Data Networking/Fall 2014/Sanket
Template:Speedy deletion-test page
Project is about integrating and make different components work together in the network. Four network components: Domain Name Server, Dynamic Host Configuration Protocol, Web server/ Firewall/ Backup, Client – are created on four different machines.
Steps:
1. Client takes an IP address from the DHCP server.
2. Client makes a page request, request proceeds to DNS for look up.
3. DNS resolves the IP address/Name and request is send to web server.
4. Web server sends back the requested page to client.
Group Members[edit | edit source]
- Sanket Soni
- Abhishek Sawarkar
- Nupoor Nuwal
- Pratik Pande
Behavior of Protocols[edit | edit source]
Domain Name System (DNS)
Domain Name System is used to translate IP address to hostname and also hostname to IP address. Rather than implementing centralized architecture for DNS, which creates a possibility of single point of failure, DNS is implemented in hierarchy. At the top of hierarchy are the root DNS servers, them comes the Top Level Domain (TLDs) and then authoritative DNS servers.
Client first invokes the host side of DNS to request IP for a hostname. Local DNS then contacts root server for query. Root server forwards information about all the TLD servers after looking at the suffix. TLD then directs local DNS to the authoritative server responsible for that hostname.
Dynamic Host Control Protocol (DHCP)
The protocol is used to allocate IP addresses to various hosts connected in a network. It automatically assigns IP addresses to all the hosts in the network of a specified range within the network, a proper subnet mask, gateway, and DNS server of the network.
Firewall
Firewalls are used to avoid unauthorized access to our network i.e. we can control incoming and outgoing traffic of our organization using firewalls. Firewall filters the packets on the basis of either Source IP, Destination IP, Port or all of them. To demonstrate, we have blocked one IP from accessing web server.
Network Information Service (NIS)
Originally known as Yellow Page is client–server directory service protocol for distributing system configuration data such as usernames, host names, passwords and group information that has to be configured once and it apply to every computer on network.It is a centralized authentication on linux project.
Back-up
It is a server used to back up all the data of a particular host, generally a web server or the whole network. It can also back up the required data to a different location, so that the data can be retrieved in case of failure of even back-up server.
Domain Name System (DNS)[edit | edit source]
Commands Used
Installing DNS
Step 1 : To change the interface settings-
sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.10.3
netmast 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
Step2 : Install BIND9 which is used to implement DNS
sudo apt-get install bind9
Step3 : Include the Ips of Google public DNS servers in the forwarders section.
sudo nano named.conf.options
Remove the // comments and include 8.8.8.8 and 8.8.4.4
Step4 : Write the entries of forward and reverse lookup zones in named.conf.local file
Define these zones in both master and slave machines
#FORWARD LOOKUP ZONE - Holds A records, map hostnames to IPs
In the forward lookup zone write the following commands:
zone "linuxfuzz.com" { zone "linuxfuzz.com" {
type master; type slave;
file "/etc/bind/linuxfuzz.com.db"; masters { IP of master; };
allow-transfer { IP of slave; }; file "/var/cache/bind/db.linuxfuzz.com";
}; };
In the reverse lookup zone write the following commands
zone "10.168.192.in-addr.arpa" { zone "10.168.192.in-addr.arpa" {
type master; type slave;
allow-transfer {IP of slave; }; masters { IP of master; };
file "/etc/bind/10.168.192.in-addr.arpa"; file "/var/cache/bind/db.192";
}; };
For IPv6 write the following commands
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ipv6.arpa" {
type master;
notify no;
};
Step5 : Forward look-up zone
@ IN SOA linuxfuzz.com. admin.linuxfuzz.com. (
2007031001;
28800;
3600;
604800;
38400;
);
@ IN NS linuxfuzz.com.
@ IN A 192.168.10.50
sanket IN A 192.168.10.51
pratik IN A 192.168.10.52
nupoor IN A 192.168.10.53
abhi IN A 192.168.10.54
Step6 : Reverse Look-up zone file
$TTL 3D
$TTL 3D
@ IN SOA linuxfuzz.com. admin.linuxfuzz.com. (
2007031001;
28800;
3600;
604800;
38400;
);
@ IN NS linuxfuzz.com.
