routing

Goal: In this lab, you will learn how to setup a simple Linux-based router.

Details: You will need to use 2 VMs, each with two Ethernet interfaces. You will need to disable the primary interface (eth0) from one VM, the Host VM, and route all the traffic from this VM via another VM, the Router VM. You will use tools like ping, traceroute and tcpdump to make sure this is the case.

There are several ways of creating two VMs we need for this lab. One way of doing this is to add a secondary ethernet adaptor on the existing VM, and then copy the whole VM directory to a new one. For example:

Make sure the partition where /extra resides has at least extra 5G disk space before starting this lab. If not, you will have to move your VM to another unoccupied machine that has enough disk space.
Start the VMWare program (do NOT power on your VM just yet). From the menu, select VM/Settings, add a secondary Ethernet adaptor, pick Host-only as the network connection, and terminate the VMWare.
Duplicate the original VM, say from weesan to weesan2:
```
  $ cp -av /extra/weesan /extra/weesan2
```

Then, start the VMware for both VMs, one at a time. Be warned that when starting the 2nd VM, VMware will detect that and ask if you need to create a new ID for the VM, just click "CREATE".

Configure the VMs.
- The Router VM (the 1st VM)
  - Login the Router VM as root, setup the secondary interface (eth1) with IP address of 10.0.0.1/24. Be sure to check out the routing table and identify the default route before and after setting up the IP address. Add a default route if it is missing after setting up the IP address.
  - On the Router VM only, check out its IP Forwarding feature, /proc/sys/net/ipv4/ip_forward. Make sure it is enabled, ie. 1 instead of 0.
- The Host VM (the 2nd VM)
  - Login the Host VM as root, disable the primary interface (eth0).
  - Setup the secondary interface (eth1) with IP address of 10.0.0.2/24.
  - Add a default gateway of 10.0.0.1 to the secondary interface. Make sure it is the case by showing the routing table of the Host VM.
Show that all traffic from the Host VM go through the Router VM. For example, run "ping 74.125.19.99" on the Host VM and "tcpdump" on the Router VM's eth1, show that the ping was successful and the tcpdump correctly captured the ping packets from the host VM.
Since a secondary Ethernet adaptor was just added and each new adaptor usually receives an IP address automatically via DHCP, the content of /etc/resolv.conf on your VMs will be changed. So, replace the content of /etc/resolv.conf as below:
```
nameserver 138.23.169.10
```
Note that this only fixes the hostname resolution on the Router VM but not the Host VM due to a firewall issue on the Router VM. In order to get around this problem (ie. be able to run "ping www.google.com" instead of "ping 74.125.19.99" on the Host VM above), you will need to disable the firewall rules on the Router VM (and on the Router VM only) to allow name resolution on the Host VM:
```
/etc/init.d/iptables stop
```
We will "fix" this in the firewall lab exercise.
Edit /etc/sysconfig/network, /etc/sysconfig/network-scripts/ifcfg-eth[01] on both VMs to make the changes persistent. Also, change the "HOSTNAME" in /etc/sysconfig/network of the VMs to reflect their role. For example, "router" for the Router VM and "host" for the Host VM. Additionally, on the Router VM only, enable IP forwarding by changing net.ipv4.ip_forward to 1 in /etc/sysctl.conf.
Reboot both VMs to make sure the changes persist over reboot. Show that it is the case in your report.

Questions

The outputs that show all the traffic from the Host VM go through the Router VM.

Scoring

Attendance - 10%
Question 1 - 20%
The rest of the report - 70%

Notes & Tips:

Start one VM at a time, not both!
A sample lab report can be downloaded from here.