-
Notifications
You must be signed in to change notification settings - Fork 3
/
Centos07Base.xml
1546 lines (1546 loc) · 58.9 KB
/
Centos07Base.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="UTF-8"?><?asciidoc-toc?><?asciidoc-numbered?><article xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en">
<info>
<title>Base Lab Configuration For CentOS 7</title>
<date>2020-04-27</date>
</info>
<simpara>Michael Pare <<link xl:href="mailto:michael.pare@mymail.champlain.edu">michael.pare@mymail.champlain.edu</link>>
version 0.1, 2020-04-12</simpara>
<section xml:id="_abstract">
<title>Abstract</title>
<simpara>This Test Lab Guide (TLG) will provide the user with step-by-step instructions on how to configure a basic network configuration using CentOS 7 servers and a CentOS 7 client. The resulting test lab environment will provide a stable base for building other test labs. It is recommended that users preserve the start of their test machines once this walk-through has been successfully completed. In a physical environment the hard drive of the machine can be imaged. In a virtual environment, the “snapshot” or equivalent feature can be used to preserve the current state of the operating system. Preserving the working conditions of the basic test lab will allow the user to experiment without fear of having to completely rebuild their environment. The ultimate goal of the TLG is to familiarize the user with the CentOS 7 Operating system and how to deploy common network services based on that operating system, and ultimately enable the user to conduct their own experiments in a CentOS 7 based environment.</simpara>
</section>
<section xml:id="_introduction">
<title>Introduction</title>
<simpara>The purpose of the Test Lab Guides (TLGs) is providing users with practical guidelines for deploying current operating systems in a way that results in a functional configuration. Using a TLG will instruct the user in which servers to create, how to configure the operating systems and services, and how to install and configure additional software. A TLG experience enables the user to experience the entire set-up process from start to finish.</simpara>
<simpara>This TLG is written with the goals of reusability and extensibility in mind. The purpose of this particular TLG is to enable the creation of a basic network utilizing CentOS 7 as the central operating system. Once this network is complete several other TLGs can be built on top of this base configuration.</simpara>
<simpara>Once this lab is completed, it would be wise to save the initial configuration. How this is best done will depend on how the test environment was originally deployed. A physical environment can be preserved by imaging the drives of each machine to be stored in a separate location and retrieved when needed. In a network deployed virtually, a snapshot can be taken of each machine. This will preserve the current settings and configurations. Preserving the lab in a functional state is important, because it allows for a functional configuration to be restored without completely repeating the base lab configuration steps. This is helpful for correcting after a mistake or generating a test environment for a new product.</simpara>
<sidebar>
<simpara>Note: If you are completing these TLG’s in a virtual environment using VMWare and have access to an electronic copy of this document, and you have VMWare Tools installed on the Virtual Machine, utilize the ability to copy and paste text from the host machine to the VM. Copying and pasting will help to reduce typos and command errors.</simpara>
<itemizedlist>
<listitem>
<simpara>Highlight and right-click a command from this document</simpara>
</listitem>
<listitem>
<simpara>Click Copy</simpara>
</listitem>
<listitem>
<simpara>Right-click in the virtual machine where you would like to copy the text to and click Paste</simpara>
</listitem>
<listitem>
<simpara>If you are working inside a terminal, you may only need to right click in order to copy the command over</simpara>
</listitem>
</itemizedlist>
</sidebar>
<simpara><emphasis role="strong">Terminology</emphasis></simpara>
<simpara>A Records.<?asciidoc-br?>
AAAA Records.<?asciidoc-br?>
Active Directory (AD).<?asciidoc-br?>
CNAME Records.<?asciidoc-br?>
Domain Controller (DC).<?asciidoc-br?>
Domain Name System (DNS).<?asciidoc-br?>
Dynamic Host Configuration Protocol (DHCP).<?asciidoc-br?>
Firewalld.<?asciidoc-br?>
Google Public DNS.<?asciidoc-br?>
GNU’s Not Linux (GNU).<?asciidoc-br?>
GNU nano.<?asciidoc-br?>
IP Forwarding.<?asciidoc-br?>
iptables.<?asciidoc-br?>
Network Address Translation (NAT).<?asciidoc-br?>
Network Interface Controller (NIC).<?asciidoc-br?>
Network Manager (nmtui).<?asciidoc-br?>
NS Records.<?asciidoc-br?>
PTR Records.<?asciidoc-br?>
Samba.<?asciidoc-br?>
Xfce Desktop Environment.<?asciidoc-br?></simpara>
</section>
<section xml:id="_disclaimer">
<title>Disclaimer</title>
<simpara>This website contains work created for informational purposes. Information may be out of date or changed or updated without notice. By using this website, you recognize and agree that all information is provided “AS IS” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.</simpara>
