Data Networking/Fall 2013/Group13
The Folks
editJulfikar Ali
Uttara Rajak
Sneha Ghanekar
Padma Ponnusamy
Motivation
editThe main driving force for this project is to understand the LINUX OS and implement the commands in it to make Webserver,
DNS server, DHCP server , Backups and Firewall for a small start-up company in BOSTON.
Understanding the Protocol
editEverything you should know about the protocol
The protocol for the web communication is known as HTTP (Hypertext Transfer Protocol).HTTP protocol works on the application layer of the TCP protocol suite. Basically HTTP is implemented in two programs, a client program and a server program. HTTP defines the process by which the client requests the webpages from the webserver and how the webserver handles the request of the clients. HTTP uses TCP as its underlying transport protocol. The HTTP client first initiates the connection with the web server by the TCP port 80. The HTTP client then sends an HTTP request to the webserver. The webserver receives the request and sends back the message to the HTTP client. Then the connection remains open for the default timeout time.The default mode of HTTP is HTTP is persistent connection with pipelining.
DHCP protocol is basically used to assign IP addresses dynamically to hosts in a network. DHCP follows client-server paradigm. DHCP uses UDP port 68 for client and port 67 for server.DHCP allocates IP addresses for DHCP enabled clients for a certain amount of time that is referred as the lease time. So if the clients want to use the address for extended period must request the server for more time. If the lease time gets over, the server can use that IP address for some other new clients that is requesting an IP address.
DNS (Domain Name System) is hierarchical distribution naming system for network devices which easily translates domain names to numerical IP address and vice-a-versa. Any host has two names one is host name and other IP address. We use host name and as it is difficult for us to remember IP address whereas router like networking devices use IP address to access hosts. Any hosts tries to contact other host we put host name then host immediately sends query back to DNS server for resolution of name in IP address. Once DNS server gets corresponding IP address it respond back with it to requesting host. In this way DNS works. It also takes IP address and resolves it into IP address.
Architecture
DHCP follows client-server architecture
Fundamental Logic The protocol employs various messages vz DHCP DISCOVER,DHCPOFFER,DHCPREQUEST and DHCPACK to establish the connection. DHCP Discover sent by the DHCP Client is responded with DHCP offer by DHCP servers .Out of which,one server is selected by the client by sending th DHCPREQUEST message to the server it has chosen.Then,the server responds with DHCPACK message.
The Requirements
editDesigning a secure network for the company having three servers,viz.,Webserver,DNS server and DHCP server.
The website of our company for the project has been named as linuxgroup13.hom.
The IPv4 network considered for the company LAN is 192.168.1.0/28.
Steps to perform the setup / installation
editDNS:
The following are the steps or installing the DNS server.
1. DNS server will get assigned IP address by DHCP or static IP address. If we use DHCP method over internet its IP is not permanent which makes use of our configured DNS difficult. Hence, first we need to change its IP address from DHCP to static.
2.To configure DNS server we need to give domain name first. So let’s find out hostname first, after that create domain name for our server like servername.domain.
3.After installation we just need to configure below files so that our system will work as DNS for our network:
• named.conf.local
• named.conf.options
• resolv.conf
4.First configure named.conf.options file. In this file there is a forwarder group where IP addresses of open outside DNS servers are stored. When local DNS server is unable to resolve query then it sends query to outside DNS servers like Google, northeastern DNS servers which has sufficient database to resolve query.
Northeastern DNS servers (155.33.32.31 and 155.33.32.32)
Google open DNS servers (8.8.8.8 and 8.8.4.4).
5.Now configure named.conf.local where we will define forward zone and reverse zones. In forward zone file when we give domain name it will translate name into IP address and in reverse zone file IP address is translated into domain name.
6.Now create two database files by creating zones directory in bind folder.
For our server IPs is like,
ubuntu.lingroup13.hom (Server itself) 192.168.1.2
Gateway 192.168.1.1
File db.linuxgroup13.hom. and db.192
Once zones and forwarders are created, the IP address of name server should get changed. Here our machine is working as DNS server hence edits the file resolv.conf.
7.Once zones and forwarders are created, the IP address of name server should get changed. Here our machine is working as DNS server hence edits the file resolv.conf.
The main problem that we faced during configuring was the syntax of the commands. If we misplace a single Bracket or if we give an extra space in between the commands then it didn't use to work. So after numerous times of going through the configuration we came across the problems and we solved in accordingly.
We were also having problem in forward and reverse zone of the bind9 so we checked the configaration numerous time found out our mistake and changed those then it was working fine.
