NerdWorld Report

Virtual Network Test Environment

September 19, 2024

This article describes a virtual test environment that can be used to safely test various Internet software systems. It was created to test setting up an eMail server, but can also be used for any Internet-connected system that needs to be completely (mostly) isolated from the real world during development.

Background

For reasons even I don't fully understand, I have a strong desire to run my own eMail server. In ancient times, I had a commercial Comcast Internet account and I ran my own eMail, Web, and DNS servers from my basement. But later in this century (2019), I ditched my basement setup and built a Postfix/Dovecot/Spamassasin system on a hosted server I rented from 1on1.com (now IONOS.com). Unfortunately, IONOS decided to update their infrastructure, and gave me 60 days to migrate and shut down my server. This meant I had to create a new eMail server on a new hosted machine.

Rather than simply duplicate my old system (which had been running Debian 9!), I decided I wanted to give OpenSMTPD a try. It's purported to be easier to setup and understand than Postfix. (Postfix is anything but clear in it's configuration). But eMail servers are complicated beasts. They wouldn't be too hard to setup if the Internet was an honest place, but running a clean eMail server that does not spew spam (or allow others to spew spam) is much more complicated. I realized I needed a good test environment to experiment with. I wanted to be able to systematically build a server, then wipe it out and build it again from scratch if the bloody thing didn't work (which ended up happening about 2 dozen times!).

VirtualBox to the Rescue

VirtualBox was the obvious choice to work in. I set up a network of several virtual machines, and made it possible to let them access the Internet, yet simultaneously, keeping them 100% isolated from the outside world. This meant I could really F***-up my internal system, without worrying about causing anybody else trouble. Further, I could instantly destroy and create new machines on the test network when I did mess things up.

A schematic of my test network is here.

Virtual Network Test Environment
Click to Enlarge

VirtualBox Test Network Features:

Uses VirtualBox "Internal" network interfaces to internally connect all machines in the test environment.
Each machine is a standard Debian 12 "Bookworm" install. All software was loaded from standard Debian repositories.
A Gateway with BOTH an Internal and a standard external network interface. The standard interface was assigned an IP that was compatible with my home internal network (192.168.x.x)
A DNS server for the internal network. It forwards queries to a regular external DNS server for external references when needed.
A Web server (Apache2) for simple web functions. (I didn't really need this, but it rounded out the test network)
An eMail server. This was the focus of my development work. I ended up creating the machine, building the system, testing it and finding deficiencies, then deleting it and starting over again multiple times to get it working properly.
2 Client systems that would simulate regular Internet users. These were built with a full suite of XFCE4, Firefox, & Thunderbird
A 'barebones" system that could be cloned for re-creating the eMail server. This meant I could create identical bareboned systems without having to go through the full Debian install process each time.

A critical feature of this virtual environment is the gateway which allows any machine on the test network to access the Internet. This was needed so that each machine could download needed software. The gateway uses SNAT protocol to ensure that nothing from the wild, dangerous world outside the test environment could access the new eMail server.

Virtual Machines

My first step was to build a barebones Debian 12 system. I created a small Debian machine in Virtualbox and then followed the normal Debian "custom" install routine to set it up. I included some of my favorite customizations like command aliases, default root password, and some utilities. This system would be truly barebones; it would NOT have X or any graphical software. However, since it would be cloned in VirtualBox to create fully GUI'd systems, the disk had to be big enough to hold a normal user's system.

Click to Enlarge

Virtual Machine - Gateway

The second step was to build a gateway machine so that all the machines in the virtual environment could access the Internet for downloading software. This machine therefore needed 2 network interfaces: 1) a VirtualBox Internal interface, and 2) a conventional external interface that connected to my home network.

VirtualBoX Settings - Gateway Machine
Click to Enlarge

I cloned the barebones system, then installed Shorewall to set up this gateway.

Shorewall is pretty easy to setup. Here is a copy of my policy file.

In addition to the policy file, there are a few other shorewall configuration files that need to be set. Most of these are very easy to setup. Be sure to add these items to your configuration files:

Configuration File	Data to Add/Edit	Comments
/etc/shorewall/shorewall.conf	IP_FORWARDING=On	Enable routing between the interfaces
/etc/shorewall/snat	SNAT(192.168.1.99) 10.0.0.0/8 NET_IF	Enable SNAT This assumes internal network IP=10.x.x.x and external IP=192.168.1.99

Virtual Machine - DNS Server

Another important requirement is to have a DNS server so all the machines on the test network can access each other. I installed BIND9 from the Debian repositories.

BIND9 has several configuration files. They are:

Configuration File	Comments
db.XYZ.com	The Master domain file for XYZ.com (click for download)
named.conf.local	The configuration file for all the domains (click for download)
named.conf.options	Set forwarders to your network DNS servers

Wrap-Up / Next Steps

Stay tuned for the BIG write-up where I document how I used this environment to build an eMail server with OpenSMTPD, Dovecot, Rspamd, & Sieve