<simpara>The entire risk arising out of the use of these guides remains with you. IN NO EVENT SHALL CHAMPLAIN COLLEGE, ITS STUDENTS, FACULTY, OR ANYONE ELSE INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE GUIDES BE LIABLE TO ANY PERSON FOR ANY DIRECT, INDIRECT, SPECIAL, OR OTHER CONSEQUENTIAL DAMAGES FOR ANY USE OF THE MATERIAL ON THIS WEBSITE. This includes, without limitation, damages for lost profits, business interruption, loss of data or business information, damage to computer equipment or networks, or other loss arising out of the use of any information in the guides</simpara>
</section>
<section xml:id="_overview_of_this_test_lab_guide">
<title>Overview of this Test Lab Guide</title>
<simpara>This document contains instructions for settings up the CentOS 7 base configuration test lab by deploying two servers running CentOS 7, one client running CentOS 7 and one firewall built on CentOS 7. Once completed, the lab will simulate the functioning of a private intranet.</simpara>
<simpara>Important: The instructions provided in this document are for educational purposes. They do not represent best practices nor are they recommendations for a production network. These configurations should not be put into place on a production network. This network should be deployed on a separate network specific to testing (physical or virtual).</simpara>
<section xml:id="_network_design">
<title>Network Design</title>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="networkdiagram.jpg"/>
</imageobject>
<textobject><phrase>network diagram</phrase></textobject>
</mediaobject>
</informalfigure>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/fire.png"/>
</imageobject>
<textobject><phrase>fire</phrase></textobject>
</inlinemediaobject> <emphasis role="strong"><emphasis>Firewall</emphasis></emphasis></simpara>
<simpara>IP Address: 192.168.100.1/24</simpara>
<simpara>Hostname: firewall.college.com</simpara>
<literallayout class="monospaced">The Firewall’s purpose is to handle traffic between the Intranet and Internet. This means that it will act as a router directing traffic. There are two interfaces on Firewall, one is the external/Internet-facing called ens192 and the other is the internal/Intranet-facing called ens224.</literallayout>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/server.png"/>
</imageobject>
<textobject><phrase>server</phrase></textobject>
</inlinemediaobject> <emphasis role="strong"><emphasis>DC1</emphasis></emphasis></simpara>
<simpara>IP Address: 192.168.100.2</simpara>
<simpara>Gateway: 192.168.100.1</simpara>
<simpara>DNS Server: 127.0.0.1</simpara>
<simpara>Hostname: dc1.college.com</simpara>
<literallayout class="monospaced">This will be configured as the Intranet’s Domain Name System (DNS) and the Dynamic Host Configuration Protocol (DHCP) server.</literallayout>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/database.png"/>
</imageobject>
<textobject><phrase>database</phrase></textobject>
</inlinemediaobject> <emphasis role="strong"><emphasis>App1</emphasis></emphasis></simpara>
<simpara>IP Address: 192.168.100.3</simpara>
<simpara>Gateway: 192.168.100.1</simpara>
<simpara>DNS Server: 192.168.100.2</simpara>
<simpara>Hostname: app1.college.com</simpara>
<literallayout class="monospaced">This is an internal web and application server.</literallayout>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/desktop.png"/>
</imageobject>
<textobject><phrase>desktop</phrase></textobject>
</inlinemediaobject> <emphasis role="strong"><emphasis>Client1</emphasis></emphasis>
IP Address: Dynamic</simpara>
<simpara>DNS Server: 192.168.100.2</simpara>
<simpara>Hostname: client1.college.com</simpara>
<literallayout class="monospaced">Client1 is a workstation that has the ability to switch between the Intranet and Internet subnet.</literallayout>
</section>
<section xml:id="_hardware_and_software_requirements">
<title>Hardware and Software Requirements</title>
<simpara>Minimum requirements:</simpara>
<itemizedlist>
<listitem>
<simpara>Four functioning computers or VMs for configuration with OpenBSD installed.</simpara>
</listitem>
</itemizedlist>
</section>
<section xml:id="_using_sudo">
<title>Using “Sudo”</title>
<simpara>When running many commands throughout these TLGs you may be required to use ‘sudo’ depending on the level of privilege the current user has. The ‘sudo’ command allows the command following it to be run at superuser privileges. It is important to note that the user must be in the ‘sudoers’ file in order to successfully use this command. If you make the account an administrator while installing, it will be added to the ‘sudoers’ file automatically. Once a command is preceded by ‘sudo’ the user will be prompted for the password for the account and then the command can be run at superuser privilege. For details on how to give a user ‘sudo’ privilege see the Appendix (How to Give a User to Sudo Privileges).</simpara>
</section>
</section>
<section xml:id="_configuring_the_environment">
<title>Configuring the Environment</title>
<section xml:id="_step_one_configure_firewall">
<title><emphasis role="strong">Step One - Configure Firewall</emphasis></title>
