 I'm going to create an Internet within VirtualBox and this simple Internet is going to contain three Linux machines, our client, router, and server. The client and router will be on this single LAN, which will refer to as NetA, and the router and server on a second LAN refer to as NetB, and of course, the router connects those two LANs together. All of the IP addresses on these machines within this Internet are going to start with 192.168, to keep things simple. So for example, client's going to be 192.168, $1.11, server 192.168, 2.22, and the router has two interfaces, one to NetA, one to NetB, and therefore we'll have two IP addresses, 192.168, 1.1, 192.168, 2.2. That's what we want to achieve, and we'll have to do a few other things to get it working inside VirtualBox so that these three machines can also access the real network or the real Internet outside of VirtualBox. So let's have a look at VirtualBox, see what I've got set up, and create this network. I already have a Linux-based machine installed in VirtualBox, and it's been set up, I've done the full install of Linux, and if I just look at my settings, my properties, from memory, it's 16.04.3 LTS, but I did it upgrade, so it's actually Ubuntu Linux 16.04.4. I've installed a bit of software, including open secure shell server, some man pages and nano, very basic set up, and it's using the default network settings, which is NAT. So just the default settings for a Linux machine. What we're going to do is use that as the base, clone it three times to become the Client, Router and Server, and then we'll change the network settings and introduce new adapters for each of those new machines. So to clone, we'll take that, and we'll give the new one called instead of base, Client, and re-initialize the MAC addresses so that we'll get new ones, a full clone, current machine state, so you can have your own base machine and then make three clones of it, take some time to copy the disk, this would be the Client, and we have the Client machine, same settings, and let's just do it quickly for the Router and Server. And I'll re-initialize the MAC address, so they all get different MAC addresses, and then we'll set up the additional network adapters. The idea is that we'll use the normal NAT interface to allow each of these machines to connect to the real network, and then we'll use an internal interface to allow them to connect to each other in their internal virtual internet. And the last one we'll call Server and let that clone. So this is the internet we want to build, but what it's going to look like is this. The dash box around the outside is my computer, my Windows computer, and it's running VirtualBox. I'm going to have the three Linux machines, Client, Router, and Server, running inside VirtualBox. They each have a NAT interface inside VirtualBox, so that's already configured, and if we look internally, they get an address 10.0.2.15, and the way that they access the real internet is they send packets to VirtualBox. VirtualBox uses network address translation to convert them to my real IP address, for example, 1.2.3.4, or that of your computer, and sends it to the real internet. I would like each of these machines to have continued access to the real internet so that they can, for example, do updates of software, install software, and so on, just for management purposes. But for testing and deploying my internet, my virtual internet inside VirtualBox, I'm going to have the three talk to each other. So I'm going to set up additional adapters. For example, the client has an adapter using NAT and an additional internal network adapter, which is going to connect to network A. The router will have an adapter connected via NAT, that comes by default, plus two additional internal adapters connected to network A and network B. So let's do that in VirtualBox. It's quite easy. We go to the settings, network. We already have the adapter that can stay. On the client, we add a second adapter, enable that, and select internal network. Mine's already selected here. Make sure it's internal network. And I will call my network A. Advanced settings can stay as they are. Make sure cable's connected, but by default, that should be okay. This is saying that my Linux node, when it boots up, is going to have really two interfaces. One that connects to the real internet via NAT, and one that's going to connect to this virtual LAN called NetA. Okay, that. For the router, we want the NAT adapter plus two internal adapters. Be careful here. Make sure you use the same network name. For example, on the router, one of the adapters connects to NetA, and the other one, which we enable, internal network, that's connected to network B. Okay, that. And on the server, we'll need to set up the network adapter, the second one, to connect to internal network B in that case. Client and router connects to network A. Router and server connects to network B. And when we run them, virtual box creates these LANs inside virtual box, are virtually created, and maintains them so that the client will be able to directly talk to the router as if