Prof Jake's MIS 4397 Class - Installing and using Sophos as a Firewall VM in Proxmox - Part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Oh it is hello there guys how you doing just turning my phone off or down okay 4397 it's Monday we're almost there we've got basically two more class periods so here's what I'm going to do guys and this is probably easier at least this is the way I learn first of all I want to introduce you guys to something new a new concept today for some of you and that's using firewalls which will also introduce you to using additional Ethernet ports virtual Ethernet ports of physical Ethernet ports within a virtualized environment but what I'm going to do with respect to WordPress is I thought it probably would be easier if I just set up my you know the WordPress example that I've been using I'm gonna go ahead and finish that that funky cat Tony Tony calm and then I will give you guys the login credentials so that you guys can go look at it yourself actually go look at the code and just basically not copy it word for word but use that as a template I didn't want to get too bogged down on WordPress itself because this is not a wordpress class but you do need to know how to set up some of those elements so I figure the easiest thing to do if you just let you log into my wordpress to see what the short cut codes were and how I was embedding code so the elements that I want to see in the WordPress site will be element that I'll put in the WordPress site the blogging the contact information the CAPTCHA the stuff we were looking at last time online store and maybe a couple of other items um trouble ticket a trouble ticketing system trouble ticketing is used for help desks and it's basically the first part of a CRM where when a customer calls in they pull up your account and they beget a new trouble ticket everything all customer interaction pretty much starts with and ends with a trouble ticket an existing customer unless it's a new customer so I'm gonna like I said I'll fix up my WordPress site that little one that I'm making the funky cat 2020 and I'll send you I'll have you guys don't look at it and then I'll send you the credentials only so that you can log into it if you have to I don't expect you to do it if you don't need to just to log into it to see what the background code was I learned better that way I learned by looking at somebody else's stuff not really cheating but learn by example that's how you'll find a lot of your information on the Internet is don't try to reinvent the wheel just go take somebody else's wheel and make it your own you know color it how you want it and put the tire on it that you want it and drive it in the direction you want it don't try to reinvent it I'm not trying to teach you guys to become programmers we're trying to teach you guys to me go become good tool choosers choose the right tools and then how to use and implement those tools and then actually moreover how to manage people that are using those tools for you so you guys got all that what I'm doing with that can you guys hear me okay by the way I didn't ask that yeah we can hear you okay and I'm on my laptop so I modified it a little bit so hopefully it won't it won't heat up and freeze like it had been doing before but if it does I'll switch over to my desktop really quickly I just won't have a I don't have a camera on my desktop most laptops do these days most desktops don't unless you add one so what I wanted to point out today is making use of those additional Ethernet ports on your proxmox or on your virtual environment you guys might wonder well why would you why would you need more than one Ethernet port on a server let me let me login and show you an example of a server that I managed it has lots of Ethernet ports on it so I'm going to share my screen here just as soon as I get to a point where I can share and I don't want you to see what I'm typing in to get there close some of this and some of this is brought about by me having to do some work on one of my clients servers okay so here's here's just one of them and this is an older proxmox it's proxmox v but essentially it's essentially the same thing okay so looking at here if you guys can see that is we're just looking at alder proxmox screen of one of my clients there's nothing super important on here that you guys see and I'm not violating hip or anything like that can't see any patient data let me bring my chat window back over here my give me just a sec professor the question yeah go ahead is this the last day recording on YouTube no no the official last day according to what I read by the way guys it's supposed to be the 27th according to the according to the schedule so I'd like to have a Wednesday class in another Monday class none of what I meant was like I think that last class like I don't see you on YouTube I know it's not on YouTube yet that's because I needed it edit that video to blur out some stuff that would be a violation because it had some student data on it so I don't want to edit that so sorry about that guys oh this says my weekends unfortunately have been filled with catching hackers and helping people set up remote access and don't much of that going on unfortunately so you guys can see the screen over here this is a proxmox this as well one two three four five six it's got a few virtual machines running on it including this FreeNAS virtual machine which we've talked about network-attached storage already that happens to be a network attached storage VM running machines but if I go to click on the server name you're gonna click on network you'll see that I've got multiple network ports you this e and o 1 2 3 & 4 are the 4 physical network ports that are available on this server now do you guys want to log into your servers in the lab I believe you see two ports not 4 does that sound right to you guys we can go take a look at that one in a minute I just want to show you a production one and then you'll see this VM BR 0 1 2 3 and what that stands for is virtual machine bridge what a network bridge is for those of you that feel are not that familiar with networking yet is bridge is referring to layer 2 essentially referring to layer 2 and on the hardware layer and it can have a bridge can have one or more physical Ethernet in it a IP address or a route like you see over here IP address can be assigned to a bridge and you can assign more than one I pee address to a bridge so most virtual environments split it all out this way so that you have lots of flexibility because other things that you might want to do other than create a one-to-one bridge like this is like this Nita feet are zero all this is doing is mapping back to the physical port E and O 1 which is up here and I happen to also have given it within proxmox an IP address I didn't have to give it an IP address in proxmox but if I want to access it on that physical port I do need to give it an IP address and