Sunday, March 15, 2009

RHCE TIPS - Preparation

    Reference book:
    RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) 5th edition by Michael Jang.
    if something is not clear in the book, read official Red Hat Enterprise Linux Documentation

    Lab Setup:
    Install CentOS on Virutalbox

    Virtualbox is free opensource virtualization software alternative to Vmware.You need 2 CentOS instances to prepare for RHCE lab, The networking in Virtualbox is very different to Vmware.

    -Virtualbox Networking Type:
    --NAT: your guest OS can access outside network through NAT provided by virtualbox, but your host OS can’t access guest OS
    --Host interface networking: Host and guest can communicate each other, but guest can’t access outside network unless you setup NAT manually on Host OS
    --Internal network: Guest OS can communicate with each other within the SAME network name (something ike VLAN ID), but not Host OS.

    -Centos ServerA network setup
    1*NAT adapter for internet access to do yum.
    1*Host network adapter for your host to ssh to ServerA
    1*Internal Network adapter to communicate with ServerB

    -Centos ServerB network setup
    1* Internal Network adapter to communicate with ServerA (join the SAME network name of ServerA )

    How can ServerB access outside network? Point the default GW to serverA, and turn on ip forwarding on ServerA.
    How can my Host OS access ServerB?
    1. ssh to serverA first then jump from serverA to ServerB
    2. -setup porforwarding or 1 to 1 static mapping in ServerA
    --Forwarding port 200 to ssh of ServerB

    iptables -t nat -A PREROUTING -p tcp -d ServerA-Host-NIC-IP --dport 200 -j DNAT --to-destination ServerB-IP:22 
    --Static 1 to 1 mapping
    Assign secondary ip to serverA’s host Inc then
    iptables -t nat -A PREROUTING -p tcp -d ServerA-SEC-NIC-IP -j DNAT --to-destination ServerB-IP

    Last but least, read through each chapter and practice it LAB, you never know if it works until you really do it! RHCE exam is all about security, hence I suggest jumping to security chapter before reading networking services. Then apply your security knowledge (pam/tcp-wrapper/iptables/selinux) to each network services read later.

    No comments:

    Post a Comment