🎯 Objective

Prove the internal network works via the NAT bridge and Jump Box, then stand up the core services both teams depend on downstream.

By Friday, any VM should be able to:

• Resolve winserver.teamx.local via your own DNS
• Lease an IP from your DHCP scope
• Browse the Windows IIS welcome page
• Browse the Linux NGINX welcome page
• Query the MariaDB capstone_db from CLI

📋 Grading watch-outs

• Every phase needs screenshots — save as you go, not at the end
• Ping results + latencies go in the table — "it works" isn't enough
• Export asset-tracker snapshot with VM names, IPs, roles
• Two reflection sentences each on: trickiest test, longest service, unresolved issues
• Cover page with week #, team, and roles

📋 Team Lead

• Coordinate the other three
• Save & log all screenshots
• Asset-tracker snapshot (VMs · IPs · roles)
• Assemble final report

🌐 Networking

• Phase 0: NAT bridge + Jump Box tests
• Phase 3: cross-VM ping & DNS lookups
• Verify DHCP leases actually issue
• Fill every ping/lookup row

🪟 Windows

• Install DNS role + zone + A record
• Install DHCP role + scope
• Install IIS + deploy welcome page
• Screenshots of each

🐧 Linux

• Install + enable NGINX
• Deploy Linux welcome page
• Install MariaDB + create DB/user
• Test query from CLI

Subnet · NAT bridge vmbr1

Once your own DNS server is up, clients should point at the Windows server IP instead of 8.8.8.8.

Reserve these static IPs

⚠ Don't overlap statics with the DHCP scope — keep .1–.9 reserved.

Ping tests (via vmbr1)

# from the Proxmox host shell:
ping -c 4 192.168.1.4   # Jump Box
ping -c 4 192.168.1.2   # Windows VM
ping -c 4 192.168.1.3   # Linux VM

Internet connectivity (outbound NAT)

Windows VM cmd:

ping 8.8.8.8
expect < 30 ms replies

Linux VM bash:

curl https://ifconfig.me
→ returns your school's public IP

If this fails, check: IP forwarding enabled on host (sysctl net.ipv4.ip_forward), iptables MASQUERADE rule present, VM gateway = 192.168.1.1.

Add the A record

1. Right-click your new zone → New Host (A or AAAA)
2. Name: winserver
3. IP address: 192.168.1.2
4. Check "Create associated pointer (PTR) record"
5. Add Host → Done

Verify from cmd on the server

nslookup winserver.teamx.local
Server:  localhost
Address: 127.0.0.1

Name:    winserver.teamx.local
Address: 192.168.1.2

📸 Screenshot the DNS Manager tree showing the zone + A record, and the nslookup output.

Activate & test

• Right-click the scope → Activate
• Right-click server node → Authorize (if prompted)
• On a client VM (Win 10/Ubuntu/Kali), set NIC to DHCP
• Release + renew — client should pull an IP in .10–.100

Verify from the client

Windows client:
ipconfig /release
ipconfig /renew
ipconfig /all

Linux client:
sudo dhclient -r && sudo dhclient
ip -4 addr

📸 Screenshot the DHCP Manager scope + Address Leases panel showing at least 1 active lease.

Welcome page content

<html>
  <body>
    <h1>Welcome to Week 2!</h1>
  </body>
</html>

Test from a client VM

Browser:
http://192.168.1.2

Or by hostname (DNS working):
http://winserver.teamx.local

You should see Welcome to Week 2! rendered as an H1.

📸 Screenshot the browser showing the welcome page — URL bar visible.

Install & enable

sudo apt update
sudo apt install nginx -y

sudo systemctl enable nginx
sudo systemctl start nginx

sudo systemctl status nginx
● nginx.service - A high performance web server
   Active: active (running)

Deploy the welcome page

echo "<h1>Welcome to Linux Week 2</h1>" \
  | sudo tee /var/www/html/index.html

# confirm file:
cat /var/www/html/index.html
<h1>Welcome to Linux Week 2</h1>

Test from another VM

Browser on Windows / Jump Box:
http://192.168.1.3

📸 Screenshot the browser with URL + rendered heading.

If it fails, check: sudo ufw status (allow port 80 if firewall up), NIC IP is actually .3, and gateway is .1.

