Data Networking/Fall 2015/56 Clearway
Group members
1. Shubham Singh
2. Suraj Bhatia
3. Sanchit Rathi
DNS Server
A DNS server provides look-up tables to resolve hostnames, alias names, canonical names into their respective IP address and vice versa depending upon the resource record used.
DNS Server Functioning
DNS server follows the following hierarchy to resolve queries:
1. As the client sends a query, the query is first routed to the local DNS server (i.e. cache).
2. If the entry is not available in the cache, the query is redirected to the Root Server which further directs it to respective TLD server and ultimately the TLD server contains the information of the authoritative server containing the resolve.
Configuration
To build our DNS server we have installed UBUNTU 14.04 and run it on VM Workstation on Windows. Also to build DNS server we have used Bind version 9.5(bind9).To configure and install the DNS server the following commands were executed on the terminal
1.This command ensures our Ubuntu has installed all updates.
sudo apt-get update
2.This command when run on the terminal downloads Bind. After building the tree, it ask for root permission before downloading the packages.
sudo apt-get install bind9
3.This command defines a local domain which will be the web address of our DNS server.
sudo cp /etc/bind/db.local /etc/bind/db.56clearway
4.Using this command we can make changes in db.56clearway which is actually the forward zone of our DNS. Resource records are written for domain servers, web, mail, etc pointing to their respective IP addresses. These records makes the server authoritative.
sudo nano /etc/bind/db.56clearway
5.This command creates the reverse zone file and binds it to the reverse localhost domain.
sudo cp /etc/bind/db.127 /etc/bind/db.192
6.This command helps us edit the db.192 file. Under this file we Using PTR resource record reverse IP mapping (obtaining hostname for respective IP addresses) is conducted.
sudo nano /etc/bind/db.192
7.This command helps us list the forward and reverse zones along with the file path where the information is stored.
sudo nano /etc/bind/named.conf.local
8.This command allows us to edit our forwarders. WE have added our own gateway address to the list of forwarders.
sudo nano /etc/bind/named.conf.option
9.This command allows us to change the nameserver IP address and defines search within our specific domain.
sudo nano /etc/resolv.conf
10.In order for the changes to bind, a bind9 restart is necessary. There would be an error in bind if there is any error in configuring the DNS server.
sudo service bind9 restart
TESTING We can check whether DNS is working or not by typing nslookup and then our IP address.
DHCP IPv4 and IPv6
Install DHCP server on Ubuntu 14.04
sudo apt-get install isc-dhcp-server –y
Configure DHCP server
sudo nano /etc/default/isc-dhcp-server
Assign network interface as “eth0”.
1.Enter below command and define parameters in the dhcpd.conf file:
sudo nano /etc/dhcp/dhcpd.conf
After adding the parameters, save and close the dhcpd.conf file.
2.Restart the dhcp service by entering the following command:
sudo service isc-dhcp-server restart
3.Install DHCPv6 on Ubuntu 14.04:
sudo apt-get install wide-dhcpv6-server
4.Make copy of the dhcp6s.conf file in another destination:
sudo cp /usr/share/doc/wide-dhcpv6-server/examples/dhcp6s.conf.sample /etc/wide-dhcpv6/dhcp6s.conf
Define parameters and create pool or host to assign IPv6 address based on client ID:
5.Make changes in the sysctl.conf file as follows:
sudo /etc/sysctl.conf
net.ipv6.conf.all.autoconf=1
net.ipv6.conf.all.accept_ra=1
6.Restart dhcpv6 with command:
sudo service isc-dhcpv6-server restart
WEBSERVER AND FIREWALL:
Webserver
Webservers are used to access the web pages. Every webserver has the IP address of all the domains in the world. Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet.
Behavior of protocol
The Hypertext Transfer Protocol (HTTP) is an application and is the foundation of data communication for the World Wide Web.