they're on the same LAN. And the router directly to the server, again on a separate LAN. The client will not be able to talk directly to the server on a LAN, but later will configure so that they can communicate by the router to get an internet. So we need to do a few things to set them up. So I'll start each of those nodes and then we'll set them up inside Linux so that we can have that internal network and we'll enable some routing. So I'll boot those up and then we'll come back and see them running. So I have my three Linux machines running in the top left and I have my client running and I'm logged in at Steven and it's still got the hostname base. So let's change that. So sudo hostname control or CDL set hostname to, in this case, I'll just call it client and enter my sudo password and I'll also edit the host file sudo vi slash etc slash hosts and change from base to client in there. And we'll do the same on the other two, change from base to router and base to server. We'll just quickly do that. This one's client, escape, call on wq and when we reboot, we'll see that come up or exit and we see we have client there and I'll log in just so we have a different name. And I'll do that quickly, hostname ctl set hostname to router, my password and also edit it in that etc slash hosts file and insert, I have to insert and change that to router call on, sorry, escape, call on wq, exit, exit, Steven, student, we have our router and the last one for the server, hostname control set hostname to server and edit the host file and insert server, escape, call on wq, exit. All right, we now have names which make more sense than base. In my case, I've included on these a file which just keeps track of what I've done on them. I've put it in a readme file in mine just to remind myself I've installed open SSH server, man, man pages, man page dev. These give me some extra man pages for some things that I may want to look up later and nano if I want to use that. I've done an update and an upgrade. So it's bringing me to the latest versions of the software and I've just done the hostname setting. Okay, so let's have a look at our current interface configuration. This is on the client and it shows me I have one interface, EMP0S3, internet address 10.0.2.15. This is the NAT interface and this is enabled and you would see that's the same on each of the three machines. But I've enabled a second interface for adapter but it's not yet on. So I use the minus A option in IF config and it'll show me all interfaces. We'll see it scrolled through the first one, EMP0S3 is there but now we also see EMP0S8. This EN refers to an Ethernet adapter, P0S8 is the name given by the operating system. Yours probably is the same but be careful if it's different. Adapt the instructions later to use the correct one for your machines. My EMP0S8 is an internal interface and I'm gonna use that to connect direct to the router via network A. So I need to set it up to give it an IP address and there are different ways to do that and I'm gonna edit a file on the operating system such that whenever there's client boots it gets an IP address that I give it. And the file which I'll edit with Vi is in the EPC directory under the network sub directory and it's called interfaces. It's a text file, it's read when your system boots and it has some configuration. Importantly it configures the loopback interface for communicating with yourself. EMP0S3 is configured to use DHCP. We need to add another entry in here to configure EMP0S8. And to get it to work we're gonna set an IP address, our 192.168.1.11 address. Note that the network address is 192.168.1.0 and we're gonna have a corresponding broadcast and a net mask to match that. So we're gonna set that in the file. So I'm gonna start entering that. Give it a comment, the internal interface for net A. And auto EMP0S8, which I saw from I have config. Interface EMP0S8, internet interface, let's make it static. So we statically assign an IP address. We don't get an IP address from DHCP. The auto line says automatically configure this interface when the system boots. And the next lines are gonna tell us the static configuration. Just indent, we give it an address. 192.168.1.11, I've chosen. You can choose other addresses, but this is just for the example. And then we give it some other information and I often forget. And if we go to the unit website, I've added the instructions on the task networking virtual box, an example that contains this information under configuring ETC network interfaces. This text file contains the example code to put in here. So you can look at it and I'll open in Notepad++ and see exactly the syntax that's necessary. So we're doing this part of code right now. This is for the client. Also down the bottom is the code or the configuration to give for the router and the server. So we set an address, an IPv4 address, a net mask, a network address, broadcast address, and then two special routes, which we'll see. So let's do the net mask, network and broadcast address. Tab, net mask. And it's important to be careful here not to make