then there's the subnet mask in the Gateway I could have created a a bonded V&B R so that it was actually using two or even three or four all of these Ethernet ports to basically give me rather than a one lane freeway a four-lane freeway so instead of a gigabit connection I would have a four gigabit per second connection and I would literally connect all four of these physical Ethernet ports on the back of the server to the same switch and then I would need to tell that network switch these four ports whichever four ports I chose on the switch those are bonded and you should treat those all as one bridge and expect all the IP traffic that comes on any of those four ports are all coming from the same MAC address they're all coming from the same machine I should say so I'm not I don't have any multi multiple bridges but you see you can create additional bridges there and overflow or failover bridges that's a less of a commonly used function of proxmox what most people are doing is proxmox and when you first set proxmox up it assigns by default one vmb are usually it's VM br0 we started in the number zero in the networking world which happens to be the first physical port that's the IP address that ten dot 282 twenty that's what I typed in when I set up proxmox then there's the subnet mask and there's the Gateway that I'm using I then later on after I set it up added be MBR excuse me I did not add in b and b are one two and three they were already here let's take a look at vm b are three for example there's nothing there associated with that virtual machine bridge a port there so it's not associated with a particular ethernet port I could if I wanted to right now associate it with a particular Ethernet port I'm not going to do it on this one cuz I don't want to screw it up but I would add it to bridge ports down there when you set up a proxmox for the first time if there are four Ethernet ports on it is in this case you'll see four virtual machine Bridgeport's why don't I go ahead and let's go ahead and use one in the lab just so that I don't confuse you anymore with that so let me back up for a minute another quick question about there go ahead which so if there's a RAID controller do you use PCI ass through or do you just mount all the the drives on the virtual environment and then yeah I'm trying to I'm trying to exit I forgot I put this in a special mode and I don't know disconnect there it is put in a special full-screen mode I'm gonna let me let me view a machine in the in the lab and finish talking about this and I'll talk about raid real quick rahi okay well hope I can get to it I've tried to get to it today I guess if I can't get to it I'll go back to one of the other commercial machines I was showing let me try another machine sometimes you have to wait these things up like looking at another machine first in the lab oh we must have had a power outage there at the lab I've got my password because I don't ever log into the Bauer account very much let me go try to get back on 1 7 64 because I should be able to get on down there we go and let's take a look at proxmox 2 which is where I've been doing my work okay so proxmox 2 here if I click on the name of the server not data center or not the individual machines go to network oh that log back into it it's timed out so it looks like the looks aren't just my computer probably cuz there were some Windows updates I think my computer because that so proxmox to network okay so this is what you see on a fresh installation of proxmox you'll see all of the physical that proxmox was able to find but you don't see possibly all the virtual machine bridges so this is what you guys need to do at least one person on every team needs to do this I'm going to go ahead do this for server number two it's very easy to do VM br0 Linux bridge it's the only thing that's available to give to virtual machines so not only am i using it you guys need me to make that smaller by the way let's see if you can see it if I make it smaller okay so not only is this the only bridge available to give to virtual machines it also is what I'm using to talk to proxmox with there's the IP address of that proxmox all of the virtual machines like this Jake CentOS 7 their network setting are all using that bridge that's the only bridge of the only network port that's available to me what if I wanted to put these virtual machines on a different network which is usually what we do in real life we usually do not we usually don't put the virtual machines in the same subnet as the virtual environment servers themselves because we don't want users to accidentally discover proxmox so we don't want them to use that network or we using this network to do backups and so most of the time you're going to want to add second and even third and fourth bridges if we had more Ethernet ports most servers have slots in them that you can put more network cards into so I'm just going to create another Linux bridge so if anybody on Team 3 or 4 is there you can do this at the same time if this doesn't doesn't get done by this evening I'll just go in and do this for all of the servers lennox bridge let's go ahead and call it vm br1 that's the default we can call it whatever we want you know we can call it LAN port - or Ethernet - or whatever you want but I'm just gonna go with the default I am NOT going to give it an IP address okay that's only if I choose to use that network to specifically talk to the proxmox I may give it an IP address later but the point is you don't have to give it an IP address you can use these ports within the virtual machines and let the virtual machines give them addresses we don't have to give it an address at all the only thing you have to add here is what actual physical port it's connected to and we want to bridge to eat in Oh to eat and OH - I'll go ahead and make a comment here and I'll say that that's a workstation workstation land or VM land whatever I'll name it something there okay so created that you have to click apply configuration to apply anything we're not going to do it yet or actually now I might as well do it now I'm gonna go ahead and do that now yes I uh-oh yep up down - I need to load that this is just a technical thing let me let me technically do this real quick so you watch what I'm doing but I'm not going to specifically explain what I'm doing it's just it's a little package that we need to install under proxmox to allow me to do that without rebooting which is dumb to force you to reboot Linux is all about not forcing you to reboot like Windows does it's using this little package so this might kill the server because it's untested but I'm sure it'll work let's just try it real quick after this if up down two installs otherwise we would need to reboot it we usually don't want to reboot a virtual environment because if there's running virtual machines on it you take those virtual machines down if they're critical virtual machines