Jump to content

Data Networking/Fall 2015/XHDB

From Wikiversity

Group Members

[edit | edit source]
Xiang Cheng
Huiyu Huang
Danlei Liang
Bowei Zhou

Motivation

[edit | edit source]

The project is to establish the internal network and provide relative functions for a company. This project help us understand the theory of the DHCP, DNS, Web Server and so on. While building this network,it showed various things that happen in today's networking world. To finish this project we improve our understanding on the different protocols and we become familar with Linux and solving various real time problems which we met. It also help us to deal with a problem, work as a team and learn various skills.

Understanding the Protocol

[edit | edit source]

The full name is Dynamic Host Configuration Protocol. The isc-dhcp-server module is used to provide the DHCP service. The DHCP server is used to set the IP addresses pool to assign the IP address to client automatically in this network. All IP addresses of all computers are stored in a database that resides on a DHCP server machine.

DNS - Domain Name Service (DNS) is a distributed database implemented in a hierarchy of DNS server and it is an application-layer protocol that allows hosts to query the distributed database. In this way, DNS alleviates the need to remember IP addresses. Computers that run DNS are called name servers. The DNS protocol runs over UDP and uses port 53. DNS is employed by HTTP to translate domain name into ip address.

WEB SERVER

[edit | edit source]

Web Server is used to store HTML files. To fulfill the request from clients, web server will response to clients with certain .HTML files. The HTML file, lines of codes, is translated by web browser as a web page and presented to client. Clients usually use web browser, like chrome, or firefox in Linux, and type in a URL in address field to get the web page from web server.

FIREWALL

[edit | edit source]

Firewall is setup on web server for secure matters. If the fire wall is enabled, no one would have the accessibility to servers except some clients and some kinds of services specified by firewall rules. Without active enabling the firewall, anyone could access server and do whatever they like, which would be a horrible situation.

BACKUP

[edit | edit source]

Backup is a very useful way to protect and recover lost data. It will copy all data of daily works in current server and send it to another server in remote. As server is a busy machine as clients increases ad it is possible for the server to crashed by heavy work. Back up is necessary to protect both server and data it generated.

VPN- virtual private network (VPN) extend a private network that can run over the public network.

NIS-network information service(NIS) produces a network lookup service including the service of databases and process.

NFS-network file system(NFS) allow the laptop to mount a disk partition into a remote device as even it is a local disk. Its provides fast files sharing across the same network.

NTP-network time protocol(NTP) is a kind of protocol which is used to synchronize the clocks of computers to some time reference.

MAIL SERVER

[edit | edit source]

A mail server is a server that handles and delivers e-mail over a network, usually over the Internet. A mail server can receive e-mails from client computers and deliver them to other mail servers. A mail server can also deliver e-mails to client computers. Every email that is sent passes through a series of mail servers along its way to its intended recipient. Although it may seem like a message is sent instantly - zipping from one PC to another in the blink of an eye - the reality is that a complex series of transfers takes place.

Requirements

[edit | edit source]

We have set up DNS master server, DNS slave server, DHCP server, WEB server and a client in a computer, connecting with host only.

For DNS server:
i. Assigned the static ip address for the server
ii. Assigned bind9 dns server
iii. Created 5 type A records
iv. Used both ipv4 and ipv6 address in my implementation of records
v. Created reverse domains in in-addr.arpa and ipv6.arpa
vi. Configured the slave DNS server that can automatically update with master DNS server

For DHCP server:
i. Assigned the static ip address for the DHCP server
ii. Used ipv4 and ipv6 address
iii. Allocated dynamic network address to the client
iv. The client-server protocol

For web server & firewall
i. Assigned the static ip address for the web server
ii. Created a basic page to the server
iii. The page is accessible for the client
iv. The page is security

For back up:
i. Automated the process of backing up the data
ii. Backup file has been zipped and sent to the different server
iii. Backup file has transferred automatically

Steps to perform the setup / installation

[edit | edit source]

DHCP Server

[edit | edit source]
DHCP sever for IPv4
[edit | edit source]

