CSCI 251 Systems and
Networks
Lab 5 – Accessing the Internet from your vbx and Vice Versa
Friday, February 10, 2010
Note: The assignment is to be completed by the end
of the lab
session.
Discussion
Introductory Comments
You have already accessed the outside Internet by using the
Debian
package management tools i.e. aptitude
and synaptic.
But in this
assignment you will use more typical user tools such as
- ssh (secure
shell) and sftp (secure
file transfer
protocol)
- a web browser
You'll find that, as installed, your vbx can reach the
outside Internet
with those tools. Note that the interaction with the outside Internet
will be initiated from within the vbx.
The reverse is not true by default. You cannot reach the vbx by attempting
to initiate the
contact from the outside Internet. In this assignment, we will change
this default behavior. As a practical example, we'll focus on building
a web site within the vbx that can be accessed from outside your
machine.
[Note: the location of a machine's default web site and those
of its
default web sites for individual users are not necessarily universal.
We'll follow the Debian conventions. However, we'll also see the
configuration file where such defaults are established, information
which is applicable to other distributions.]
Instructions
Before starting the various tasks comprising this assignment
- logon to your assigned machine
- then start up you virtualized guest system, vbx
We'll eventaully need an ssh server on your vbx, so at your vbx command
line, as root, enter
aptitude install
openssh-server
The tasks described below are to be performed on your host system or
your vbx
as specified in each case.
Task #1: sftp
to the
outside Internet
Here, as a review, you will repeat part of Task #1 from Lab 3 - except
that we'll use sftp
instead
of ssh.
Contact
your host machine from your vbx.
Do you recall how to find the
address of
your host system? Find out
by using a terminal
window on host OS and enter
/sbin/ifconfig
eth0
and find what it says for the inet
addr of that interface. Represent that by xxx.xxx.xxx.xxx.
1.1 Now try
to establish an sftp
connection with your host machine from
the vbx
screen via
sftp
<your_host_username>@xxx.xxx.xxx.xxx
for example, using a fictitious username and IP address:
ssh
schwartzd@192.168.0.205
Then transfer a file from your vbx to your host system. Record the
result: Was it as expected? Explain.
1.2 By now you should have an account on
csciun1,
try to sftp
into that from
your vbx
screen e.g.
sftp
schwartzd@csciun1.mala.bc.ca
Then transfer a file from your host system to your vbx. Record the
result: Was it as
expected? Explain.
[Note that the prior two subsections illustrate the ability
to
transfer files into or out of your vbx,
a useful option.]
1.3 Get together with one of the other
lab students and see if you can ssh
into your vbx
from that
student's
vbx.
Record the result: Was it as expected? Explain.
1.4 Try to ssh into your vbx from your csciun1 account.
Record the result: Was it as expected? Explain.
Task #2: Use the vbx's browser to contact various web sites
If you have not yet installed a browser on vbx, enter
aptitude install iceweasel
[Note that iceweasel
is a
fork
of firefox,
arising from a
debate over parts of firefox
considered non-free. The iceweasel
package uses only free
components e.g. artwork and plugins.]
2.1 Use the vbx browser to
contact some well known external site e.g. Google.
Were you successful?
2.2 Let's
determine whether
your vbx
has a
default
web site.
Ultimately, we would like web sites on the vbx. So we begin by
seeing
if one is already there.
To find out, use the vbx
browser to contact the url for your vbx,
known
to vbx as
http://127.0.0.1
or, equivalently,
http://localhost
If this fails, it is likely that no default web site is present, nor
the underlying web server.
[Note that this will be the case, unless you installed
a web server on your own.]
To choose a web server, Start synaptic
and do a search on web
server.
Of course, you'll get back all sorts of information. Certainly, you'll
see references to apache2,
the
current king of web servers. You'll also see another named boa. Find the
number of bytes
required
- to download apache2 (but don't actually download it)
- to download boa (but don't actually download it)
Ask your instructor to show you how to determine these download sizes.
Record those numbers for the Demonstration (later). Let's continue
our quest for small
packages and choose the smaller, that is, the boa web server,
using synaptic.
Once it's installed, look at its man page to see how its design
philosophy differs from that of apache2.
Again attempt to contact the default web site of your vbx by trying
http://127.0.0.1
or, equivalently,
http://localhost
There should now be a default web site on your vbx. But where is
it?
We'd like to replace it with our own. There are various ways to do the
detective work required to find where the default web site is. For
example,
- we know that /etc often contains configuration information;
is
there a
directory /etc/boa/ with useful information?
- does the default web site itself contain any clues (not
always,
but sometimes)
Find the location of the default vbx
web site and create your own
index.html
file. Demonstrate
that it works by browsing to
http://127.0.0.1
or, equivalently,
http://localhost
2.3
Does your vbx
have a
web site support for individual users?
