In ESXi I see vSwitch and In each vSwitch I have the provision to add port-groups. Do each port-group I add is on a separate network ?
Say I configure 2 port-groups and run DHCP server on one of them. Can I isolate the DHCP broadcast to only those machines on that port-group ? Or does the DHCP broadcast reach all port-groups on the vSwitch ?
I setup 2 Linux VMs with 2 NICs each. Each of the NIC-1 is associated to PortGroupA and NIC-2 is associated to PortGroupB. And I ran a DHCP server (dnsmasq) on one of the LinuxVM on eth0 (NIC-1,PortGroupA).
I noticed that when I bring up eth1 (NIC-2, PortGroup2) on the second Linux VM it gets an IP from the DHCP running on PortGroupA.
Is this expected or is my environment messed up ?
I'm no expert but I see two ways this could work:
Use different port groups and define different VLAN-IDs for each of them. VLAN-IDs enable you e.g. to split a switch in half to create two separate networks.
Use different vSwitches that are only connected to each other through a single VM (e.g. software firewall) that provides routing between the two networks. Block DHCP traffic.
Option 2 worked fine for me using free ESXi and provides most flexibility but there might be an easier solution using ESXi features only.
Related
I have 2 PC (with Windows as default OS), let's say PC_master and PC_slave. Since it is recommended to work with Linux to manage a spark Cluster i created one Virtual Machines with Linux on each of theses PC: VM_master on PC_master and VM_slave on PC_slave.
I would like to setup a Standalone Spark Cluster, so which Networking configuration should i use (NAT, Bridge, HostOnly?) for theses 2VM in order that they own their private IP adress letting me ssh from one to another without the need of port forwarding ?
Edit: My two laptop are linked to the same box, so they have private IP and supposed to be linked to the same router.
Finally it seems that if i want to give each VM its own Ip adress to create a private Network i have to choose Bridge Network which will assign a unique Ip for each VM!
Is it possible to create different Linux OS in Virtual Box and set different IP address and ping one host through the other?
I configured 2 Linux running on Virtual box with different IP address but when I ping the other one i get no answer.
Yes it's possible, what i can recommend you is to connect the virtual machines in bridge mode so each machine has a ip and is shared with your host machine
Yes is very possible.
There is several ways to achive this. One is use "Bridged Networkin".
You can see more hereVirtual Box - Network configuration
It should work as #Arthur85 said, set the vms into bridge mode. If it does not work, then check whether they are in the same subnet. If it does not work even in the same subnet, check the iptable rules.
Although some similar questions have been asked here, none of them seem to solve my problem, so I've decided to specify my case in a new question.
(Please keep in mind that I am a beginner in computer networks) I have 5 machines I want to connect to each other. I am using a switch to do so.
My first problem is that among 4 of the machines, 3 of them seem to have the same Broadcast and can hence communicate with each other. But 1 of them has a completely different broadcast and cannot communicate with any of the machines (although all 4 are connected to the same switch...). Note that all 4 machines have the Gentoo linux distribution.
Moreover, the fifth machine (which has Ubuntu linux distribution) doesn't even seem to have an ip assigned to itself. When I do "ifconfig" I don't get the eth0 interface but enp0s25 instead, where the inet addr is not specified.
I guess if I can determine the same broadcast in all 5 machines I will be able to obtain a propoer connection between the machines.
Thank you for your time
You have to check if your PCs are in the same network maybe that is the reason you have different broadcast address. Check if your IP and Netmask are correct. Read this link for more information IP Addressing and Subnetting for New Users
Example:
Network - Broadcast
192.168.1.0/24 -> 192.168.1.255
192.168.1.0/25 -> 192.168.1.127
192.168.1.127/25 -> 192.168.1.255
In the examples look like all are in the same network but in reality are in different networks/sub-networks
About you eth0 check if your interface is using a static or DHCP IP.
check the configuration file:
/etc/network/interfaces
Business case:
This is year 2015, and I am using Linux kernel 3.17. My ARM Linux has two NIC, eth0 and eth1. eth0 is for configuration purpose locally for a person next to it, and eth1 is for configuration purpose from remote. So they are basically same function, except eth0 has a person to plug in the cable in the field.