Signaling
1. The DHCP server is used to assign the client ip address.
2. Client has to initiate a TCP connection by sending SYN message to server on port 80.
3. The server replies to the client by SYN-ACK message.
4. The client sends an ACK message and completes the three way handshake and requests the web page.
Webserver configuration
We have used Apache for web server configuration because it provides us flexibility and speed in the small network that we have created. Following are the commands we have used on Linux machine.
1. We install apache on our machine:
sudo apt-get update
sudo apt-get install apache2
2. Create our own directory:
sudo mkdir -p /var/www/56clearway.com/public_html
3. Grant permission as we are not the root users:
sudo chown -R $USER:$USER /var/www/56clearway.com/public_html
4. Then we create an html page for web server:
sudo nano /var/www/56clearway.com/public_html/index.html
5. We will create a virtual host file:
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/56clearway.com.conf
6. We will now open this file with root privileges:
sudo nano /etc/apache2/sites-available/56clearway.conf
7. We will enable our website by:
sudo a2ensite 56clearway.com.conf
8. Then we will re-start the web server:
sudo service apache2 restart
Testing
1. Open the web browser and on typing the ip address our webpage should open.
2. By typing our website name our webpage should open; that means our web page is working fine.
Web page opened with URL as well as IP address on client machine.
FIREWALL
1.Install UFW- Uncomplicated firewall with following command on Ubuntu machine:
sudo apt-get install ufw
2.To enable firewall with IPv6, enter below command:
sudo nano /etc/default/ufw
Make sure the line IPV6=yes is uncommented.
3.Check UFW status:
dnsserver@ubuntu:~sudo ufw status verbose
4.Set up default policies:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 22
sudo ufw enable
5.Check status after enabling:
sudo ufw status verbose
6.Other options:
sudo ufw allow http
sudo ufw allow 80
sudo ufw allow ftp
sudo ufw status numbered
WEB SERVER BACKUP
1.Install rsync feature on Ubuntu 14.04:
sudo apt-get install rsync
2.To synchronize a directory from local system with a remote system, enter the following command:
rsync -azvh /var/www client@10.0.0.40:/home/
3.To verify, go to the remote system and check the contents using command below:
ls /home/sk/sync/
4.To synchronize directories securely over SSH, enter following command:
rsync -azvr /var/www -e ssh client@10.0.0.40 :/home/
5.To synchronize directories password less, create a key and share it with the remote user:
ssh-keygen -t rsa
ssh-copy-id -i /var/www/. ssh/id_rsa.pub client@10.0.0.40
ADD-ONS
NFS- Network File System
NFS, or Network File System, is a distributed filesystem protocol that allows you to mount remote directories on your server. NFS works well for the directory that needs to be accessed regularly.
Configuration
For server -
1. We need to install nfs-kernel-package:
sudo apt-get install nfs-kernel-server
2. Now we are creating two directories:
sudo mkdir /var/nfs
sudo mkdir /home
3. Now we will share the resources:
sudo nano /etc/exports
And our file will look this:
/home 10.0.0.40(rw, sync, no_root_squash, no_subtree_check)
/var/nfs 10.0.0.40(rw,sync, no_subtree_check)
4. Now we will create NFS table:
sudo exportfs -a
For client-
1. For the client we will install package nfs common:
sudo apt-get install nfs-common
2. Creating directories on the client:
sudo mkdir -p /mnt/nfs/home
sudo mkdir -p /mnt/nfs/var/nfs
3. Creating mount point on the client:
sudo mount 10.0.0.75:/home /mnt/nfs/home
sudo mount 10.0.0.75:/var/nfs /mnt/nfs/var/nfs
4. We can see all NFS share by command:
mount -t nfs
5. We can make the mount automatically by the command:
sudo nano /etc/fstab
MAIL SERVER
Configuration
To implement mail server we have used
