NAT-Enabled DNS/DHCP/LDAP/Email Server Environment
Posted: 20. May 2015, 20:56
Hello world!
This is my first post on virtualbox dot org!
I've been reading a lot of the tutorials and tips from all you posters on this and other sites on the awesomeness and shortcomings of VirtualBox(VB). I am a daily user. I usually use VB to put XP (aka Windows Light @ 150MB memory usage!) or Linux (the zen of BASH) Virtual Machines (VM) on my Win boxes. I use it to have access to web servers on my machine to test out AMP and wordpress and my web coding scribblings. But now I am A+ certified and working as an IT tech and am learning how real enterprise and SMB networks operate. Nice to meet you all.
I've been floudering around the net trying to piece this Linux-based enterprise testing network together, looking for the pieces that I think I need, kinda learning how to do them (or at least getting comfortable with the learning process), and trying to put them together, but it's just a pain because everyone has their own niche use for these technologies. No one seems to need what I need which is like everything in a box.
I have been working at this for about two weeks and only in the last week have I really started feeling comfortable configuring BIND and DHCP with the command line on the Ubuntu DC. However, I haven't gotten it clicking yet. I have gotten various parts of it working with NAT and the VB DHCP or with Host-Only (pinging other machines) and DHCP, but not static IP and not with NAT. I have tried switching the NIC from Host-Only to NAT when I need the Internet, which seems to work but that's a half-done solution. I am confident that I'll get this working soon, but gosh I hope you all can help me focus and get this going. It is the basis of a lot of my personal work and learning in the IT world. When I do get it all down and working and tested in a portable fashion to assure it is hardware independent I hope to write a thorough tutorial.
Long story short...
What I have:
1)I have a fresh install of Ubuntu Server 14.04LTS as the domain controller.
2)Ubuntu 12.04.04LTS desktop with LAMP as the web server and my happy space.
3)Debian in various desktop enviros as the users (luke, han, chewie)
4)Puppy user
5)XP Pro user
5)CentOS server for a future setup to take the place of the Ubuntu DC
My network settings are or would be something like:
1)Network named: debian.local
2)Ubuntu DC: server.debian.local
*.*.*.2
3)Web services: web.debian.local
*.*.*.3
4)Various Distros: luke.debian.local, han.debian.local, chewie.debian.local,
*.*.*.100 - *.*.*.200
5)IP range (desired or guessed):
A)10.0.2.2-10.0.2.200 with NAT
B)192.168.56.2-192.168.56.200 with Host-Only
What I want:
1) 1 Linux Domain Controller(DC) running: (preferably Ubuntu since I am learning Linux with it and it has good support)
A)DNS (BIND) to give internal DNS direction as well as external web caching to improve speed of internet use.
B)DHCP to give IPs to MAC addresses
C)LDAP to authenticate certain machines for email accounts and file/folder resource access.
D)Email (Postfix,Dovecot,Roundcube) only to learn how to setup and maintain an email server. It will be used only to test email communication between devices authenticated on the internal network.
2) 1 Web Server running:
A)LAMP for wordpress/wikimedia/handcoded site
B)CalDAV/CardDAV for tbird n my note3
C)Audio streaming/DLNA
D)SAMBA (would like it to defer to DC LDAP settings but give access to mini media libraries on the VM)
3) A bunch of Linux distros for learning how they act differently from the commandline and otherwise (CentOS/OpenSUSE/Debian/Mint/Ubuntu and other free candy).
4) My primary Ubuntu happy place.
5) My poor, out of date XP workhorses which I use as instant blow-up workspaces where I can install stuff, set it up, put it in the state I want, work til I drop, snapshot it, and open it back up without having to open a bunch of programs, resize/arrange windows, open files, navigate to the right part of the file, blah, blah, blah. Instant hit-the-ground-running workspace restore. Adding the network shares would be even better.
6) My Win 7 studs.
7) To have all these access the internet
8) For them to be invisible to my work domain
9) For them to be authenticated and reference the Ubuntu DC Virtual Machine(VM) for all network configuration and host-based queries
10) For my host machine to talk to them if needed, BUT NOT AS IMPORTANT AS THE PREVIOUS 3. A next step
11) To be able to export these appliances and duplicate the environment upon import into a VB install at home or wherever.
