Running all virtual

spaceuser · 08-20-2007, 02:21 PM

I have set up a Debian Etch host server with VMware Server and where I have four virtual servers installed. The first VMs is a router/firewall software called Freesco (see http://www.freesco.org) which is very small and do its job exellent. It can be run on it's own computer and have in my case three NICs, eth0 for internet access, eth1 for local LAN, and eth2 for a DMZ area. I have virtualized this and the VM_Freesco eth0 is bridged to the host eth0 to be able to have internet access. For security reasons, there is not so smart to have the host server eth0 directly connected to internet. I've been told there should be possible to stop internet access on host eth WITHOUT removing the internet access for the bridged VM_Freesco eth0. Below is the answer I've got when I asked how I should do, but I don't understand how to manipulate the startup-scripts in Debian. Any comment on this would be appreciated.

Quote:

You just have to assign a vmnet first - on Linux you do that with a run of vmware-config.pl.
Next you tell your startup-scripts to bring up the Nic but not assign an IP.
This way you can use the nic for the firewall-VM while your host is not able to do anything with it as it has no IP.

Junior Hacker · 08-20-2007, 05:06 PM

I'm sure you already know how to run the "vmware-config.pl" as this is done right after installing Vmware server. Just unpack the Vmware Server package, cd into it and issue the command ./vmware-config.pl. As for not assigning an IP, I would think you should read /usr/share/doc/network-manager/readme.debian to see how to set up the file /etc/network/interfaces.

spaceuser · 08-21-2007, 11:51 AM

Quote:

Originally Posted by Junior Hacker

I'm sure you already know how to run the "vmware-config.pl" as this is done right after installing Vmware server. Just unpack the Vmware Server package, cd into it and issue the command ./vmware-config.pl. As for not assigning an IP, I would think you should read /usr/share/doc/network-manager/readme.debian to see how to set up the file /etc/network/interfaces.

The link /usr/share/doc/network-manager/readme.debian can't be found on my Debian Etch 4.0 server or my older Debian 3.1r4 server either. Any more hint where and how?

TIA

Junior Hacker · 08-21-2007, 12:30 PM

If you have synaptic installed, go through the list of available packages, network-manager should be in there as well as front ends for it depending on which desktop environment you have installed, ex. (network-manager-gnome). Personaly, I never install the front end, just network-manager. But highlight it in synaptic and read what it all does, you may want to install it, then again, maybe not as I just read it and.... well, you'll see.
Or, you can just read the readme.debian I've posted below, I'm not sure if the file /etc/network/interfaces exist without network-manager being installed, probably is. Not sure if this will do the trick for you, it's just a suggestion.

Code:

NetworkManager consists of two parts: one is on the system level daemon that
manages the connections and gathers information about new networks. The other 
is a systray applet that users can use to interact with the NetworkManager 
daemon. 

Security
~~~~~~~~
To allow users to connect to the NetworkManager daemon they have to be in the
group "netdev". If you want to add a user to group "netdev" use the command
"adduser username netdev" or one of the graphical user management frontends.
After that you have to reload D-Bus with the command "/etc/init.d/dbus reload".

Configuration of wireless and ethernet interfaces
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Only devices that are *not* listed in /etc/network/interfaces or which have 
been configured "auto" and "dhcp" (with no other options) are managed by NM.

This way you can setup a custom (static) configuration for a device and NM 
will not try to override this setting.

After modifying /etc/network/interfaces you have to restart NM with the
command "/etc/dbus-1/event.d/25NetworkManager restart".

Examples:

1.)
auto wlan0
iface wlan0 inet dhcp
-> This device is managed by NM.

1.a)
allow-hotplug eth0
iface eth0 inet dhcp
-> This device is managed by NM

2.)
auto wlan0
iface wlan0 inet dhcp
	wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
-> This devices is *not* managed by NM because it has additional options.

3.)
iface wlan0 inet dhcp
-> This device is *not* managed by NM because it is not set to "auto".

4.)
iface eth0 inet static
	address 192.168.1.10
	netmask 255.255.255.0
	gateway 192.168.1.1
-> This device is *not* managed by NM because it is configured as "static" and
   has additional options.

5.)
Device is not listed in /etc/network/interfaces.
-> Device is managed by NM.

Dial-up configuration
~~~~~~~~~~~~~~~~~~~~~
After configuring your PPP interface (either manually or by using a tool like
"pppconfig") to work with a peer called "myisp" you should edit 
/etc/network/interfaces and add a stanza like this:

iface ppp0 inet ppp
	provider myisp

NM will then make it possible to dial this connection.
If you want to set up multiple internet service providers simply create a new 
stanza as listed above specifying the provider and a different iface, e.g. ppp1.

After modifying /etc/network/interfaces you have to restart NM with the
command "/etc/dbus-1/event.d/25NetworkManager restart".

Please read the "Debian Reference Manual", section 10.6.1.4 or the "interfaces"
man page for further information.

spaceuser · 08-21-2007, 02:00 PM

Thanks for your effort to help here, but I'm even more unsure here now because I don't use any graphical environment at all. This is a textbased server install.

I do have the /etc/networking/interfaces but it only contains the static IP address etc.