Data Networking/Fall 2013/Group-18 Linux project

Welcome to the Group18_TSM_FALL2013 Wiki Page

Team mates

edit

1. Aniket Muchandi
2. Philippe Yameogo
3. Sai Krishna Jonnalagadda
4. Hemanth

Motivation

edit

Linux is one of the major and Popular Operating System Software's in the world. Mainly, because of its nature and structure this OS is adapted by many companies to create and manage their Products and Services. It was so successful from its inception because of its Open Source Nature. This is our motivation to create a Personal Area Network using this OS, to get familiarized with the LINUX and to acquire knowledge in that Software.

Understanding the Protocol

edit

The protocol Architecture and implementation learned in the theory should be able to implement practically

The Requirements

edit

The LINUX based OS workstations and bind9 for dns server, apache2 for web server and dhcp-server for the DHCP server.


Dynamic Host Control Protocol (DHCP):


Dynamic Host Control Protocol is a standard networking protocol that dynamically configures IP addresses from the pool of IP addresses it has.

Steps to Perform the Initialization

edit

Configuring and DHCP Server:
* Step 1:Install DHCP Server
Commands:

               sudo apt-get install isc-dhcp-server

* Step 2:Assign Static IP address to the interface
Commands:

                sudo nano /etc/network/interfaces 
                Change lo to either eth0 or wlan0 and loopback to static 
                auto eth0
                iface eth0 inet static 
                address 192.168.60.2
                netmask 255.255.255.0
                gateway 192.168.0.1
                network 192.168.0.0
                broadcast 192.168.0.255"

* Step 3:Restart the Network Interfaces
Commands:

                sudo /etc/init.d/networking restart 

* Step 4:Configure the DHCP Server with required range of Leasable IP address
Commands:

                  sudo nano /etc/dhcp/dhcpd.conf
                   ddns-update-style none;
                   subnet 192.168.60.0 netmask 255.255.255.0 {
                   range 192.168.60.100 192.168.60.110;
                   option domain-name-servers unix.project.hom, 192.168.60.3;
                   option domain-name "project.hom";
                   option routers 192.168.60.1;
                   option broadcast-address 192.168.60.255
                   default-lease-time 600;
                   max-lease-time 7200;
                   }

* Step 5:Edit the resolv.conf file
Commands:

                   sudo nano /etc/resolv.conf 
                   nameserver 192.168.60.3

* Step 6:Start the DHCP Server
Commands:

                  sudo service isc-dhcp-server restart

DHCP configuration for IPV6 ̈Step1ː Install radvd to build IPv6 DHCP server.
Command

            sudo apt-get install radvd

̈Step2ːEdit the files in /etc/dhcp/dhcp6.conf

             default-lease-time 600;
             max lease time 7200;
             subnet6 2001ːdb8ː0ː1ːː/64 {
             # range for clients 
             range6 2001ːdb8ːbeefː53ːː10 2001ːdb8ːbeefː53ːː20;
             option dhcp6.name server 2001ːdb8ːbeefː53ːː3;   
             option dhcp6.domain-search "project.hom";
             }

̈Step3ː Edit the files in /etc/radvd.conf

               Interfaces eth0 {
               AdvSendAdvert on;               #
               AdvManagedFlag on;
               AdvOtherConfigFlag on;
               Prefix 2001:db8:0:1::/64 {
               AdvAutonomous on; };
               };

Step4ː In order to enable forwarding in ipv6
command

               sudo sysctl –w net.ipv6.conf.all.forwarding=1

DNS Server


A DNS server translates hostnames like www.myname.com into numerical IP addresses like 162.163.164.165 which computers understand. Here is how to configure a DNS server:

*Step1: Install bind9
Command:

                sudo apt-get install bind9          

*Step2: Assign a static IP to your network interface
Commands:

                sudo nano /etc/network/interfaces
                
                auto eth0
                iface eth0 inet static
                 address 192.168.60.3
                 netmask 255.255.255.0
                 network 192.168.60.0
                 broadcast 192.168.60.255
                 gateway 192.168.60.1
                 # dns-nameservers