Install & start

sudo apt install mariadb-server -y
sudo systemctl enable mariadb
sudo systemctl start mariadb

sudo mysql
MariaDB [(none)]>

Optional but recommended: sudo mysql_secure_installation — set root password, remove anon users & test DB.

Create DB + user + grants

CREATE DATABASE capstone_db;

CREATE USER 'capuser'@'localhost'
  IDENTIFIED BY 'securepass';

GRANT ALL PRIVILEGES ON capstone_db.*
  TO 'capuser'@'localhost';

FLUSH PRIVILEGES;
EXIT;

Verify from the shell

mysql -u capuser -p -e "SHOW DATABASES;"
password: securepass
+--------------------+
| Database           |
+--------------------+
| capstone_db        |
| information_schema |
+--------------------+

📸 Screenshot the SHOW DATABASES; output with capstone_db listed.

Ping both directions

Win cmd:
ping 192.168.1.3

Linux bash:
ping -c 4 192.168.1.2

DNS lookup

Linux terminal:
nslookup winserver.teamx.local
Server:  192.168.1.2
Address: 192.168.1.2#53

Name:    winserver.teamx.local
Address: 192.168.1.2

If this fails but ping 192.168.1.2 works, the client is still pointed at 8.8.8.8 — fix /etc/resolv.conf or renew DHCP.

DHCP lease check

Spin up a fresh Windows 10/Kali/Ubuntu VM on vmbr1 → set NIC to DHCP.

Record the leased IP:
ipconfig /all | findstr IPv4
IPv4 Address . . . . : 192.168.1.11

📸 Screenshot the DHCP Address Leases on the Windows server showing the client's MAC & IP.

📄 Week 2 Report (PDF or Word)

• Cover page — week #, team name, all 4 roles + names
• NAT bridge + connectivity proof — Phase 0 tables filled
• Ping & internet test results
• 5 mandatory screenshots (see right)
• Test summary table — all rows filled, Pass/Fail marked
• Reflections — 1–2 sentences each:
  • Which test was tricky?
  • Which service took longest / was hardest?
  • Any NAT or network issues unresolved?

📸 Required screenshots

1. DNS zone + A record in DNS Manager (tree view)
2. DHCP scope + leases (at least 1 active lease visible)
3. IIS page rendered in a browser (URL bar visible)
4. NGINX page rendered in a browser (URL bar visible)
5. DB CLI query — SHOW DATABASES; showing capstone_db

📊 Team Lead — asset tracker

• Add every VM (Win / Linux / Jump / any clients) as a row
• Columns: name, role, bridge, IP, MAC, OS, vCPU/RAM/disk
• Export the Hardware + Software tabs → include in report

Can't ping between VMs

• Both VMs on the same bridge (vmbr1)?
• Windows Firewall blocking ICMP? (Allow "File and Printer Sharing (Echo Request)")
• Linux ufw up? → sudo ufw allow from 192.168.1.0/24
• VM has a 192.168.1.x IP? (ipconfig/ip a)

No internet from VMs

• Host IP forwarding on? sysctl net.ipv4.ip_forward should say 1
• MASQUERADE iptables rule? iptables -t nat -L POSTROUTING -n -v
• VM gateway set to 192.168.1.1?
• VM DNS reachable (8.8.8.8 pingable from host)?

nslookup returns NXDOMAIN

• Client DNS = 192.168.1.2 (your Win server)?
• DNS zone actually created + has A record?
• Using FQDN winserver.teamx.local not just winserver?
• DNS service running? Services.msc → "DNS Server" → Running

IIS/NGINX: browser can't connect

• Service running? (services.msc or systemctl status)
• Port 80 open on the VM's firewall?
• Trying HTTP not HTTPS? (no cert installed yet)
• Correct IP? telnet <ip> 80 to confirm listening

MariaDB access denied

• User created as 'capuser'@'localhost'? Remote clients need 'capuser'@'%'
• Ran FLUSH PRIVILEGES; after GRANT?
• Password typed exactly (securepass)?
• Remote connection? — open 3306 in firewall, change bind-address in /etc/mysql/mariadb.conf.d/50-server.cnf

DHCP not leasing

• Scope Activated? (right-click scope)
• DHCP server Authorized in AD? (n/a if no AD yet — skip prompt)
• Client actually set to DHCP not static?
• Broadcast reaching server? (same bridge, no VLAN filter)