Data Networking/Fall 2015/ADSU
Team Members
[edit | edit source]Anuj Tyagi
Deepanshu Lulla
Swarnashruti Jupudi
Umakant Kulkarni
Project Objective
[edit | edit source]The goal of the Linux project is to build a DNS implementation for a start-up company. We had to design a DNS server for a startup company, a DHCP server, a domain that hosts a webserver, and a firewall to make the network more secured and efficient. We are using the following IP addresses:
Components IPV4 ADDRESS
DNS SERVER-192.168.43.72
DHCP SERVER-192.168.43.254
WEB SERVER-192.168.43.238
MAIL SERVER-192.168.43.238
BACKUP SERVER-192.168.43.159
NFS SERVER-192.168.43.72
CLIENT-It will get the IP from the DHCP Pool
Domain Name System (DNS)
[edit | edit source]Behavior of protocol
[edit | edit source]DNS translates hostnames/Domain names to IP addresses. It is an application level protocol that stores the DNS records for domain name, address records, name server records, and mail exchanger records. This protocol consists of distributed database which is implemented in a hierarchy of DNS servers. Hosts can request the distributed database using DNS protocol. The DNS protocol can use either TCP or UDP using port number 53. The DNS protocol consists of a UDP single request from the client and is served by a single reply from the server.
Signalling
[edit | edit source]1. The client will first contact the local DNS server with the DNS query containing the hostname.
2. The local DNS server forwards the query to the root DNS server. The root DNS server sends a reply to the local DNS with a list of the possible TLD servers.
3. The local DNS server sends its query message to one of the TLD servers.
4. The TLD server responds back with the IP address of the authoritative name server to the local DNS server.
5. The local DNS server then sends its query to the authoritative DNS server which responds back with the IP address for the queried hostname.
Configuration
[edit | edit source]Step 1: Install bind
$sudo apt-get install bind9
Step2: Then edit the file named.conf.options in the /etc/bind/ directory
$sudo gedit /etc/bind/named.conf.options
Step3: Our system must work atleast as a forwarder.
$dig @127.0.0.1 www.facebook.com
Step4: Next open the file named.conf.local in the /etc/bind/ directory
$sudo gedit /etc/bind/named.conf.local
Step 5: Create a file in /etc/bind/ , copy the local file to it and open it in editor
$sudo gedit db.adsu.com
Step 6: Then open db.adsu.rev in editor.
$touch db.adsu.com $sudo cp db.adsu.com db.adsu.rev $sudo gedit db.adsu.rev
Step 7: Then open db6.adsu.rev in editor
$touch db6.adsu.com $sudo cp db.adsu.rev db6.adsu.rev $sudo gedit db6.adsu.rev
Step 8: The command below restarts the bind server.
$sudo service bind9 restart The command below flushes the dns cache. $sudo rdct flush The below command reboots the server $sudo reboot
Slave DNS
Repeat all the steps exactly as above in master DNS except in step 4,Instead of allow transfer{‘slaveIp’} use masters{‘masters IP’}
Testing
[edit | edit source]We basically use nslookup command to test DNS. Try nslookup <hostname> from all PCs in the network and it should show the translated IP. Also test reverse lookup. Apart from nslookup we can also use dig, host commands to test DNS.
Dynamic Host Configuration Protocol (DHCP)
[edit | edit source]Behavior of protocol
[edit | edit source]IP addresses are automatically assigned by the DHCP server to the clients. This helps reduce the load on the network administrator or a user to configure these settings manually on thousands of computers. It is an application layer protocol that operates on a client-server model. It manages a pool of Ip addresses, default gateway, domain name, name server and time servers. When a host leaves, its IP address is resolved to the pool. ISC-DHCP is a software which performs all of DHCP functions such as client, server and relay agent. The protocol was designed as an extension to the Boot Strap Protocol (BOOTP). Bootp did not have a mechanism to allow the re-usage of ip address and involves extensive manual configuration to assign information to each client individually. It facilitates automatic configuration of computers even if a user changes networks. The advantage of DHCP is that if there is any change in the address of DNS server it has to be updated only in the DHCP server. When the client queries, all the hosts will be automatically reconfigured. Another advantage is that new computers can be directly added to the network and the IP address will be automatically allocated.
Signalling
[edit | edit source]- When a client enters the network, it broadcasts a DHCPdiscover message to all the DHCP servers.
- The DHCP server on receiving the discover message, unicasts an offer message to the client.
- The client accepts the offer and responds with a request message for the IP address.
- The server responds back with an acknowledgement message.
