For now I continue the project in my own computer so I won't update anything here in the next time.
Explanation of the project
Prerequisites
Our goal here is to connect all of the Virtual Machines to a new LAN that will be private to them. Which means that the VMs' network won't even be accessible to the main Operating System of the Laptop, just like your home's Wi-Fi isn't accessible to the White House (theoretically).
For every VM that is Not the Router, we change the Network Adapter settings to Private to my Mac.
Right click the VM -> Settings
-> Network Adapter
-> select Private to my Mac
In order for the Router VM to actually route packets, it needs to be connected to two networks. One is our LAN for the VMs, and the second is the one that the main OS is connected to, which is your home's physical router in most cases.
This is exactly what we will do, we will add a new Network Adapter to our Router VM.
Right click the Router VM -> Settings
-> Add Device...
(top right corner) -> Network Adapter
-> Add...
-> select Private to my Mac
Now, start the Router VM, open the Terminal
and type:
ip a
or
ifconfig
If you see two interfaces, eth0
and eth1
(see below), it means that we successfully connected the Router to two networks.
In order to enable IP forwarding, type the following commands on the Router machine:
sudo su
echo 1 > /proc/sys/net/ipv4/ip_forward
To make these changes consistent after rebooting, run:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
In order for this VM to actually route packets to the WAN (Wide Area Network), recieve packets from it, and enable the NAT process, we need to use ip-tables
.
Make sure you're at the root directory of this project, create route.sh
and write this in the file:
# This is the file that when executed, the router virtual machine becomes a router.
iptables=`which iptables`
LAN='eth1'
WAN='eth0'
# Filter existing rules
$iptables -F
$iptables -t nat -F
# NAT
$iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
# Forward packets from LAN to WAN
$iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
# Accept incoming packets from WAN to LAN
$iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
Now, we need to make sure this file gets executed whenever the machine is booted.
In order to do that, we need to use a Service. The path for services in linux distributions is /etc/systemd/system
or /lib/systemd/system
(depends on the distro). cd
to that directory, create route.service
and write the following:
[Unit]
Description=Making this Linux VM a router
[Service]
ExecStart=/bin/bash <the project's root directory>/route.sh
[Install]
WantedBy=multi-user.target
Make sure you wrote the root directory where needed.
The file we created is the service which is going to run the script route.sh
every time the system boots. Now we need to make it actually run the script whenever the system boots:
sudo su
systemctl enable route
Everything is theoretically done, now we need to make sure the service is working. We can do that by manually executing the service (still inside root
):
systemctl start route
systemctl status route
If you see status=0/SUCCESS
it means that the service worked:
Congrats! You made this Virtual Machine a router.
Default Gateway - IP address of a computer's router
Now our router is working, but no other machine can use it as a real router, yet. In order to set the machine's default gateway to our router's IP, we can use Services again.
cd
to this project's root directory, create set_default_gateway.sh
and write:
sudo ip route add default via <Router's IP> dev <the LAN's interface, usually eth0>
When this script runs, the default gateway is manually changed to our router. Now, just as before with our router, we need to make this script run automatically whenever the system is starting.
cd
to your distro's default path of services (as mentioned before: /etc/systemd/system
/ /lib/systemd/system
), create automatic_set_defualt_gateway.service
and write:
[Unit]
Description=Setting default gatway to router
[Service]
ExecStart=/bin/bash <the project's root directory>/set_default_gateway.sh
[Install]
WantedBy=multi-user.target
run the following to automatically execute the service:
sudo su
systemctl enable automatic_set_defualt_gateway
and manually check if the service is working:
systemctl start automatic_set_defualt_gateway
systemctl status automatic_set_defualt_gateway
if you see status=0/SUCCESS
it means the service is working properly.
Now repeat this process for every VM you would like to connect to the router VM.
I created a DNS server in my router this way:
- Installed dnsmasq:
sudo apt update
sudo apt install dnsmasq
- Added this to the
/etc/dnsmasq.conf
file:
# Specify DNS forwarders
server=172.20.10.1
# Specify DNS domain
domain=antiVirusProject.local
# Set DNS resolution for local domain
address=/antiVirusProject.local/172.16.175.131
- Restarted dnsmasq service:
sudo systemctl restart dnsmasq
- In each client VM I edited the /etc/resolv.conf file:
nameserver 172.16.175.131
In the client kali machines, you set the default gateway by adding:
# Define eth0 interface
auto eth0
iface eth0 inet static
address 172.16.175.130
netmask 255.255.255.0
gateway 172.16.175.131
to the /etc/network/interfaces
file