Data Networking/Fall 2013/Group-18 Linux project
Welcome to the Group18_TSM_FALL2013 Wiki Page
Team mates
[edit | edit source]1. Aniket Muchandi
2. Philippe Yameogo
3. Sai Krishna Jonnalagadda
4. Hemanth
Motivation
[edit | edit source]Linux is one of the major and Popular Operating System Software's in the world. Mainly, because of its nature and structure this OS is adapted by many companies to create and manage their Products and Services. It was so successful from its inception because of its Open Source Nature. This is our motivation to create a Personal Area Network using this OS, to get familiarized with the LINUX and to acquire knowledge in that Software.
Understanding the Protocol
[edit | edit source]The protocol Architecture and implementation learned in the theory should be able to implement practically
The Requirements
[edit | edit source]The LINUX based OS workstations and bind9 for dns server, apache2 for web server and dhcp-server for the DHCP server.
Dynamic Host Control Protocol (DHCP):
Dynamic Host Control Protocol is a standard networking protocol that dynamically configures IP addresses from the pool of IP addresses it has.
Steps to Perform the Initialization
[edit | edit source]Configuring and DHCP Server:
* Step 1:Install DHCP Server
Commands:
sudo apt-get install isc-dhcp-server
* Step 2:Assign Static IP address to the interface
Commands:
sudo nano /etc/network/interfaces Change lo to either eth0 or wlan0 and loopback to static auto eth0 iface eth0 inet static address 192.168.60.2 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255"
* Step 3:Restart the Network Interfaces
Commands:
sudo /etc/init.d/networking restart
* Step 4:Configure the DHCP Server with required range of Leasable IP address
Commands:
sudo nano /etc/dhcp/dhcpd.conf ddns-update-style none; subnet 192.168.60.0 netmask 255.255.255.0 { range 192.168.60.100 192.168.60.110; option domain-name-servers unix.project.hom, 192.168.60.3; option domain-name "project.hom"; option routers 192.168.60.1; option broadcast-address 192.168.60.255 default-lease-time 600; max-lease-time 7200; }
* Step 5:Edit the resolv.conf file
Commands:
sudo nano /etc/resolv.conf nameserver 192.168.60.3
* Step 6:Start the DHCP Server
Commands:
sudo service isc-dhcp-server restart
DHCP configuration for IPV6
̈Step1ː Install radvd to build IPv6 DHCP server.
Command
sudo apt-get install radvd
̈Step2ːEdit the files in /etc/dhcp/dhcp6.conf
default-lease-time 600; max lease time 7200; subnet6 2001ːdb8ː0ː1ːː/64 { # range for clients range6 2001ːdb8ːbeefː53ːː10 2001ːdb8ːbeefː53ːː20; option dhcp6.name server 2001ːdb8ːbeefː53ːː3; option dhcp6.domain-search "project.hom"; }
̈Step3ː Edit the files in /etc/radvd.conf
Interfaces eth0 { AdvSendAdvert on; # AdvManagedFlag on; AdvOtherConfigFlag on; Prefix 2001:db8:0:1::/64 { AdvAutonomous on; }; };
Step4ː In order to enable forwarding in ipv6
command
sudo sysctl –w net.ipv6.conf.all.forwarding=1
DNS Server
A DNS server translates hostnames like www.myname.com into numerical IP addresses like 162.163.164.165 which computers understand. Here is how to configure a DNS server:
*Step1: Install bind9
Command:
sudo apt-get install bind9
*Step2: Assign a static IP to your network interface
Commands:
sudo nano /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.60.3 netmask 255.255.255.0 network 192.168.60.0 broadcast 192.168.60.255 gateway 192.168.60.1 # dns-nameservers
*Step3: Restart your network interface
Command:
sudo /etc/init.d/networking restart
*Step4:Change your default hostname to a hostname of your choice
Command:
sudo nano /etc/hostname unix
*Step4:Create a domain name for your server
Commands:
Sudo nano /etc/hosts
127.0.0.1 localhost 192.168.60.3 unix.project.hom unix
- the following lines are desirable for IPv6 capable hosts
ːː1 ip6-localhost ip6-loopback fe00ːː0 ip6-localnet fe00ːː0 ip6-mcastprefix fe02ːː1 ip6-allnodes fe02ːː2 ip6-allrouters
*Step6: In named.conf.options assign some open DNS IPs to allow you to connect to some DNS servers outside your network
Commands:
Sudo nano /etc/bind/named.conf.options forwarders { # Give here your ISP DNS IP’s 8.8.8.8; # gateway or router 8.8.4.4; 75.126.98.108; 4.2.2.2; 4.2.2.1; };
*Step7: In named.conf.local, create your forward lookup and reverse lookup zones
Commands:
Sudo nano /etc/bind/named.conf.local
# Our forward zone zone "project.hom" { type master; file "/etc/bind/zones/db.project.hom"; }; # Our reverse Zone # Server IP 192.168.1.5 zone "60.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192"; };
For IPv6 write the following commands