Webserver:
The following are the steps for installing the webserver:
1. Install the apache2 server package
2. Create the webpage according to your own needs by editing the index.html file.
3. Provide static IP address to eth0 interface.
4. restart the server to save the changes.
Backup:
1. Backup is done by crontab using rsync command from webserver 192.168.1.4 to DNS server (uttara@192.168.1.2)
Problems encountered:
1. passwordless ssh was not successful. It was asking for password to login to the remote server.
2. cronjob was not getting executed because of command error.
solution to problems:
1. Changed the user permission of the remote user ssh folder
2. corrected the rsync command in the crontab
Firewall:
The firewall that we are using here is a command line network security system that controls the traffic and help mitigate threats. We have used IPTABLES to set rules for firewall. With the help of iptables, tables can be created with the rules. When a client enters the network and gets the IP address from the DHCP, it then tries to access the webpage. The client HTTP will contact the local DNS(our DNS server with IP address 192.168.1.2 in this case) for the IP address of the website. When it gets the resolved IP address, it will contact the HTTP server running in the webserver to get the files and then the webpage will be displayed.
DHCP:
1.At first,I tried implementing in VMware.Then,I tried in Ubuntu. I installed isc-dhcp-server,the latest version of DHCP. Then,I configured static IP address for eth0 and restarted the networking service. Followed by that,I edited /etc/default/isc-dhcp-server to set that eth0 is the interface at which the server listens. Then,I edited the /etc/dhcp/dhcpd.conf file and set the IP address for nameserver,default gateway,range of IP adderesses that is available,broadcast address and subnet mask. I set static IP for the webserver and the nameserver. I have configured shared-network too. Then,I restarted the dhcp-isc-server. For DHCP v6 I created a separate file /etc/dhcp/dhcpd6.conf and set the range of v6 addresses. then,I restarted the dhcp-isc-server6 daemon. When I tried converting the IPv4 addresses that I used to IPv6 and used those v6 addresses,the v6 dhcp daemon didn't start. So,I used a different network with prefix 64.
Testing
editTests Plan
We connected the DHCP configured machine with the client machine using the cable.Immediately the client machine picked up a dynamic address betwenn the range 192.168.1.6 and 192.168.1.10.
We connected the DNS server to the webserver with LAN cable and tried opening the webpage from the DNS server and it was successful.
We have successfully tested the automatic scheduled backup from web server to our DNS server.
Test Tools
For testing DHCP we connected the client to the DHCP server and tested w.r.t client-server architecture.
For testing DNS,again we took the client-server approach, where the browser of DNS server was working as a client for the webserver.
For testing backup, the webserver and the DNS server(backup server) was connected through LAN and tested.
Test Cases
1. For testing DNS,we first tried opening the webpage with the help of the website name,i.e,linuxgroup13.hom. It was successful.
2. Then we tried by opening with IP address for which DNS resolved the domain name.
3. Then we tried with www.linuxgroup13.hom for which also the IP address was resolved.
Future Prospects
editGrowth
We are doing this project so that the start-up company can use the servers for its use but if we can take a large range of IP then a bigger organisation can use this.
Improvements
IPv6 could not be implemented in DNS but the DHCPv6 is working. So, there are scopes of improvements in implementing IPv6 to DNS.
The backup.sh script can be automated.
Citations
editWebsites
http://askubuntu.com/questions/140126/how-do-i-configure-a-dhcp-server
https://help.ubuntu.com/10.04/serverguide/network-configuration.html
http://www.ubuntugeek.com/how-to-install-and-configure-dhcp-server-in-ubuntu-server.html
http://www.tldp.org/HOWTO/Linux%2BIPv6-HOWTO/hints-daemons-isc-dhcp.html
http://softwareinabottle.wordpress.com/2012/06/05/setting-up-password-less-ssh-and-scp/
http://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login
http://fafadiatech.blogspot.com/2012/04/step-by-step-password-less-ssh-login.html
http://www.thegeekstuff.com/2011/07/rsync-over-ssh-without-password/
Books,Articles.
Computer Networking: A Top-down Approach
James F. Kurose; Keith W. Ross
https://www.digitalocean.com/community/articles/how-to-copy-files-with-rsync-over-ssh
https://help.ubuntu.com/12.04/serverguide/backup-shellscripts.html
http://ubuntuforums.org/showthread.php?t=2164564
http://www.360doc.com/content/09/0724/12/1484_4418139.shtml