Firstly, install the isc-dhcp-server.
sudo apt-get install isc-dhcp-server
Then begin to configure the dhcp server.
To Assign IP addresses dynamically, change the /etc/dhcp/dhcpd.conf file,
default-lease-time 600;
max-lease-time 7200;
Then set the network with mask and give the range that can be assigned, along with the IP addresses of the router and dns server in the network:
subnet 192.168.22.0 netmask 255.255.255.0 {
range 192.168.22.10 192.168.22.30;
option routers 192.168.22.1;
option domain-name-servers 192.168.22.11;
option domain-name-servers 192.168.22.12;
} The DHCP server would give the client an IP address from the range 192.168.22.10-192.168.22.30 in an address pool. It will lease an IP address for 600 seconds, and the maximum lease is 7200 seconds if the client or server makes a special request. The server also gives the client the subnet mask 255.255.255.0; the broadcast address 192.168.22.255; the gateway address 192.168.22.1; 192.168.22.11 as its master DNS server and 192.168.22.12 as its slave DNS server.
The fixed address is assigned to this server.
By using MAC address method can achieve reservation – reserve some of the machines or all the machines with fixed IP address. We set fixed IP addresses for master DNS server (192.168.22.11), slave DNS server (192.168.22.12) and web server (192.168.22.30).
Then, restart isc-dhcp-server.
sudo /etc/init.d/isc-dhcp-server restart

DHCP server for IPv6
[edit | edit source]

Firstly, install the radvd.
sudo apt-get install radvd
After istallation, we could create proper configuration in the file ‘/etc/radvd.conf’.
And we need to modify the file ‘/etc/sysctl.conf’ to enable IPv6 forwarding by removing the ‘#’ in front of ‘net.ipv6.conf.all.forwarding=1’. Also run this to make the change in the running kernel ‘sysctl –w net.ipv6.conf.all.forwarding=1’.
Then we could restart the radvd by donging ’service radvd start’. At this time, client in the network will be assigned an IPv6 address.

DNS Server

[edit | edit source]
DNS Master Server
[edit | edit source]

1. Install bind9
Install DNS on the device using Ubuntu bind9 packet.
Give the server a static ip address.
Command:
Sudo apt-get install bind9
Nano /etc/network/interfaces

2. Forward zone(ipv4 and ipv6)
Add a DNS zone to bind9 and turn bind9 into a primary master server
Edit /etc/bind/named.conf.local
Allow transfer to the slave server
Command:
Nano named.conf.local
Zone “www.chengx.com”{
Type master;
File “/etc/bind/db.www.chengx.com”;
Allow-transfer { 192.168.22.12; };
};

use an sample zone to edit the database db.local
copy the sample into the special database
command:
cp /etc/bind/db.local /etc/bind/db.www.chengx.com

edit the new zone file db.www.chengx.com
change the localhost to the FQDN of the server
leaving the additional “.” at the end

add 4 more forward type A record as below

3. Reverse zone file(ipv4)
Set up the zone to resolve name to ip address
Edit /etc/bind/named.conf.local
Command:
Zone “22.168.192.in-addr.arpa”{
Type master;
File “/etc/bind/db.192”;
Allow-transfer { 192.168.22.11; };
};

create the /etc/bind/db.192 file
command:
cp /etc/bind/db.127 /etc/bind/db.192

create the PTR record

4. Reverse zone file (ipv6)
Add ipv6.arpa in named.conf.local
Command:
Zone “3.3.3.3.2.2.2.2.1.1.1.1.0.c.e.f.ip6.arpa”{
Type master;
File “/etc/bind/db.ipv6”;
};

add db.ipv6 files
command:
cp db.127 db.ipv6

5. Restart the bind9
Command:
Sudo service bind9 restart

Slave DNS Server
[edit | edit source]

1.assigned the static ip address
command: nano /etc/network/interfaces
2. edit the named.conf.local
add the forward zone and the reserve zone
command:.
zone "www.chengx.com"{
type slave;
file "db.www.chengx.com"
masters { 192.168.22.11; };
};

zone "22.168.192.in-addr.arpa"{

       type slave;
  
       file "db.192";
      
       masters {192.168.22.11; };

};

Web Server

[edit | edit source]

install apache2 as web server:
sudo apt-get install apache2
set 192.168.22.20 as the address of web server
restart network interface:
sudo /etc/init.d/networking restart
restart webserver:
sudo /etc/init.d/apache2 restart
homepage modification:
cd /var/www/ls
sudo nano index.html

Firewall

[edit | edit source]

use command ufw to configuration firewall
without install the firewall, it will work as long as it was default in ubuntu
enable firewall:
sudo ufw enable
sudo ufw allow ssh/tcp
allow client to get web page from server via port 80:
ufw allow 80
to show the firewall status:
ufw status numbered
disable firewall:
ufw disable
we can also allow request from certain ip address client through certain port number:
ufw allow IN from 192.168.22.17 to any port 80
once the firewall is enabled, all incoming packets will be blocked except firewall rules, and all outgoing packets will still be allowed by default.

