Jump to content

Data Networking/Spring 2014/Group 05

From Wikiversity

INTRODUCTION

[edit | edit source]

This Linux project has given us an insight knowledge of the Linux based operating system.

The project deals with the implementation of a Domain Name System Server (DNS), Dynamic Host configuration Protocol Server (DHCP), Web Server, Firewall, Backup, and some other extra add-ons that will be shown within the Configurations Section.

The aim of this project is to deliver a complete network solution where the servers and clients will be able to obtain an IP address from the DHCP server, and then with the help of our DNS Server, the users within our network should be able to successfully fetch the web page that is being host in our own DHCP server... Moreover, we will implement and configure extra networking tools to provide a robust, secure, intelligent inter-networking scheme that could be used at any company or organization.

GROUP MEMBERS

[edit | edit source]
  1. Ladapo Adekunola
  2. Mohammed Irfan Yousuf
  3. Paula Muñoz
  4. Rajat Mathur

CONFIGURATIONS

[edit | edit source]

DNS Server

[edit | edit source]

Implementation of DNS Server

[edit | edit source]

For our DNS Server we are going to use the BIND Package that stands for Berkley Internet Naming Daemon.

We have reserved in our DHCP Server the following IPv4 and IPv6 address:

  Master Server:
  * IPv4 address: 192.168.0.3
  * IPv6 address: 2607:f0d0:2001:a::3
  Slave Server:
  * IPv4 address: 192.168.0.4
  * IPv6 address: 2607:f0d0:2001:a::4

The Domain name that we will be using is:

  group5linux.com

Below are the steps that have been taken to install and configure the Master and Slave DNS Servers:

Master Server

[1] Installation

  • Install the bind9 package by using the command:
  sudo apt-get install bind9

[2] Configuration

  • Configure the default DNS caching server to forward unknown requests to other DNS servers by using the command:
  sudo nano /etc/bind/named.conf.options
   forwarders 
   {
      192.168.0.1;  #Our IP Gateway address
      8.8.8.8;
      8.8.4.4;
   };
  • Add the Forward and Reverse resolution to bind9 by editing the named.conf.local file by using the command:
  sudo nano /etc/bind/named.conf.local
  # Forward lookup Zone - Hold A records, maps hostnames to IPs
            zone "group5linux.com" 
            {
                type master;
                file "/etc/bind/zones/group5linux.com.db";
                allow-transfer { 192.168.0.4; };   #Slave DNS Server
            };
   # Reverse lookup Zone IPv4 - Holds PTR records
   # Server IP4 Address 192.168.0.3 
             zone "0.168.192.in-addr.arpa" 
             {
                 type master;
                 file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
                 allow-transfer { 192.168.0.4; };
             };
   # Reverse lookup Zone IPv6 - Holds PTR records
   # Server IPv6 Address 2607:f0d0:2001:a::3 
             zone "0.0.0.0.0.0.0.0.0.0.0.0a.0.0.0.1.0.0.2.0.d.0.f..0.6.2.ip6.arpa" 
             {
                 type master;
                 file "/etc/bind/zones/ipv6.arpa";
             };


  • Create a directory called zones under /etc/bind/ by using the command:
  sudo mkdir /etc/bind/zones
  • Create and edit the forward look-up zone file group5linux.com.db and include all the details for resolving host-names to IP addresses, by using the command:
  sudo nano /etc/bind/zones/group5linux.com.db
  • Create and edit the reverse look-up zone file rev.0.168.192.in-addr.arpa and include all the details for resolving IPv4 addresses to host-names
  • Create and edit the reverse look-up zone file ipv6.arpa and include all the details for resolving IPv6 addresses to host-names
  • Edit the file resolv.conf and include the details for our DNS server, such as domain, IPv4 and IPv6 addresses
  • Restart the bind package by using the command:
  sudo /etc/init.d/bind9 restart

Slave Server

If for any reason the primary server fails, we need a Slave Server as back up.

