Data Networking/Fall 2015/FWZZ
Group Members
[edit | edit source]Changhao Fu
Yuxi Zhang
Xindi Wang
Yunlu Zhou
Motivations
[edit | edit source]The project requirement is to develop our own local area network and work on it. In the network, we are asked to build a DHCP Server, a Master DNS Server, a Slave DNS Server, a Web Server and a Back Up Web Server.
Understanding the protocol
[edit | edit source]DHCP
[edit | edit source]Dynamic Host Configuration Protocol is a network service that enables a server automatically assign dynamic IP addresses to the hosts in the same network. A DHCP server can also provide DNS server’s IP address, subnet mask and default gateway to the hosts. DHCP protocol is widely used because it reduces the need for a network admin to assign IP addresses manually.
DNS
[edit | edit source]Domain Name Server provides the maps of IP address and domain name, it is used to translate the domain names to IP addresses of the URL. In the project, we use a slave DNS server to provide domain name translation when the master DNS server is crashed.
Web Server
[edit | edit source]When clients type URL and request web pages on Web Browser applications, the web server is used to response web pages and image files requested. HTTP (the Hypertext Transfer Protocol) is the foundation of data communication for the World Wide Web.
Firewall
[edit | edit source]A firewall is a network security system which controls incoming and outgoing network communication.
Backup
[edit | edit source]A backup web server can automatically back up the data from the web server. When the web server is crashed, the backup server is used to provide the web service. In the project, we use SSH, rsync and cron to realize the backup function.
VPN
[edit | edit source]A Virtual Private Network extends a private network across another network. It provides a safe connection over an unsafe Internet.
NIS
[edit | edit source]The Network Information Service is a directory service protocol used to distribute system configuration information between computers in the same network. NIS is for remote login.
NFS
[edit | edit source]The Network File System is a distributed file system protocol, which allows computers in the same network to share local storage.
Mail Server
[edit | edit source]A Mail Server is used to deliver e-mails over networks, it can deliver e-mails to client hosts and receive e-mails from other hosts.
NTP
[edit | edit source]Network Time Protocol is used for clock synchronization between computer systems. In the project, we use NTP service in the web server.
The Requirements
[edit | edit source]1.DHCP Server:
The DHCP server can allocate dynamic IP addresses to clients from an address pool.
The DHCP server can assign static IP addresses to particular devices, such as DNS Server, Web Server and Slaved DNS Server.
Use IPv4 and IPv6 addresses in the implementation of DHCP.
2.DNS Server:
Use Bind9, Posadis or PowerDNS to configure DNS Server.
Create 5 DNS records and use IPv4 and IPv6 addresses in the records.
Create reverse domains in in-addr.arpa and ipv6.arpa.
Configure a slave DNS server which can automatically update with master DNS server.
3.Web Server & Firewall:
The web page is accessible to the clients in the same network.
The server is safe when using firewall.
4.Back Up:
The web server can send the backup file to a different server, and the back up server can automatically back up the data.
Steps to perform the setup / installation
[edit | edit source]DHCP Server
[edit | edit source]DHCP in IPv4
[edit | edit source]Step 1. Install isc-dhcp-server:
sudo apt-get install isc-dhcp-server
Step 2. Edit "/etc/dhcp/dhcpd.conf":
Allocate the static ip address for DNS Server, DNS-Slave, Web Server and auto ip address for clients.
Step 3. Edit "/etc/default/isc-dhcp-server":
INTERFACES="eth0"
Step 4. Edit "/etc/network interfaces":
Allocate a static IP for DHCP Server.
Step 5. Restart the interfaces:
sudo /etc/init.d/networking restart
Step 6. Restart DHCP server:
sudo service isc-dhcp-server restart
DHCP in IPv6
[edit | edit source]Step 1. Install radvd:
sudo apt-get install radvd
Step 2. Edit "/etc/radvd.conf":
interface eth0 { AdvSend Advert on; AdvManagedFlag on; AdvOtherConfigFlag on; prefix fecb:aaaa:bbbb:cccc::/64 { AdvOnLink on; AdvAutonomous on; }; };
Step 3. Open the forwarding function of ipv6:
sysctl –w net.ipv6.conf.all.forwarding=1
Step 4. Edit "/etc/network interfaces":
Allocate a static IPv6 for DHCP Server.