What I think I have to do:
1)Set the NAT Network in VB settings to not use DHCP. Turn off DHCP on VB.
1.1)Set all machines including DC with the same static IPs that I will automatically assign to them once the DC goes live. Static IPs that are compatible with the NAT Network configs in VB.
1.2)PING around to asure I can reach all the machines on the network.
2)Install DHCP service in DC and set it to assign addresses in certain range. I have various questions about this. Primarly how should I address the IP addressing in order to meet the two main network access requirements of my setup.
3)Install BIND on DC and configure it to work within the network requirements I need.
4)Install and setup LDAP on DC to point to the domain and name server settings.
4.1)Add users and groups to the settings.
4.2)Configure the security and permissions aspects of LDAP.
4.3)Configure the clients to authenticate with LDAP.
5)Setup the email system in conjunction with DNS. This is definitely last and not integral to the importance of the primary domain controller setup. I think it would be ok for the email server to live on the same machine as the DNS/DHCP/LDAP server, but any disagreements would be ok. I'm new to the server world.
So my QUESTION is...
How would I configure this network to have the best of both worlds; access to the Internet (for updates and downloading new software AND the luxury of being self-contained (for IP control, directory authentication and DNS uniformity) and portable meaning I can use the DNS/DHCP/LDAP services to add new VMs and my existing Win VMs to a centrally- controlled VM intranet but still be able to access the internet with them wherever I take my setup. I want a portable authenticated enterprise testing environment.
1)How would I configure the Network adapters in VB prefs to allow me to use my own VM DC?
2)How would I configure the DHCP server in Linux to coexist with VB?
A)/etc/default/isc-dhcp-server
B)/etc/dhcp3/dhcpd.conf
C)service isc-dhcp-server restart, ip route, netstat -uap
3)How would I configure the DNS server in Linux to coexist with VB?
A)/etc/bind/named.conf
B)/etc/bind/named.conf.options
C)/etc/bind/named.conf.local
D)(the zone file) /etc/bind/server.debian.local
4)How would I configure the Virt NICs in the VMs to allow coexistance with DC and VB?
A)/etc/network/interfaces
5) What other clean up and prep work is needed to get the DC and users configured to talk to each other through the DC and access the internet through the VB gateway while getting DNS guidance from the DC's zone file and caching abilities?
What I do not need:
Another catch is that I need to be able to do this at work where I cannot just go putting a bunch of VMs on the domain using the Bridged Network setup. It needs to use the discrete existance of VB's NAT setup;for both the Internet/Repository use and the quietness of it.
1) I don't need remote desktop
2) I don't need VLAN or VPN, although I am very intent on setting up a VPN at home, this project is restricted to DNS/DHCP/LDAP/Email. I would of course love to setup VPN, but it seems that this would be near impossible considering how dificult it has been to just get all this set up. I think I would need something more dedicated and less portable for VPN to be happy considering it would be using my real FQDN.
3)I don't need email setup until I have authentication and IP/Host addressing good to go.
4) I don't need comments about Winedows or trolling about aesthetics.
5) I don't need SAMBA...yet.
My plans:
This is primarily for testing. Once I have the resources, I hope to run all these suckers on a single VM server, prob on a Lin box or ESXi. Using VMDK virt hard drives so shouldn't take much to port over to VMWare. After I feel I can master the setup of a VM network like this I'm sure it will be much easier to setup a hardware-based version using a bunch of R-Pis and my old WR54G, but that's all for another more luxurious day.
I hope to start working with virtual Windows server setups using hyper-v after I am able to get the Linux environment going. I also hope to be able to learn how to use all this knowledge to get a single, low-power Firewall/DC/VPN/Email/Web bare metal machine going at home to do some real work.
I realized i repeated myself a bunch in there. For the sake of rephrasing to allow you guys to understand exactly what it is i'm trying to achieve as well as kind of helping myself understand what i need to do to accomplish this task. thanks so much in advance for any solid guidance you all can provide.