or somebody's using them you don't want to do that done good ok so that was easy I don't know why they didn't just make that a part of proxmox seems like they should have just installed this so now I've got this VM br1 now that is what I can use to apply to a virtual machine I can either apply it to an existing virtual machine like this Jake CentOS 7 for example now if I do that I may not have access to it anymore over a network I'll still be able to remotely view it with a console screen but right now I can get to this thing on one ninety two dot one sixty eight dot 10.2 oh one but let's say I wanted to set up another network use something internally like 192 168 oda or yeah Oh dot one or just just a different network I'm gonna go ahead and change this I'm sure just to show you what's going on look press any key no I don't know what I'm doing there wonder what it was trying to do looks like I was trying to install something ok so right now I campaign google.com I'm talking on the internet because I'm on e zero or net zero or here's the glue right there VM br0 that bridge right there that's the network card that's been given to Jake seven if we look at Jake Santos that when you looked at all of these they're all V and B are zero if I want to take them off that network I can simply edit that and change that from being vm v r0 to vm v r1 I will need to change that IP address it can't be the same subnet it has to be a different subnet I just make it one dot 10 for grins and giggles I'll make that one in two thousand one sixty eight dot one dot one now that doesn't exist yet I don't have a gateway running it 192.168.1.1 so I'm not going to get routing unless I had a gateway install which is the next thing I'm going to talk about so is this a VLAN that exists only within that virtual environment yes I just created well I haven't created the VLAN yeah but yes sort of I've only created this LAN and doesn't only exist within this virtual environment it's anything anything that's connected to the second physical port this if that port is you know - if it was physically connected to all the other second Ethernet ports in the lab or anything else then yeah there's there would be a separate VLAN in there now we don't we we can't get back in the lab right now because we're still on quarantine so usually in the class the next thing I have us do is we literally connect second Ethernet cables to those second ports and we run a separate land a separate physical land not just a VLAN on a virtual in a separate physical land but we don't have to just for purposes of doing this and showing you what the net effect of doing this is so now this virtual machine CentOS 7 it's no longer on VM br0 he's on vm b r1 which is pointing to an Ethernet port which is not connected to anything that was inactive so now if I try pinging something like google.com nothing is going to work and that's because the networking changed by typing IP space address my IP address has changed to that 192.168.1.2 n by typing IP route it tells me it's expecting to find the rest of the world from this range in other words it doesn't have I'll hear it a default route it doesn't have a route to the outside world anymore because there is no 192.168.1.1 excuse me let's add one okay let's wait we need to create a firewall since we can't physically connect this to anything because we're not there in the lab another thing that we can do is install another virtual machine which lives on both networks the public and the private network or the external and the internal network and set it up as if it's a it's job is to be a firewall to be a gateway between those two networks now here's another thing I could have done or change it back temporarily I don't remember what the IP address was I guess I should have written that down huh I can go look at it in a spreadsheet but maybe if I hopefully put in the notes I didn't put in the nose that was bad of me was it so where is that spreadsheet I want to step on anybody's IP address so I need to change it back or I could change it to DHCP just temporarily why don't I do that I'll just change the DHCP temporarily because there is a DHCP server going on in the lab not from proxmox but connected to that physical port connected to whatever proxmox is connected to on Ethernet one there's a server running on that port which is given on DHCP so let me just temporarily change it back DHCP and I'm saying something else that you could have done if you wanted this virtual machine to live on both networks you could simply add a second network card so I'm gonna change this back to DHCP you want to change that back to VM br0 or is it and now let's see if I can ping anything I may need to reboot the machine at this point turn it back off and on oh you know what I can do I can do an IP is that key config still or no I P renew they changed all the commands we used to use IP config actually I'm just gonna reboot it real quick and that will tell the machine to get another DHCP address okay so I'm back on the network let's see what address it gave me okay so I'm on 10.1 49 you could have we could have come back up here to proxmox and added another network port let's call it e 1 why I call it e 'the one because the first one happens to be called easier but you could call it whatever you want let's stick to the defaults though bridge let's put it on V and B are 1 not V and B are 0 because my goal is to put this virtual machine this container in this case on both networks this new network that I invented which is not connected to anything yet I'll go ahead and make it a static address 192 actually it's a completely different rain just use 10 dot o dot one dot 10 completely different range and OH dot one dot one there isn't anything at 10.1 it's back back I'm gonna put that gateway and we'll leave that off you don't have to in fact you really only want one gateway ok so what I've done is basically inserted a second network port and a second network card in that machine so if I go back to it and I type in IP address just to see what addresses are on this machine you'll see that I now have make this a little bit bigger so I now have a new Ethernet card here I've got this easy row we see that now I've got each one that showed up and there it is 1000 dot one dot 10 and I can paint n dot o l1 Kenneth and actually use it ok now why do I want to do this like I said to ultimately you don't want the workstations running on the same lamb typically it's just not good practice as proxmark so typically what you want to do is you want your proxmox to look like this where it sees all the virtual machine bridges but it only has one IP address in one gateway on a different subnet 192 + 6 8 10 . whatever and then all of your virtual machines are on the other MBR one and using a totally different range this will not exist we're going to delete that in a few minutes here but we need to add something so that this virtual machine