Step 5. Start radvd:
sudo service radvd start
DNS Server
[edit | edit source]Master DNS Server
[edit | edit source]Step 1 : Install bind9 on master DNS server:
sudo apt-get install bind9
Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".
Step 3 : Config "db.fch.com", "db.172" and "db.ipv6" file.
Slave DNS Server
[edit | edit source]Step 1 : Install bind9 on slave DNS server:
sudo apt-get install bind9
Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".
Web Server
[edit | edit source]Step 1 : Install Apache2:
sudo apt-get install apache2
Step 2 : Config “/etc/apache2/sites-available/000-default.conf” file:
ServerAdmin webmaster@172.16.30.130
DocumentRoot /var/www/index.html
Step 3 : Config “/var/www/index.html” file.
Step 4 : Restart apache2:
/etc/init.d/apache2 restart
Firewall
[edit | edit source]Step 1 : Allow entries:
sudo ufw allow ssh
sudo ufw allow proto tcp from 172.16.30.0/24 to any port 80 sudo ufw allow from 172.16.30.120 to any port 53 sudo ufw allow from 172.16.30.6 to any port 68
Step 2 : Enable the ufw service:
sudo ufw enable
Backup
[edit | edit source]SSH
[edit | edit source]Step 1. Create public key:
ssh-keygen
Step 2. 1. Exchange the public key to the backup PC:
ssh-copy-id root@172.16.30.121
Rsync
[edit | edit source]Transmit web server’s file to backup computer:
rsync –avz –delete –e ssh /var/www root@172.16.30.121:/home/backup
Cron
[edit | edit source]Step 1. Install cron in web server:
sudo apt-get install gnome-schedule
Step 2. Configure crontab, set to synchronize files to backup computer every minute.
VPN
[edit | edit source]Step 1. Install pptpd
sudo apt-get install pptpd
Step 2. Configure /etc/pptpd.conf, set up local ip and remote ip.
Step 3. Configure /etc/ppp/pptpd-options, set up DNS server.
Step 4. Configure /etc/ppp/chap-secrets, set up username, servername, password.
Step 5. Edit /etc/sysctl.conf, setup IP forwarding.
NIS
[edit | edit source]NIS Server
[edit | edit source]Step1. Install nis:
sudo apt-get install portmap nis
Step2. Open the file "/etc/default/nis" and add:
255.255.255.0 172.16.30.7
Step3. Open the file "/etc/hosts" and add:
172.16.30.120 wangxindi
Step4. Start the Server:
service ypserv start
NIS Client
[edit | edit source]Step1. Install nis:
sudo apt-get install portmap nis
Step2. Open the file "/etc/yp.conf" and add:
domain changhao server wangxindi.changhao
Step3. Open the file "/etc/nsswitch.conf" and add "nis" at the end of these lines:
Passwd: compat nis group: compat nis shadow: compat nis hosts: files dns nis
Step4. Star the Client:
sysv-rc-conf ypbind on reboot
NFS
[edit | edit source]NFS Server
[edit | edit source]Step1. Install nfs-kernel-server on the NFS server:
sudo apt-get install nfs-kernel-server
Step2. Configure the file /etc/exports, set the shared_server to the NFS Server.
Step3. Start the NFS server:
sudo service nfs-kernel-server start
NFS Client
[edit | edit source]Step1. Install nfs-common on the NFS Client:
sudo apt-get install nfs-common
Step2. Mount the server’s folder to the client’s folder:
mount 172.16.30.130:/export/shared_server /home/zhouyunlu/export/nfsclient
Mail Server
[edit | edit source]Step 1. Install postfix
sudo apt-get update sudo apt-get install postfix
Step 2. Configure postfix in "/etc/postfix/main.cf", set hostname
Step 3. Set up file /etc/postfix/virtual. Add specific mail name and username.
