Open gubertoli opened 4 years ago
Hi all,
I am currently working in a testbed for security research. I created a private network considering 2 subnets (10.10.10.x and 172.16.0.x) and two router between those two subnets.
Private Network infrastructure:
attacker <-> router1 <-> router0 <-> target_subnet with server2, server1, target
When the vagrant up is used with vanilla boxes of Debian (debian/jessie64) and Ubuntu (ubuntu/xenial64) the system goes up and running smoothly.
But when I use two boxes for security purpose, the vagrant do not goes up:
Current host configuration:
What I already tried to make it work:
Follows the working Vagrantfile (with the metasploitable and kali boxes commented out)
# _*_ mode: ruby _*_ # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.synced_folder '.', '/vagrant', disabled: true config.vm.boot_timeout = 600 # a server2 machine (target subnet) config.vm.define "server2" do |server2| server2.vm.box = "ubuntu/xenial64" server2.vm.hostname = "server2" server2.vm.network "private_network", ip: "10.10.10.12/24", virtualbox__intnet: "internal", nic_type: "virtio" server2.vm.provision "shell", run: "always", inline: "sudo ip route del default" server2.vm.provision "shell", run: "always", inline: "sudo ip route add default via 10.10.10.254" server2.vm.provider "virtualbox" do |vb| vb.name = "server2" vb.gui = false vb.memory = "512" end end # a server1 machine (target subnet) config.vm.define "server1" do |server1| server1.vm.box = "ubuntu/xenial64" server1.vm.hostname = "server1" server1.vm.network "private_network", ip: "10.10.10.11/24", virtualbox__intnet: "internal", nic_type: "virtio" server1.vm.provision "shell", run: "always", inline: "sudo ip route del default" server1.vm.provision "shell", run: "always", inline: "sudo ip route add default via 10.10.10.254" server1.vm.provider "virtualbox" do |vb| vb.name = "server1" vb.gui = false vb.memory = "512" end end # the vuln machine (target subnet) config.vm.define "target" do |target| target.vm.box = "ubuntu/xenial64" #"rapid7/metasploitable3-ub1404" target.vm.hostname = "target" target.vm.network "private_network", ip: "10.10.10.10/24", virtualbox__intnet: "internal", nic_type: "virtio" target.vm.provision "shell", run: "always", inline: "sudo ip route del default" target.vm.provision "shell", run: "always", inline: "sudo ip route add default via 10.10.10.254" target.vm.provider "virtualbox" do |vb| vb.name = "target" vb.gui = false vb.memory = "1024" end end # the router 0 (between target subnet and router1) config.vm.define "router0" do |router0| router0.vm.box = "debian/jessie64" router0.vm.hostname = "router0" router0.vm.network "private_network", ip: "10.10.10.254/24", virtualbox__intnet: "internal", nic_type: "virtio" router0.vm.network "private_network", ip: "10.20.10.254/24", virtualbox__intnet: "routers", nic_type: "virtio" router0.vm.provision "shell", run: "always", inline: "sudo ip route add 172.16.0.0/24 via 10.20.10.253" router0.vm.provision "shell", inline: "sudo sysctl -w net.ipv4.ip_forward=1" router0.vm.provision "shell", inline: "echo [Router] Configuration done!" router0.vm.provider "virtualbox" do |vb| vb.name = "router0" vb.gui = false vb.memory = "512" end end # the router 1 (between attacker and router0) config.vm.define "router1" do |router1| router1.vm.box = "debian/jessie64" router1.vm.hostname = "router1" router1.vm.network "private_network", ip: "10.20.10.253/24", virtualbox__intnet: "routers", nic_type: "virtio" router1.vm.network "private_network", ip: "172.16.0.254/24", virtualbox__intnet: "external", nic_type: "virtio" router1.vm.provision "shell", run: "always", inline: "sudo ip route add 10.10.10.0/24 via 10.20.10.254" router1.vm.provision "shell", inline: "sudo sysctl -w net.ipv4.ip_forward=1" router1.vm.provision "shell", inline: "echo [Router] Configuration done!" router1.vm.provider "virtualbox" do |vb| vb.name = "router1" vb.gui = false vb.memory = "512" end end # the attacker machine config.vm.define "attacker" do |attacker| attacker.vm.box = "ubuntu/xenial64" #"kalilinux/rolling" attacker.vm.hostname = "attacker" attacker.vm.network "private_network", ip: "172.16.0.2/24", virtualbox__intnet: "external", nic_type: "virtio" attacker.vm.provision "shell", run: "always", inline: "sudo ip route del default" attacker.vm.provision "shell", run: "always", inline: "sudo ip route add default via 172.16.0.254" config.vm.provider "virtualbox" do |vb| vb.gui = false vb.name = "attacker" vb.memory = "1024" end end end
Gist for the debug output: https://gist.github.com/gubertoli/13567938d89818105347c3127f9f666e
Containing:
Please, someone could help me to understand the issue when using the boxes Kali and/or Metasploitable ?
Just a heads-up for Kali box, I just commented out the
, nic_type: "virtio"
and now Kali box is working.
Hi all,
I am currently working in a testbed for security research. I created a private network considering 2 subnets (10.10.10.x and 172.16.0.x) and two router between those two subnets.
Private Network infrastructure:
When the vagrant up is used with vanilla boxes of Debian (debian/jessie64) and Ubuntu (ubuntu/xenial64) the system goes up and running smoothly.
But when I use two boxes for security purpose, the vagrant do not goes up:
Current host configuration:
What I already tried to make it work:
Follows the working Vagrantfile (with the metasploitable and kali boxes commented out)
Gist for the debug output: https://gist.github.com/gubertoli/13567938d89818105347c3127f9f666e
Containing:
Please, someone could help me to understand the issue when using the boxes Kali and/or Metasploitable ?