Data Networking/Fall 2015/Riampara
Data Networking/TELE 5330 DN-Linux Project-Anika Ramachandran & Group Linux Project to implement DNS,DHCP,Web Server & Firewall Bold textThe Project Team 1) Manasi Bhutada 2) Rini Khanna 3) Anika Ramachandran 4) Pratiksha Kulkarni Introduction In this Linux project,our group has tried to implement certain networking concepts such as DNS,DHCP,Web Server,Backup Web Server & a Firewall. The flavour of Linux that we have used is Ubuntu 14.04.1. The Basic Protocols & understanding them Bold text1) Domain Name System (DNS) Domain Name System(DNS) is a naming system for hosts connected to the internet or a private network.DNS maps domain names to IP addresses and vice-versa. When a website;say for e.g. "www.google.com" is entered,the browser has to find out the IP address of the web server. So a query is sent to the local DNS servers and a corresponding IP address is returned back. So now we can successfully access the website with the help of our web browser. The different types of DNS server records are A,AAAA,PTR,CNAME,MX,etc. We will use a Bind9 DNS server with caching. An advantage of caching would be that whenever we make a cached request,the amount of time required to fetch and display the page requested,if it was already requested previously or stored in the cache is reduced significantly by thousands of milliseconds.
Bold text2) Dynamic Host Configuration Protocol (DHCP) In modern day networking,IP addresses to the hosts can be configured dynamically instead of a manual process by using Dynamic Host Configuration Protocol (DHCP) . DHCP allows a host to get an IP address automatically. A host may be assigned a temporary IP address each time it connects to the network. It is often referred to as a Plug-and-Play protocol. DHCP is a client and server based protocol. The way it works is that a host which arrives at the network will find a DHCP server. This interaction is called DHCP server discovery. Then the DHCP server offers an IP address to the host for a leased time. This is called DHCP server offer. Then the newly arriving client will choose the server offer if it wishes to by sending a DHCP request message. Finally the DHCP server responds to this request by replying with a DHCP ACK message. Port numbers used for DHCP server and client are 67 & 68 respectively. The three types by which DHCP allocates IP addresses to the hosts Static allocation Manual IP addresses are allocated for only those hosts who have their MAC addresses listed in the IP translation tables on the router. Dynamic allocation Allocation occurs from a pool of IP addresses dynamically for a certain lease period. Automatic allocation The same IP is assigned to the client when it comes on the network. Bold text3) Web Server A web server is a computer system that is used for processing requests via HTTP. A web server is used to host a website. It also can be used to handle gaming,email,FTP and other such applications. It involves the HTTP and HTTPS protocols to listen on ports. Port numbers used are 80 for HTTP and 443 for HTTPS. To avoid overloading we can use a firewall or web caching techniques. Bold text4) Backup Web Server A very wise decision would be to backup the existing web server in case any failure occurs. So we have synced our data with another server which keeps a track of contents in the directory.So it does dynamic updating by copying only those files which have been modified. For this purpose we will use Remote Sync (RSync) which is available in Ubuntu. Bold text5) Firewall A firewall is a system used for preventing unauthorised access to or from a network. It could either be a hardware or a software. It will filter all incoming/outgoing packets based on how the firewall has been designed. Common techniques used are packet filtering,application gateways,circuit-level gateways and proxy servers. Most firewalls use more than one of these techniques in combination. A firewall is usually considered a first line of defense. Encryption on data can be used to achieve further security. Bold textConfiguration Steps Bold textDNS :- DOMAIN NAME SYSTEM DNS is responsible for directing network traffic to avoid network congestion based on name and numerical IP addresses. It's the service that allows users to type in domain names instead of IP addresses to locate a Web site or Internet resource. To provide this service, DNS creates a mapping between the numeric IP addresses and the readable domain names that Internet users are accustomed to using as they can remember more easily. The below commands are executed to create the DNS server :- 1) Install the service BIND9 :- sudo apt-get install bind9 2) Configure files inside bind9:- sudo nano /etc/bind/named.conf.local sudo nano /etc/bind/named.conf.options 3) Configure the forward and reverse tables :- sudo nano /etc/bind/db.riamp.com sudo nano /etc/bind/db.20.168.192.in-addr.arpa 4) Restart the services sudo service bind9 restart 5) configure the resolv.conf file sudo nano /etc/resolv.conf
Bold textDHCP Server Bold textFor IPv4 & IPv6 1. Install DHCP Server sudo apt-get install isc-dhcp-server sudo apt-get install radvd 2. Set the static IP address of the DHCP server sudo nano /etc/network/interfaces host web-server { hardware Ethernet 00:0c:29:20:2a:c1; fixed-address 192.168.20.100; } 4. Configure the DHCP server sudo nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.220 192.168.10.230; option routers 192.168.10.1; option domain-name-servers 192.168.10.254; option broadcast-address 192.168.0.255; option domain-name "riamp.com"; default-lease-time 600; max-lease-time 7200; } sudo nano /etc/dhcp/dhcpd6.conf