The web site at
http://127.0.0.1
or, equivalently,
http://localhost
is for the vbx
itself and
requires root access in order to make
changes. But we hope that there would be some sort of built in support
allowing individual users to have their own web sites. For example, on
csciun1, my web site is at
http://csciun1.mala.bc.ca/~jayeward
So, if your vbx
username is,
say, schwartzd,
you might
expect to find a
web site on your vbx
at
http://127.0.0.1/~schwartzd/
Try this with your vbx
username. You'll likely get the dreaded 404 Not Found
message. Nevertheles,
it doesn't take much work to implement this:
- figure out what to do
- then make your own index.html
file
- access it as discussed above
[Hint: Start by looking through /etc/boa/boa.conf
for ideas.]
2.4 Backup
your individual user
website and transmit the backup file to your csciun1 account
Once you have successfully completed the prior section, tar and gzip
the directory containing your individual user website. Then copy that
backup file to your csciun1 account using sftp.
[Note: if the required shell commands aren't familiar, request help
from your instructor.]
Obviously, the amount of material being backed up is trivial. But in a
more realistic setting where you are developing a complex web site, you
will want to make frequent onsite and offsite backups ... for both the
current web site and
its previous version.
2.5
Try to access your vbx
web
site using the browser in some other student's vbx
Now try to access your vbx
web site using the browser in some other
student's vbx,
by using the
url
http:<your_host_IP_address>/
Record the result: Was it as expected? Explain.
Then try
http:<your_host_IP_address>:8080/
Record the result: Was it as expected? Explain.
[Note: The 8080 will make more sense after Task #4 is completed.]
Task #3: Use Port Forwarding so you can ssh (or sftp) to your vbx from the
outside Internet
In Tasks #1 and #2, you hopefully determined that you can ssh or sftp out
from vbx,
but
not in. This follows from the fact that, by default, virtualbox uses
NAT (Network Address Translation). In effect, each packet sent from vbx
is modified so that it appears to have come from the host machine. But
part of the
outgoing payload is the ID of vbx
as the originator. The outside
receiver responds to the host machine, but the responding message
also includes the vbx
ID. The host OS knows to route that to vbx
because of that
ID. However, if an outside agent initiates the contact, the vbx ID
is not present and the host system keeps that message for
itself. Port
forwarding is one way to solve this problem. You'll first apply this to
ssh.
Now ssh,
by default, uses
port 22. You'll leave that as is, so any
'normal' ssh
activity will
still be received by the host OS and kept as its
own. But you'll assign a new port number for ssh attempts
intended for
the vbx.
As the new port
number, use 2222 (must be greater than 1024,
lower numbers require root privileges). Thus if an outside agent
contacts the host IP address via ssh,
but specifies port 2222, your host system will forward this to your vbx.
Virtualbox provides a high level
tool. To set this up, using a host console window, enter the 3
commands listed below (you might put
all 3 into an executable script, if your typing isn't fast and
accurate):
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222
VBoxManage setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP
Next, close your vbx
with the
"Save the machine state option". Then
restart from the virtualbox interface, as usual. Then try it out as
follows:
ssh
-l <your_vbx_username> -p 2222 localhost or ssh
-l <your_vbx_username> -p 2222
<host-IP-address>
ssh
-l <your_vbx_username> -p 2222
<host-IP-address>
Record the results from the above ssh
activities: Were the results as
expected? Explain.
Task #4: Use Port Forwarding so you can contact your vbx with a
browser from the outside Internet
This is the same solution as for ssh/sftp, except
applied to http. The
default port for http is 80. So to set this up, enter the 3 commands
listed below (as before, you might put all 3
into an executable script, if your typing isn't fast and accurate):
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/boa/HostPort" 8080
VBoxManage setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/boa/GuestPort" 80
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/boa/Protocol" TCP
Next, close your vbx
with the
"Save the machine state option". Then
restart from the virtualbox interface, as usual.
Then try it out by
- using the browser in the host system,
contact
http://127.0.0.1/
then
http://127.0.0.1:8080/
then try those both again using the IP address of the host machine
instead of
127.0.0.1
- using the browser in the vbx
of one of the other students to
contact your host'e web site using the IP address of your host
- using the browser in the vbx
of one of the other students to
contact your vbx
web site
using the IP address of your host with the
appended :8080
Record the results from the above browser activities: Were the results
as expected? Explain.
Task #5: Verifying and Clearing Port Forwarding Settings
There is a command to verify your current port settings:
VBoxManage
getextradata vbx enumerate
You can also clear the settings, returning them to defaults. For
example, to clear the ssh
settings, use:
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort"
VBoxManage setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort"
VBoxManage
setextradata vbx
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol"
Task #6: Demonstration
Before you leave for the day, ask the instructor to stop by and
- look at the results you recorded (with explanations)
- check
your system for compliance with this assignment.
Once finished, ensure
that the instructor enters that fact in his record book.