*Step3: Restart your network interface
Command:

                 sudo /etc/init.d/networking restart

*Step4:Change your default hostname to a hostname of your choice
Command:

                sudo nano /etc/hostname
              
                unix

*Step4:Create a domain name for your server
Commands:

                Sudo nano /etc/hosts
                127.0.0.1       localhost
                192.168.60.3    unix.project.hom unix
  1. the following lines are desirable for IPv6 capable hosts
 ːː1         ip6-localhost   ip6-loopback
 fe00ːː0     ip6-localnet
 fe00ːː0     ip6-mcastprefix
 fe02ːː1     ip6-allnodes
 fe02ːː2     ip6-allrouters

*Step6: In named.conf.options assign some open DNS IPs to allow you to connect to some DNS servers outside your network
Commands:

                 Sudo nano /etc/bind/named.conf.options
               
                 forwarders {
                 # Give here your ISP DNS IP’s
                 8.8.8.8;    # gateway or router   
                 8.8.4.4;
                 75.126.98.108;
                 4.2.2.2;
                 4.2.2.1;
                   };

*Step7: In named.conf.local, create your forward lookup and reverse lookup zones
Commands:

                 Sudo  nano /etc/bind/named.conf.local
                 # Our forward zone
                 zone "project.hom" {
                 type master;
                 file "/etc/bind/zones/db.project.hom";
                  };
                  # Our reverse Zone 
                  # Server IP 192.168.1.5 
                  zone "60.168.192.in-addr.arpa" {
                  type master;
                  file "/etc/bind/zones/db.192";
                   };

For IPv6 write the following commands

                  zone "3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa"{
                  type master;
                  file "/etc/bind/zones/db.2001:0db8:beef"; 
                  };


*Step8: Create the directory zones in /etc/bind/
Command:

                  sudo mkdir /etc/bind/zones

Create the two files, let's start with the forward lookup zone first db.domain.com
Command:

                  sudo cp /etc/bind/db.local  /etc/bind/zones/db.domain.com

Now use the command below to edit the file
Command:

                  sudo nano /etc/bind/zones/db.domain.com
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     Unix.project.hom. root.project.hom. (
                         2         ; Serial
                    604800         ; Refresh
                     86400         ; Retry
                   2419200         ; Expire
                    604800 )       ; Negative Cache TTL
 ;
  Project.hom.      IN  NS  Unix.project.hom.
  Project.hom.      IN  A   192.168.60.3
                            AAAA   2001:0db8:beef:53::1
  unix              IN  A          192.168.60.3
                            AAAA   2001:0db8:beef:53::3
  Gateway           IN  A          192.168.60.1
                            AAAA   2001:0db8:beef:53::4
  Aniket            IN  A          192.168.60.2
                            AAAA   2001:0db8:beef:53::2
  ubuntu            IN  A          192.168.60.4 
                            AAAA   2001:0db8:beef:53::2
  new               IN  A          192.168.60.6 
                            AAAA   2001:0db8:beef:53::5
  www              IN      CNAME    ubuntu
 

Now create reverse lookup zone file
Command:

                    sudo cp /etc/bind/db.127   /etc/bind/zones/db.192

Now use the command below to edit the file
Command:

Sudo nano /etc/bind/zones/db.192
  ;
  ; BIND reverse data file for local loopback interface
  ;
  $TTL    604800
  @       IN      SOA    Unix.project.hom. root.project.hom. (
                         2               ; Serial
                    604800               ; Refresh
                     86400               ; Retry
                   2419200               ; Expire
                    604800 )             ; Negative Cache TTL
  ;
       IN  NS  unix.
  1    IN  PTR gateway.project.hom.
  3    IN  PTR unix.project.hom.
  2    IN  PTR aniket.project.hom.
  4    IN  PTR ubuntu.project.hom.
  6    IN  PTR new.project.hom.