[1] Installation

  • Install the bind9 package the same way as we did on the Primary Server by using the command:
  sudo apt-get install bind9

[2] Configuration

  • Edit the file /etc/bind/named.conf.local by using the command:
  sudo nano /etc/bind/named.conf.local

And add the following lines for the Forward and Reverse zones:

  zone "group5linux.com" 
  {
    type slave;
    file "/etc/bind/slaves/group5linux.com.db";
    masters { 192.168.0.3; };
    allow-transfer { 192.168.0.3; };
  };
   zone "0.168.192.in-addr.arpa" 
  {
    type slave;
    file "/etc/bind/slaves/db.192";
    masters { 192.168.0.3; };
  };    
     
  • Create a directory called slaves under /etc/file/ by using the command:
  sudo mkdir /etc/bind/slaves
  • Give permission to write to this slaves directory, due that bind runs as user and it can only edit its owns file, use the following command:
   chown bind:bind /etc/bind/slaves
  • Edit the file resolv.conf and include the details for our DNS servers, such as domain, IPv4 and IPv6 addresses
  • Restart the bind package by using the command:
  sudo /etc/init.d/bind9 restart

DHCP Server

[edit | edit source]

DHCP(Dynamic Host Configuration Protocol) is a protocol that allows a server to dynamically assign an IP address to hosts within a network from a range specified by the network administrator. It also allows for assigning of static addresses to hosts within a network. This is achieved by mapping an IP address within the network but outside the range specified for the dhcp, to the mac address of the client.

Behavior of Protocol

[edit | edit source]

DHCP (Dynamic host configuration protocol) is an application layer protocol that allows a server to dynamically assign IP addresses to hosts in a network. Hence hosts can have automatic assignment of IP addresses once they connect on a network. This is the reason DHCP is often regarded as plug and play protocol. DHCP can be embodied in the four steps listed below 1.DHCP Server Discovery: This is a message sent by a client on arriving newly to a network. This message is sent within a UDP packet to port 67. Since the newly joined client has no ip address, An Ip datagram with broadcast destination IP address of 255.255.255.255 and a source ip address of 0.0.0.0. is used. The link layer receives the IP datagram and broadcasts the frame to all nodes attached to the subnet.

2.DHCP server offers: On receiving a dhcp offer message, the dhcp responds using the broadcast address of 255.255.255.255 with an offer message. The offer message contains the Ip address to be leased plus the lease time which could vary` from hours to days.

3.DHCP Request: This is the reply sent by client in response to a particular dhcp offer message. bearing in mind that multiple dhcp offer message might be received by the client, the client responds to the dhcp offer it wants to accept

4.DHCP-ACK: The acknowledgement sent by the dhcp server to client indicating that client can make use of the address offered to it.

Implementation of DHCP Server

[edit | edit source]

The DHCP server was configured following the listed steps below:

[1] Installation

  • Installed the dhcp server
  sudo apt-get install isc-dhcp-server

[2] Configurationtion

  • Edit the /etc/network/interfaces file and set up static IP address to the interface
  sudo nano /etc/network/interfaces 
               #Edit Static IP settings
               auto eth0
               iface eth0 inet static 
               address 192.168.0.2
               netmask 255.255.255.0
               gateway 192.168.0.1
               network 192.168.0.0
               broadcast 192.168.0.255"
  • Restart the Network interfaces
  sudo /etc/init.d/networking restart 
  • Set-up the dchp configuration folder stating the following:
  a. The Network 192.168.0.0/24
  b. The range 192.168.0.20 - 192.168.0.100, to be assigned dynamically to clients in the network.
  c. The static address of the dns servers: 192.168.0.3, 192.18.0.4.
  d. The Static address of the web server: 192.168.0.5    
  e. The static address of the mail server: 192.168.0.6

To add the above information to /etc/dhcp/dhcpd.conf we use the command:

  sudo nano /etc/dhcp/dhcpd.conf
  • Save and restart the dhcp configuration file.
  sudo service isc-dhcp-server restart

Web Server

[edit | edit source]

Web Server is used to host web pages. The client uses HTTP to access the HTML file stored on the server.

Behavior of Protocol

[edit | edit source]

The Web server stores all the HTML web pages in its repository. It works as a client-server model where the client uses the HTTP protocol to access the HTML files stored on the server. One of the most widely used web server is the Apache HTTP Server which is widely implemented on the UNIX operating systems. It is an open source software. HTTP has a request as well as a response. The HTTP request is initiated by the client and the server replies by an HTTP response. The different methods that are used are GET, POST, PUT, DELETE etc. HTTP’s underlying transport protocol is TCP which follows a 3-way handshake. 1.SYN 2.SYN-ACK 3.ACK There are basically 2 kinds of HTTP-

1.HTTP with no persistent connections:

After each data transfer the client-server session is terminated. In order to send another data transfer it goes through the TCP 3-way handshake. 2.HTTP with persistent connections:

The client-server session is not immediately terminated. Hence any new data transfer does not need to go through the TCP 3-way handshake for a limited period of time. HTTP uses port 80 whereas HTTPS uses port 443.