mistakes, otherwise your network won't work. And to get started, you can use the exact same values, 192.168.1.255, the broadcast address. And that's normally enough, except we need an additional configuration to handle the fact that in our client, we have two interfaces. The idea is that when we wanna connect to the real internet, we'll send via ENP0S3. When we wanna connect to anyone on the internal virtual internet, we'll send to ENP0S8. And to force that to happen, we'll add some routes for this interface, saying whenever you want to send to anyone on the 192.168 network, which includes the router and the server, send to the router at 192.168.1.1. So we're gonna add a route, specifically so when the client wants to communicate internally, it will send to the router. And the way that we do that is we can set the route using this command. And this will be set when the interface comes up. So after it comes up, we'll add the route. And if the interface is turned down, before we turn it down, pre-down, we want to delete that route just to make things clean. So we'll add these two lines saying add a route to reach any network 192.168.something, send to 192.168.1.1 by ENP0S8. This is a little bit of a trick so that we can have our node running using the internal network and also using the real internet using that. Post up route add dash net 192.168.0.0, net mass 255.255.255.0, that's wrong, .0.0, gateway 192.168.1.1, device ENP0S8. And the same pre-down, if we turn the interface down, route delete the net, the route in table entry, 255.255.0.0, gateway, all the same, except instead of add is delete, device ENP0S8. If you noticed your interface has had a different name or number, not ENP0S8, you would need to change it here. That's all we need for the client. We'll do similar for the router and the server. So I'll escape and save that and just to show it. So you can download the file to see what the exact configuration go in yours and you could even copy and paste if you were using putty. And I will do it for the router, sudo vye and I will cheat a little bit better. Let's use nano. Same file and we add in the internal interface for net A and from the example here, it's almost the same except we don't need these special routes. The router in our simple network where we only have two subnets, the router is connected to both of those subnets, net A and net B. So we don't need routes to other subnets. It's only the client and server we need these special pre-up and post-down routing commands. So it's quite simple for the router except we need to configure two interfaces. And I better go back and just check. I'll save that. I have config minus A. I have the normal ENP0S3, which is the net interface, but I also have S8 and S9 because remember I had two internal interfaces. So we need to configure both of those. S8, I'm gonna set to 1.1 for network A and S9, I'm gonna set, and there's a mistake, I'll update that on the website. I'm gonna set to 2.2. So when you see this video, you should see that this is nine, not 89. So let's do that now. Auto-ENP0S8, iFace-ENP0S8-inet-static-address-net-mask-network-address-broadcast is 192.168.1.255. And for the second interface, it's almost the same. I'll cut that and hope someone picks out my spelling mistakes. You need to be real careful here because typos will mean your network won't work broadcast. But this one's P9, at S9. And the address is 2.2, network two. So that should do for our router. And I'll save that. And the last one for the server, almost the same as the client, but it's going to be 2.22. And the route that we'll add is to gateway 2.2, which refers to the router and the same device. So we'll do that quickly with a server. And just to check, iFconfig-A-ENP0S8-edit-our-file, what's the primary, sorry, the internal interface on net-b. And you may realize, I forgot to change that on the router. This is just a comment, so it wouldn't make any difference, but just to be clear, I'm configuring on the router one interface for network A and one for network B. Here, auto-ENP0S8-interface-ENP0S8-auto-automatically-configure it. Internet interface, static configuration, address is 192.168.2.22. I've just chosen that. You can choose another one, but it should be in the 192.168.2.range if we have the other settings, net-mass 255.255.255.0, network 192.168.2.0, and board 255.255. And we will add these post-up route, add a route, network 192.168, any 192.168. We could have been specific and said 192.168.1.0, but this is general, so we could potentially add other networks, 192.168.3.0, but I don't think we will use your .0.0, and we'll just make sure we get this correct. GW for gateway or router, once x8.2.2, device EMP0SA. And the second line is about the same, but it's bring down before the interface goes down, delete the route. What these two lines are saying is before the interface comes up, add a route, then bring the interface up, and if you turn the interface down or off, before you do that, delete that route, just so the routing table is consistent with the use of the interface. And we'll exit that. So that should almost