Now use the command below to edit the file
Command:

Sudo nano /etc/bind/zones/db.127 /etc/bind/zones/db.2001:0db8:beef
 ;
  ; BIND reverse data file for local loopback interface
  ;
  $TTL    604800
  @       IN      SOA    Unix.project.hom. root.project.hom. (
2  ; Serial
604800  ; Refresh
86400  ; Retry
2419200  ; Expire
604800  ; Negative Cache TTL
);
IN PTR unix.project.hom.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR unix.project.hom. ;; 2001.0db8:beef:53::1
 ;; 2001.0db8ːbeefː53ːː/120
$ORIGIN 3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa.
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR aniket.project.hom.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ubuntu.project.hom.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR unix.project.hom.
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR gateway.project.hom.
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR new.project.hom.

check whether it is working correctly or not by entering the command below for forward zone file
Command:

                  named-checkzone domain.com /etc/bind/zones/db.domain.com
                  zone autun.hom /IN: loaded serial   2
                  Ok


Now check the reverse zone file
Command:

                 named-checkzone domain.com/etc/bind/zones/db.192
                 zone domain.com /IN: loaded serial   2
                 Ok 

*Step9: Edit the file resolv.conf
Command:

                 Sudo nano /etc/resolv.conf
                  
                 
                 search project.hom.
                 Nameserver      192.168.60.3
                 
                 

*Step10: Restart the bind
Command:

                   sudo /etc/init.d/bind9 restart

After bind start check your setting in log file
Command:

                   tail -f /var/log/syslog

it must not have any error in the log

*Step 11: Checking forward zones

                   host –l project.hom

or

                   nslookup project.hom
                   OUTPUT
                   Server: 127.0.0.1
                   Address: 127.0.0.1#53
                    Name: project.hom
                    Address: 192.168.60.3

*Step12: Check the reverse zone
Command:

                  host 192.168.60.4
                  Output
                  4.60.168.192.in-addr.arpa domain name pointer gateway.domain.com

Use NSLOOKUP
Command:

                 nslookup 192.168.60.4
                 Server: 127.0.0.1
                 Address: 127.0.0.1#53
                 4.60.168.192.in-addr.arpa    name=ubuntu.project.hom




Web Server


A web server is a hardware/software which is used to deliver the web content through the HTTP client server model which can be accessible through the Internet.
In our project we used the apache2 web server for delivering our web contents in our private network.

Commands and Procedure to configure the web server is as follows:

  • Step1: Installation of webserver
                 sudo apt-get install apache2

step2ːTo check whether the web server is on port 80

                 netstat -a | more

step3ː Restart the web server

                 sudo /etc/init.d/apache2 restart

* Step3: Configuring the basic HTML file of the server

                 cd/var/www 
                 sudo nano index.html

Firewall


Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set
*Step1: For blocking the ICMP requests
commands:

         sudo iptables -A INPUT -d <IP address of the destination> -p icmp -icmp -type 0 -j DROP

*Step2:For preventing ssh login
Command:

         sudo iptables -A INPUT -p tcp -dport ssh - j DROP 

Step3:In order to block FTP ports
Commands:

              sudo iptables –A INPUT –p tcp –dport 20 –j DROP
sudo iptables –A INPUT –p tcp –dport 21 –j DROP

Step4:In order to block Telnet
Commands:

              sudo iptables –A INPUT –p tcp –dport 23 –j DROP

BackUp


Backup is the process of backing up, refers to the copying and archiving of data so it may be used to restore the original after a data loss event.
*Step1:Installing Rsync and ssh. Usually it is preinstalled in ubuntu.If not

           sudo apt-get install rsync 
           sudo apt-get install openssh-server 

*Step2: We perform a simple backup over a network is to use rsync via SSH. Local backup only requires rsync and read/write access to the folders.
Command: Local Backup

           sudo rsync -av --delete /home/path/folder1/ /home/path/folder2

*step3: Backup over Network
Command:

   sudo rsync -av --delete  -e ssh /home/path/folder1/remoteuser@remotehost.remotedomain:/home/path/folder2

