Ok, so we now have an OpenBSD gateway, let's make it useful.
I took the nmproxy source code and created an ISO with it (I used UltraISO; you may have your own preferred method). It's then possible to mount the ISO, making it appear as a drive in your VM.
You can then mount the drive in OpenBSD:
# mkdir /usr/src/nmproxy
# cp R /mnt/cd/nmproxy /usr/src/
# make f ./Makefile.OpenBSD
If you don't get any nasty errors, install:
There you go, now we just need to set up Packet Filter, edit a few configuration files, and we are ready to clone. I will assume from now on that you are familiar with Linux and the vi editor. If not, then look here.
First let's allow IP forwarding by editing /etc/sysctl.conf and removing the # comment in front of net.inet.ip.forwarding=1. Save the file and now open up /etc/rc.conf search for pf=NO and change it to pf=YES.
You can pretty much follow the default setup for PF; the following lines need to be added for nmproxy:
rdr proto tcp from any to any port 1720 -> 127.0.0.1 port 1720
# Nmproxy specific rules. Note that the port number ranges look strange
# because of the way ranges are specified.
pass in proto tcp from any to 127.0.0.1 port 1720 flags S/SA keep state
pass in proto tcp from any to any port 10199><10210 flags S/SA keep state
pass in proto udp from any to any port 10199><10260
Nothing too taxing there. Give the VM a reboot, and the changes made should take effect. We can now check that nmproxy is running and the firewall is letting connections through:
# telnet 220.127.116.11 1720
All is well, and the connection succeeded.
Now we need to clone the machine. Shut down and we will start.
Select the VM menu and then Clone to start the cloning wizard.
Most options can be left as default; when you get to the following screen, you must select Create a Full Clone:
Files which need to be edited are:
/etc/hostname.le1 IP configuration of internal interface
/etc/hostname.le2 IP configuration of external interface
/etc/nmproxy.conf NMproxy configuration
/etc/pf.conf Firewall configuration (change IP details of networks)
/etc/myname The system hostname
/etc/mygate Default route/gateway
All of these files are self explanatory—nothing complex at all. After we have edited these files, a quick reboot will put everything into action.
Check that the interfaces have taken the new IP details:
# ifconfig a
If your changes don't seem to have taken effect, check that you saved the files after editing!
If we start up the original VM, we should now be able to telnet into port 1720 of that machine to verify that we have communication between the two:
That's all for now, next week we will finish this off by creating a team consisting of our two firewalls and two Windows XP VM's. We will also look at some of VMware's more advanced networking features and finally test nmproxy!