My first RHCE lab setup

Since I’m just starting out with my RHCE I decided not too nuke my homelab and go the lightweight route. For my first RHCE lab I made some local disk space available to Virtualbox and will be using this to spin up some basic stuff and get this going.

My first setup is a simple server that will be my router in the minivirt.local domain. This router has two nics, one that is the WAN side (simple NAT setup to my workstation) and the other will be our LAN side (host-only network in Virtualbox).

I won’t be using CentOS for my lab setup (which is great by the way, don’t hesitate to use CentOS in any lab setup) since Redhat now offers a Developer license to Redhat Enterprise Linux for free.

First steps

I will probably go through the RHCSA and RHCE objectives to build some sort of learning path. Setting up a usable lab environment will probably go over all objectives a bit since this involves basic installation, networking and some service installation.

The router.minivirt.local machine has DHCP enabled on the WAN interface and has a static IP (10.0.0.254) on the LAN interface. Next I’ve setup a DHCP server on the LAN interface to serve our virtual network. The Redhat documentation for setting up a DHCP server was very easy to follow and didn’t allow for much error.

After installing a new RHEL7 virtual machine called michael.minivirt.local I attached it to the LAN network and it got an IP from our DHCP server on router.minivirt.local. Interesting information here is in the /var/lib/dhcpd/dhcpd.leases files that shows all current leases on the DHCP server.

Networking between router and michael is now possible, but our router isn’t really routing anything yet. We need to get the client (michael) to receive a default route from the DHCP server and our router needs to enable NAT (Network Address Translation) for clients on the internal network.

First, here is the DHCP server configuration I’m using:

This provides our DHCP clients with the route information (using the routers option) as you can verify with the following command

The problem is that router.minivirt.local isn’t setup to allow NAT from our clients. I used to do this using iptables but since RHEL7 (or RHEL6?) we have firewalld and the firewall-cmd command so I’ll be using that to get full routing functionality.

A great resource for firewalld is the FedoraProject wiki: https://fedoraproject.org/wiki/Firewalld?rd=FirewallD#Dynamic_firewall_with_firewalld

I will go into more detail on firewalld and firewall-cmd later (I’ve only read up on the basics to get stuff working for this lab) but basically you have a number of zones in your firewall, the default being public. What we are going to do is move our LAN interface ( enp0s8  in my case) to the internal zone. Then we will allow NAT from all hosts in the range 10.0.0.0/24 via the WAN interface ( enp0s3  in my case).

Next up we can verify that we have NAT traffice working on our internal host:

This is all very fine but what would be without DNS in our internal network? So next up is installing a basic DNS server that will handle name resolution for the hosts in our lab network.

Setting up a recursive DNS server

We will setup a simple recursive DNS server that will allow host name resolution for clients in our network. A recursive DNS server is a server that has no authoritative information on a zone, it merely asks questions to other DNS servers and relays the answers to the client.

Just like setting up our DHCP server, the Redhat documentation for setting up a DNS server is very useful. After installing the bind package all I had to do was change the listen-on option and the allow-query option in the /etc/named.conf file. Since our router.minivirt.local has a nice firewall guarding its ports, we need to change the firewall settings to allow DNS queries to the BIND server.

And now we have working DNS resolution on our client!

Time to update those packages on the client!

Getting my RHCE certification

In this series of posts I will document my journey to getting my RHCE certification. Since I don’t hold any Redhat certifications yet, I’ll be taking on the RHCSA and RHCE exams. In this blog I will try and document as much about my lab environment, exercises and things I’m learning as possible. Truth be told, I’m in love with technology and there is just so much cool stuff out there that sometimes it’s hard to stick to something without getting sidetracked. I’m hoping that by staring a blog series about my RHCE learning path that I won’t get sidetracked too much.

I have been using Linux for almost 20 years now, making my first steps with Corel Linux (yeah, you should check that out 😉 So you can hardly call me a Linux newbie but I wouldn’t call myself an expert either. I can really handle myself on a Linux desktop and server, feeling confident with things like LVM, iptables, automating using Ansible and other great (and fun!) technology. But there is a lot of other stuff out there I’m not so comfortable with (yet).

This doesn’t mean a break from development or infosec for me but I view it as an extra layer of knowledge I’m adding to help me out when taking on all those great projects.