Building a Real-World Windows Server Lab with Monitoring & Security_part_2

Network Segmentation & Routing Setup on Ubuntu Server

Objective: Configure the Ubuntu server as a central router, providing connectivity between lab subnets while enforcing segmentation and security.

Step 1 – Assign Interfaces and Subnets

  1. Open VirtualBox and make sure your Ubuntu VM has at least 2 network adapters:

    • Adapter 1: NAT (for Internet access)

    • Adapter 2: Internal Network for lab VMs (e.g., LabNet)

    • Optional: Add more adapters if you want separate networks for Monitoring and Management.

  2. Assign static IPs to each interface:

    • Example:

      • eth0 (NAT/Internet): 192.168.56.101

      • eth1 (Lab Subnet): 10.10.10.1/24

      • eth2 (Management Subnet): 10.10.20.1/24

      • eth3 (Monitoring Subnet): 10.10.30.1/24

  3. Edit Netplan configuration (Ubuntu 24.04 uses Netplan):

    network:
    version: 2
    renderer: networkd
    ethernets:
    eth0:
    dhcp4: yes
    eth1:
    addresses: [10.10.10.1/24]
    eth2:
    addresses: [10.10.20.1/24]
    eth3:
    addresses: [10.10.30.1/24]

  4. sudo netplan apply

Step 2 – Enable IP Forwarding

  1. Edit sysctl configuration:

    sudo nano /etc/sysctl.conf

  2. Uncomment or add the line:

    net.ipv4.ip_forward=1

  3. Apply immediately:

    sudo sysctl -p

This allows the Ubuntu server to route packets between subnets.

Step 3 – Configure NAT (Optional)

If lab VMs need Internet access:

  1. Add a NAT rule with iptables:

    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    sudo iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
    sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

  2. Save rules:

    sudo apt install iptables-persistent
    sudo netfilter-persistent save

Step 4 – Configure Firewall for Segmentation

Install ufw if not installed:

  1. sudo apt install ufw
    sudo ufw enable

  2. Set default rules:

    sudo ufw default deny incoming
    sudo ufw default allow outgoing

  3. Allow only required inter-subnet traffic:

    • Example: allow management to access lab servers:

      sudo ufw allow from 10.10.20.0/24 to 10.10.10.0/24
      sudo ufw allow from 10.10.30.0/24 to 10.10.10.0/24

    • Deny all other traffic by default.

Step 5 – Configure Lab VMs

  1. Set static IPs for each VM within their subnet. Example:
    • Windows File Server (Lab subnet): 10.10.10.10/24, Gateway: 10.10.10.1

    • Windows Client (Management subnet): 10.10.20.10/24, Gateway: 10.10.20.1
  2. Set Ubuntu router as the default gateway for each subnet.
  3. Test connectivity:

    ping 10.10.10.1 # From a lab VM
    ping 10.10.20.1 # From management VM

Step 6 – Optional: DHCP / DNS on Ubuntu

  1. Install isc-dhcp-server:

    sudo apt install isc-dhcp-server

  2. Configure /etc/dhcp/dhcpd.conf to assign IPs to each subnet.
  3. Install bind9 if you want local DNS for lab hostnames.

Step 7 – Verify Network Segmentation

  1. Test ping between subnets:

    • Lab ↔ Management: Allowed if rules permit.

    • Lab ↔ Monitoring: Allowed only for logging/monitoring.

    • Lab ↔ Internet: Allowed via NAT.

  2. Ensure unauthorized subnet traffic is blocked via ufw.

Result:

  • Ubuntu server acts as a central router and firewall, connecting multiple subnets.

  • Segmentation ensures isolation between lab, monitoring, and management environments.

  • Lab VMs can communicate only according to the defined rules

About the author

Leave a Reply

Subscribe to Our Newsletter

🤞 Stay updated!

Subscribe for expert insights, tutorials, and the latest in web development, cybersecurity tech-driven business innovation.

We don’t spam! Read more in our privacy policy

You might also like

Recent Comments