Data Networking/Fall 2013/Group 10

The Folks

edit

Harsh Hansrajani

Shailly Jain

Malyatha Krishnan

Ritu Panjwani

Motivation

edit

Linux, today forms a very vital part in the networking industry. Practical implementation of real world scenario is the best way of familiarizing ourselves with its functionalities. Hence, motivated to not only learn the commands but also to integrate different functionalities, we set out to make a network of a DHCP server, web server, DNS and a client. We strive to include features like firewall and backup in the network.

Understanding the Protocol

edit

DHCP Protocol: DHCP running on a machine will dynamically allocate IP addresses for some limited amount of time to all systems entering that network

DNS Protocol: DNS, a hierarchical distributed naming system translates the memorized domain names to numerical IP addresses.

The Requirements

edit

Packages

For Web Server: Apache2

For DNS Server: bind9

For DHCP: The isc-dhcp-server

For Backup: openssh-server

For NFS: nfs-kernel-server

For VPN: pptpd

Steps to perform the setup / installation

edit

Steps to set up the DHCP server:

1. We installed the isc-dhcp-server using the apt-get install command.

2. We decided to use the port eth0 so we set the interface eth0 in /etc/default/isc-dhcp-server for the dhcp server.

3. We edited the file /etc/dhcp/dhcpd.conf using vim.

4. In this file we set the default lease time, maximum lease time, the network details i.e. broadcast address, netmask, and the range in which the server has to assign the IP address

5. We gave a range pool of 192.168.1.20-192.168.1.200

6. Also we assigned a static IP address of 192.168.1.2 for the DNS server with help of the MAC address of the DNS server.

7. For the DHCP server we set a static IP of 192.168.1.1 by making changes in the /etc/network/interfaces file

Steps to set up the DNS server:

1. We installed the bind9 package using the apt-get install command.

2. We added three BIND configuration files in /bind/named; this providing a SOA (Source of Authority) record for our local domain (shrm.c), which map IP addresses to names.

3. We edited the /etc/bind/named.conf.local file to add the zones entries for our domain name "shrm.c" so that domain queries for the domain "shrm.c" are handled by looking in the files created in the zones.

4. Therefore BIND will search the file /etc/bind/shrm.zone for authorative details of this domain. Therefore we will edit this file wherein we will add the records i.e. IP address which needs to be resolved and other details.

5. For reverse database, so that we can do IP-address-to-hostname lookups we created the files /etc/bind/192.168.1.zone & /etc/bind/ipv6reverse.zone respectively for ipV4 and ipV6 respectively. These will map IP addresses to hostnames by reversing the whole thing.

Steps to set up the WEB server:

1. Install apache2 web server This enabled us to view the default web page.

2. To view the web page of our domain 'shrm.c', we created a sub directory group10.tsmg in /var/www and placed an html file there.

Problems Initially we had created our own index1.html page and put it in the group10.tsmg folder and kept the built in index.html as it is. So when we tried opening the web page the default web page was displayed and not the one that we created. We then realized that the original index.html page was to be modified. So we changed the permission of that file and put in our contents. Thus, now we could see the web page that listed the names of our team members.

Steps to set up Firewall:

1. Implemented Firewall using IP tables.

2. Allowed HTTP, SSH & ICMP request and blocked everything else.

Steps to set up Backup:

1. Implemented backup using rsync and crontab.

2. Implemented backup using rsync on to the remote server.

3. Put the rsync command into crontab i.e. which acts as a scheduler.

Added Features

edit

NFS (Network File System) Installation

1. Installing nfs-kernel-server.

2. Making /export/users directory.

3. Binding /home/users and /export/users and edited /etc/fstab.

4. Edited /etc/exports.

The client then mounts the files using the mount command.

PPTP VPN

1. Set up the PPTP VPN server by installing pptpd package and then edited conf, chap-secrets, rc.local and sysctl files.

2. Connected the client to the VPN server.


Testing

edit

Testing of DHCP server:

1. We implemented the DHCP server in VMware to test.

2. We created two virtual machines, one as the server and other as the client and therefore to test the server we created a bridge network between the two machines.

3. The server wasn't assigning the IP address to the client. While troubleshooting we realized that we hadn't assigned a static IP to the server. We soon realized that the gateway mentioned in the VPN Connection wizard was incorrect. So we set it to the actual IP address of the server with the help of ifconfig.