Implementation of Web Server

[edit | edit source]

[1] Installation

  • Install the apache2 server.
  sudo apt-get install apache2

[2] Configuration

  • Edit the default index.html file by going into the www folder
  cd /var/www
  sudo nano index.html
  • Type in the web server link on the client's machine and the webserver is displayed.

Firewall

[edit | edit source]

Behavior of the protocol

[edit | edit source]

Firewall is a software based security that protects its network from the outside world. It is a set of specific rules that are implemented on the firewall according to the needs of the organization. Usually ports like HTTP, SSH is kept open and the rest of the ports are blocked for security purposes.

Implementation of Firewall

[edit | edit source]

[1] Configuration

  • At first allow all connections.
  sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  • Allow traffic on specific ports. port 80 for http and port 22 for ssh.
  sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  • Lastly block the remaining ports for security.
  sudo iptables -A INPUT -j DROP
  • We need to allow loopback.
  sudo iptables -I INPUT 1 -i lo -j ACCEPT

Backup

[edit | edit source]

The backup of the web server is taken and kept in the backup server. The protocols used are rsync and ssh. Rsync is a network protocol that is used to synchronize files in ubuntu. It updates only that data that is not synchronized with the backup file. It zips the file and hence reduces the network load. Ssh protocol provides a secure channel to send and receive files on Unix machines since they use encryption and decryption at the end users. Crontab is a tool used to automate commands that can be scheduled to run periodically without the network administrator’s intervention.

Install rsync

 sudo apt-get install rsync

Install ssh

 sudo apt-get install openssh-server

Since we are using ssh, create a public and a private key for security.

 ssh-keygen -t rsa -b 1000

Now copy this id into the web server so that the web server is acquainted with the backup server

 ssh-copy-id -i /root/.ssh/id_rsa.pub webserver@ipaddress

Edit the crontab

 crontab –e

Delete the crontab if it exists from before

 crontab –r

Run the rsync command from the crontab to automate the backup of the webserver using Rsync

 rsync -avzh -e ssh webserver@ipaddress:/var/www /home/backupserver/DestinationFolder

VPN Server

[edit | edit source]

• Package Used: pptpd

pptpd is the Poptop PPTP daemon, which manages tunneled PPP connections encapsulated in GRE using the PPTP VPN protocol. Contain features such as IP addressing management and TCP wrappers if compiled in. [9]


• Commands used:

[1] Installation

Update the ubuntu repository

  sudo apt-get update 

Install pptpd:

 sudo apt-get install pptpd
  

[2] Configuration

Once pptpd package has been installed, we need to edit the /etc/pptpd.conf file and modify the ‘localip’ and ‘remoteip’ settings by using the command:


We need to configure the pptpd.

  sudo nano /etc/pptpd.conf

Add server IP and client IP at the end of the file. You can add like below:

  localip 192.168.0.7
  remoteip 192.168.0.1-149

Edit the chap-secrets file, and include the usernames and passwords for the usernames that will connect to the VPN by using the command:

  sudo nano /etc/ppp/chap-secrets

Restart the PPTP/VPN server for the changes to take effect, by using the command:

  sudo /etc/init.d/pptpd restart

As of right now we have configure the VPN Server, now we need to edit Firewall to allow the traffic and connection to the VPN, we can type the following lines:

  sudo ipables –t nat –A POSTROUTING –s 192.168.0.0/24 -0 eth0 –j MASQUERADE
  sudo iptables -A FORWARD -i ppp+ -o eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
  sudo iptables -A FORWARD -o ppp+ -i eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT

Edit the file /etc/sysctl.conf , by using the command:

  sudo nano /etc/sysctl.conf

Uncomment the following line:

  net.ipv4.ip_forward=1

Uncomment the following line:

  net.ipv4.ip_forward=1

Mail Server

[edit | edit source]

Every mail that is sent or received has to go through the mail server. It is the place where all the mails are stored.

