Building a virtual network lab with VMWare

A good developer or a good administrator needs to keep their skills sharp. They need to learn new technologies and if you are anything like me you learn much better if you can try things out. Virtual machines offer an opportunity to experiment risk free. Building a virtual network is an extension of this. With a virtual network gives you the opportunity to test things out in a more realistic scenario, VMWare can even limit the bandwidth and emulate packet loss.



The Network


To make things more interesting I'm going to use two host only networks. In this scenario we have an internal network where our work a day Windows, Mac and Linux hosts live and an external network that might represent the Internet or an untrusted network where attackers and users of services may live. connecting the two in this case is a smoothwall firewall.

The host (real computer everything is running on) here is a Macbook running Blackbuntu a variant of Ubuntu Linux using VMWare workstation. You can also build this on Windows with VMWare workstation or a single network version on OSX using WMware fusion.

After installing VMWare workstation you can go into Virtual Network Editor (Edit->Virtual Network Editor). You can see that there are three networks available for hosts to connect to. A NAT connection which essentially allows you virtual machine to use your host computers network (and Internet) connections as if they are the host. A bridged connection will allow your virtual machines to connect to the real network as if they are separate computers. And host only connections which exist only within your computer.

For the most part we will just us a NAT connection to update our operating systems and download software onto them. We will be using two Host only connections for our network. At the moment we have one so lets add another host only network.


Internal Hosts
Now we can add some virtual machines. You can download ready to run virtual machines. You can install from a CD/DVD as you would on an actual computer or you can install from an ISO image of a CD/DVD (many available here distrowatch.com). Remember you still nead licences for proprietary operating systems like Windows and MacOS.

To begin we'll set up a VM to run damn vulnerable Linux, a Linux distribution purposely set up badly. It runs a variety of vulnerable services and is misconfigured in numerous ways. A very useful learning tool.
It install
  • Click File -> New Virtual Machine
  • Select 'Typical' and click 'next'.
  • I'm using a download ISO image so I click use ISO image,
  • Find it's location and click next.
  • Select Linux from the operating systems then Ubuntu and click Next.
  • Set name to something convenient like Damn Vulnerable Linux and set the location to somewhere convenient.
I like to keep all the lab files together but remember these files are going to represent entire harddrives so they are going to be large and they will need to be accessed a lot for the guest OS's to run smoothly. As cool as it might be to have the whole thing running off an ext USB HD it could cause issues. 
  • Hit next.
Now the disk size. anything under about 6-8 GB is too small for a full modern OS to be installed on but I don't want to give them too much or a dozen VM's would take up my entire hard drive. Selecting split into multiple files means that instead of one file for one HD it uses multiple files. This gets around some of the issues some file systems have problems with large files and it makes backing up easier. In this case we have a live DVD, that is the entire OS runs straight from the (virtual) disk. No install necessary so;
  • turn the disk size down to the last.
The settings look ok. You may want to tweak the memory I generally turn it as low as it can go while keeping the OS usable and running smoothly. Click finish. It should boot up. You can log in with root, toor and start the graphical environment with startx.


You can do the same with any other OS's. For windows I repeat the process but this time I'll install from a CD instead of and ISO file. Once it starts I'm presented with the Windows XP installer.


After following the steps I have a running copy of WindowsXP [on Linux on a Macbook :-) ].

To run a pre-built virtual machine, in this case OSX. Simple go to File > Open and find the .VMX file for the virtual machine and click open.


Your VM should quickly boot up.


I also run a VM of Metasploitable, another vulnerable version of linux in the same way.


The external host
My host operating system is connected to the external network by default. I also have a USB drive with a variety of tools installed on it. So for my external host I won't install an operating system but boot from my USB drive instead. Most modern computers support booting from USB but VMWare does not. So to get around this I'm using Plop boot manager an ISO image (http://www.plop.at/en/bootmanagers.html). This boots from the CD and gives you a menu that lets you run the USB stick.


The USB in this case runs Katana which gives you a variety of operating systems and tools you can boot among them Backtrack5 Linux.


The advantage of booting from the USB drive is that you can have a familiar environment if you need to work on other computers. Katana also includes a whole host of portable app's tools that can be used on any windows PC.


The Firewall

For our firewall connecting our internal and external networks we are going to use a Smoothwall firewall a Linux distro. Create a virtual machine as we did before. This time before you click finish to begin installation click "Customise hardware"


In the settings screen click "Add". Then select Network Adapter to add a second network card
and change the network to your internal network, in my case vmnet255.


Next click on the other network interface and change the network to the external host only network. vmnet1. Just double check to make sure one network adapter is on either of the
host only networks. Click Advanced on each and note the MAC address for each adapter and the cosponsoring network, we'll need this info in a moment. Click 'Finish' to begin installation.


Click through the installation of smoothwall until you get to the security policy screen and select half open.


At the Network configuration menu select Network configuration type. Select Red + Green to set up a firewall that has an external (RED) connection and an internal (GREEN) connection and select OK


Select Drivers and card assignments. and click through ok a couple of times to change network settings and detect network interfaces.


Use the MAC address (noted a moment earlier) to decide which network the card is connected to, external RED, internal GREEN. Back at the Network Configuration Menu select Address settings and select GREEN and click OK to accept the defaults. Select the RED interface, this is the interface connected to the outside network. Leave the IP as static and enter an IP address that makes sense for your network (look in network configuration see the IP range) eg. 172.16.0.2. Click OK and DONE to return to the Network Configuration Menu and click DONE again and FINISH. Enter the passwords and finish. You can configure further by pointing your web browser at https://:441 (eg. https://192.168.0.1:441). if you have trouble finding the address log in to the virtual machine and enter:
ifconfig | less to see both of the IP address used.


Conclusion
Check the settings for each VM and make sure they are on the correct network and there you are you have a nice little network running WindowsXP, OSX a couple of Linux distros and a firewall we can experiment with