1. Postfix
2. Dovecot
3. Squirrelmail
The following commands have to be executed:-
1.This command is used to install updates
sudo apt-get update
2.This command is used to install bind9, apache2, php5, postfix, dovecot common ,dovecot imapd ,dovecot pop3d, squirrelmail
sudo apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd doecot-pop3d squirrelmail
3.This command is used to enter the directory /etc/bind
cd /etc/bind
4.This command is used to define forward and reverse zones
sudo nano named.conf.local (add and edit forward and reverse zone for your domain)
5.This command binds data from our DNS serer to the localhost
sudo cp db.local db.56clearway
6.The following commands are used to test DNS server nslookup mail.56clearway.com
dig mail.56clearway.com
7.cd /etc/apache2/sites-available/
8.sudo cp 000-default.conf mail.conf
9.sudo nano mail.conf (add and edit: ServerName and document root for squirrelmail)
10.a2ensite squirrelmail (enabling squirrelmail)
11.sudo service apache2 restart (restart apache2 services)
12.sudo nano /etc/squirrelmail/apache.conf (add & edit: document root and domain name)
13.sudo nano /etc/dovecot/dovecot.conf (Inside the conf file add protocols IMAP & POP3 and set mail_location: MailDir)
To stop all related services execute the following commands
killall named
killall apache2
killall dovecot
To change interfaces on network
sudo nano /etc/network/interfaces (define static IP with netmask and default gateway for Mail server)
14.Stopping and restarting the following services
sudo service bind9 restart
sudo service apache2 restart
sudo service postfix restart
sudo service dovecot restart
Add users and test working of mail server using squirrel mail.
Testing
1.Testing postfix and dovecot
2.Opening squirrelmail on Mozilla Firefox
NIS – NETWORK INFORMATION SYSTEM
Signaling
NIS stands for Network Information Service. It is a client-server protocol used to distribute system configuration such as hostnames and users to other users on the network. It is generally employed for small scale network.
NIS configurations
1. Installing nis and portmap
sudo apt-get install nis portmap
2. Edit domain as well as server name and refresh the database.
sudo nano /etc/default/nis
#set nisserver=master
sudo nano /etc/yp.conf
domain 56clearway.com server NIS sudo nano /etc/ypserv.securenets
“255.255.255.0 10.0.0.*” (add list of acceptable hosts)
Restart the server database
sudo /user/lib/yp/ypinit -m
3. For NIS client, type following command
sudo apt-get install portmap nis
4. Edit domain & server name
sudo nano /etc/passwd
Add a line +: : : : : :
sudo nano /etc/group
Add a line +: : :
sudo nano /etc/shadow
Add a line +: : : : : : : :
sudo nano /etc/yp.conf
set the ypserver’s IP address <192.168.3.75>
After making the changes, update the server.
Testing
Commands ‘yptest ypswitch’ and ‘ypcat –x’ is used test NIS.
NTP - Network Time Protocol
NTP CONFIGURATION
1. To install ntpd:
sudo apt-get install ntpd
2. Then edit the conf file:
sudo nano /etc/ntp.conf
3. After this then reload ntp:
sudo restart ntpd
4. View the status of ntpd by: sudo nap –p
VPN – VIRTUAL PRIVATE NETWORK
VPN enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It is use to extend private network over public network.
VPN CONFIGURATION
1. First we will install pptp server:
sudo apt-get install pptpd
2. We need to configure pptpd where we will add server IP and Client IP:
sudo nano /etc/pptpd.conf
3. Configure DNS servers:
sudo nano /etc/ppp/pptpd-options
4. Now we will add VPN user:
sudo nano /etc/ppp/pptpd-secrets
FUTURE SCOPE
• Creating a more decentralized network
• Creating better firewall to block serious external threat and secure network
• Creating efficient mail server
• Upgrading NIS to NIS+
REFERENCES
• https://help.ubuntu.com/lts/serverguide/dhcp.html
• https://help.ubuntu.com/lts/serverguide/dns-configuration.html