When the sender sends the receiver a mail, at first the sender’s user agent uses the SMTP protocol to push the mail to its own mail server. The sender’s mail server will then use SMTP and send the mail to the receiver’s mail server. The receiver’s user agent will have to use IMAP or POP3 to fetch the mail from the mail server since SMTP is a push protocol, whereas POP3 and IMAP are pull protocols.

POP3 and IMAP are used to fetch mails from the mail server. POP3 uses 110 and IMAP uses 143.

SMTP is used to send mails from the mail server to other mail servers. SMTP uses the 25 port.

Install the mail server agent

 sudo apt-get install postfix

Configure the postfix package and accept the defaults

 sudo dpkg-reconfigure postfix

Change to maildir format

 sudo postconf -e "home_mailbox = Maildir/"
 sudo postconf -e "mailbox_command = "

Put the network of the localhost and domain

 sudo postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"

Restart the postfix MTA

 sudo  /etc/init.d/postfix restart

Installing the mail delivery agent courier

 sudo apt-get install courier-imap

Install the mailutils

 sudo apt-get install mailutils

Create directory for the users

 sudo maildirmake /etc/skel/Maildir
 sudo maildirmake /etc/skel/Maildir/.Sent
 sudo maildirmake /etc/skel/Maildir/.Trash

Create username and password for test user

 sudo useradd -m -s /bin/bash testuser
 sudo passwd testuser

Install apache web server and the squirrelmail webmail

 sudo apt-get install apache2 squirrelmail

Configure squirrel mail by selecting Dovecot

 sudo squirrelmail-configure

Use the a2ensite tool to configure squirrelmail

 sudo a2ensite squirrelmail

Restart the apache webserver

 sudo /etc/init.d/apache2 force-reload

NFS Server

[edit | edit source]

Network File System is an application layer protocol developed by Sun Microsystems in 1984. It is basically used to share files in Linux/Unix based OS. The working of NFS protocol include mounting process. In client-server model, all the clients can easily access the data stored in the server called as mounting. This protocol is easy to implement as it’s an open source and in defined in RFC 1094. Many versions of NFS came upgraded and also many RFC came for the updated version of NFS. To configure and implement NFS in Linux machine we used the concept of RSA algorithm. Both the NFS client and NFS server exchange the keys and only when files to share are mounted onto client’s machine.

Package Used: nfs-kernel-server

NFS (Network File System) that allow us to 'share' a directory located on one networked computer with other computers/devices on that network. The computer 'sharing' the directory is called the server and the computers or devices connecting to that server are called clients. The clients 'mount' the shared directory, it becomes part of their own directory structure.

 Commands used:

[1] Installation

o Update the ubuntu repository

    sudo apt-get update

o Install NFS by command

    Sudo apt-get install nfs-kernel-server

[2] Configuration

o Execute ‘Pwd’ to see present working directory.

o Make directories to export

  sudo mkdir sharegroup5
  sudo mkdir shareirfan
  sudo mkdir sharepaula

o See the list of the files under present directory by

  ls –l

To enable both read and write permission on sharegroup5 use command

  sudo chmod 777 sharegroup5

o Again see the list of files to see highlighted sharegroup5

o Edit /etc/exports by command

  sudo nano /etc/exports

o Add directories to be exported to NFS client by writing

 /home/rajatserver/sharegroup5 192.168.0.0/255.255.255.0(rw,sync)
 /home/rajatserver/shareirfan 192.168.0.0/255.255.255.0(rw,sync)
 /home/rajatserver/sharepaula 192.168.0.0/255.255.255.0(ro,sync)

o Export the file system now

 sudo exportfs –a

o Restart the NFS server by command

 sudo /etc/init.d/nfs-kernel-server restart

o NFS CLIENT:

o Install client tools for mounting NFS file system

 sudo apt-get install nfs-common

o Make a folder under home directory named as MOUNT

o To mount network share with nfs4 use the command

 sudo mount –t nfs4 –o proto=tcp,port=2049 192.168.0.9:/home/rajatserver/sharegroup5 MOUNT

o The directory sharegroup5 is now mounted to MOUNT folder. We can go there in the folder and can delete files and add files to it.

o Now, unmount the mounted folder by using command

  sudo umount MOUNT

o After unmounting we can mount any new directory to it.

Network Time Protocol

[edit | edit source]

Network Time Protocol is a clock synchronization protocol. It is basically implemented in a client-server model. NTP is implemented using the concept of Marzullo’s algorithm. The first rfc for NTP was RFC 958. It is built over UDP transport service i.e. connectionless service. The working of NTP allows synchronizing the time among all the clients connected to server in client-server model keeping the same date on every single machine.