can get to the outside world we need to add a firewall now proxmox does have firewall capabilities built-in but it's not very good i recommend that we use a professional firewall like pfSense or something like that so here's a good here's a good firewall that I've been using so folks this company cellphone makes that two products I haven't used their extreme product yet but I've used their UTM product so folks UTM free download now pay attention here because you do need to probably do this you need to sign up for a cellphone account it's free so anybody can sign up for free eutteum firewall download software describes what Sophos is it's a really nice have you ever played with this one raw he was so post or saw Foss I guess they pronounce it I got the XG one and I was messing with that okay what do you think of it so far I mean I'm more familiar with pfsense and I like it because you can add modules and stuff like that yeah but it's a solid product okay so let's click here to download the Sophos home firewall now what we're downloading is we're downloading an ISO is this going to be a standalone machine standalone virtual machine it's not an apt-get package it's not an application you're not going to need to set up a virtual machine first you're going to set it up with this is up so I don't remember by having a can under my JK yohdu accounts I'll just try real quick and we'll see it might remind me say oh you've already got one job role on the sandwich student or no I'm just gonna say I'm an IT director you say whatever you want I want everybody to do this now I'm not trying to be a salesperson for cellphones but the fact that it's free the fact that this free version at least the UTM version looks just like their very nice very good enterprise version which is much more like what you will be using when you guys get out there in the world real world of age industry is edu education company size 35,000 that how big we are yeah so I'm going through this as if I'm brand new thank you for your interest you will receive an email shortly shouldn't take very long at all so I'm gonna go over and look at my email which the Jake at you extent II D you happens to be going to Gmail so on a - I'm gonna actually do this just in case I don't I don't want you guys to see my gmail just in case somebody sent me a bad message something that I have to not show you like I'm quitting school or letter or something like that or I want to kill you you get a lot of deaths no no not not right now maybe maybe soon that might take a few minutes to send that to me but what it should send you and I think I already probably have an ISO that I can upload and show you but what it should send you is a welcome email welcome to so posed here's how to get your account started and it will send you a link to an ISO which you will download let's see if I've already got the ISO available like on this computer here and I can upload it look at my downloads no don't have it there let's see where I've got it real quick I'm gonna search my email for cellphones thank you for your interest okay so I got an email here don't let the ISO image okay so let me copy the link over that it sent me I can copy that over so it's asking me to go to that link okay so here are the different ISO s pay close attention to this because you do not want to download the hardware appliance that is for you if you're installing on an actual piece of hardware that you bought from these guys but we didn't buy a piece of hardware we're using some software so get down here to software appliance do you remember what I mentioned the term appliance meant what does appliance mean when we talk about it in the networking world or the virtualizing world it basically here is a VM which has already been pre-installed with very specific applications to perform very specific tasks in this case it's a firewall the UTM by the way stands for universal threat management this does several things as Sophos does it's a firewall its network address translation it also has virus checking in it too it's really a really neat product so let's click on download here to download that latest version now not everybody on your I think I got I just did all this just do it again I might up the wall again although I think you just have to basically provide this again now I want everybody to go through this even though you really only need one ISO on your server I want everybody to go through this just so that you have the experience of doing this it's not always as easy as just clicking a link to download an ISO especially the you know this is a commercial product they're trying to sell us something eventually we'll get what we should get a license emailed to us says that alone take a couple of minutes while that's going what I can do is show you what an existing cell phone looks like okay so I'm gonna log into one of my self owners actually I'll log into yeah this one happens to have a lot in it so don't hack me okay actually you know what I'll do I'll log into a virtual machine which is running this so close already so I can show you that in action so this is one of my old old virtual machines I need to upgrade it that's like the third one I built so it's been a while it's running proxmox it's just an older version of proxmox okay you guys see this on the screen okay there is a Sophos right there so first of all let me show you the relationship of the network port so on vyas if I click on vs three-year and I look at the network ports you will see that I have one two three four five six network ports in this server that's because I've added Network ports you'll see I have six virtual machine bridges you'll see that this proxmox is only using this virtual machine bridge 0 it's using Ethernet 0 and Ethernet for other than that it doesn't live on any of these other networks it physically is but it's not using those other networks but that's ok they've been made available to other virtual machines so I've got vmb are 0 through 5 you'll notice I have a little note here VMV r1 which proc box is not using is connected to my external and my external public way an IP address network which is in my colocation it's connected also or I have available also vm v r0 which is an internal webmail network and then there's V and B are for I'm not using two or three yet oh so now let's take a look at this virtual machine that I've set up with cell phones let's take a look at its hardware and you'll see that I have within the hardware of this so close I don't even need 40 gigs I gave it 40 gigs and 2 gigs of RAM but I've given it at least 2 this is what you'll need to get at least 2 at my case 3 I've connected it to 3 different networks that first this VM be our one that's the public external address that V and B are 1 if you remember was vs 3 here the MBR one that's on my external network and then V and B are 0 is one of my internal networks and then vm v r4 is another one of my internal