zone "3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa"{ type master; file "/etc/bind/zones/db.2001:0db8:beef"; };
*Step8: Create the directory zones in /etc/bind/
Command:
sudo mkdir /etc/bind/zones
Create the two files, let's start with the forward lookup zone first db.domain.com
Command:
sudo cp /etc/bind/db.local /etc/bind/zones/db.domain.com
Now use the command below to edit the file
Command:
sudo nano /etc/bind/zones/db.domain.com
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA Unix.project.hom. root.project.hom. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; Project.hom. IN NS Unix.project.hom. Project.hom. IN A 192.168.60.3 AAAA 2001:0db8:beef:53::1 unix IN A 192.168.60.3 AAAA 2001:0db8:beef:53::3 Gateway IN A 192.168.60.1 AAAA 2001:0db8:beef:53::4 Aniket IN A 192.168.60.2 AAAA 2001:0db8:beef:53::2 ubuntu IN A 192.168.60.4 AAAA 2001:0db8:beef:53::2 new IN A 192.168.60.6 AAAA 2001:0db8:beef:53::5 www IN CNAME ubuntu
Now create reverse lookup zone file
Command:
sudo cp /etc/bind/db.127 /etc/bind/zones/db.192
Now use the command below to edit the file
Command:
Sudo nano /etc/bind/zones/db.192 ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA Unix.project.hom. root.project.hom. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; IN NS unix. 1 IN PTR gateway.project.hom. 3 IN PTR unix.project.hom. 2 IN PTR aniket.project.hom. 4 IN PTR ubuntu.project.hom. 6 IN PTR new.project.hom.
Now use the command below to edit the file
Command:
Sudo nano /etc/bind/zones/db.127 /etc/bind/zones/db.2001:0db8:beef ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA Unix.project.hom. root.project.hom. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
);
IN PTR unix.project.hom.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR unix.project.hom. ;; 2001.0db8:beef:53::1
;; 2001.0db8ːbeefː53ːː/120
$ORIGIN 3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa.
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR aniket.project.hom.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ubuntu.project.hom.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR unix.project.hom.
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR gateway.project.hom.
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR new.project.hom.
check whether it is working correctly or not by entering the command below for forward zone file
Command:
named-checkzone domain.com /etc/bind/zones/db.domain.com
zone autun.hom /IN: loaded serial 2 Ok
Now check the reverse zone file
Command:
named-checkzone domain.com/etc/bind/zones/db.192
zone domain.com /IN: loaded serial 2 Ok
*Step9: Edit the file resolv.conf
Command:
Sudo nano /etc/resolv.conf search project.hom. Nameserver 192.168.60.3
*Step10: Restart the bind
Command:
sudo /etc/init.d/bind9 restart
After bind start check your setting in log file
Command:
tail -f /var/log/syslog
it must not have any error in the log
*Step 11: Checking forward zones
host –l project.hom
or
nslookup project.hom
OUTPUT Server: 127.0.0.1 Address: 127.0.0.1#53
Name: project.hom Address: 192.168.60.3
*Step12: Check the reverse zone
Command:
host 192.168.60.4
Output 4.60.168.192.in-addr.arpa domain name pointer gateway.domain.com
Use NSLOOKUP
Command:
nslookup 192.168.60.4
Server: 127.0.0.1 Address: 127.0.0.1#53
4.60.168.192.in-addr.arpa name=ubuntu.project.hom
Web Server
A web server is a hardware/software which is used to deliver the web content through the HTTP client server model which can be accessible through the Internet.
In our project we used the apache2 web server for delivering our web contents in our private network.
Commands and Procedure to configure the web server is as follows:
- Step1: Installation of webserver
sudo apt-get install apache2
step2ːTo check whether the web server is on port 80
netstat -a | more
step3ː Restart the web server
sudo /etc/init.d/apache2 restart
* Step3: Configuring the basic HTML file of the server
cd/var/www sudo nano index.html
Firewall
Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set
*Step1: For blocking the ICMP requests
commands:
sudo iptables -A INPUT -d <IP address of the destination> -p icmp -icmp -type 0 -j DROP
*Step2:For preventing ssh login
Command:
sudo iptables -A INPUT -p tcp -dport ssh - j DROP
Step3:In order to block FTP ports
Commands:
sudo iptables –A INPUT –p tcp –dport 20 –j DROP
sudo iptables –A INPUT –p tcp –dport 21 –j DROP
Step4:In order to block Telnet
Commands:
sudo iptables –A INPUT –p tcp –dport 23 –j DROP
BackUp
Backup is the process of backing up, refers to the copying and archiving of data so it may be used to restore the original after a data loss event.