This is my first post on virtualbox dot org!
I've been reading a lot of the tutorials and tips from all you posters on this and other sites on the awesomeness and shortcomings of VirtualBox(VB). I am a daily user. I usually use VB to put XP (aka Windows Light @ 150MB memory usage!) or Linux (the zen of BASH) Virtual Machines (VM) on my Win boxes. I use it to have access to web servers on my machine to test out AMP and wordpress and my web coding scribblings. But now I am A+ certified and working as an IT tech and am learning how real enterprise and SMB networks operate. Nice to meet you all.
I've been floudering around the net trying to piece this Linux-based enterprise testing network together, looking for the pieces that I think I need, kinda learning how to do them (or at least getting comfortable with the learning process), and trying to put them together, but it's just a pain because everyone has their own niche use for these technologies. No one seems to need what I need which is like everything in a box.
I have been working at this for about two weeks and only in the last week have I really started feeling comfortable configuring BIND and DHCP with the command line on the Ubuntu DC. However, I haven't gotten it clicking yet. I have gotten various parts of it working with NAT and the VB DHCP or with Host-Only (pinging other machines) and DHCP, but not static IP and not with NAT. I have tried switching the NIC from Host-Only to NAT when I need the Internet, which seems to work but that's a half-done solution. I am confident that I'll get this working soon, but gosh I hope you all can help me focus and get this going. It is the basis of a lot of my personal work and learning in the IT world. When I do get it all down and working and tested in a portable fashion to assure it is hardware independent I hope to write a thorough tutorial.
Long story short...
What I have:
1)I have a fresh install of Ubuntu Server 14.04LTS as the domain controller.
2)Ubuntu 12.04.04LTS desktop with LAMP as the web server and my happy space.
3)Debian in various desktop enviros as the users (luke, han, chewie)
4)Puppy user
5)XP Pro user
5)CentOS server for a future setup to take the place of the Ubuntu DC
My network settings are or would be something like:
1)Network named: debian.local
2)Ubuntu DC: server.debian.local
*.*.*.2
3)Web services: web.debian.local
*.*.*.3
4)Various Distros: luke.debian.local, han.debian.local, chewie.debian.local,
*.*.*.100 - *.*.*.200
5)IP range (desired or guessed):
A)10.0.2.2-10.0.2.200 with NAT
B)192.168.56.2-192.168.56.200 with Host-Only
What I want:
1) 1 Linux Domain Controller(DC) running: (preferably Ubuntu since I am learning Linux with it and it has good support)
A)DNS (BIND) to give internal DNS direction as well as external web caching to improve speed of internet use.
B)DHCP to give IPs to MAC addresses
C)LDAP to authenticate certain machines for email accounts and file/folder resource access.
D)Email (Postfix,Dovecot,Roundcube) only to learn how to setup and maintain an email server. It will be used only to test email communication between devices authenticated on the internal network.
2) 1 Web Server running:
A)LAMP for wordpress/wikimedia/handcoded site
B)CalDAV/CardDAV for tbird n my note3
C)Audio streaming/DLNA
D)SAMBA (would like it to defer to DC LDAP settings but give access to mini media libraries on the VM)
3) A bunch of Linux distros for learning how they act differently from the commandline and otherwise (CentOS/OpenSUSE/Debian/Mint/Ubuntu and other free candy).
4) My primary Ubuntu happy place.
5) My poor, out of date XP workhorses which I use as instant blow-up workspaces where I can install stuff, set it up, put it in the state I want, work til I drop, snapshot it, and open it back up without having to open a bunch of programs, resize/arrange windows, open files, navigate to the right part of the file, blah, blah, blah. Instant hit-the-ground-running workspace restore. Adding the network shares would be even better.
6) My Win 7 studs.
7) To have all these access the internet
8) For them to be invisible to my work domain
9) For them to be authenticated and reference the Ubuntu DC Virtual Machine(VM) for all network configuration and host-based queries
10) For my host machine to talk to them if needed, BUT NOT AS IMPORTANT AS THE PREVIOUS 3. A next step
11) To be able to export these appliances and duplicate the environment upon import into a VB install at home or wherever.
