DIY Home Router with Linux; Part #3
VMware Workstation Pro (optional)
Some may ask "Why VMware when other hypervisors such as VirtualBox and KVM are available for free"? It is a valid question, and there is one thing in particular that makes VMware stand out in our specific scenario, and that's the built-in web server that makes managing VMs a breeze. Once installed, you can connect to the hypervisor via any VMware client that could be another Workstation instance on a client Windows or Linux machine or a VMware Fusion installed on a Mac. Post connecting to your hypervisor, you can easily create VMs or edit configurations of the existing VMs as if you are doing it on your own computer. Without it, for almost every virtual hardware per VM, you must enter a complex and lengthy command that is painful to manage and maintain. For a small home server, VMware is an excellent choice that provides great convenience and high-grade performance.
Before installing VMware Workstation on Linux, we need specific dependencies to ensure the application would be installed successfully and we can create and run VMs headless. These dependencies might already be present if you have a GUI environment installed on your system. Given that we are running the server variant of Ubuntu installing a GUI won't make much of a sense. Therefore, we can install the bare minimum required for this application:
apt install libaio-dev libpcsclite-dev libxi-dev libxinerama-dev \
libxcursor-dev libxtst-dev build-essentials dkms libelf-dev \
inux-headers-$(uname -r)
Now, we can proceed with installing VMware Workstation:
cd ~
mkdir vmware
cd ./vmware
wget https://download3.vmware.com/software/wkst/file/VMware-Workstation-Full-15.0.2-10952284.x86_64.bundle
chmod 755 VMware-Workstation-Full-15.0.2-10952284.x86_64.bundle
./VMware-Workstation-Full-15.0.2-10952284.x86_64.bundle --custom --console
The installer would prompt you with a bunch of questions. You can leave all the items to their default answers. However, I recommend changing the default HTTPS port to something different. By default, the built-in web server listens on port 443. You may later need to use this port on your server, given it is the standard HTTPS port. I have changed mine to 4433 to avoid any port conflict in future.
Now, on your client machine, connect to the hypervisor that you just installed:
You should now be able to create a VM as you normally would in VMware. For our specific scenario, when creating a VM, choose a bridged network interface instead of NAT or host-only. By selecting a bridged interface, we force our VM to acquire an IP address from our DHCP server that is reachable from any machine across the network. By doing so, we could run certain services on the VM itself as opposed to the host machine which is the purpose of having a VM machine anyway.
When a bridged interface is selected, by default VMware would establish a bridge between the VM network interface and the first physical ethernet adapter on the host. This would cause a problem in our setup as the first physical ethernet interface on the host machine is actually our WAN interface (enp0s25) where we do not have our DHCP serving to hand out an IP address. It may even cause constant connection dropouts as it would compete with the host interface to acquire an IP address from the internet service provider. Therefore, we must change the bridge to the LAN interface (enx503eaa5961d8) where it can obtain an IP address from our DHCP server. VMware Workstation has a built-in utility called 'Virtual Network Editor' that can be used to fine-tune the network configurations as such. It is a GUI app and must be run on the machine where the hypervisor is installed (not available remotely). Also, it is not available as a command line utility either. But remember, it's Linux, and everything in Linux is a file! You must find the right file and change the parameters accordingly. Alright, enough GUI, back at Shell!
vmware-networks --stop
echo "add_bridge_mapping enx503eaa5961d8 0" >> /etc/vmware/networking
echo "add_bridge_mapping enp0s25 -1" >> /etc/vmware/networking
vmware-networks --start
It basically means:
- Stop VMware networking
- Set bridge weight for interface 'enx503eaa5961d8' to null.
- Set bridge weight for interface 'enp0s25' to negative one.
- Start VMware networking.
The higher the weight of an interface, the more priority it would be given when a bridged interface is intended. By setting the weight to negative one, you would permanently disable bridged interface between 'enp0s25' and any VM machines.
Now, all the VMs with a bridged interface would bridge to our LAN interface (enx503eaa5961d8) where they would be leased an IP address by the DHCP server.
The next part and perhaps the most critical part will be firewall configurations with iptables where I would walk you through setting up various types of NAT and securing your router. After all, it's a router; what kind of router works without a firewall!?