Local PC ------ [eth0 My ARM Linux Computer eth1] ------ Remote PC
Using eth0, the PC software can configure eth1 IP address and port for configuration. To do that, my eth0 has a preset IP address (192.168.1.2) so the PC software can easily find it. The ARM Linux (3.17) application needs to listen on eth0 port A, and eth1 Port B (if configured), and once connected, will respond, but never initiate any activity (not even ping).
There is no connection between local PC and remote PC. They are not supposed to be bridged, or networked.
Question 1:
If eth1 is configured with same IP as eth0, will my application still able to listen on both NIC ports, and correctly respond? I will have two independent threads (maybe same function, but different parameters) to listen on the two NIC ports.
This is why I ask whether I can specify the NIC when connect, and respond, because now you can see they could have same IP address. Ideally, the OS knows where is the connect request is from, so it should know which way to reply to, even if the two NIC have same IP as long as they have different Ethernet address. But, does C++11 or Berkeley model allow me to specify eth0 or eth1 when I listen and reply?
Now, the local PC and remote PC could have same IP address as well (but different from the ARM Linux). But imagine I have two ARM Linux computers, then this configuration is completely ok. But unfortunately I only have one embedded system and one OS with eth0 and eth1.
Question 2:
If answer to question 1 is no, then can they have same subnet mask? Also, can the local PC and remote PC have same IP address?
Assumption
Setting routing table, is a solution, if works. I wanted to know whether it is feasible and also whether it is recommended not to do it.
Also, this is Linux. Similar questions were asked long time ago for Windows, and Windows XP says (no) and I am using Linux 3.17 and I have same IP address so things are different from similar questions.
At the system level, you can configure a bridge on the mediating box. This can have the same IP address on both sides of the bridge and can be locked down using iptables to only respond to particular TCP/UDP ports.
You can't have systems on both sides of the bridge with the same IP address (i.e. the local pc and remote pc can't have the same IP address). You can use ebtables to limit the access on either side of the bridge to the IP address of the bridge itself, which means that the local pc can only talk to the mediating box and the remote pc can only talk to the mediating box.
This is based on never expecting the local and remote pcs to talk to each other.
It's mostly a sys-adminny solution, though, there's not really an API that you could use as a developer to accomplish the same thing.
How does one set up ossec to have the host work as a server, and the guests have agents in them? Specifically, at least one point in the installation confuses me as to how this would work-how do you set the sever IP, if you are running ossec on a laptop, the IP address will change. How do you resolve the host that is running the guests ip dynamically?
Maybe the question should in that case be retitled to that, but the base cause for asking this question is for an ossec setup, and I will likely have more questions later, I'd rather them all be related to this.
Perhaps there is a guide to explain how to do what I want, which is to set up a mac os X lion host running ossec as the server, and have several vm guests with agent setups on them that talk to the host.
One deployment scenario is to create one OSSEC server and then to install OSSEC agents on everything you would like to watch for security events.
Regarding DHCP configured OSSEC agents, you can check out "Agent systems behind NAT or with dynamic IPs (DHCP)" http://www.ossec.net/doc/manual/agent/agent-dhcp-nat.html
If you have a specific DHCP or network range you would like any OSSEC agent to be able use and to be able to connect to the OSSEC server, then you can modify the following lines in the ossec.conf file (snippet borrowed from the OSSEC book):
We can also use the <allowed-ips></allowed-ips> tag to explicitly state which IP address
we allow connections from. In the following example, we used the <allowed-ips></allowed-ips>
tag in conjunction with the <connection></connection> tag to indicate that we expect OSSEC
HIDS agent connections from the 192.168.10.0/24 network
<ossec_config>
<remote>
<connection>secure</connection>
<allowed-ips>192.168.10.0/24</allowed-ips>
</remote>
</ossec_config>
I found out from vmware that the host VM's that are using a NAT configuration have a static IP address that corresponds to the host: 192.168.231.1 will reach the host from within the guest VM. This way, when you set up agents within the guest VM's you can use this address, and it will work.