network so if I log into this cell bus I will see three different interface cards once called net one one's called net zero on ones called net - okay so now I'm going to log in to that cell phone which is actually a w3o meat I put HTTP column plugs I for that in the meantime see if I got an email back from so close with my password in it because what they have to do they have to send you a license basically here you can apply for a license which again is free if there's a little bit you have to go through sorry I forgot the past I have different passwords on everything never use the same password on two different machines unless it's a sample machine I don't care about okay so the first thing I want to show you under Sophos is under interfaces and routing your interfaces that's the term whenever you see that term and if you're looking for where my Ethernet connections I need to get to that they're called interfaces under Linux systems and this is a form of Linux click on interfaces here and there are the three network cards there's eath one remember I said it was the external one so here's external and there's the IP address I've given it right there I hard-coded I I assign it here within so close and then there's e0 which is that first internal range and then there's each two so this is equivalent to if I was looking at proxmox that's net zero net one net two I go back here net zero net one and net two you can if you want to verify I can look at those MAC addresses and I should be able to see them over here I go edit this one for example I'm not going to change it but I go edit that or if I go look at the oh here if I click on Hardware then I can see these magnet dresses and I can verify that MAC address that 37 3a which one is that 37 3 ah--that's vm BR 0 or net 0 so that's how these things are gluing together and going kind of slow here because I want you guys to see how these things glue together first that's kind of the hardest concept to understand the actual installation on the firewall is not that difficult once you've done one you've done them all ok so there's the three Ethernet ports now let's go back and see if I can upload that ISO file and let's actually get that done ok so showing folder so I've got it completely downloaded now I need to upload that's almost a gig you need to upload that into my proxmox so where's my local storage hopefully I've got enough room yeah I got plenty of room so I'm going to click on content I'm gonna click on upload upload an ISO image I want to select that image now only one of you has to actually do the upload here because you can all use that same distribution one of you on each server once that distribution is uploaded everybody can use it your going to use your different you're going to use a different license number you're going to all apply for your own license number assigned to your own email address and you each are going to set up your own firewall so there might be four or five firewalls running on the same proxmox but that's ok I've got one virtual server I've got six or seven firewalls running because it's handling networking for six or seven different subnets now what you could probably do it with might be a good idea it's going to read what the minimum requirements are or so folks UTM like how much RAM and how much harddrive space might say it on this screen but if you look around on this website it will tell you what the minimum requirements I'm gonna go ahead and tell you what the minimum requirements are because I've been I've installed this recently so I know what I need to bill okay it says it's done and scroll down here and here's my cell phone sandwich okay I'm gonna go ahead and build a new virtual machine can't be a container has to be a virtual machine there's my $2.99 there's a 298 I want to make this one 297 so create virtual machine on proxmox to 297 I'm gonna call it something simple like Jake suppose so that's what you're gonna call yours click Next what am I using look on local or this ISO image there it is ASG by the way it's called ASG and not UTM because the software was actually written by a different company and then so close bought them it was written by coming to called a star L so this is the astara gateway product so don't let that collect as you you UTM equals ASG I remember a stubble eluded you the distribution yeah I was a lawyer we're going to assume that it's Linux the only choices you have our windows solaris or other it seems to work just fine under linux it is a flavor of Linux if you're running a bsd install like pfsense do you still keep it as linux it depends you I would probably still keep it as Linux because BSD looks enough like Linux the only thing that that does by the way Rolly is that just pre chooses for you some of these additional items like the graphics card scuzzy controller hard-disk gonna come here I'll I'm gonna I'm gonna make that smaller I'm gonna make it 20 gigs you guys don't need to make it that big just make it 20 gigs no bigger also I don't want to put it on containers I want to put it on local see at this I'll turn on the write-back cache sockets one chorus one I'm gonna bump that up temporarily to two I'm gonna change that by the way because I've run it to run faster gonna change it to host at the very bottom to make it run as a native host application you don't always want to do that the reason I'm doing that is because I don't plan to ever migrate this virtual machine but if you do migrate this virtual machine and it was expecting to run as an AMD processor which is what these servers are using it might not run properties and Intel memory I'm going to bump it up to 1024 that might be enough we'll see if us so close complains or not Network VM br0 I'm going to click Next on that actually I'm gonna back up on it take that checkbox off I don't want the firewall enabled on it because it is a firewall gonna confirm that that's gonna create it I'm not going to turn it on yet I have to add because one of the minimum requirements of suppose is two network cards one which is the internal network card and one which is the external network card do they have to be two physical cards or can they be home no we could have actually added that's a good question Riley we could have actually added two network cards which are basically ones an alien and an alias of the other but you have to make them what's called deal an away so if I look under Hardware here I see only one network device that's that's gonna become my external device as far as so close is concerned because I added a new quote-unquote internal network on V and B are one I'll click on add network device and choose vmb r1 and I'm gonna say that that is vert IO that's the fastest version and click off firewall click on add so I just added to physical network ports there this thing is actually talking to both of them now what you were saying wrong he is you know can I add another one on the same yeah you can