Home > 2008R2_LAB, AD, Certification, Home Lab, Windows2008R2, Windows7 > 2008R2_LAB: Configure Monowall Firewall as a VM for a Windows 2008 R2 environment

2008R2_LAB: Configure Monowall Firewall as a VM for a Windows 2008 R2 environment

In order to set  up an isolated Lab network, we need a way to handle the “isolation” part.  By doing so, we can allow the VM’s to still have internet access and/or access to the company LAN, but have no direct inbound access to them other than the vSphere console.  By doing so, we ensure that the internal LAN for the labs, can be used without conflict with existing LAN’s.  For example, DHCP and PXE booting would then be safe to use.  To do so, we’ll use a M0n0wall appliance, as this works well on VMware Workstation, vSphere, etc.   This example will cover building this for a VMware vSphere environment, vs VMware Workstation – but the concepts carry across.

Information you will require to complete this task:

· User the lab is for – eg: David Lock – we need this for the initials to use

· An existing PVLAN configured on the Lab vSphere host – eg: DL_PVLAN – or, a VMnet in VMware Workstation.

· The VLAN ID of the PVLAN – eg: 4005 – representing Subnet 5

· The Subnet to use for the LAN interface of the lab – eg: 192.168.5.0/24

· The IP address to use for the LAN interface of the lab – eg: 192.168.5.1/24

1) You will need to download the M0n0wall appliance from – http://m0n0.ch/wall/downloads.php.  Note the specific link you want is: http://m0n0.ch/wall/download.php?file=generic-pc-1.34-vm.zip

clip_image002

For the GENERIC-PC-1.34-VM.ZIP

Select any appropriate mirror site to download from, and click the link.  Save the file when prompted, to a location such as C:\TEMP.

clip_image004

clip_image006

Unpack the zip file to a folder.  You’ll be left with a VMDK (disk) and a VMX (configuration) file. 

2) From the vSphere Client, browse to INVENTORY -> DATASTORES AND DATASTORE CLUSTERS. 

image

Find the datastore in use by the lab in question, right click and choose BROWSE DATASTORE.

clip_image010

Click on CREATE A NEW FOLDER.

clip_image012

Name the VM folder with the name of the VM.  DL-MONOWALL, for example.  Click OK.

clip_image014

Browse into the new folder on the left hand side.  Ensure it has the OPEN FOLDER icon. 

clip_image016

Click UPLOAD FILES TO THIS DATASTORE.

clip_image018

Browse to and select the VMDK file and click OPEN.

Repeat for the VMX file. 

From the DATASTORE BROWSER, right click on the VMX file and choose ADD TO INVENTORY.

clip_image020

Name the VM and choose the appropriate LAB folder for the user:

image

Eg: EDM -> LABS -> DL-VM’s and name “DL-MONOWALL”.  Click NEXT.

clip_image024

Choose the HOST/CLUSTER for the VM to live on and click NEXT.

clip_image026

Complete the installation by clicking FINISH.

3) In vCenter Client, choose INVENTORY -> VM’S AND TEMPLATES.

clip_image028

Locate the VM you just created, in the appropriate LABS -> DL-VM’S folder.  Right click and choose OPEN CONSOLE. 

4) This is the point where deploying from  the downloaded files or cloning an existing Lab Monowall VM would be similar.

Choose VM -> EDIT SETTINGS:

clip_image030

Highlight both NIC’s and choose REMOVE.  Click OK.

Choose VM -> EDIT SETTINGS: again

clip_image032

Choose ETHERNET ADAPTER and click NEXT.

The first NIC we will use an internal LAN VM Port Group (such as VMNET_0111):

clip_image034

Click NEXT.

clip_image036

Click FINISH.

Repeat the above for the second NIC, but in that case choose the appropriate LAB network (eg: DL_PVLAN). 

clip_image038

Click OK when completed.

Choose POWER ON:

clip_image040

clip_image042

Choose Option 1) INTERFACES so we can reverse the LAN/WAN ports from EM0/EM1 to EM1/EM0.

clip_image044

You will be asked if you want to setup VLAN’s (no).  Enter the LAN interface of “em1” and WAN interface of “em0”.  Press ENTER when finished.  When prompted, type Y to proceed with a reboot.

Choose Option #2 to change the LAN IP address:

clip_image046

Enter the IP address of 192.168.<VLANID>.1.  The DL_PVLAN for example is VLAN 4005, so we will use “5”.  The subnet mask is /24, and we will not enable DHCP.  Press ENTER to continue.

NOTE: If you need to find the XX_PVLAN VLAN ID, you can do this by browsing to the Lab Host, clicking on the CONFIGURATION tab, and choosing NETWORKING.  Locate the PVLAN VM Port Group:

clip_image048

Here you can see that DL_PVLAN is 4005, SL_PVLAN is 4006, etc.  Remove “4000” from the VLAN ID to obtain the subnet ID – thus, 4016 would be 192.168.16.0/24, etc. 

clip_image050

Press Option #3 to reset the password to “mono”

Choose Option #5 to reboot the VM.

Now we have a working lab Monowall firewall. 

image

If you happen to be doing this work in VMware workstation, then the NIC’s in Step 4 would have the VMnic0 for the WAN, be on a BRIDGED VMnet NIC and then the LAN NIC would be on a HOST-ONLY network. 

Some additional HOWTO’s to follow:

  • COMPLETE – HOWTO: Configure Monowall Firewall as a VM for a Windows 2008 R2 environment
  • HOWTO: Creating the first AD DC in a Windows 2008 R2 environment
  • HOWTO: Configuring DNS in a Windows 2008 R2 environment
  • HOWTO: Configuring DHCP in a Windows 2008 R2 environment
  • HOWTO: Configuring a Member Server to join a Windows 2008 R2 environment
  • HOWTO: Configuring WSUS in a Windows 2008 R2 environment
  • HOWTO: Configuring WDS in a Windows 2008 R2 environment
  • HOWTO: Installation and use of GPMC in a Windows 2008 R2 environment
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: