Jump to content

Data Networking/Fall 2015/SSRA

From Wikiversity

Motivation

[edit | edit source]

This project builds a deeper understanding of basic Networking fundamentals through practical implementation. The concepts that are part of the Data Networking class (TELE5330) became clearer through the implementation of this project. In this webpage we have described our Linux project based on implementations of concepts such as DNS, DHCP, Web Server,Firewalls, Backup.

Understanding the Protocol

[edit | edit source]

DNS:

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide. The Domain Name System is an essential component of the functionality of most Internet services because it is the Internet's primary directory service.

DHCP:

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

WEB SERVER:

A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests

FIREWALL:

A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

BACKUP:

System backup provides security to the network by retaining compressed versions of the file systems of various nodes in the network. In the event of system crash, corruption or failure, the file system can be restored from the backup that was stored beforehand.

The Requirements

[edit | edit source]
  • Create a DHCP server that assigns IPV4 and IPV6 addresses to the clients in the network.
  • Implement a web server.
  • Create a master DNS server and a slave DNS server.
  • Create firewall.
  • Create backups of the client in the backup server and send them back to the client when required.

Steps to perform the setup / installation

[edit | edit source]

DNS Configuration:

1) Sudo apt-get install bind9:

This command is used to install Bind9 to setup the DNS server.


2) Sudo gedit /etc/bind/named.conf.local:

This command is used to edit the named.conf.local file and the domain zone and the reverse zone has been added to resolve an address to a name. A master server is denoted in the zone section. Now this file should be saved and return to terminal.

//Domain zone

zone "fdpro.com"

      { 
         type master; 
        file /etc/bind/zones/fdpro.com.db";
      }; 

//For reverse DNS zone "17.168.172.in-addr.arpa"

       { 
         type master; 
        file "/etc/bind/zones/rev.17.168.172.in-addr.arpa"; 
        }; 

3) Sudo gedit /etc/bind/named.conf.options:

named.conf.options file is edited to add the following IP addresses of our ISP’s DNS server. Now the file should be saved and return to the terminal.

forwarders {
              172.168.17.5
              172.168.17.1
              }; 

4) sudo nano /etc/resolv.conf:

The resolv.conf file is modified to add the IP address of our DNS server which is fixed statically to 172.168.17.5 and our domain name (fdpro.com) is fixed in search option as following way: Search fdpro.com nameserver 172.168.17.5

5) sudo mkdir /etc/bind/zones:

This command is used to create the zones.

6) sudo gedit /etc/bind/zones/fdpro.com.db:

The command is used to edit fdpro.com.db file. In this file, we have set TTL value for 3 days and created NS record for domain (fdpro.com) that defines which servers serve copies of a zone and A records for Dhcpserverpc, gw and www that maps an IP addresses to a hostname. NS record defines which servers serve copies of a zone.

7) sudo gedit /etc/bind/zones/rev.17.168.172.in-addr.arpa:

rev.17.168.172.in-addr.arpa file is edited for reverse lookup. For each A record which is configured in /etc/bind/zones/fdpro.com.db for different addresses, PTR record has been created in /etc/bind/zones/rev.17.168.172.in-addr arpa.

8) sudo /etc/init.d/bind9 restart:

Bind9 has been restarted to save our recent changes.


DHCP Configuration:

Assign a static IP to the etho interface of the DHCP server.

sudo vi /etc/network/interfaces

The IPv4 address 172.168.17.7 and the IPv6 address 2001:888:db8:1::1002 have been assigned to the eth0 interface of the DHCP server. Reboot the DHCP server in order for these changes to take effect. Install the isc-DHCP-server on the VM by executing the command.

1) sudo apt-get install isc-dhcp-server

This is a command used to install DHCP server.

2)

    {
      Sudo nano /etc/network/interfaces
      Auto eth0
      iface eth0 inet static
      address 172.168.17.7
      netmask 255.255.255.0
      gateway 172.168.17.1
      network 172.168.17.0
      broadcast 172.168.17.255
      dns-domain-nameserver 172.168.17.5
      dns-domain-search 
      fdpro.com
      }

This is used to edit the file interfaces through the path mentioned. It is used to assign the static ip address to the dhcp server.

3) Sudo /etc/init.d/networking restart

This command is used to restart the interfaces.

4) Sudo nano /etc/dhcp/dhcpd.conf

This command edits the file dhcpd file to specify various parameters of the DHCP server.

5)

Ddns-update-style none;


Option domain-name “fdpro.com”;

Option domain-name-servers 172.168.17.5;

Default-lease-time 600;

Max-lease-time 7200;

Authoritative;

Subnet 172.168.17.0 netmask 255.255.255.0

       { 
        range 172.168.17.1 172.168.17.200;
        Option routers 172.168.17.1;
        Option domain-name-servers 172.168.17.5;
        Option-domain-name “fdpro.com:;
        Option broadcast-address 172.168.17.255;
       }

The DNS server doesn’t support DDNS hence the value is kept none. The DHCP server gives a range of addresses to the client. If the server doesn’t specify any lease time, the default time taken is 600. The maximum lease time given by server is 7200.

6) Sudo service isc-dhcp-server restart

  Start the DHCP server.


Web Server Configuration:

1) Sudo apt-get install apache2

Apache2 needs to be installed for the configuration of the web server on the Linux machine.

2) gedit/etc/hosts:

This will open the editable file where we have to name the hostname of the webserver as fdpro.com.

3)cp/etc/apache2/sites-available/000-default.conf/etc/apache2/sites- available/index.html:

This command is used to create the copy of the default file with different filename as index.html.

4) gedit/etc/apache2/sites-available/index.html:

This command is used to edit the index.html file.

We add the ServerName as fdpro.com.

And ServerAlias as sapan.fdpro.com.

5) a2ensite fdpro.com

This command is used to enable the default site.

6) service apache2 restart:

This command is used to restart the server.

7) nano index.html:

Type this command in this directory: /var/www/html

This command will edit the index.html file and the page can be designed accordingly.

“sudo” needs to be added if the configuration is not done using the root.


Firewall Configuration:

We have used ufw command to enable firewall.

Following are the commands used to enable firewall.

Sudo ufw enable

1) Now we will add outbound TCP rules.

Sudo ufw allow out 25, 53, 80,110, 443/TCP

2) Now we will add outbound UDP rules.

Sudo ufw allow out 53, 67, 68/UDP

Backup Configuration:

The backup is created using crontab software. This is done in order to access the files even if the system crashes down. The following are the commands:

To create pair of public and private keys

mkdir ~/.ssh chmod 700 ~/.ssh ssh-keygen –t rsa ssh sapan@172.168.17.50 mkdir –p .ssh cat .ssh/id_rsa.pub | ssh sapan@172.168.17.50 ‘cat >>.ssh/authorized_keys’

//used to make a directory .ssh //change the permissions

//generates pair

Creating script file(backup)

sudo nano /home/xyz /backup/backup.sh cd /var/www/cp index.html /home/xyz/backup/cd /home/xyz/backup

tar czf /home/xyz/backup/backup.tar.gz ds1.fw index.html sleep 1s sync:sync 1s

scp backup.tar.gz sleep sapan@172.168.17.50:/home/sapan/ sleep 1s sync:sync

Extracting the backup file:

cd /home/sapan/sudo nano backup.sh cd /home/sapan/ tar xzf backup.tar.gz0 12 * * * bash /home/sapan/backup.sh:

Testing

[edit | edit source]

DHCP Testing:

Check if the client obtained its IP address from the DHCP by executing the following command:

    ifconfig

Also, check the logs on the client for DHCP messages:

    grep -i dhcp /var/log/syslog

DNS Testing:

Execute the following commands on the client. "nslookup" is used to query the DNS to obtain name to IP address mapping or any specific DNS record. "dig" is a networking tool that can query DNS servers for information. It uses the operating system's local Domain Name System resolver library to perform its queries.

     nslookup fdpro.com
     dig fdpro.com

Web Server Testing:

1) Type the IP Address in the URL: 172.168.17.3

2) Type fdpro.com in the URL.


Firewall Testing:

We can see 404 status for blocked clients and 200 status for unblocked clients via firewall.

Backup Testing:

Check the backup server for filesystem backups taken at the time scheduled in the crontab.

ls -lrt /home/sapan/Projects/Backup

Future Prospects

[edit | edit source]

• Security of the DNS server can be implemented, more authentication, encryption can be implemented.

• We can improve NFS, NIS and VPN for future usage.

• The level of security can be increased in future.