50 IN PTR linuxfuzz.com.
51 IN PTR sanket
52 IN PTR pratik
53 IN PTR nupoor
54 IN PTR abhi
Step7 : Make changes to resolv.conf
search linuxfuzz.com
nameserver 192.168.10.3
Step8 : To make the changes effective, restart bind9
sudo /etc/init.d/bind9 restart
Dynamic Host Control Protocol (DHCP)[edit | edit source]
Step 1 : Installing DHCP
sudo apt-get install isc-dhcp-server
Step 2 :Edit the interface file
sudo nano /etc/network/interfaces
auto eth0 #interface configuration
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1
network 192.168.0.0
broadcast 192.168.0.255
Step 3 : Restart with the new config
sudo nano /etc/init.d/networking restart
Step 4 : Edit dhcpd conf file/set range and other paramteres
sudo nano /etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0{
range 192.168.10.100 192.168.10.200;
option broadcast-address 192.168.10.255;
Step 6 : Restart DHCP
Webserver[edit | edit source]
Step1 : Install apache2 web server Sudo apt-get install apache2
Step2 : To check if webserver is listening on which port
Netstat –a |more
Netstat – an | more
Step3 : Restart the web server
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
Step4 : To put the webpage on the server
cd /var/www
www$ sudo nano index.html
Firewall[edit | edit source]
Step1 : Block a host to telnet into webserver
sudo ufw deny telnet
Step2 : Allow a host to Web request
sudo ufw allow 80
Backup[edit | edit source]
In order for a Linux Web server to automate our task of sending backup, we need an automatic login from our web server to host on which the backup is being copied. We don't want to enter any password.
Step1 : Log onto web server and generate a pair of authentication keys
sudo ssh-keygen -t rsa
Step2 : Now use ssh to create a directory ~/.ssh on the host machine.
ssh sanket @10.103.10.3 mkdir -p .ssh
Step3 : Finally append Web server's public key to host
cat .ssh/id_rsa.pub | ssh sanket@10.103.10.3 'cat >> .ssh/authorized_keys'
Step4 :Now we will compress the file that we need to make the backup
sudo tar -cvpzf minutebackup.tar.gz /var/www/html/index.html
Step5 :Using the cron jobs we will schedule the backup for every minute
sudo crontab -e
* * * * * sudo tar -cvpzf /home/pratik/backupfolder/minutebackup.tar.gz /var/www/html/index.html
* * * * * sudo scp /home/pratik/backupfolder/minutebackup.tar.gz sanket@10.103.10.3:
Mail Server[edit | edit source]
Step1 : Install the postfix package first with defaults
sudo apt-get install postfix
Step 2 : Detailed configuration is done here. Select Internet Site as General type of mail config. System mail name -> FQDN name. Define the local Networks.
sudo dpkg-reconfigure postfix
Step 3 : Edit edit /etc/postfix/sasl/smtpd.conf file and put these lines in it.
pwcheck_method: saslauthd
mech_list: plain login
Step 4 :Restart postfix daemon
sudo /etc/init.d/postfix restart
==Network File System (NFS)==
Step1 : Install the kernel server
sudo apt-get install nfs-kernel-server
Step2 : Choose the directory which we need to share with client
sudo mkdir/expert/shared
sudo chmod 777/export/shared .... #Add permissions
sudo nano /etc/exports
Step3 : To export the directory through the terminal
sudo service nfs-kernel-server start
Step3 :To check the mount
sudo showmount -e
Step4 :To update few prompts
sudo update-rc-d portmap defaults
sudo update-rc-d nfs-kernel-server defaults
Step5 :On client side
sudo mount <IP of Server>:/pathname /home
==Testing==
Testing DNS
We basically use nslookup command to test DNS. Try nslookup <hostname> from all PCs in the network and it should show the translated IP. Also test reverse lookup. Apart from nslookup we can also use dig, host commands to test DNS.
Testing DHCP
Connect client PC to the network and it should be assigned with a IP address automatically. This can be checked by ifconfig.
Testing WebServer
Test by entrring hostname or IP address in any web browser.
Testing Firewall
Telnet to webserver is blocked. Try to telnet its Ip and it should show timeout.
Testing backup
Check the backup file on destination location by typing ls -l command and check the time when the last file backup was done.
Future Improvements[edit | edit source]
1)Digital Signatures, symmetric key encryption, authentication can provide extra security to DNS.
2)Using DHCP to assign IP address for different subnets. This is possible with the use of relay agents.
3)Dynamic DNs helps to update records with dynamic IP address.
Citations[edit | edit source]
Websites
1. https://help.ubuntu.com/community/BIND9ServerHowto
2. https://help.ubuntu.com/lts/serverguide/dns-configuration.html
3. http://www.ubuntugeek.com/how-to-install-and-configure-dhcp-server-in-ubuntu-server.html
4. https://help.ubuntu.com/community/isc-dhcp-server
5. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
6. https://wiki.ubuntu.com/BasicSecurity/Firewall
7. http://www.server-world.info/en/note?os=Ubuntu_12.04&p=nis&f=2
8. http://net.tutsplus.com/tutorials/other/the-linux-firewall
9. https://help.ubuntu.com/community/PPTPServer
Books Referred
1. Computer Networking: A Top-Down Approach, James F. Kurose, Keith W. Ross