add another card on the same virtual machine bridge if you didn't actually have a second Ethernet port but then you'd have to make sure that you are doing what's called VLAN tagging which is kind of beyond the scope of this class someone take that network card back out I'm gonna go ahead and get a console to this virtual machine I'm going to show you what the installation looks like so I'm gonna consult to it first now I'm going to turn on Marin my VM BR one is my internal vm v r0 is the external keep that in mind that's the Silva's food up screen hit enter there that sure looks like Linux smells like Kleenex it might be BSD even it's close enough this CD contains the enterprise to look at installing blah blah blah do you care just take the default it's making sure that it's got you've got all the minimums here I don't know if I'm gonna get to I want to try and can get to the point to where I can actually use this Sophos to force my virtual machine to use it to get to the outside world oh no hardness was found that's interesting there definitely is a hard-disk maybe their new version doesn't like to be installed on a virtual drive hang on one second or I may need to change this hardness to something other than scuzzy it may not be able to read that scuzzy Drive so let's change that if you ever get that let's detach that drive this is what you have to do with Windows by the way it's on let me turn it off so if you're ever trying to run a virtual machine and it doesn't like what's called vert IO which is the fastest way to do things do this so it disconnected that drive it just gave me an error because it was on now I'm gonna reattach that very same Drive but I'm gonna change this from Bert IO scuzzy to something else gonna change it to something more familiar to operating systems like SATA SATA that's a more common type of Drive that you might install in an actual machine now it should recognize that I'm kind of surprised it didn't recognize Bert il but maybe maybe it doesn't recognize scuzzy it should recognize those those two network cards but just in case I'm gonna set those to the slower until II will actually I'll set them to this Realtek 80 139 that's a very common network card that's found in most workstations it's probably a little faster than the original Intel II 1 thousand which is a really old card now let's turn it back on now it should it should recognize everything because I'm giving simpler devices defined so that's what you're going to need to do if you were installing a Windows machine because Windows doesn't talk Burt I'll you have to install a special driver which we might get to on Monday no I'll show you how to maybe that'll be the last thing we do in this class as I'll show you how to install a Windows virtual machine underneath Linux would you guys like to try that sure thank you for saying sure okay so let's see if this works so that was one of the questions on the survey I don't know if that was required what's that the windows-based VM what about it that's one of the questions I know in this semester nothing's required basically no I shouldn't say that in this semester the requirements have been brought down considerably okay so now because of everything's going on I would like you to try installing Windows VM but if you don't get to it I'm not gonna give you a D or D E or C I mean if you're done everything else at this point Austin I'm happy with that let's just choose English let's choose America so obviously it's found the network cards and it's found the hard driver it would not have let us get this far Chicago I'm just hitting a C to jump down to the C's let's go with that we can just we'll just we'll just take the defaults on that well you know I've changed that later okay here's e0 8th one now that says there's the realtek it says hey I found two network cards which one is going to be using - you're going to be using to access the web interface well each one does not yet exist anywhere that I can access because I don't have anything physically plugged into it so you have to choose either zero what address do you want to give it you need to give it an address in your appropriate range so this is team two I'm gonna cheat not look at the spreadsheet but I need to give it something in the range of one ninety two dot one sixty eight dot ten so I'm gonna give it one ninety two dot one sixty eight dot 10.2 forty probably nobody's using two forty hopefully hopefully nobody's using two forty I can go double-check that by let's ease a couple different ways I can double-check that but I can try pinging it to see if it exists I can ping that can't ping to forty so probably nobody's using it someone using 205 so I'm kind of cheating but in an interest of time I'm cheating what's the gateway 192.168.0 started typing all that in on the same line that is the same thing is the gateway of your proxmox server know how to hit the tab key excuse me this is not a GUI installation as a text-based installation so we had to use the tab key and not one it's not optional we need it initially here so that can talk to the outside world the Oh on a 64-bit kernel because supporting large amounts of memory and offering better performance let's go ahead and say yes you don't have to a 64-bit versus a 32-bit kernel just means it can access more than four gigs of RAM we only gave it one gig so we don't really need that but let's go ahead and say yes we can only access a 4 terabyte drive but we only gave it a 20 gig drive so I didn't have to yes go ahead and install the capabilities yes please foresee it found that 20 gig hard drive now it's formatting it setting itself up should not take very long at all you might get a little error on the screen there don't worry about that error if you ever see an error regarding anything to do with TTY that's just the console that's just this console screen that I'm using here so folks is a little confused it's like what what is this it doesn't realize it's a virtual machine yet it thinks it's trying to install itself on a real machine so it's pretty quick install and I've already done the hardest part for you guys is actually uploaded that at least 14 - and I suppose if everybody else wanted to you could go steal it off of team two's machine by using FTP or I could upload it to proxmox - shared storage yeah put it on the NFS server yeah why don't I do that just so that everybody can have access to it now make it easier so you'll notice some of these packages they sound familiar perl it's a lot of cellphones is written in Perl nothing fancy I mean there's nothing special about so close really other than its front end GUI is really nice there's some Linux stuff there I should probably check my eat actually no I think what happens is yeah within the GUI set up they'll say click here to obtain a license and then that's what it says you an email I'm gonna go ahead and check what's doing this real quick see I got anything else from