<simpara role="lead">The below instructions detail the installation and setup of Firewall. The last section, Troubleshooting, has some information on common problems that people come across.</simpara>
</section>
<section xml:id="_install_the_operating_system_on_firewall">
<title>Install the Operating System on Firewall</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Start CentOS7 Firewall.</simpara>
</listitem>
<listitem>
<simpara>Hit Enter to select “Install CentOS 7.”</simpara>
</listitem>
<listitem>
<simpara>On the “Welcome to CentOS Linux 7” page, select the appropriate language and region.</simpara>
</listitem>
<listitem>
<simpara>On “Installation Summary,” under “System,” select “Installation Destination.”</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Check and click that the VMware Virtual disk has been selected. It will highlight in blue.</simpara>
</listitem>
<listitem>
<simpara>Click “Done” in the top left-hand corner to move back to the “Installation Summary” page.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>To continue, click “Begin Installation.”</simpara>
</listitem>
<listitem>
<simpara>In “Configuration,” set the appropriate Root Password.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Root Password: <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Ch@mplain!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>On the same “Configuration” screen, Create a User.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Full Name: Champlain</simpara>
</listitem>
<listitem>
<simpara>Recommended User Name: <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> champlain</simpara>
</listitem>
<listitem>
<simpara>Check box “Make this user administrator”</simpara>
</listitem>
<listitem>
<simpara>Recommended Password: <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> S3cur1ty!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Once installation is complete, click “Reboot.”</simpara>
</listitem>
<listitem>
<simpara>Logon to the credentials you just created.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: root</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: Ch@mplain!18</simpara>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: champlain</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: S3cur1ty!18</simpara>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_tcpip">
<title>Configure TCP/IP</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Ensure that Network Manager is running. Type <literal>systemctl status NetworkManager</literal>.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>You should see “Active: active (running)” in green if it is running.</simpara>
</listitem>
<listitem>
<simpara>If it is not running, enter the command sudo <literal>systemctl start NetworkManager.service</literal>.</simpara>
</listitem>
<listitem>
<simpara>If the service fails to launch, check the logs by entering the command <literal>sudo systemctl status NetworkManager.service -l</literal>.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>This is for the Internet-facing interface. Enter the command <literal>nmtui</literal> to enter the Network Manager.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Select “Edit a connection.”</simpara>
</listitem>
<listitem>
<simpara>Select the Internet-facing interface, ens192, and use the arrow keys to select “<Edit…>”</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to ensure that “IPv4 CONFIGURATION” is set to “<Automatic>”</simpara>
</listitem>
<listitem>
<simpara>At the very bottom, ensure that the brackets in front of “Automatically connect” have an X by hitting the spacebar while highlighting them.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “<OK>” then “<Back>” and press Enter to go back to the main menu of Network Manager.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “Quit” and press Enter to exit the editor.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Now, repeat for Intranet-facing interface.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Select “Edit a connection.”</simpara>
</listitem>
<listitem>
<simpara>Select the Intranet-facing interface, ens224, and use the arrow keys to select “<Edit…>”</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to ensure that “IPv4 CONFIGURATION” is set to “<Manual>”</simpara>
</listitem>
<listitem>
<simpara>Under “Addresses” add in “192.168.100.1/24”</simpara>
</listitem>
<listitem>
<simpara>At the very bottom, ensure that the brackets in front of “Automatically connect” have an X by hitting the spacebar while highlighting them.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “<OK>” then “<Back>” and press Enter to go back to the main menu of Network Manager.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “Quit” and press Enter to exit the editor.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Change the hostname. To change the hostname to firewall.college.com use the following command: <literal>sudo hostnamectl set-hostname firewall.college.com</literal>.</simpara>
</listitem>
<listitem>
<simpara>Restart the network using <literal>sudo systemctl restart network</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_install_and_use_of_nano">