Backup

[edit | edit source]

Make the server can backup everyday automatically on other host.
There are 3 parts:
Mysql Database, rsync and cron
It is able to manage data of web server.
Installation command:
sudo apt-get install mysql-server

To check whether the Mysql server is running:

sudo netstat -tap | grep mysql
sudo nano /etc/mysql/my.cnf then change bind-address =192.168.22.20
Then restart:
sudo service mysql restart


Copy the files in Web Server to ~/home.
mysqldump -u root -p 44 -h --all-databases > /cheng01.sql
Rsync with ssh:
Install ssh command:
sudo apt-get install openssh-server
sudo ssh-keygen
In Client side terminal: ssh web1@192.168.22.20
then input password.


In Server side terminal: ssh cheng198901@192.168.22.17
then input password.



Rsync Command:
rsync -avz -e --delete -e /cheng01.sql cx198901@192.168.22.17:~backup




Cron
Install command:
sudo apt-get install gnome-schedule
sudo crontab -e
Edit the file crontab
crontab -e
10 00 * * * bash -x /home/backup.sh

Add-ons

[edit | edit source]

Set up the PPTP VPN server by installing pptpd package and then edited conf, chap-secrets, rc.local and sysctl files.
Connected the client to the VPN server.

Add the client name and IP addresses to /etc/hosts.
Add the line to host.allow,
portmap ypserv ypbind : list of IP addresses
list of IP addresses is a list of IP addresses that consists of the server and client.
sudo apt-get install portmap nis
Edit the file /etc/passwd, the file /etc/group, the file /etc/shadow and /etc/yp.conf.
Then restart NIS:
/etc/init.d/nis restart

Install nfs-kernel-server in the server:
sudo apt-get install nfs-kernel-server
Edit file /etc/exports,
Find the following lines,
/ubuntu *(ro,sync,no_root_squash)
/home *(rw,sync,no_root_squash)
Replace * with the hostname formats. For security, make the hostname declaration specific, so
other unwanted systems cannot access the NFS mount.
Start the NFS server,
sudo /etc/init.d/nfs-kernel-server start
Install nfs-common in the client:
sudo apt-get install nfs-common
Mount a shared NFS directory from another machine

sudo apt-get install ntp
Then edit the file /etc/ntp.conf.

Mail Server
[edit | edit source]

Postfix is used for Mail Transfer Agent.
PostfixAmavisNew is used for Mail filtering.
Dovecot is used for Mail Delivery Agent.
OpenWebMail is used for Webmail.
Mailman is used for Mailing lists.
Configure all relative files.

Testing

[edit | edit source]

We connected all the modules in different virtual machines with host-only mode on the same computer.
DNS testing was done using dig command on the client. The nslookup resolved to IP in the system. On the client the uRL https://www.chengx.com was accessed and it resolved to webpage was delivered in the client.
DHCP was tested by checking the propor IP address assigned to the client on the internal network.
Webserver was tested by accessing the link on the client machine.
Backup was scheduled to update automatically and its is visible on the remote server where the backup file has to be located in the zip format.
The VPN can be tested after configuring the VPN on the server and then establishing the connection between the client and the server. By using point-to-point encryption, the connection can be established between the server and client. Also, the default gateway needs to be mentioned for both.
We have used 'df -h' command to check the available disk space on our client server. We have checked the NFS sever manually by creating a file in the server’s home location. And then if we check in the clients mounted location, we can see that the file that has been created in the server is already mounted to the client. So the NFS server's testing is done.
To check the NIS server the command is 'rpcinfo -p localhost'. This will show the all running NIS servers components on the machine. The list will consist of the program id, protocol, port number and server name.
The mail server was configured in the Webserver. Two users were created in the Mail server. One user was logged in and a mail was sent from the one user to another user. The one user was logged out and another user was logged in. The mail was received by the another user. This shows that the mail server was properly configured.

Future improvements

[edit | edit source]

Use backup server with encryption for sercure protection.
Use IPv6 on DHCP and DNS server for future use.
The number of parallel connections to a server per client can be restricted using iptables.
Improve the functions of the mail server.

Citations

[edit | edit source]

1. http://blog.csdn.net/
2. www.help.ubuntu.com
3. www.google.com
4. www.baidu.com
5. www.youtube.com