Configuration
[edit | edit source]Step 1: Install the package
$sudo apt-get install isc-dhcp-server
For IPV4:
Step 2: Edit /etc/network/interfaces file and set up static IP address to the interface
- gedit /etc/network/interfaces
#Edit Static IP settings auto eth0 iface eth0 inet static address 192.168.43.254 netmask 255.255.255.0 network 192.168.43.0 broadcast 192.168.43.255
Step 3: Restart network Interface
$sudo /etc/init.d/networking restart
step 4: Configure DHCP server and provide the range of ip address for clients and bind the ip corresponding to mac-address of servers to assign same ip to all servers everytime.
i. sudo nano /etc/dhcp/dhcpd.conf ii. Save and restart the dhcp configuration file. $sudo service isc-dhcp-server restart To check the DHCP lease address: #gedit /var/lib/dhcp/dhcpd.leases
For IPV6
i. Configure static ipv6 address on interface iface eth0 inet 6 static ii. Create a new dhcpd6.conf file : /etc/dhcp/dhcpd6.conf
Create new file /etc/init.d/isc-dhcp6-server and copy the contents of /etc/init.d/isc-dhcp-server to it. Add -6 everywhere the dhcpd process is called.
Testing
[edit | edit source]DHCP is tested successfully by checking if the DHCP server assigns IP address to the connected client in the communication network from a given range of IP addresses as mentioned in the conf file.
Web Server and firewall
[edit | edit source]Behaviour protocol
[edit | edit source]Web server serves the requests via HTTP, it can be used to host websites,gaming data storage, to handle emails, FTP files etc. It delivers the webpages to clients. The webpages are generally HTML documents that includes images, scripts and text. It can be implemented in kernel this makes it work faster and it can also directly access the hardware resources.
Signalling
[edit | edit source]The client initiates a TCP connection with the web server IP provider. The connection involves a 3 way handshake mechanism. First, the clients sends a SYN message requesting TCP connection to the browser at port 80. The server responds with a SYN-ACK message acknowledging the request and requests the client to open a port for the server to send information. The client responds with the ACK message and also sends a request for the HTML page.
Configuration
[edit | edit source]Step 1: Install Apache2 on your server using apt-get
sudo apt-get update sudo apt-get install apache2
Step 2: Since the webpage that we are going to host has to be accessed by other clients on network, it will be stored in /var www directory in a specified domain (here adsu.com) under public_html folder.
sudo mkdir -p /var/www/adsu.com/public_html
Step 3: Grant the permission for other clients to access those files as these are not specified in rood directories.
sudo chown -R $USER:$USER /var/www/adsu.com/public_html sudo chmod -R 755 /var/www
Step 4: Create an html page inside the directory. Sudo gedit /var/www/adsu.com/public_html/index.html
Step 5: Now the default virtual host file in apache 2 is 000-default.conf We will copy it over to create a virtual host file for our domain.
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/adsu.com.conf
Step 6: Open the new file in your editor with root privileges:
sudo gedit /etc/apache2/sites-available/adsu.conf
Step 7: Enable new host files
sudo a2ensite adsu.com.conf
Step 6: Restart the apache server sudo service apache2 restart
Firewall:
A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on set of rules.
Configuration
[edit | edit source]Step 1: Install UFW, or Uncomplicated Firewall (is a front-end to iptables)
sudo apt-get install ufw
Step 2:Enable it
sudo ufw enable
Step 3:Allow ftp on port 20
sudo ufw allow 20
Step 4:Allow other users to access the webpage on port 80
sudo ufw allow 80
Step 5:Deny the access for POP3 a
sudo ufw deny 110
Step 6:Allow particular user to ssh on server
sudo ufw allow proto tcp from 192.168.43.20 to any port 22
IPTABLES are firewall utility in linux. It comes pre-installed in ubuntu. Firewall can filter the packet on the basis of source ip, destination ip or port.
#iptables -A INPUT –p icmp –j REJECT #iptables –A INPUT –p telnet –j REJECT #iptables -A INPUT -p icmp -j REJECT #iptables -A INPUT -p telnet -j REJECT With and Without IPTABLES.
Backup
[edit | edit source]Behavior of Protocol
[edit | edit source]Backup is created at every minute and sent to the backup server using ftp.
Configurations for web server
[edit | edit source]Step 1: Install vsftpd
$ apt-get update $ apt-get install vsftpd
Step 2: Edit the following file:
$sudo gedit /etc/vsftpd.conf
Step 3: restart the ftp service:
$sudo service vsftpd restart
Step 4: test the service by:
ftp localhost
Step 5: To run this shell script using crontab after every minute modify the crontab as:
Sudo crontab –e
Configurations for backup server
[edit | edit source]Step 1: Create a user
$sudo adduser vm1
Step 2: Edit the following file:
$sudo gedit /etc/vsftpd.conf
Step 3: make directory for this user to store the backup path
$sudo mkdir -p /home/vm1/uploads
Step 4: change priority and accessibility
$chmod 775 /home/vm1/uploads
Algorithm
[edit | edit source]1. Client attempts to join the network : dknr
- If the client is valid
- Successfully connect to dknr
- Else
- Restart connection or contact network administrator for troubleshooting
2. Client needs to acquire IP address from the DHCP server
- Check if wlan interface is set to static or to automatic (DHCP)
- If static
- Change to automatic (DHCP)
- Else (DHCP discover)
- Contact DHCP server to get the IP address, gateway IP address, DHCP server details, DNS server details.