What I think I have to do:
1)Set the NAT Network in VB settings to not use DHCP. Turn off DHCP on VB.
1.1)Set all machines including DC with the same static IPs that I will automatically assign to them once the DC goes live. Static IPs that are compatible with the NAT Network configs in VB.
1.2)PING around to asure I can reach all the machines on the network.
2)Install DHCP service in DC and set it to assign addresses in certain range. I have various questions about this. Primarly how should I address the IP addressing in order to meet the two main network access requirements of my setup.
3)Install BIND on DC and configure it to work within the network requirements I need.
4)Install and setup LDAP on DC to point to the domain and name server settings.
4.1)Add users and groups to the settings.
4.2)Configure the security and permissions aspects of LDAP.
4.3)Configure the clients to authenticate with LDAP.
5)Setup the email system in conjunction with DNS. This is definitely last and not integral to the importance of the primary domain controller setup. I think it would be ok for the email server to live on the same machine as the DNS/DHCP/LDAP server, but any disagreements would be ok. I'm new to the server world.
So my QUESTION is...
How would I configure this network to have the best of both worlds; access to the Internet (for updates and downloading new software AND the luxury of being self-contained (for IP control, directory authentication and DNS uniformity) and portable meaning I can use the DNS/DHCP/LDAP services to add new VMs and my existing Win VMs to a centrally- controlled VM intranet but still be able to access the internet with them wherever I take my setup. I want a portable authenticated enterprise testing environment.
1)How would I configure the Network adapters in VB prefs to allow me to use my own VM DC?
2)How would I configure the DHCP server in Linux to coexist with VB?
A)/etc/default/isc-dhcp-server
B)/etc/dhcp3/dhcpd.conf
C)service isc-dhcp-server restart, ip route, netstat -uap
3)How would I configure the DNS server in Linux to coexist with VB?
A)/etc/bind/named.conf
B)/etc/bind/named.conf.options
C)/etc/bind/named.conf.local
D)(the zone file) /etc/bind/server.debian.local
4)How would I configure the Virt NICs in the VMs to allow coexistance with DC and VB?
A)/etc/network/interfaces
5) What other clean up and prep work is needed to get the DC and users configured to talk to each other through the DC and access the internet through the VB gateway while getting DNS guidance from the DC's zone file and caching abilities?
What I do not need:
Another catch is that I need to be able to do this at work where I cannot just go putting a bunch of VMs on the domain using the Bridged Network setup. It needs to use the discrete existance of VB's NAT setup;for both the Internet/Repository use and the quietness of it.
1) I don't need remote desktop
2) I don't need VLAN or VPN, although I am very intent on setting up a VPN at home, this project is restricted to DNS/DHCP/LDAP/Email. I would of course love to setup VPN, but it seems that this would be near impossible considering how dificult it has been to just get all this set up. I think I would need something more dedicated and less portable for VPN to be happy considering it would be using my real FQDN.
3)I don't need email setup until I have authentication and IP/Host addressing good to go.
4) I don't need comments about Winedows or trolling about aesthetics.
5) I don't need SAMBA...yet.
My plans:
This is primarily for testing. Once I have the resources, I hope to run all these suckers on a single VM server, prob on a Lin box or ESXi. Using VMDK virt hard drives so shouldn't take much to port over to VMWare. After I feel I can master the setup of a VM network like this I'm sure it will be much easier to setup a hardware-based version using a bunch of R-Pis and my old WR54G, but that's all for another more luxurious day.
I hope to start working with virtual Windows server setups using hyper-v after I am able to get the Linux environment going. I also hope to be able to learn how to use all this knowledge to get a single, low-power Firewall/DC/VPN/Email/Web bare metal machine going at home to do some real work.
I realized i repeated myself a bunch in there. For the sake of rephrasing to allow you guys to understand exactly what it is i'm trying to achieve as well as kind of helping myself understand what i need to do to accomplish this task. thanks so much in advance for any solid guidance you all can provide.