Data Networking/Fall 2016/WTJ
WTJ for (Pan Wu, Jiayi Tong and Shi Ji)
Introduction
[edit | edit source]This page is about our Linux project which creates a small networking environment including DNS server, DHCP server, Web server&Firewall and backup. Futhermore, the add-on parts are also be finished successfully. The process will be explained in details as following sections.
Behaviour of Protocols
[edit | edit source]Domain Name System
[edit | edit source]i. Assigned the static IP address for the server.
ii. Assigned bind9 DNS server.
iii. Created 5 type A records.
iv. Used both ipv4 and ipv6 address in my implementation of records.
v. Created reverse domains in in-addr.arpa and ipv6.arpa.
vi. Configured the slave DNS server that can automatically update with
master DNS server.
Dynamic Host Configuration Protocol
[edit | edit source]i. Assigned the static IP address for several important servers like web server and DNS server.
ii. Used ipv4 and ipv6 address pool.
iii. Allocated dynamic network address to the clients
.
iv. The client-server protocol .
v. Set the IP address leasing time for clients.
Webserver & Firewall
[edit | edit source]i. Assigned the static Ip address for the web server.
ii. Created a basic page to the server, and used phpmyadmin to manage web server database.
iii. The page is accessible for all other hosts .
iv. Set the firewall for webserver by using iptables.
Back up
[edit | edit source]i. Automated the process of backing up the data.
ii. Backup file has been zipped and sent to the different server.
iii. Backup file has transferred automatically.
Add-on
[edit | edit source]i. Used scapy to complete arpspoof and let client have a wrong arp cache for webserver, so the client will wee a Hacked Web-Page when it request to the original webserver.
ii. Used openswan to set up a IPSec VPN tunnel that one host can connect to the other host which in the different subnet.
iii. Used the NFS to make two clients share file.
Commands used
[edit | edit source]DHCP
[edit | edit source]Step1: Install DHCP server package
Command:
sudo apt-get install isc-dhcp-server
Step2: configure DHCP server
Step2.1:configure file: /etc/default/isc-dhcp-server to change the default interface to our machines interface.
Command:
sudo vim /etc/default/isc-dhcp-server
INTERFACES="ens33
Step2.2:configure file: /etc/dhcp/dhcpd.conf, there are several places we need to change.
1.Set up lease time for clients and set up domain name
Command:
option domain-name-servers ns.wupapa.com;
option domain-name "wupapa.com";
default-lease-time 600;
max-lease-time 7200;
2. Set up the network with mask and assign the range of IP, along with the IP addresses of the router and dns server in the network:
Command:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
option routers 192.168.1.2;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name-servers 192.168.1.7;
option ntp-servers 192.168.1.7;
option netbios-name-servers 192.168.1.7;
option netbios-node-type 8;
}
3. Then we set the several reserving IP address for particular clients and servers.
Command:
host client {
hardware ethernet 00:0c:29:04:12:4b;
fixed-address 192.168.1.5;
}
host dns {
hardware ethernet 00:0c:29:87:1b:85;
fixed-address 192.168.1.7;
}
host web {
hardware ethernet 00:0c:29:18:86:10;
fixed-address 192.168.1.1;
}
4. We set a static IPv4 and IPv6 address for interface ens33 of the DHCP server
5. Then set IPv6 DHCP server
5.1
Command:
sudo vi /etc/sysctl.conf
net.ipv6.conf.all.forwarding = 1
sudo sysctl -p
5.2 configure interface ens33 with ipv6
Command:
sudo apt-get install radvd
sudo vi /etc/radvd.conf
sudo /etc/init.d/radvd restart
6. Finally, restart DHCP service
Command:
sudo service isc-dhcp-server restart
DNS
[edit | edit source]1. Master DNS server
1) Firstly, We need to install the DNS server by type
Command:
sudo apt-get install bind9
2) Secondly, we can define some zones that provide the domain name and the type of the dns server.Then, a domain name “wupapa.com” is defined as shown as the following figure. The IPv6 zone and the reverse zone are also defined.
Command:
sudo vi /etc/bind/named.conf.local
3)Thirdly, changing the data files in the created zone file. The local file which contains the initial data would be copied to the created file. For example, the zone file our group created is “db.wupapa.com". Then, the initial data could be changed by using vi editor. The following figure shows the designed data file.
Command:
sudo cp /etc/bind/db.local /etc/bind/db.wupapa.com
4)Then, the reverse zone file also could be modified. Copy the file to the created reverser zone file.
Command:
sudo cp /etc/bind/db.127 /etc/bind.db.wupapa.rev
5)Fourthly, we need to define the default “resolv” file.
Command:
sudo vi /etc/resolv.conf
6) The last move for the master DNS server is restart this server.
