Linux Lab 1 - Creating a Router

Introduction

In this lab we're going to create a virtual machine for Linux and install pfSense on it. We'll use this server as our router to connect our Windows environment to the Internet.

Demote Server02

Before we create the pfSense server we're going to demote Server02. This will leave us with a single domain controller in our environment, but for our purposes we'll be fine. We want to reduce the number of servers since our host computer has a limited amount of RAM. Demoting Server02 will remove the need to run it when we need the Windows environment. Make sure both Server01 and Server02 are on, client01 is not needed for this part.

On Server01 open Server Manager and click Manage - Remove Roles and Features. Progress through the first screens in the wizard.

On the screen where you select server make sure you select Server02 since that's the server we want to demote. Click Next.

Uncheck Active Directory Domain Services to remove it.

A dialog box will appear asking if you want to remove the associated features, click Remove Features.

This will run a validation check to see if the role can be removed. It can't because the server is still and active domain controller. This will provide a link we can use to demote the server so it's no longer a domain controller. After the demoting we'll have to go through the process again to remove the role. Click Demote this domain controller.

We need to provide administrative credentials to demote the server so hit the Change button.

Enter in the administrator's username and password. administrator P@ssw0rd

Now you can hit Next to move forward.

It's detected that this server is a global catalog server. It warns you that this is a required role in Active Directory. We're ok because Server01 is also a global catalog server, so we can check the box Proceed with removal then click Next.

When server is demoted a new local SAM database will be created. We need to provide a password for new local administrator account that will be created. Type in P@ssw0rd

Click Demote to demote the server.

When it's done you can click Close.

Now you can remove the Active Directory Domain Services by going through the Remove Roles and Features wizard.

Once complete you'll see one server running Active Directory Domain Services in Server Manager. Server02 can be shut down, keep Server01 on.

Creating the Router Virtual Machine

Now we're going to create the virtual machine that will act as a router. This virtual machine will be a little different than others we've created, it will have two network cards instead of one. This is so it can route our traffic from the internal network to the Internet.

Name the virtual machine Router, set the type to Linux and choose Other Linux (64-bit).

You can keep the default of 512MB of RAM, or increase it if you have plenty of RAM in your host machine, 16GB or more.

You can set the hard drive to any size 10G or above, this virtual machine doesn't require a lot of storage. I set mine to 50GB.

After the machine is created, edit the settings. If you've had to change your display scale on previous machines do so on this one under Display. Then under Network we're going to set the first adapter to Internal Network with Promiscuous Mode to Allow All just like on other virtual machines.

Select Adapter 2 and enable it, then change it to NAT. That will create a connection to your hosts network so it can access the Internet while still isolating it from the other devices on the real network.

Finally insert the pfSense disk into the drive.

Before you start the Router virtual machine, make sure Server01 is running. Start Router.

Install Router Software

We're going to install pfSense onto the virtual machine we just created.

At the copyright screen press enter.

We want to install which is the default option, press enter.

The default keyboard is fine, press enter.

We're going to use ZFS as the file system, press enter.

The default options are what we want, press enter.

Since we only have one virtual drive in the server we will not be setting up any drive redundancy, press enter.

On the selection screen to choose a drive press the space bar to select our virtual drive, then press enter.

Press tab to switch to yes to confirm your choice, then press enter.

The installation will start, it could take a few minutes.

We don't have any settings we want to change after the install so hit enter.

Hit enter to restart the server.

Durning the reboot process remove the disk from the drive either in settings, or by clicking the disk icon at the bottom on the virtual machine's window. If you don't remove the disk it will attempt the install again. If that happens remove the disk from the drive and restart the virtual machine.

Configure and Test the Router

We're going to do most of our configuration using the menu system provided by pfSense. That will get it working as a router so we can go online with our Windows Server. After that we'll finish the setup using the web interface.

After pfSense restarts you'll have a menu system you can use to configure the server. The first thing we'll see is the WAN port and LAN ports are backwards. Server01 handed a 192.168.10 address to the WAN port, that's the interface we want on the LAN side. Choose option 1 to change the assigned interfaces.

We're not going to use VLANs in our environment so you can hit n for no. We want em1 for the WAN interface and em0 for the LAN interface.

Now that WAN interface is receiving an IP address from Virtual Box's NAT interface, that's what we want. The LAN side has been statically set to 192.168.1.1/24, but on our network we've already pointed all our clients to use 192.168.10.254/24 so we need to change the address of the LAN interface. Choose option 2 to do this.

We want to configure the LAN interface interface so select 2 for the interface. Enter 192.168.10.254 for the IP address and 24 for the subnet mask.

Press enter twice to skip the upstream gateway and the IPv6 address. Choose no for DHCP server, we already have Server01 acting as a DHCP server. Say yes to reverting to HTTP for the webConfigurator. Once done it will give you the address you can use to access the web interface. That completes the basic setup of the router.

If we switch to Server01 we'll see it's online! We can get online now with our Windows server as long as the router VM is running.

Let's open pfSense's web interface. Browse to http://192.168.10.254/ in a browser on Server01. Sign in with a username of admin and a password of pfsense.

The first time you sign in a setup wizard will appear, we'll step through it to complete the setup. Click Next.

Nothing to change here, click Next.

Set the hostname to router and the domain to gotohull.com. Set the Primary DNS Server to 192.168.10.1. Click Next.

Change the timezone to US/Eastern, you'll need to scroll down a ways to get to it. Click Next.

The LAN address is already set, no need to change it, click Next.

We don't need to change anything on this page, scroll down and click Next.

Change the admin password to P@ssw0rd then click Next.

Almost done, click Reload.

Complete, hit Check for updates.

Make sure you select the stable version from the drop down list.

Once the server's up to date go to the main dashboard by clicking Status - Dashboard.

That's it, you now have a functional linux based router/firewall running.

To shut down the server select option 6 from the menu and hit y to shutdown.

Once done shut down all virtual machines that are running and take a snapshot of each named Linux Lab 1 Complete.

Questions

Answer the lab questions.

1 | 2 | 3 | 4 | 5