Data Networking/Fall 2014/Krishan

The Team Members

1. Krishan Bhatia

2. Pooja Mallya

3. Varsha Yelpale

4. Vishal Pillai


2 Motivation

It's interesting to learn concepts like DHCP server, DNS Server, web-server and Firewall. Getting experience configuring the services on the Ubuntu OS thus gathering in dept knowledge of the services and their practical implementation.


3 Understanding the Protocol

Dynamic Host Configuration Protocol (DHCP):

• Dynamic Host Configuration Protocol (DHCP) is used for automatically assigning UNIQUE IP Address (from the pool of address) to different devices.

• DHCP leases IP address to a device for a particular period of time and then it expires. After that, the device has to again request for an IP address from DHCP Server.

• DHCP takes care of IP address whenever a device leaves or join the network.

• If a system doesn’t requires IP address, it surrenders IP address back to the network.

• Here, the IP address range is: 192.168.1.10 to 192.168.1.160 with subnet mask of: 255.255.255.255.0. Also, the DHCP server has IP address of 192.168.1.104.


Domain Name Server (DNS):

Step 1: Request information The process begins when you ask your computer to resolve a hostname, such as visiting http://www.dyn.com. The first place your computer looks is its local dns cache which stores information that your computer has recently retrieved. If your computer doesn’t already know the answer, it needs to perform a DNS query to find out.

Step 2: Ask the recursive DNS servers If the information is not stored locally, your computer queries (contacts) your ISP’s recursive DNS servers. These specialized computers perform the legwork of a DNS query on your behalf. Recursive servers have their own caches, so the process usually ends here and the information is returned to the user.

Step 3: Ask the root name servers If the recursive servers don’t have the answer, they query the root name servers. A name server is a computer that answers questions about domain names, such as IP addresses. The thirteen root nameservers act as a kind of telephone switchboard for DNS. They don’t know the answer, but they can direct our query to someone that knows where to find it.

Step 4: Ask the TLD name servers The root name servers will look at the first part of our request, reading from right to left — www.dyn.com — and direct our query to the top level domain servers for .com. Each TLD, such as .com, .org, and .us, have their own set of nameservers, which act like a receptionist for each TLD. These servers don’t have the information we need, but they can refer us directly to the servers that do have the information.

Step 5: Ask the authoritative DNS servers The TLD name servers review the next part of our request — www.dyn.com — and direct our query to the name servers responsible for this specific domain. These authoritative name servers are responsible for knowing all the information about a specific domain, which are stored in DNS records. There are many types of records, which each contain a different kind of information. In this example, we want to know the IP address for www.dyndns.com, so we ask the authoritative nameserver for the Address Record (A).

Step 6: Retrieve the record The recursive server retrieves the A record for www.dyn.com from the authoritative name servers and stores the record in its local cache. If anyone else requests the host record for www.dyn.com, the recursive servers will already have the answer and will not need to go through the lookup process again. All records have a time-to-live value, which is like an expiration date. After a while, the recursive server will need to ask for a new copy of the record to make sure the information doesn’t become out-of-date.

Step 7: Receive the answer Armed with the answer, recursive server returns the A record back to your computer. Your computer stores the record in its cache, reads the IP address from the record, then passes this information to your browser. The browser then opens a connection to the webserver and receives the website. This entire process, from start to finish, takes only milliseconds to complete


WEB SERVER

• Web-Server is used to display webpages which the client has requested from server.

• Apache web-server is used in our case.

• HTTP requests are responded at port 80.


FireWall

Firewall protects a network from unauthorized access. Denial of certain protocols and services can be implemented to secure the network by setting up a firewall.


4 The Requirements

DHCP: Dynamic Host configuration protocol has to be implemented in order to obtain ip addresses dynamically by the host in the network. Private ip address range is to be assigned to the internal network specifying the range of ip addresses. The lease time is to be specified for the duration for which the ip address will be leased. DHCP should be able to assign other details like the default gateway ip address and DNS server ip address to the DHCP clients.

DNS:

DNS server is to be built which resolves domain names to ip addresses. Server should be capable of forward DNS lookup and also reverse DNS lookups. Multiple type of records should be hosted on this server like: A, MX, CAME, PTR etc. DNS queries within the domain and outside the domain should also be resolved.

WEB SERVER and FIREWALL: A web server is to be hosted in within the office with the details of the office. This web server is to be further secured from the unauthorized access and unsecured traffic. Firewall is to be configured to bring security within the network by allowing and denying traffic addressed to the web server.