<title>Install and Use of Nano</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Run the command sudo <literal>yum install nano -y</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_nat_rules">
<title>Configure NAT Rules</title>
<literallayout class="monospaced">This will allow the system to act as a router and to allow traffic from the internal network out to the external network.</literallayout>
<orderedlist numeration="arabic">
<listitem>
<simpara>Enable IP forwarding by entering the command <literal>sudo echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.d/ip_forward.conf</literal>.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>You will need to be root to perform this task.</simpara>
</listitem>
<listitem>
<simpara>Switch back to champlain user afterwards using su champlain.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Add the external-facing NIC to Firewalld’s “public” zone by typing: <literal>sudo firewall-cmd --zone=public --add-interface=ens192 --permanent</literal></simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Where ens192 is the name of the external interface</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Add the internal-facing NIC to Firewalld’s “internal” zone by typing: <literal>sudo firewall-cmd --zone=internal --add-interface=ens224 --permanent</literal></simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Where “ens224” is the name of the internal interface</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Apply masquerading to the external Firewalld zone by typing: <literal>sudo firewall-cmd --zone=public --add-masquerade --permanent</literal></simpara>
</listitem>
<listitem>
<simpara>Save those changes by typing: <literal>sudo firewall-cmd --complete-reload</literal></simpara>
</listitem>
<listitem>
<simpara>Enable NAT by entering the command <literal>sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -l POSTROUTING -o ens224 -j MASQUERADE -s 192.168.100.0/24</literal>.</simpara>
</listitem>
<listitem>
<simpara>Restart the firewall to save using <literal>sudo firewall-cmd --reload</literal>.</simpara>
</listitem>
<listitem>
<simpara>Configure NAT rules on iptables. Enter the following commands.
<literal>sudo iptables -F</literal>
<literal>sudo iptables -P INPUT ACCEPT</literal>
<literal>sudo iptables -P OUTPUT ACCEPT</literal></simpara>
</listitem>
<listitem>
<simpara>Ensure NAT rules on iptables remains on boot. Add in the commands from earlier for NAT by entering the command <literal>sudo nano /etc/rc.local</literal>. This will open the file in Nano Editor.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Add in the following at the end:</simpara>
<literallayout class="monospaced"># NAT Rules
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT</literallayout>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="natrules.jpg"/>
</imageobject>
<textobject><phrase>Network Address Translation rules</phrase></textobject>
</mediaobject>
</informalfigure>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>The above ensures that the NAT rules are still in place on reboot.</simpara>
</listitem>
<listitem>
<simpara>Press Ctrl+X to exit the Nano Editor then hit Y to save the file and hit Enter to save it with the same name.</simpara>
</listitem>
</orderedlist>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/star.png"/>
</imageobject>
<textobject><phrase>star</phrase></textobject>
</inlinemediaobject> Congratulations, Firewall is now configured.</simpara>
</section>
<section xml:id="_step_two_configure_dc1">
<title><emphasis role="strong">Step Two - Configure DC1</emphasis></title>
<simpara role="lead">The below instructions detail the installation and setup of DC1. The last section, Troubleshooting, has some information on common problems that people come across.</simpara>
</section>
<section xml:id="_install_the_operating_system_on_dc1">
<title>Install the Operating System on DC1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Start CentOS7 DC1.</simpara>
</listitem>
<listitem>
<simpara>Hit Enter to select “Install CentOS 7.”</simpara>
</listitem>
<listitem>
<simpara>On the “Welcome to CentOS Linux 7” page, select the appropriate language and region.</simpara>
</listitem>
<listitem>
<simpara>On “Installation Summary,” under “System,” select “Installation Destination.”</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Check and click that the VMware Virtual disk has been selected. It will highlight in blue.</simpara>
</listitem>
<listitem>
<simpara>Click “Done” in the top left-hand corner to move back to the “Installation Summary” page.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>To continue, click “Begin Installation.”</simpara>
</listitem>
<listitem>
<simpara>In “Configuration,” set the appropriate Root Password.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Root Password: Ch@mplain!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>On the same “Configuration” screen, Create a User.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Full Name: Champlain</simpara>
</listitem>
<listitem>
<simpara>Recommended User Name: champlain</simpara>
</listitem>
<listitem>
<simpara>Check box “Make this user administrator”</simpara>
</listitem>
<listitem>