NTP
[edit | edit source]Step1. Install ntp:
sudo apt-get install ntp
Step2. Open "/etc/ntp.conf" and add:
Server 4.us.pool.ntp.org
Step3. Restart ntp:
sudo service ntp restart
Testing
[edit | edit source]Test DHCP Server
[edit | edit source]Use "ifconfig" to see whether DHCP Server can allocate static or auto IP addresses for Servers or Clients.
Test DNS Server
[edit | edit source]1. If we have master DNS server and slave DNS server in the network at the same time, nslookup will return the web server's IP and the master DNS server's IP.
2. If the slave DNS server works only, nslookup will return the web server's IP and the slave DNS server's IP.
Test Web Server
[edit | edit source]1.The client can open the webpage when enter 172.16.30.0.
2.The client can open the webpage when enter fch.com.
Test Back Up
[edit | edit source]Modify HTML files in web server. After a minute, the HTML files in backup computer is also modified automatically.
Test Firewall
[edit | edit source]Enter this command to delete an entry:
sudo ufw delete allow proto tcp from 172.16.30.0/24 to any port 80
Then the client could not open the web page.
Test VPN
[edit | edit source]Configure vpn at a client, the IP will be changed to the IP configured in the VPN server.
Test NFS
[edit | edit source]1.At first, the NFS client's folder only has one file.
2.In the NFS server's folder, we add a new file.
3.In the NFS client's folder, we can see it also adds the same file, which means the NFS service is working.
Test Mail Server
[edit | edit source]Send mail from the mail server to gmail, it can receive the mail.
Future Prospects
[edit | edit source]PPTP is fast and stabilize. By default, PPTP does not implement any encryption. Its security function is based on point-to-point protocol which capacity only can encrypt 128-bits data. Therefore, PPTP is vulnerable in security issues.
For preventing any security flaw, we can implement extra authentication our VPN client. For instance, we can use EAP-TLS and PEAP for authentication. We can find a way to set up encryption for PPTP tunnels as well.
Although we can send mail through postfix in the domain name fch.com which we had set up, we have not set up SMTP authentication. Thus, mail server may be unsafe and vulnerable under attack. For future improvement, we can configure postfix to set up SMTP authentication through SASL. For implementing SASL, we need to install libsasl2-2, sasl2-bin and libsasl2-modules. Change the file path for fitting the file path which stores electronic mail. We can also enhance secure level by using port 587 instead of port 25.
In addition, we can set up dovecot server to configure IMAP. It includes a mail delivery agent. After setting up dovecot, client can receive mail through proxy. It is more convenient for client to manage their electronic mails.
For webserver, we can set up SQL for store web files, then backup SQL to backup computer. It will be more easily to manage web server.
Citations
[edit | edit source]DHCP:
https://help.ubuntu.com/12.04/serverguide/dhcp.html
https://help.ubuntu.com/community/isc-dhcp-server
http://blog.chinaunix.net/uid/563939/cid-190836-list-1.html
DNS:
https://help.ubuntu.com/community/isc-dhcp-server
Web server:
http://www8.buyerpricer.com/Video.aspx?videoid=-q8Jj4aAWYw&slk=web+server+for+ubuntu&cid=36377261359&akwd=web+server+for+ubuntu&mt=b&nid=1&iscid=2100003&term=web+server+for+ubuntu&vx=0
NFS:
https://help.ubuntu.com/lts/serverguide/network-file-system.html#nfs-client-configuration
https://help.ubuntu.com/community/SettingUpNFSHowTo
NIS:
http://www.server-world.info/en/note?os=Ubuntu_12.04&p=nis&f=1
NTP:
https://help.ubuntu.com/lts/serverguide/NTP.html
Backup:
http://askubuntu.com/questions/497895/permission-denied-for-rootlocalhost-for-ssh-connection
https://myubuntublog.wordpress.com/2009/08/31/backup-using-rsync-ssh-cron/
VPN:
https://help.ubuntu.com/community/PPTPServer
Mail server:
https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04