- If DHCP allocation is successful
- Server replies with an IP address to be allocated
- Else
- DHCP server replies with a request failed response
- Then
AD-ONS
[edit | edit source]Network File System (NFS)
[edit | edit source]It is a file distribution system protocol. NFS allows a client to share its content with other users on the network. In order to access the file, all clients have to mount the shared directory to make it their own directory. Configuration
Server
Step1: Install NFS server
$sudo apt-get install nfs-kernel-server
Step2: Create a directory to share and change its permissions
$sudo mkdir –p /export/sharedDrive $sudo chmod 777 /export/sharedDrive $ sudo chmod 777 /export
Step 3: Open the file exports in etc folder of root directory
Type the directory to shared followed by the network to share and finally the permissions(rw standing for read write).
Client
Step 1: Install NFS client
$sudo apt-get install nfs-common
Step2: Create a folder called sharedDrive on client and sharing permissions
#mkdir /sharedDrive #chmod 777 /sharedDrive/
Check if there are any files already in that folder.
#ls –lar /sharedDrive/
Step 3: Mount your drive
#mount -t nfs 10.0.0.32:/export/sharedDrive /sharedDrive
Now if we create files on any one the client or server it gets updated on the other side.
NTP
[edit | edit source]NTP Server: NTP is used to synchronize the date and time of clients with the server.
Step 1: Install NTP server
$ Sudo apt-get install ntp
step 2: Edit the ntp.conf file and enter ntp server ip Step 3: Place the word iburst onto one pool to indicate you want to retrieve from this as soon as possible.
On client side, we need to put ntp server ip.
Step 1: Restart the daemon on NTP server
$Sudo /etc/init.d/ntp restart
Testing
On windows client, change the NTP server ip in date and time settings.
VPN Server
[edit | edit source]PPTP
PPTPD is the Poptop PPTP daemon, which manages tunneled PPP connections encapsulated in GRE using the PPTP VPN protocol. Contain features such as IP addressing management and TCP wrappers.
Step 1: install package:
apt-get install pptpd
Step 2: Now, edit sudo /etc/pptpd.conf
add server ip and client pool. localip 192.168.43.254 remoteip 192.168.43.150-155
Step 3: add users /etc/ppp/chap-secrets
linux pptpd test123 *
Step 4: Edit the file sysctl.conf , by using the command:
sudo gedit /etc/sysctl.conf Uncomment the following line: net.ipv4.ip_forward=1 Step 5: Service pptpd restart #etc/init.d/pptpd restart
Test
Connect from using vpn client. Input user, password and VPN server ip.On server after connection, it will create a new ppp0 interface which will be visible in #ifconfig
Mail server
[edit | edit source]Step 1: install the postfix package
sudo apt-get install postfix
Step 2: Configure step by step:
sudo dpkg-reconfigure postfix
Step 3: Configure mailbox format for Maildir
sudo postconf -e 'home_mailbox = Maildir/' sudo postconf -e 'mailbox_command ='
Step 4: Edit /etc/postfix/sasl/smtpd.conf as follow:
pwcheck_method: saslauthd mech_list: plain login
step 5: Configure postfix and TLS for both incoming and outgoing mails
sudo postconf -e 'smtp_tls_security_level = may' sudo postconf -e 'smtpd_tls_security_level = may' sudo postconf -e 'smtpd_tls_auth_only = no' sudo postconf -e 'smtp_tls_note_starttls_offer = yes' sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key' sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt' sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' sudo postconf -e 'smtpd_tls_loglevel = 1' sudo postconf -e 'smtpd_tls_received_header = yes' sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s' sudo postconf -e 'tls_random_source = dev:/dev/urandom' sudo postconf -e 'myhostname = server1.example.com'
Step 6: Restart the postfix service:
sudo /etc/init.d/postfix restart
Testing 1) telnet localhost 25 2) ehlo localhost 3) Verify the status codes
Network Information Service (NIS)
[edit | edit source]This is a client-server protocol which is used to exchange system configuration data between users on a computer network. NIS contains a central directory of user & group information along with other useful data.
Configuration:
Step 1: Install nis portmap sudo apt-get install nis portmap
Step 2: Edit domain as well as server name and refresh the database. sudo nano /etc/default/nis set nisserver=master sudo nano /etc/yp.conf domain Group1Server server ritesh sudo nano /etc/ypserv.securenets “255.255.255.0 192.168.3.*” Sudo /user/lib/yp/ypinit -m
Step 5: For NIS client, type following command sudo apt-get install portmap nis
Step 4: Edit domain & server name sudo nano /etc/passwd
step 5: Make following changes After making above changes update the database in the server. Add a line +: : : sudo nano /etc/shadow Add a line +: : : : : : : sudo nano /etc/yp.conf set the ypserver’s IP address
Testing:
Use commands ‘yptest ypswitch’ and ‘ypcat –x’ to test NIS.
References
[edit | edit source]- https://help.ubuntu.com/12.04/serverguide/firewall.html
- https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on- an-ubuntu-and-debian-cloud-server
- https://help.ubuntu.com/community/isc-dhcp-server
- https://help.ubuntu.com/lts/serverguide/dns-configuration.html
- Computer Networking A TopDown Approach by KUROSE and ROSS