be there. What I'm gonna do is reboot those machines, and then we'll see them come up and see if they can communicate with each other on the internal network. So I reboot, and I'll do that for each. So we'll reboot, and okay, I've rebooted, I've logged in, here's our test, can they talk to each other via these internal interfaces? And to talk to each other, I'm just gonna ping to get started. And let's just look at the interfaces on the client. We have the, just to see it P0S3, the NAT interface, which for the internal communications will not use, but PSAS P0S8 has now the IP address 192.168.1.11. That's been configured based upon that interfaces file when the system boots. And the router should have EMP0S8 for network A and also S9 for network B. And for the server, EMP0S8 2.22. So they've been configured with their IP addresses. Let's see, first see if we can ping from the client to the router on the same network net A. 1.1 is the router. Good, we can ping from client to router. All right, and the router has two IP addresses, 1.1 and 2.2. Yep, okay, that makes sense because if we can talk to one of them, the router should be able to respond to either. Now the real test of our internal internet is whether we can talk from client to server via the router. Ping the server, 2.22. It's not working. We're not getting a response or control C to quit. There were seven packets transmitted, zero responses came back. We've got one more step to do. We were trying to ping from client to the server via the router. Although our routing tables are set up and we can check the route just to clear things out. The minus N shows us the raw numeric addresses and that's better to use rather than get the domain addresses because sometimes the domain will be wrong. So the routing tables, if we look close, we have a route to 192.168.0.0 to go via the router. However, and that's from the pre-up configuration. Our problem is we haven't really, we haven't configured the router Linux node to act as a router. What a router does is forwards packets and by default our Linux nodes are hosts which don't forward packets. So we need to, as the last thing, configure our router to be a router. We can't just call it a router, we have to configure it. And we actually, to do that, we must tell it to forward packets, forward IP packets. Different ways to do it. One way we'll do it so that we will maintain this status when we reboot, edit a file called sysctl.conf in the ETC directory. Sorry, sudo y slash ETC sysctl.conf. System control configuration file. And it's got a lot of things commented out. You can read through the one that we want. It's scrolled down a bit. It's called IP forward. Here it is. Net IPv4, we're dealing only with IPv4 at this stage. IP forward. It's commented out, meaning it's not set. We want to delete that comment character, the hash of the start, such that IP forwarding equals one, meaning IP forwarding is on in the router. That essentially turns our Linux machine from a host to a router. So just remove that hash at the start of this line and escape, call on, write, quit. And there's another way to do it dynamically. I'm just going to reboot just to check. And I'll reboot that machine. And when it boots up, it becomes a true router where it will forward packets. And then I should be able to ping from client to server via the router. And I'll get ready, get out ping from client to 2.22. Our router is booting. I'm not even going to log in. It's booted. And there we go. We're pinging from client to server. Noting the TTL is now 63. If we ping from client to router, the TTL is 64. The TTL keeps track of the number of routers we go through. So when we're going direct to the router, it's 64, the initial value. When we go via one router, it's 64 minus one, that is 63, indicating we're communicating from client to server via router. Our last test, let's log in from client to server using Secular Shell. It asks you, do you really want to trust this? We're not sure if it's a man in the middle attack. Well, it's our only internal network. We know what's happening. So yes, I trust. Ask me for my password on the server. And now I'm logged into the server. Stephen at server, I have config. This is 2.22. So we have our internal internet working. We can communicate from client to router and a server. And you can use this configuration to build your internal network. You could have multiple servers here, a web server, Secular Shell server, simply duplicate the server and give it a different IP address. Most other settings should be the same. And the thing is with the NAT connections, these machines can also talk via the real internet and to test that, I'm on my server. Can we ping Google? Yes, we can still ping the real Google website. So that's useful. You want to do a pseudo app install of some software on any of those machines. We can go via the real internet, but for testing at our virtual network, we can use the internal internet. As long as they're in the 192.168 range, that should work. That allows you to set up an internal network using VirtualBox and our Linux machines.