<simpara>Recommended Password: S3cur1ty!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Once installation is complete, click “Reboot.”</simpara>
</listitem>
<listitem>
<simpara>Logon to the credentials you just created.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: root</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: Ch@mplain!18</simpara>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: champlain</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: S3cur1ty!18</simpara>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_tcpip_on_dc1">
<title>Configure TCP/IP on DC1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Ensure that Network Manager is running. Type <literal>systemctl status NetworkManager</literal>.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>You should see “Active: active (running)” in green if it is running.</simpara>
</listitem>
<listitem>
<simpara>If it is not running, enter the command <literal>sudo systemctl start NetworkManager.service</literal>.</simpara>
</listitem>
<listitem>
<simpara>If the service fails to launch, check the logs by entering the command <literal>sudo systemctl status NetworkManager.service -l</literal>.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Enter the command nmtui to enter the Network Manager.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Select “Edit a connection.”</simpara>
</listitem>
<listitem>
<simpara>Select ens192, and use the arrow keys to select “<Edit…>”</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to ensure that “IPv4 CONFIGURATION” is set to “<Manual>”</simpara>
</listitem>
<listitem>
<simpara>Under “Addresses” add in 192.168.100.2/24.</simpara>
</listitem>
<listitem>
<simpara>Under “Gateway” add in the address of the router: 192.168.100.1.</simpara>
</listitem>
<listitem>
<simpara>Under “DNS servers” add in the address of Google: 8.8.8.8.</simpara>
</listitem>
<listitem>
<simpara>This is a temporary setting to ensure Internet connectivity while downloading the required packages to configure DNS and DHCP.</simpara>
</listitem>
<listitem>
<simpara>At the very bottom, ensure that the brackets in front of “Automatically connect” have an X by hitting the spacebar while highlighting them.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “<OK>” then “<Back>” and press Enter to go back to the main menu of Network Manager.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “Quit” and press Enter to exit the editor.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Change the hostname. To change the hostname to dc1.college.com use the following command: <literal>sudo hostnamectl set-hostname dc1.college.com</literal>.</simpara>
</listitem>
<listitem>
<simpara>Restart the network using <literal>sudo systemctl restart network</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_install_and_use_of_nano_2">
<title>Install and Use of Nano</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Run the command <literal>sudo yum install nano -y</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_dc1_as_dns_server">
<title>Configure DC1 as DNS Server</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Install DNS using the command <literal>sudo yum install bind bind-utils -y</literal>.</simpara>
</listitem>
<listitem>
<simpara>Configure bind by editing named.conf. Use the command <literal>sudo nano /etc/named.conf</literal> to do so. Make the following edits.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Edit this line to look like by adding in the IP address of the DNS server:</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="listenport53.jpg"/>
</imageobject>
<textobject><phrase>rule to listen on port 53 which is dns port</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
<listitem>
<simpara>Comment out “listen-on-v6 port 53 { ::1; };” by adding a pound (#) sign:</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="listenport53v6.jpg"/>
</imageobject>
<textobject><phrase>rule to listen on port 53 for ipv6</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
<listitem>
<simpara>Edit “allow-query” to add in the subnet to look like:</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="allowquerysubnet.jpg"/>
</imageobject>
<textobject><phrase>rule to give the subnet permission to query</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
<listitem>
<simpara>Add in a section for “forwarders”:</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="dnsforwardersrule.jpg"/>
</imageobject>
<textobject><phrase>rule to forward requests to DNS ips</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
<listitem>
<simpara>At the end add in “include “/etc/named/named.conf.local”;”</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="namedconfinclude.jpg"/>
</imageobject>
<textobject><phrase>rule to include the file named.conf.local for dns</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Create and edit named.conf.local. Edit using: <literal>sudo nano etc/named/named.conf.local</literal>. Fill in this new, blank file with the following information.</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="namedconflocal.jpg"/>
</imageobject>
<textobject><phrase>the local named dns configuration</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
