If you are going to learn cybersecurity then the first thing you realize is how you don’t really understand anything till you do it. Good job to whoever came up with;
“I hear, and I forget
I see, and I remember
I do, and I understand.“— not Confucius
And since most of us don’t have data centers lying around at home, the amazing power of virtualization is all we have.
Initially setting these up gets messy because a lot of “network” guys go almost their entire lives never done anything related to servers as they are not the “server” guy. Well, after a few CBT Nugget videos this thing becomes very straightforward.
Now I will stop rambling and get to the point.
Every VMnet Is Like A Network/Subnet
If you look at my setup below.
This means VMnet1 is a network in the range 10.128.1.0/24. Think of it like a switch and the gateway is your own machine which has a VMnet1 adapter with the IP 10.128.1.1/24.
Quick explanation of the highlighted parts:
- I use VMnet1 as management network or OOB network.
- Host only – means it doesn’t deal with your host’s IP addresses in anyway and is totally a separate network.
- Connect a host virtual adapted to this network option creates a vmnet1 adapter on the host machine, which is your PC and the address can be anything in the subnet range but by default is .1, like mine is 10.128.1.1/24. This is like a cable from your machine to the vmnet1 switch and now your machine can access everything connected to this vmnet1.
- DHCP – I disable it as most devices just pick up a random IP then it’s difficult to find, just better assign them manually.
- Subnet – For the love of your God, plan your subnets and IP ranges well, or else you will just stop doing labs when you keep forgetting what IP is where, like happened to me for the first 2 years.
A NAT VMnet For Internet Access
This is maybe just my setup. I did it this way for the CBT Nuggets F5 labs.
- The only difference is this is a NAT adapter and not host only, so it will NAT the 10.128.10.0/24 range with your host’s IP address and so anything assigned this adapter can go to the internet through 10.128.10.2
- Notice the gateway next-hop you have to point to is 10.128.10.2 as .1 is assigned to the vmnet2 adapter on your own host PC.
- I use this this as my external vlan, where the virtual servers live in f5 labs and also to give a default route to the f5 to the internet through 10.128.10.2.
- You can use it to give internet access to a firewall too, but remember to NAT your internet inside zone LAN to 10.128.10.2 first as that will be a separate private IP address space.
- This also puts a vmnet2 adapter on your host machine as explained, which is what lets you connect to the virtual servers if you use this as an external vlan.
One Completely Isolated VMnet
This VMnet cannot be accessed directly from your host machine as it does not “connect a host virtual adapter”. You can only reach him or it to you via a routing device like a firewall or f5.
This is perfect to simulate an inside network in firewall labs and for the internal vlan in f5 labs where you put the back end nodes/servers.