Virtual network interface

This how-to shows you how to create a virtual network interface. This can be useful when you want to install Nethserver in 'the cloud' with a provider which provides a VPS (Virtual Private Server) with one NIC only. In that case you only have a 'green' role and not a 'red' role and your server and services would be exposed to the internet. To overcome this one could create a virtual network interface that will have the 'green' role and the real ethernet interface would have the 'red' role.

When hosting Nethserver on other virtualization platforms that are self controlled such as Proxmox, Xen or VMWare, a virtual network interface can be created on platform level.

For completeness this document will describe the whole process of accessing your new VPS from a provider for the first time. Either by SSH, VNC or a webconsole.

One must have ordered a VPS with CentOS 7 minimal to be able to install Nethserver. Once your provider has provided you with your login details of your VPS, log in (SSH, VNC or webconsole) as root. Then update CentOS with all latest updates:

yum update; yum install nano net-tools mlocate

Then one should change the provided root password with a password of your own choice. Please note that if you re-install your VPS with the image provided by your provider, the old password will be valid again, so keep those credentials.

passwd root

First we enable SSH so we can remotely login, and can copy and paste:

systemctl start sshd

you can now ssh to your server as root on the default port 22. Don't forget to logout as root from the console in your VNC session and close the VNC session.

The Virtual network interface will be technically created by loading a special kernel module called dummy. This dummy driver must be loaded at boot time in an early stage. CentOS/Redhat has a specific way of loading extra kernel modules which we will use to load the dummy driver at boot time. For this we need to create a new file called 'dummy0.modules' in /etc/sysconfig/modules/:

nano -w /etc/sysconfig/modules/dummy0.modules

and paste the following content and save:

#!/bin/sh
/sbin/modprobe dummy
exec ip link set dummy0 address 10:00:01:02:03:04

This will instruct the kernel to load the dummy driver at boot time and create the virtual interface called 'dummy0' with MAC address '10:00:01:02:03:04'. This MAC address is a reserved private address that can be used freely without interfering with real MAC addresses from vendors. This MAC address will remain the same every time you reboot the server. This static MAC may be useful for monitoring tools where it can be listed as a special NIC.

Make the new script executable:

chmod 755 /etc/sysconfig/modules/dummy0.modules

Then load the dummy module:

modprobe dummy

and check if it is loaded with:

lsmod |grep dummy

On next reboots, the dummy module will be loaded automatically

We can now install the latest version of Netherserver 7 on top of CentOS 7 minimal. For this issue the below commands. Adjust the version if required:

yum install -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm

The above command will add the correct repositories and install installation scripts. Once finished one must enter the below command to start the real installation on Nethserver 7:

nethserver-install

And a final update to the latest packages

yum update  

Now Nethserver has been installed and active. However, Nethserver will not use the dummy interface yet, so there is only one network interface which has a 'green' role. We need to instruct that there is an additional network interface (dummy0) which will assume the 'green' role and that the real network interface will change from 'green' to the 'red' role, facing the internet. We also need to decide on the IP address of the 'dummy0' interface. In this case we use 192.168.10.2 for our virtual internal network:

/sbin/e-smith/db networks set dummy0 ethernet ipaddr 192.168.10.2 netmask 255.255.255.0 role green && /sbin/e-smith/db networks setprop eth0 role red && /sbin/e-smith/signal-event interface-update

Now you can configure your server via the server manager at http://yourserver.com:9090

Once you have configured your server to your needs, disable access to the server manager from the red network by going to security → network services → httpd-admin and edit to disable access from the outside world.

Then add your home/office IP as a trusted network so only you can access the server manager. Go to security → trusted networks and add your home/office IP and subnet.