<listitem>
<simpara>Now, you will need to create the two files referenced in “etc/named/named.conf.local”<?asciidoc-br?>
First, create the forwarder configuration.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Make the zones directory in /etc/named, <literal>sudo mkdir /etc/named/zones</literal>.</simpara>
</listitem>
<listitem>
<simpara>Create a file using <literal>sudo nano /etc/named/zones/db.college.com</literal>. In the end, it should like like the below screenshot.</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="dbcollege.jpg"/>
</imageobject>
<textobject><phrase>college dns zone</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Next, setup the reverse zone configuration file.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Create a file using sudo nano /etc/named/zones/db.100.168.192. In the end, it should like the below screenshot.</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="dbreverse.jpg"/>
</imageobject>
<textobject><phrase>college reverse address dns zone</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Start the DNS server.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Enable the DNS server: <literal>sudo systemctl enable named</literal></simpara>
</listitem>
<listitem>
<simpara>Start the DNS server: sudo systemctl start named</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Allow port 53 for DNS queries.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Allow port 53/tcp and 53/udp through on the firewall: <literal>sudo firewall-cmd --permanent --add-port={53/tcp,53/udp}</literal></simpara>
</listitem>
<listitem>
<simpara>Reload the firewall: <literal>sudo firewall-cmd --reload</literal></simpara>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>
<section xml:id="_reconfigure_tcpip_on_dc1">
<title>Reconfigure TCP/IP on DC1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Enter the command <literal>nmtui</literal> to enter the Network Manager.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Select “Edit a connection.”</simpara>
</listitem>
<listitem>
<simpara>Select ens192, and use the arrow keys to select “<Edit…>”</simpara>
</listitem>
<listitem>
<simpara>Under “DNS servers” remove 8.8.8.8 and add in the address: 127.0.0.1</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “<OK>” then “<Back>” and press Enter to go back to the main menu of Network Manager.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “Quit” and press Enter to exit the editor.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Restart the network: <literal>sudo systemctl restart network</literal></simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_dhcp_on_dc1">
<title>Configure DHCP on DC1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Install DHCP: <literal>sudo yum install dhcp -y</literal></simpara>
</listitem>
<listitem>
<simpara>Open the DHCP configuration file: <literal>sudo nano /etc/dhcp/dhcpd.conf</literal></simpara>
</listitem>
<listitem>
<simpara>Edit the configuration file to look like the following:</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Make sure to change the hardware ethernet address to your Client1’s address .</simpara>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="dhcpconf.jpg"/>
</imageobject>
<textobject><phrase>dhcp configuration file</phrase></textobject>
</mediaobject>
</informalfigure>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="clientreservation.jpg"/>
</imageobject>
<textobject><phrase>rule to reserve an ip for client1</phrase></textobject>
</mediaobject>
</informalfigure>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Start the DHCP server: <literal>sudo systemctl start dhcpd</literal></simpara>
</listitem>
<listitem>
<simpara>Enable the DHCP server: <literal>sudo systemctl enable dhcpd</literal></simpara>
</listitem>
</orderedlist>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/star.png"/>
</imageobject>
<textobject><phrase>star</phrase></textobject>
</inlinemediaobject> Congratulations, DC1 is now configured.</simpara>
</section>
<section xml:id="_step_four_configure_app1">
<title><emphasis role="strong">Step Four - Configure App1</emphasis></title>
<simpara role="lead">The below instructions detail the installation and setup of App1. The last section, Troubleshooting, has some information on common problems that people come across.</simpara>
</section>
<section xml:id="_install_the_operating_system_on_app1">
<title>Install the Operating System on App1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Start CentOS7 App1.</simpara>
</listitem>
<listitem>
<simpara>Hit Enter to select “Install CentOS 7.”</simpara>
</listitem>
<listitem>
<simpara>On the “Welcome to CentOS Linux 7” page, select the appropriate language and region.</simpara>
</listitem>
<listitem>
<simpara>On “Installation Summary,” under “System,” select “Installation Destination.”</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Check and click that the VMware Virtual disk has been selected. It will highlight in blue.</simpara>
</listitem>
<listitem>
<simpara>Click “Done” in the top left-hand corner to move back to the “Installation Summary” page.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>To continue, click “Begin Installation.”</simpara>