default-lease-time 5;
max-lease-time 20; log-facility-local7 subnet6 2001:db8:0:1::/64 { range6 2001:db8:0:1::10 2001:db8:0:1::154; range6 2001:db8:0:1::/64 temporary; option dhcp6.name-servers 2001:db8:0:1::3; option dhcp6.domain-search “riamp.com”;
}
5. Edit the resolv.conf file
nameserver 192.168.20.3
6. Restart the dhcp server sudo service isc-dhcp-server restart sudo service isc-dhcp-server6 restart 7. Testing 1. DHCP leasing: - sudo tail /var/lib/dhcp/dhcpd.leases 2. DHCP LOG: - sudo tail –f /var/log/syslog Bold textWebserver 1.Install Apache Web Server
Sudo apt-get install apache2
2.Creating a directory here for the Web Server
sudo mkdir /var/www/riamp.com
3. Creating Demo Pages for the Web Server
sudo nano /var/www/riamp.com/sample.html
4. Creating the Web Server file:
sudo nano /etc/apache2/apache2.conf sudo nano /etc/apache2/mods-available/dir.conf
Customizing ServerName and DocumentRoot for Web Server to match requests made on port 80
Sudo apt-get install gksu Gksu nautilus ServerName riamp.com documentRoot /var/www/riamp.com
5. Restart Apache to make these changes take into effect
Sudo service apache2 restart
Testing 1.By entering IP address in the URL bar the web page of the project will be displayed. 2.Also, ‘riamp.com’ will display same web page meaning the web server is working properly. Bold textFirewall 1.Installing and Starting iptables-persistent
Sudo apt-get install iptables-persistent sudo service iptables-persistent start
2. Accepting incoming connection to port 80 and 20 and rejecting others to configure the firewall
sudo iptables –A INPUT –p tcp –dport 22 –j ACCEPT sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT sudo iptables –A INPUT –j DROP sudo iptables –I INPUT 1 –I lo –j ACCEPT
3. Reject HTTP request from a particular host
sudo iptables -A INPUT -s 192.168.15.157 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp- port-unreachable
Testing 1.This will list all the rules that are configured in firewall.
sudo iptables –L
2. Client with ip address 192.168.15.157 will ne unable to reach the host, which can be verified by
pinging.
Bold textBackUp Server 1.Install SSH
sudo apt-get install ssh
2. Generate RSA keys
ssh-keygen –t rsa
3. Using ssh to create a directory ~/.ssh
ssh rini@192.168.20.100 mkdir -p .ssh
4. Permissions
chmod 700 ~/.ssh && chmod 600 ~/.ssh/* chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
5. Appending the key
cat .ssh/id_rsa.pub | ssh rini@192.168.20.100 'cat >> .ssh/authorized_keys’
6.Compressing the file to be backed up
sudo tar –cvpzf backup.tar.gz /var/www/riamp.com
7. Using the cron jobs to schedule the backup for every minute
sudo crontab -e * * * * * sudo tar -cvpzf /home/rini/backup.tar.gz /var/www/riamp.com * * * * * sudo scp /home/rini/backup.tar.gz rini@192.168.20.100:
Testing The backup file on destination location can be checked by typing ls -l command and the time when the last file backup was done. Bold textADD-ON: - Bold text1. Mailserver 1. Update the ubuntu OS with packages sudo apt-get update sudo apt-get update --fix-missing 2. Install Postfix & Dovecot
sudo apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd dovecot-pop3d squirrelmail
3. Restart the mail server
sudo nano /etc/bind/named.conf.local invoke-rc.d bind9 restart
4. Check it using nslookup & dig tool
nslookup mail.anika.net dig mail.anika.net
5. Restart the Apache server
invoke-rc.d apache2 restart
6. Reconfigure Postfix
dpkg-reconfigure postfix system mail name -> mail.anika.net
7. Editing the configuration file for apache & dovecot
sudo nano /etc/squirrelmail/apache.conf sudo nano /etc/dovecot/dovecot.conf protocols = imap pop3 #disable_plaintext_auth = no mail_location = mbox~/mail:INBOX=/var/mail/%u mail_location = maildir:~/Maildir
8. Setting forward and reverse zones 9. Kill all the processes
killall named killall apache2 killall dovecot
10. Set the static IP address for the mail server
ifconfig eth0 192.168.20.1 netmask 255.255.255.0 ifconfig eth0 up
11. Restart all the processes
invoke-rc.d bind9 restart invoke-rc.d postfix restart invoke-rc.d dovecot restart
12. Add users & assign them passwords 13. Mail received Bold text2. NFS Steps for configuring the NFS server 1. Install the NFS server
sudo apt-get install nfs-kernel-server
2. Creating an export filesystem
sudo mkdir -p /export/users
3. Provide permissions for accessing the NFS share from the client
sudo chmod 777 /users
4. Mount the real users directory
mount --bind /home/shared_users /export/users
5. To save us from retyping this after every reboot we add the following in the /etc/fstab 6. Since we are not activating security do the following edit
sudo nano /etc/default/nfs-kernel-server NEED_SVCGSSD="no"
7. Export our directories to the local network 192.168.20.0/24
sudo nano /etc/exports /export 192.168.20.0/24(rw,fsid=0,insecure,no_subtree_check,async) /export/yedi 192.168.20.0/24(rw,nohide,insecure,no_subtree_check,async)
8. Restart the server
sudo service nfs-kernel-server restart
Steps for configuring the NFS client 1. Install NFS for the client
sudo apt-get install nfs-common
2. Mount the export tree with the client's user
sudo mount 192.168.20.5:/export /home/anika
3. NTP 1. Install the NTP daemon sudo apt-get install ntp 2. Configure the NTP Servers sudo nano /etc/ntp.conf 3. Find the section within the configuration that lists the NTP Pool Project servers. The section will look like this: server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org server 192.168.1.3 4. Use the command
ntpq -p