*Step1:Installing Rsync and ssh. Usually it is preinstalled in ubuntu.If not
sudo apt-get install rsync sudo apt-get install openssh-server
*Step2: We perform a simple backup over a network is to use rsync via SSH. Local backup only requires rsync and read/write access to the folders.
Command: Local Backup
sudo rsync -av --delete /home/path/folder1/ /home/path/folder2
*step3: Backup over Network
Command:
sudo rsync -av --delete -e ssh /home/path/folder1/remoteuser@remotehost.remotedomain:/home/path/folder2
"'step4:"' Automating the backup using crontab
sudo crontab -e 0 22 * * * rsync -av --delete /var/www/ remoteuser@remotehostname:/home/remoteuser/backup/
"'step5:"'Exchanging the keys to the hosts to whom we have to send the files and this can be done using
ssh-keygen -t rsa (press enter without entering the pass phrase) then copy that key to remotehost using ssh-copy-id remotehost@remoteusername
VPN
Virtual private network extends a private network across a public network, such as the Internet.
Step1ː Install pptpd packagɛ
command
sudo apt-get install pptpɖ
step2ːEdit the files in /etc/pptpd.conf
commanɖ
localip <IP address> remoteip <Range of IPs >
step3ːConfigure DNS servers to use when clients connect to this PPTP server
commanɖ
sudo nano /etc/ppp/pptpd-options ms-dns 192.168.60.3
step4ːNow add a VPN user
commanɖ
sudo nano /etc/ppp/chap-secrets
step5ːset username and password
commanɖ
TSMG PPTPD 1234
step6ːRestart the VPN serveɽ
command
sudo /etc/init.d/pptpd restarʈ
Step7ːFor IPv4 forwarding we change /etc/sysctl.conf file
Command
#uncomnent the line net.ipv4.ip_forward=1 #reload the configuration sudo sysctl -p
Testing
[edit | edit source]Testing DHCPː
In order to check whether IP are leased to the clients
Command
tail/var/lib/dhcp/dhcpd.lease
ifconfig command is used to check the ip address of the client wɟho is connected to the network.
Testing DNSː
We can use ping command to find the status of the network.
we can use nslookup command to check the nameservers that are connected to the network.
we can use dig command as it in checks the DNS name servers and returns the solution provided by the name serve.
Testing Web Serverː
Go to any web browser and type any ip address or a host id if the page is opened then the web server is working properly.
Testing Firewallː
When a client tries to ping to the server which is blocked using a firewall then for the client the reply should be destination host unreachable as firewall blocks the client from reaching the server.
Testing Case
The configurations made for the firewall using the iptables are tentative and so we should be wise to save the files and run the same configuration during the reboot of the system.
Go to root user on your computer where we have configured the firewall using
Sudo su
And then save the iptables using the following commands:
iptables-save > /etc/iptables.rules
After that go to /etc/network/if-pre-up.d/iptables and then place the following commands
- !/bin/sh
iptables-restore < /etc.iptables.rules
exit 0
After this procedure go to /etc/network/if-post-down.d/iptables and put the following commands
- !/bin/sh
iptables-save –c > /etc/iptables.rules
if [-f /etc/iptables.rules]; then
iptables-restore < /etc/iptables.rules
fi
exit 0
After these commands we have to change the permission to the files so that changes can be edited to use
Sudo chmod +x /etc/network/if-post-down.d/iptables
Sudo chmod +x /etc/network/if-preup.d/iptables
Testing BackUpː
We can check whether the files are backedup or not by going to the file directory and to check whether those specific which needed to be backup are received.
Testing Case
Please be aware to copy the public keys to the systems where we have to store the backup’s otherwise the backup will not be performed as those hosts are unknown to the sender. Then try to create the appropriate directory at the receiver side so that he can easily access the files without any hassles.
Testing VPNː
We use ifconfig and check for the ip address of the PPP ip addresʂ
Citations
[edit | edit source]http://www.linuxproblem.org/art_9.html https://help.ubuntu.com/community/PPTPServer https://help.ubuntu.com/community/CronHowto https://www.digitalocean.com/community/articles/how-to-install-and-secure-phpmyadmin-on-ubuntu-12-04 http://www.thegeekstuff.com/2010/09/install-phpmyadmin/ https://help.ubuntu.com/community/BIND9ServerHowto https://help.ubuntu.com/community/isc-dhcp-server http://linux.ardynet.com/ipv6setup.php httpː//www.bind9.net httpː//www.wikipedia.org