Package Used: ntp

NTP (Network Time Protocol, it is used for time synchronization.

 Commands used:

[1] Installation

o Update the ubuntu repository

  sudo apt-get update

o To install NTP use the command

  sudo apt-get install ntp

[2] Configuration

o Edit the file /etc/ntp.conf by running command on terminal

 sudo nano /etc/ntp.conf

o Servers can be added and removed by editing the above file.

o Server 192.168.0.5

o 4After saving the file restart the server by command

 sudo /etc/init.d/ntp restart

o To see the status of synchronization run command

  sudo ntpq -p

FTP Server

[edit | edit source]

File Transfer Protocol is an application layer protocol which allows different users in network to transfer files between them. This protocol uses two different connections in its working i.e. control and data connections using port number 20 and 21. [FTP] is defined in rfc 959. This allows any computer connected to a TCP/IP based network to manipulate files on another computer on that network regardless of which operating systems are involved.

FTP SERVER

1. Install the FTP packages by command

   sudo apt-get install vsftpd

2. Edit the /etc/vsftpd.conf file

   sudo nano /etc/vsftpd.conf
   

3. Add 2 lines in the files as follows

  local_enable=YES
  write_enable=YES
  Save this file.

4. Make a group and add users to it by commands

  groupadd ftp users
  useradd -g ftp-users -d /home/rajatserver/ftp files user
  passwd user

5. Restsrt the server

   /etc/init.d/vsftpd restart

FTP CLIENT

1. ftp x.x.x.x

2. Enter username and password

3. get file

TESTING

[edit | edit source]

To test our implementation we have used a Linksys switch, where we can connect up to five hosts, we brought our own Ethernet cords, and for the period of about two weeks, the members of the team met to test the implementation and to track progress… Initially we had test the DHCP Server, along with the Web Server, then we tested the DNS server, however we were experiencing issues due that the Network Manager was uninstalled on that host, and for this reason we had to install a new Virtual Machine and reconfigure the Master DNS Server, Once we had our DCHP Server, Web Server and Master DNS working, we started implementing extra add-ons as well as the Slave DNS Server.

Some of the commands that were used during the testing process were:

  • To detect errors when performing configuration we used the command: tail /var/log/syslog
  • dig
  • ping
  • nslookup
  • ifconfig

PROGRESS UPDATE

[edit | edit source]
  1. We have successfully configured master DNS server. It is able to provide hostname to IP translation.
  2. Slave DNS server is also implemented successfully to get activated whenever master DNS goes down.
  3. The configuration of DHCP has been completed. It is successfully providing IP addresses to client and other machines.
  4. Web Server is installed and configured to reply with web pages requested by the client.
  5. Security is enabled on server by activating firewall. Implementation of ip tables is done to allow and block as per rules added.
  6. Back-up has been implemeted and tested successfully.
  7. Several Add-ons have been implemented in our project to provide diffrent network services to the users within the network which includes VPN, NFS, NTP, FTP. All these add-ons are implemented successfully.
  8. Mail server has been implemented and tested successfully.

REFERENCES

[edit | edit source]

1. https://help.ubuntu.com/12.04/serverguide/index.html

2. http://www.green-ebookshop.net/computer-networks-6th-edition-kurose-ross/

3. https://www.digitalocean.com/community/articles/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04

4. http://xmodulo.com/2014/03/how-dns-works.html

5. https://help.ubuntu.com/community/MailServer

6. http://whatis.techtarget.com/definition/Web-server

7. DNS Information - http://www.thegeekstuff.com/2013/12/dns-basics/

8. http://compnetworking.about.com/od/vpn/a/vpn_tutorial.htm

9. https://www.isc.org/downloads/dhcp/

10. http://en.wikipedia.org/wiki/Apache_HTTP_Server

11. http://www.tecmint.com/sync-two-apache-websites-using-rsync/

12. https://help.ubuntu.com/community/MailServer

13. https://www.digitalocean.com/community/articles/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04

14. https://en.wikipedia.org/wiki/Network_File_System

15. http://manpages.ubuntu.com/manpages/hardy/en/man8/pptpd.8.html

16. RFC958 - http://tools.ietf.org/html/rfc958