"'step4:"' Automating the backup using crontab

    sudo crontab -e
    0 22 * * * rsync -av --delete /var/www/ remoteuser@remotehostname:/home/remoteuser/backup/

"'step5:"'Exchanging the keys to the hosts to whom we have to send the files and this can be done using

     ssh-keygen -t rsa
     (press enter without entering the pass phrase)
     then copy that key to remotehost using
     ssh-copy-id remotehost@remoteusername



VPN


Virtual private network extends a private network across a public network, such as the Internet. Step1ː Install pptpd packagɛ
command

          sudo apt-get install pptpɖ

step2ːEdit the files in /etc/pptpd.conf
commanɖ

             localip <IP address>
             remoteip <Range of IPs >

step3ːConfigure DNS servers to use when clients connect to this PPTP server
commanɖ

              sudo nano /etc/ppp/pptpd-options
                ms-dns 192.168.60.3

step4ːNow add a VPN user
commanɖ

             sudo nano /etc/ppp/chap-secrets

step5ːset username and password
commanɖ

             TSMG PPTPD 1234

step6ːRestart the VPN serveɽ
command

            sudo /etc/init.d/pptpd restarʈ

Step7ːFor IPv4 forwarding we change /etc/sysctl.conf file
Command

             #uncomnent the line
             net.ipv4.ip_forward=1
             #reload the configuration
             sudo sysctl -p

Testing

edit

Testing DHCPː


In order to check whether IP are leased to the clients
Command

               tail/var/lib/dhcp/dhcpd.lease

ifconfig command is used to check the ip address of the client wɟho is connected to the network.


Testing DNSː


We can use ping command to find the status of the network.
we can use nslookup command to check the nameservers that are connected to the network.
we can use dig command as it in checks the DNS name servers and returns the solution provided by the name serve.


Testing Web Serverː


Go to any web browser and type any ip address or a host id if the page is opened then the web server is working properly.


Testing Firewallː


When a client tries to ping to the server which is blocked using a firewall then for the client the reply should be destination host unreachable as firewall blocks the client from reaching the server.

Testing Case
The configurations made for the firewall using the iptables are tentative and so we should be wise to save the files and run the same configuration during the reboot of the system.
Go to root user on your computer where we have configured the firewall using
Sudo su
And then save the iptables using the following commands:
iptables-save > /etc/iptables.rules
After that go to /etc/network/if-pre-up.d/iptables and then place the following commands

  1. !/bin/sh

iptables-restore < /etc.iptables.rules
exit 0
After this procedure go to /etc/network/if-post-down.d/iptables and put the following commands

  1. !/bin/sh

iptables-save –c > /etc/iptables.rules
if [-f /etc/iptables.rules]; then
iptables-restore < /etc/iptables.rules
fi
exit 0
After these commands we have to change the permission to the files so that changes can be edited to use
Sudo chmod +x /etc/network/if-post-down.d/iptables
Sudo chmod +x /etc/network/if-preup.d/iptables



Testing BackUpː


We can check whether the files are backedup or not by going to the file directory and to check whether those specific which needed to be backup are received.
Testing Case
Please be aware to copy the public keys to the systems where we have to store the backup’s otherwise the backup will not be performed as those hosts are unknown to the sender. Then try to create the appropriate directory at the receiver side so that he can easily access the files without any hassles.


Testing VPNː


We use ifconfig and check for the ip address of the PPP ip addresʂ

Citations

edit
http://www.linuxproblem.org/art_9.html
https://help.ubuntu.com/community/PPTPServer
https://help.ubuntu.com/community/CronHowto
https://www.digitalocean.com/community/articles/how-to-install-and-secure-phpmyadmin-on-ubuntu-12-04
http://www.thegeekstuff.com/2010/09/install-phpmyadmin/
https://help.ubuntu.com/community/BIND9ServerHowto
https://help.ubuntu.com/community/isc-dhcp-server
http://linux.ardynet.com/ipv6setup.php
httpː//www.bind9.net
httpː//www.wikipedia.org