RSYNCH: RSYNCH is a protocol is used to transfer the file so as to create the bacup of the importat data files.The speed of the transfer is high which is the result of the rsynch alogorithm.

SSH: SSH is a protocol which is used for the secure transmission of important over the internet. Protocols which send the data cleartext are susceptible for attacks.To protect the data from the attacks SSH uses cryptographic techniques to ensure security.


5 Steps to perform the setup / installation

DHCP:

1) Firstly get the update of all the packages and software installed in your system:-

sudo apt-get update

2) Install the DHCP server packags in your system:-

sudo apt-get install isc-dhcp-server

3) Now, assign a pool of IP address which the DHCP server should assign to different systems:-

sudo nano /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0
range 192.168.1.10 192.168.1.160
option domain-name-servers 192.168.1.1, 8.8.4.4
option routers 192.168.1.1
option broadcast-address 192.168.1.255
default-lease-time 600
max-lease-time 7200

4) Assign the IP address to DHCP Server:-

sudo nano /etc/network/interfaces
sudo nano /etc/default/isc-dhcp-server
auto eth0
iface eth0 inet static
address 192.168.1.104
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 192.168.1.1

5) Assign eth0 in the Interface:-

sudo nano /etc/default/isc-dhcp-server
INTERFACES="eth0"

6) To start your DHCP server with all the configurations we have done:-

sudo service isc-dhcp-server restart

7) Now in order to check all the devices to which the DHCP server has dynamically assigned IP addresses, the command is :-

gedit /var/lib/dhcp/dhcpd.leases


DNS:

1) Configure your interface (eth0) static ip address:-

Sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 199.207.13.100
netmask 255.255.255.0
network 199.207.13.0
broadcast 199.207.13.255
gateway 199.207.13.1


2) Restart the networking daemon:

sudo /etc/init.d/networking restart
Check the changed ip address of the ethernet port by running the following command:
ipconfig

4) Provide domain name for your server:

   Sudo nano /etc/hosts

4) Install the Ubuntu package bind9 for the working of DNS server:

   Sudo apt-get install bind9


6) After installing the bind9 package edit the following file:

   Sudo nano /etc/bind/named.conf.options
    options {
             directory "/var/chache/bind"
             recursion yes;			#enables recursive queries
             allow-recursion {trusted;};	#allows recursive queries from trusted clients
             allow-transfer {none;};	        #disable zone transfer by default
             forwarders
             {
               8.8.8.8;
               8.8.8.4;
             };
            };

Save and exit the file.

7)Configure the local file:

   Sudo nano /etc/bind/named.conf.local
  1. FORWARD LOOKUP ZONE
   zone "UtimateBattleStars.com"
 {
  type master;
  file "/etc/bind/zones/UtimateBattleStars.com.db";
 };
  1. REVERSE LOOKUP ZONE
   zone "0.207.199.in-addr.arpa"
   {
     type master;
     file "rev.0.207.199.in-addr.arpa";	
   };

Save and exit the file

8)Make Database:

   sudo mkdir zones
   cd zones
   cat /etc/bind/nmaed.conf.local

9)Create forward lookup database:

   sudo nano UtimateBattleStars.com.db
   $TTL 3D
  @ IN 	SOA	varsh-Lenovo-IdeaPad-S300.UltimateBattleStars.com   admin.UltimateBattleStars.com.
  {
    2007031001;
    28800;
    3600;
    6848800;
    38400
  };
   UtimateBattleStars.com.	IN	NS	varsh-Lenovo-IdeaPad-S300.UltimateBattleStars.com.
   varsh-Lenovo-IdeaPad-S300	IN	A	199.207.13.100
   Galactica			IN	A	199.207.13.110
   germanyXP			IN	A	199.207.13.115
   www				IN	CNAME	Galactica

Save and exit the file

10)Create forward lookup database:

   sudo nano rev.0.207.199.in-addr.arpa
   $TTL 3D
  @ IN 	SOA	varsh-Lenovo-IdeaPad-S300.UltimateBattleStars.com   admin.UltimateBattleStars.com.
  {
    2007031001;
    28800;
    3600;
    6848800;
    86400
  };
      IN NS varsh-Lenovo-IdeaPad-S300.UltimateBattleStars.com.
  100 IN PTR varsh-Lenovo-IdeaPad-S300.UltimateBattleStars.com.
  110 IN PTR Galactica.UltimateBattleStars.com.
  115 IN PTR germanyXP.UltimateBattleStars.com.
  1   IN PTR gw.UltimateBattleStars.com.