4. Now the server was assigning IP address to the client machine.

5. Implemented the DHCP server on dual boot and tested using Ethernet cross-over cable. The DHCP server was assigning the IP address to the client machine.

6. The DHCP server was also tested in the LAB using the 48 port HP switch, which connected the server and the client. The server assigned IP address to the client machine, also both the machines could ping each other

Testing of DNS server:

1. We implemented the DNS server in VMware to test by creating another virtual machine.

2. The DHCP machine was allocating IP address to the DNS server which was 192.168.1.2.

3. We tested the DNS server by using the command host and nslookup. The DNS server was translating the host names into IP addresses.

4. Implemented the DNS server on dual boot and tested using Ethernet cross-over cable over the router. The DHCP server was assigning the IP address to the client machine and the DNS server was resolving the IP addresses i.e both forward and reverse (ipV4 & ipV6).

Testing of Web Server:

1. We connected the DHCP server, DNS, web server and a client on a network using ethernet cables and a router whose DHCP was disabled. We connected our own DHCP machine.

2. Since the web server is allocated an IP address of 192.168.1.3, when the client enters that IP address in its web browser, the DNS resolves it and the web page created by us is displayed.

3. Also, when 'webserver' is entered, the web page still gets displayed.

Testing of Firewall:

1. We first checked if we could ftp into the server and yes we could. Then we implemented a rule in iptables rejecting the ftp process.

2. We blocked the FTP port and checked that by using a FTP server. The connection now did not get established.

Testing of Backup:

1. Implemented the rsync command to check if the backup was taking place within its own machine.

2. On being successful tried to send the backup, back to itself as localhost.

3. The troubleshooting was successful after which connected the machine to another machine using ethernet cables and performed the backup using rsync.

4. Now tested the scheduler i.e. the crontab by making the backup every 1 min. This was successful

5. Now as per our requirement we set the backup at every 12 am.

Testing of NFS-server:

1. Implemented the NFS-Server on virtual machine. The server was installed successfully.

2. On the other virtual machine which acted as the client, I tried to mount the file which was required.

3. It was unsuccessful. On debugging, the reason was founded to be that the package nfs-common was needed to be installed.

4. On being successful, I implemented the NFS server on my dual boot. The implementation was successful.

Testing of VPN server:

1. Implemented the VPN server on virtual machine. The server was installed successfully.

2. On the other virtual machine which acted as the client, the VPN connection wasn’t getting established.

3. The error /sys/devices/virtual/net/ppp0: couldn't determine device driver.

4. On searching we found that we had to use point-to-point encryption (MPPE).

5. On being successful, we implemented the VPN server on the dual boot. The implementation was successful and its running.

Shell-script for back-up:

We created /bin/backup file and included the script to zip the webserver files. The rsync command then copies the zipped files into h31@192.168.1.1. Then, in crontab we have called the script to run.

0 0 * * * /bin/backup

This calls the script that is written in /bin/backup, repeated over that particular time period, i.e., 12 am.

Port change for security

The ssh port number 22 is changed to port 6700 on the Webserver and port 5000 on DHCP server. This protects against IP spoofing.

Port scanning

NMAP tool is used for mapping the network and for scanning all the closed and open ports.

MySQL

This server is installed in the Webserver and is used for storing relational databases.

6. TEST:

  • The client pinged the VPN server on the virtual IP address that was assigned to the server.
  • The client was also able too ssh into the server.


Future Prospects

edit

1. We could add several components to make this network more robust, secure and scalable.

2. As the number of PCs in the networks grows, we could make VLANs which would support an increasing number of systems.

3. Another concept called Nagios could also be implemented in this system which would monitor all the systems and keep track of what is working and what isn't.

4. LDAP is a service that creates and maintains directories. This service can also be invoked from within Linux to add easier maintenance.

Progress

edit

Web server setup: 11/10/2013

DHCP Server configured: 11/16/2013

DNS configured: 11/20/2013

Integration of DNS, DHCP and Webserver: 11/24/2013

Firewall and Backup installed: 11/27/2013

NFS up and running: 11/29/2013

VPN configured: 12/1/2013

Citation

edit

www.google.com

www.help.ubuntu.com

www.digitalocean.com

http://drupalize.me/videos/installing-web-server-ubuntu