cellphones like here's a password if I haven't really set up an account I haven't set up a password yet with cell phones your email address has previously been registered oh I already have an email address so yeah it wants me to go to it wants me to go to this webpage to login and this is where you this is where you will apply for and see your quote-unquote your licenses I'm gonna try to guess at what my license what my password was oh good hopefully it's already it's still stored there so I don't have to do this okay it says I don't have any licenses available I'm going to create a new license I want a home license oh I'm sorry bug attacking you have an activation key no create a firewall key for me okay so there is a license oh that's a license name I'm gonna click Submit okay now I have created for myself an unlimited license except this is not the home license that I want it actually wanted the home version because the home version actually lets me do a lot more but when I copy and paste that number real quick we'll see what it says that is after I get the installation finished Oh still going I thought it would have been done - fine now I probably should have given it three cores or a little bit more memory when this is done it's gonna say okay I'm done installing please go to this IP address on port four four four four just like I did up here except it's you're gonna put in an IP address you're gonna put in HTTP colon forward slash forward slash whatever that IP address was 192.168 in this case that's gonna be 192.168.1.2 40 that's what I gave it : 4 4 4 4 just like we did with proxmox in port 8000 6 so post decides to run on port 4 4 4 4 so make sure you put that in or you will not be able to access it you can change that port later on if you want to but I don't recommend it I recommend just keeping the default on so while that's still continuing to install let me go ahead and show you a little bit more about it already existing so folks go back to my so post firewall here I never store my passwords for important firewalls and servers by the way that's why that wasn't coming up with a Microsoft stored password do you use key paths or anything like that no it's all in here and sometimes I forget it ok so once you get Sophos installed it's going to come up with this dashboard here once it's actually installed there's that license number this license number for this particular Sophos we're looking at here is a license where the only these two items are being used I don't use any of these other items we could use those if we wanted to I don't have any of those on for this because all I care about is the intrusion prevention and the firewall part of it really just a firewall part Oh care about a lot of this other stuff and I'm pretty far behind on this one I should probably update it it's seven updates all but you'll notice there's easier on each one now what you're going to need to do by the way is you only have one of these set up so far it's going to be e 0 which is set up it's actually going to become your external win and you're gonna add each one and it's gonna become your internal so that's going to be a little confusing I hope that this and it finishes quickly so I can show you how to do that oh there we go we're done good I'm going to show you that so here it says go to HTTP 192 + 6 8 10.2 40 44 44 right there so let's just go ahead and use this one red and confusing you with a complex one that's already built at this point by the way you should remove the CD drive I should probably turn off the virtual machine and remove the CD drive but we don't need need it anymore we're set up or it's the proxmox give me one second where my virtual machines go oh okay so at this point you should probably want you finished installing always always always remember to remove under hardware that CD drive you don't need it anymore once the installation is done get rid of it on the next reboot that red line will go away so I could reboot it now see it's trying to in fact it's trying to reboot it again it's trying to reinstall it again I don't want that to happen so I'm going to turn off the virtual machine actually not going to reboot I'm going to turn it off because I'm gonna start upstate now it is applied that change it's taken the CD away now I'm going to get a console back to it again turn it back on and it should be properly now don't forget to do that stuff otherwise you're just going to end up in an install loop over and over and over again nothing to boot what but it did install it stupid thing maybe I need to change that from bird IOSCO to get something up let me turn it off for a minute let me change that to that see if that fixes that it should not be doing this some kind of computes and surprised as to why it's doing that because the installation went just fine it would not have installed it if it couldn't boot that drive okay hang on options boot order ah that's why you know why I was doing that because I changed the drive and still said scuzzy there okay so pay attention to that actually in the fridge choose SATA in the first place but did you see where I went to check that I went to options I wanted to check to see why the things not booting this is kind of like pressing f2 to go into your bios of your computer if you've ever done that most of that's all under options here went to boot order to see what's trying to boot from withdraw still trying to boot from scuzzy zero which I took out it's actually now called SATA zero and I need to turn it off and I'm gonna change that scuzzy controller back to scuzzy shoe because that shouldn't work no actually I'm just gonna leave it at that no I better change it back to that because that's how I installed it get this sucker working otherwise we're not having any fun there we go since laws it says grub loading grunt as long as we see that word grub there it is UTM 9.7 let's press f2 and see what it's doing it's just installing all of the individual not installing loading up all the individual programs in the background I always press f2 so I can watch this happen because if there is any sort of failures they'll show up you'll see them in red over here and say I failed alone something how are we doing on time oh we're just we're almost out of time I wanted to try to get to this let's see if I can very quickly I'll finish this up if I don't finish it I will finish a recording of it after my 2:30 class okay so there it is I'm done I don't need to log in here okay it says go there you want to do everything on the GUI I don't need to do anything at all in fact you probably won't be able to log in here until you actually enable that so the console screen at this point does me no good now I want to try to go to copy that HTTP : dah dah 192.168.1.2 40 : 4 4 4 4 it's gonna be I haven't set a password yet by the way guys did you notice this is kind of like when you install WordPress the very first time the very first thing I should