Save and exit the file

11) Edit the /etc/resolv.conf file to provide the nameserver details:

   serach UltimateBattleStarts.com.
   nameserver  199.207.13.100


12) Copy the already created forward lookup and reverse lookup files in /etc/bind directory:

     Sudo cp /etc/bind/db.local /etc/bind/zones/UltimateBattleStars.com.db
     Sudo cp /etc/bind/db.127 /etc/bind/zones/rev.0.207.199.in- addr.arpa.db

13) Check if the zone files are working properly:

      named-checkzone UltimateBattleStars.com /etc/bind/zones/UltimateBattleStars.com.db -- for forward lookup zones
      named-checkzone UltimateBattleStars.com /etc/bind/zones/rev.0.207.199.in-addr.arpa.db -- for reverse lookup zones


14) Restart the bind package:

      sudo /etc/init.d/bind9 restart

WEB SERVER

1)Firstly, install the apache server in your system:

sudo apt-get install apache2

2)Now just stop the apache server:

sudo /etc/init.d/apache2 stop

3)Start the apache server:

sudo /etc/init.d/apache2 restart

4)Now, we have to go in the www directory to access index.html file, where we can edit our html page, according to your requirements, which will be displayed on your localhost:

sudo nano /var/www/html/index.html


Firewall

1) Go to root directory:

sudo -su

2)Check the Status of Firewall, whether it is active or not:

ufw status verbose

3)Now, to activate the Firewall:

ufw enable

4)Now, again check if it is active or not (here it will show you active):

ufw status verbose

5)To see which protocols have access or denied:

ufw status numbered

6)To demonstrate, we are blocking all the contents of HTTP, meaning the Client can't access any web-page (80 is the HTTP Port No.):

ufw reject 80

BACKUP:

 sudo apt-get install rsync
 sudo apt-get install ssh
 sudo apt-get install rsync ssh
 rsync -avz -program -e ssh/etc/bind/vishal@192.168.1.104:/home/ubuntu/videos

VPN:

 sudo apt-get install pptpd
 Sudo nano /etc/pptpd.conf
 Sudo nano /etc/ppp/pptpd-options
 Sudo nano /etc/ppp/chap-secrets
 sudo /etc/init.d/ppptpd restart

NFS:

Server Side:

 sudo mkdir data
 sudo chmod 777 data
 sudo nano /etc/exports
 sudo /etc/init.d/nfs-kernel-sevrer restart
 sudo nano /home/varsh/data/test.txt
 shmount -e

Client side:

 "mount –t nfs 192.168.1.138:/home/varsh/DATA /home/vishal"

6 Testing

DHCP: Ip addresses, default gateway and DNS server assigned successfully to the DHCP clients within the network. Following command can be run to check the ip addresses assigned to the clients and their lease times on the server:

  gedit /var/lib/dhcp/dhcpd.leases


DNS:

1. Checking the forward and the reverse lookup zone files:

  named-checkzone /etc/bind/db.local /etc/bind/zones/Boston.com.db
  named-checkzone /etc/bind/db.127 /etc/bind/zones/rev.0.168.192.in-addr.arpa

2. nslookup to the outside domain is resolved successfully indicating the successful behavior of forwarders.

  nslookup yahoo.com

3. Successful resolution of domain name of the web server(ubuntu.com) present in the forward lookup table.

  nslookup ubuntu.com


WEB server and Firewall: Traffic is initated to the Web server on ip address 192.168.1.104 and port 80. The web page is displayed successfully. When the traffic is to be denied from a prticular host to the webserver firewall deny/reject policy can be implemented to drop the traffic. When the traffic is initiated form such a denied access host the web page is not loaded instead and error page is displayed.


Future Prospects:

1. Backup DNS server can be further be implemented for redundancy.

2. VPN can be implemented with the technologies like IPSEC with or without certificates to improve the level of securtiy.

3.Network Information Service can be implemented for centralised authentication.

8 Citations

www.google.com

www.ubuntu.com

www.youtube.com

https://ubuntuforums.org

http://packages.ubuntu.com/lucid/apache2

https://help.ubuntu.com/community/UFW

https://help.ubuntu.com/community/isc-dhcp-server

Computer Networking - A top down approach by James F. Kurose, Keith W. Ross