5

I'm looking to turn a new desktop (Ubuntu 12.10-64bit) I built into a virtual home lab for testing and experimenting with various security things. The first setup I would like to try running is the basic set-up shown in the Snort install guide. For reference, it has an internet facing router which connects to a switch. That switch connects to the internal network, but also has a mirrored port to a machine running Snort. That Snort machine is then connected to another machine running the Snort management system.

I'm using VirutalBox and can facilitate all of these machines as VMs, and I've also downloaded the community version Vyatta iso which I have running in another linux VM. I have yet to really use Vyatta, but in my proposed set-up I believe I would need to configure two Vyatta VMs, one to act as the router, the other to act as the switch with the mirrored port. I could then use two other VMs for the required Snort boxes, and any number of other VMs to represent the internal network. Please let me know if you see a problem with the afore mentioned proposition.

I have the Vyatta documentation, and one setup example they provide is to have a Vyatta instance behave as a default gateway (which seems close/equivilent to the router functionality I would need from one of my Vyatta VMs). I have yet to find anything about creating a virtual switch with a mirrored port, and setting it up to point to "all the right places".

I'm curious if anyone is able to provide any insight, guidance or experience in achieving this type of configuration. I'm completely open to using other tools as well (I started looking at Vyatta because I was aware of it).

Background note of minor interest: I'm a software developer, but am not super strong on the "ops" side of things, which is why I'm trying to experiment.

DJSunny
  • 403
  • 4
  • 9

1 Answers1

3

If you set the network type to your virtual machines to Internal Network with the same internal network name (an arbitrary string of your choosing, but the same for all machines), and then configure (in the Advanced settings) the promiscuous mode to Allow All, then the VM will be all hooked to a virtual hub which is like a switch which mirrors everything everywhere. See the screenshot below:

VirtualBox network configuration

These settings can be applied on a started VM but will take effect only when the VM is next shut down and restarted.

With a virtual hub, every packet sent by any VM will be visible to all machines, which should be enough for what you want to achieve (if I understand your situation correctly).

For mor details, see the Virtual networking chapter of the VirtualBox manual.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949