see is an error oscillator hostname let's give it a hostname these settings must be made before the system can be used I don't remember if that's a fully qualified domain name or not so I'm just gonna type in silico it'll tell me if it's not if it needs to be like so close dot e iLab Bower or I should probably call Jake cellphones you H you stun admin account this is where I'm going to make the password I'm gonna make it a simple 1 1 2 3 4 5 6 1 2 3 4 5 6 and then account email I'm gonna make it a real email address in case I forgot my password I accept the agreement perform basic system setup and then it's going to kind of just do a couple very minor things here and then it will log you out and say ok now you're ready to log in with the username and password by the way the username or so folks is not root its admin so keep that in mind so close not root we log in be a root is it continuing oh it says it right there it'll take 40 seconds I was getting ahead of myself so don't try to log in as root I'll try to upload these tonight guys oh I clicked the wrong thing click back to safety let's try to log in again now I've got this is the default so post login screen admin 1 2 3 4 5 6 welcome to so faucet relatives it's the first time you've used it license file now this is where we need that license file that's where you need to have already applied for and received a license file from the my cell phones website and I'm going to run out time here guys so let's see if I can log in quickly and download one of my existing licenses and I'll just upload it to this one temporarily what you're looking for is a UTM 50 user home license so there is my t my UTM there at least that's what I wanted right there than my UTM site this howdy say something so you see how I click on there right my UTM which is where I was earlier when I logged in new licenses here's my here's one of them so I'm going to download I have several of them so to download this actual file download the license file it's just a little text file with a bunch of text in it then I'm gonna go back to my proxmox back to my um I'm sorry not back to crop back to the webmin over here the installation and I need to choose that license file that I just downloaded there it is there open start the upload if you don't install a license you get a free 30-day trial so I guess we didn't need to install a license but I'm going to go ahead and do it anyway internal and network that's going to change but for right now let's leave it at that okay let's not enable DHCP we've set all that stuff up later if we want to set up internet connection not saying where do you want to set up your internet connection I'm not going to set one up right now because I'm actually going to switch this stuff around actually now we're going to go ahead we don't have much time so I'm just going to go ahead and set it up because I want to show you what one looks like look like Internet standard Ethernet address type static this is where I'm just gonna make up something in that new range remember that range I said hey I'm gonna where's that Jake CentOS 7 not that new range I chose 10 dot o dot 1 and everybody by the way can use the same range if you want because these aren't going to interfere but I recommend that you choose your own so if you're on team to use 1002 does something if you're on team three is 10.3 dot something so ten dot o dot one dot something [Music] that's your DNS server there I'm going to turn all of this on please set up another one please set up fire wants to allow all of this now we don't need any of that stuff on tour right now we just want to set all this up I don't want to scan for any viruses right now I don't want to do any of that finish all I'm trying to do is get you to this point to where you can upload Sophos not up them go get a Sophos virtual machine built we're going to need to switch some things around like I said but that's fairly easy to do once we do this we're gonna actually switch the external with the internal professor what's scuzzy controller did you use to get it - detector of hard drive I chose saddle SATA look at think you should have worked oh yeah I don't know why didn't work because it I've installed this before with bird il so I've got to get ready for my next class guy so I'm gonna have to I'm gonna have to stop this here but I will finish this video I'll edit on to the end of this video what I needed to do to finish this it's so post installation and then what I'll do is I'll just give you the credentials to this cell phones BM not so that you can use it but so that you can see it I guess everybody on team - could theoretically use this so close to put their virtual machines behind but what I'll do is I'll show you what I did to set up this cell phone so I'll actually I'll just record a zoom meeting I'll do it sometime later tonight a professor yeah I'm still in the wordpress part I think I installed it but I just want to make sure my PHP website is not showing up anymore is that required for me to get that set up for WordPress because you may because you install WordPress on top of it okay that's what I'm wondering because it's not showing up anymore well what you could do is set up another domain the different domain name and redo that PHP part just so that you can show hey look I did the PHP part okay that's one suggest I'm not gonna be a real stickler about that but if you would like to see that you know you set up PHP and it was working and you want to prove that it was working just make another domain I think I did it sighs rich none of it to you Dirty's p.m. fell under that new virtual I'm under that gonna go man okay so like I said I will make another zoom meeting and merge those two videos together where I'm actually fixing this Sophos because right now what we're going to need to do by the way is this Sophos is basically backwards we did it kind of backwards in other words underneath here we said that that was the internal card and that was the I don't want that to be external the outside world and we want that to be internal so we need to move a couple of things around we can actually do it from within proxmox here simply by switching vmb are 0 & 1 around it may upset self us but I think we should be ok out like I said I'll make a video on how to do that so if there's not any more questions or if you do have more questions send me an email like if you if you're having problems with the wordpress and like i said i'll finish up my wordpress site and all email you the credentials so that you can just look and see what I'm looking for in a wordpress site and yes not load the video as soon as I can see you guys done Wednesday that you're welcome

Info

Channel: Jake Messinger

Views: 2,591

Rating: undefined out of 5

Keywords: profjake, university of houston, MIS 4397, Jake Messinger, mis4397

Id: zYwYJw-7dKU

Channel Id: undefined

Length: 87min 5sec (5225 seconds)

Published: Tue Apr 28 2020