Command:
sudo service bind9 restart
2. Slave DNS server
The setting of slave DNS is shown below. There is no need to define the data file in the defined zones. It will be updated by the master DNS server. The only thing we need to do is create the slave zone for the DNS server.
Web server & Firewall
[edit | edit source]1. Set up LAMP environment for web server
In this section, i used LAMP to configure the web server. LAMP stack is a group of open source software that are used to get web servers running. The acronym stands for Linux, Apache, MySQL, and PHP.
1.1 Install apache2
Command:
sudo apt-get install apahce2
1.2 Install mysql and active it
Command:
sudo apt-get install mysql-server
sudo mysql_install_db
1.3 Install PHP
Command:
sudo apt-get install php5 libapache2-mod-php5
1.4 Start web server
Command:
sudo service apache2 restart
2. Set up our own home page for web server
Command:
sudo vi /var/www/html/index.html
3. Test web server using other clients
After typing in the IP address of web server, the home page was shown. It means the web server works.
4. Firewall
In this section, the "ufw” program is used as the firewall function.
1) install the "ufw" program
Command:
sudo apt-get install ufw
2) Changing the setting of "ufw"
Command:
sudo ufw enable
sudo ufw default deny
3) For example, deny a IP address
Command:
sudo ufw deny from 192.168.1.14 to any
Back up
[edit | edit source]1. With the use of python, it backs up web data and database.
Command:
sudo mkdir mysql_data
touch /mysql_data/mysql_databak.sh
sudo vi /mysql_data/mysql_databak.sh
Then edit the mysql_databak.sh
Command:
sudo chmod +x /home/mysql_data/mysql_databak.sh
2. Set up a process that data backs up automatically
Command:
sudo crontab -e
Achieved timing mission by using crontab.
The screen shows 47 * * * * ./mysql_data/mysql_databak.sh. It indicates the server will automatically run the script file mysql_data.sh each hour. It means web configuration file and database of web server will be backup hourly.
3. Automatically send backup file to other servers
1) In this part, We used scp command to transmit a file to other hosts.
Command:
scp -r mysql_data/ wupan@192.168.1.5:~
2) Not only we need to fulfill the function that file will send to other hosts manually, we should also set up the process that can run automatically.
First, we set these two transmitting files hosts without password.
Command:
ssh-keygen -b 1024 -t rsa
scp -p .ssh/id_rsa.pub wupan@192.168.1.5:/home/.ssh/authorized_keys
By using these two command lines above, we transfer our file between two hosts without passwords.
Finally, the "scp" command is used into crontab.
Testing
[edit | edit source]DHCP Test
[edit | edit source]Check the DHCP server is running or not
Command:
sudo service isc-dhcp-server status
This command is looking at the DHCP is active or not
DNS Test
[edit | edit source]1. nslooup
We can use nslookup to find the ip address of a hostname
Command:
sudo nslookup hostname
2. host
We also can use "host" to find both ipv4 address and ipv6 address of a hostname
Command:
sudo host hostname
3. dig
Web server Test
[edit | edit source]Check the web server's status
Command:
sudo service apache2 status
Firewall Test
[edit | edit source]Command:
sudo ufw status
scapyTest
[edit | edit source]Look at the arp of the computer
Command:
arp
VPN tunnel Test
[edit | edit source]Check the status of the VPN tunnel
Command:
sudo ipsec statusall
nfs Test
[edit | edit source]Command:
mkdir /opt/myfolder test.txt
Future improvements
[edit | edit source]1) Improve the security, make it more robust.
2) Improve the interface of the Web server, and add some other functions.
3) Add Mail Server to improve the whole system.
Reference
[edit | edit source]Books Referred:
1. Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross
Web Referred:
1. http://cn.linux.vbird.org/linux_server/0250simple_firewall_5.php
2. http://www.educity.cn/os/1769477.html
3. http://www.cnblogs.com/general0878/p/5757377.html
4. http://www.linuxdiyf.com/linux/23299.html
5. https://zhuanlan.zhihu.com/p/22196547?refer=xh-coding
6. http://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns-lan-redirect-traffic-your-fake-website-0151620/
7. http://blog.csdn.net/bytxl/article/details/26212757
8. https://linux.cn/article-4224-2.html
9. http://www.linuxdiyf.com/linux/23018.html
10. http://www.2cto.com/os/201304/206478.html
11. https://www.howtoforge.com/tutorial/strongswan-based-ipsec-vpn-using-certificates-and-pre-shared-key-on-ubuntu-16-04/
12. https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04
13. https://help.ubuntu.com/community/BIND9ServerHowto
14. http://askubuntu.com/questions/330148/how-do-i-do-a-complete-bind9-dns-server-configuration-with-a-hostname
15. http://www.krizna.com/ubuntu/configure-dns-server-ubuntu-14-04/