</listitem>
<listitem>
<simpara>In “Configuration,” set the appropriate Root Password.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Root Password: Ch@mplain!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>On the same “Configuration” screen, Create a User.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Recommended Full Name: Champlain</simpara>
</listitem>
<listitem>
<simpara>Recommended User Name: champlain</simpara>
</listitem>
<listitem>
<simpara>Check box “Make this user administrator”</simpara>
</listitem>
<listitem>
<simpara>Recommended <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: S3cur1ty!18</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Once installation is complete, click “Reboot.”</simpara>
</listitem>
<listitem>
<simpara>Logon to the credentials you just created.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: root</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: Ch@mplain!18</simpara>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/user.png"/>
</imageobject>
<textobject><phrase>user</phrase></textobject>
</inlinemediaobject> User: champlain</simpara>
<itemizedlist>
<listitem>
<simpara><inlinemediaobject>
<imageobject>
<imagedata fileref="./images/icons/key.png"/>
</imageobject>
<textobject><phrase>key</phrase></textobject>
</inlinemediaobject> Password: S3cur1ty!18</simpara>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_tcpip_on_app1">
<title>Configure TCP/IP on App1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Ensure that Network Manager is running. Type <literal>systemctl status NetworkManager</literal>.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>You should see “Active: active (running)” in green if it is running.</simpara>
</listitem>
<listitem>
<simpara>If it is not running, enter the command <literal>sudo systemctl start NetworkManager.service</literal>.</simpara>
</listitem>
<listitem>
<simpara>If the service fails to launch, check the logs by entering the command <literal>sudo systemctl status NetworkManager.service -l</literal>.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Enter the command <literal>nmtui</literal> to enter the Network Manager.</simpara>
<orderedlist numeration="loweralpha">
<listitem>
<simpara>Select “Edit a connection.”</simpara>
</listitem>
<listitem>
<simpara>Select ens192, and use the arrow keys to select “<Edit…>”</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to ensure that “IPv4 CONFIGURATION” is set to “<Manual>”</simpara>
</listitem>
<listitem>
<simpara>Under “Addresses” add in 192.168.100.3/24.</simpara>
</listitem>
<listitem>
<simpara>Under “Gateway” add in the address of the router: 192.168.100.1.</simpara>
</listitem>
<listitem>
<simpara>Under “DNS servers” add in the address of the DNS Server: 192.168.100.2</simpara>
</listitem>
<listitem>
<simpara>At the very bottom, ensure that the brackets in front of “Automatically connect” have an X by hitting the spacebar while highlighting them.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “<OK>” then “<Back>” and press Enter to go back to the main menu of Network Manager.</simpara>
</listitem>
<listitem>
<simpara>Use the arrow keys to select “Quit” and press Enter to exit the editor.</simpara>
</listitem>
<listitem>
<simpara>Change the hostname. To change the hostname to app1.college.com use the following command: <literal>sudo hostnamectl set-hostname app1.college.com</literal>.</simpara>
</listitem>
</orderedlist>
</listitem>
<listitem>
<simpara>Restart the network using <literal>sudo systemctl restart network</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_install_and_use_of_nano_3">
<title>Install and Use of Nano</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Run the command <literal>sudo yum install nano -y</literal>.</simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_install_web_server_role_on_app1">
<title>Install Web Server Role on App1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Install Apache: <literal>sudo yum install httpd -y</literal></simpara>
</listitem>
<listitem>
<simpara>Enable Apache: <literal>sudo systemctl enable httpd</literal></simpara>
</listitem>
<listitem>
<simpara>Start Apache: <literal>sudo systemctl start httpd</literal></simpara>
</listitem>
<listitem>
<simpara>Allow Apache through the firewall: <literal>sudo firewall-cmd --permanent --add-service=http</literal></simpara>
</listitem>
<listitem>
<simpara>Reload the firewall: <literal>sudo firewall-cmd --reload</literal></simpara>
</listitem>
</orderedlist>
</section>
<section xml:id="_configure_file_sharing_on_app1">
<title>Configure File Sharing on App1</title>
<orderedlist numeration="arabic">
<listitem>
<simpara>Install Samba: <literal>sudo yum install samba samba-client samba-common -y</literal></simpara>
</listitem>
<listitem>
<simpara>Create a backup of the default Samba configuration: <literal>sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak</literal></simpara>
</listitem>
<listitem>
<simpara>Create a new Samba configuration file: <literal>sudo nano /etc/samba/smb.conf</literal></simpara>
</listitem>
<listitem>
<simpara>Edit it to look like the following:</simpara>