Data Networking/Fall 2014/Linux Project

Introduction

edit

This project is an attempt to create a network of devices on Linux (Ubuntu), an open source operating system .The project includes various network components. Below are servers and protocols, which are widely used in the Internet for efficient and secure communication.

Objective

edit

In this project we have implemented DHCP server and client model, DNS Query request on server, access to WEB SERVER , Firewall to restrict specific IP Addresses, VIRTUAL PRIVATE NETWORK(VPN),NETWORK FILE SYSTEM (NFS),NETWORK INFORMATION SERVICE(NIS) and Backup of our DNS SERVER on our LINUX(Ubuntu) System.

Team Members

edit

1. Abhimanyu Varshney

2. Dhaval Shashikant Jangale

3. Saumitra More

4. Shubham Shrivastava

Concepts

edit

DNS Server

edit

DNS is an application layer protocol. It is often referred as dictionary of Internet consisting of hostnames and their corresponding IP addresses. The use of DNS is to resolve a domain name to its IP address and vice-versa. It uses both TCP and UDP connections and its port is 53. When a client writes a hostname in the web browser, it makes a request to the DNS server to translate that hostname to its corresponding IP address, which is present in that DNS server. [1]

I. First the client will send the query to translate hostname to the local DNS server

II. Then the local DNS server sends this request to the root DNS server, then root DNS server takes a look at the domain (ex. .com, .edu) and returns the list of IP addresses for TLD DNS servers responsible for that particular domain to local DNS server

III. Then again local DNS server resend the query to TLD DNS server, here TLD DNS server takes a look at TLD hostname and sends back the IP of authoritative DNS server to the local DNS server

IV. Then local DNS server sends query to authoritative DNS server, which will now respond with the desired IP address of the hostname typed by the client.

DHCP Server

edit

DHCP is defined by RFC 1541 along with revisions in RFC 2131. DHCP uses UDP connection and ports 67 and 68. There are 4 handshakes Discover, Offer, Request and Acknowledgement with which DHCP works. It’s a protocol used to lease an IP address to certain client for the desired period of time, which is connected to the network dynamically. [2]

 
DORA process

DHCP server’s operation is called as DORA process: I. Client Discover: Initially when client is on it sends IP as 0.0.0.0 255.255.255.255, which is called, Discover request.

II. Server Offer: After Discover, DHCP server offers an IP address to the client in Offer.

III. Client Request: After Server’s Offer, client makes official Request for IP address to DHCP server. (But the server has already given an IP address to that client, so client request is just sent for a sake of ACK from server)

IV. Server Acknowledgement: After official request from client, Server Acknowledges the Request from client.

WEB Server

edit

 

Web Server is used to create web pages. Web Server use port 80 to accept HTTP request and port 443 to accept HTTPS request. Apache is a Web Server and here we are using version 2.0. Here we have used HTML language to create the web page.

Firewall

edit
 
Firewall Description

Firewall is used to guard an internal private network from external public network. To implement firewall, Firewall Configuration (UFW) software is used. Firewall can be hardware or software based. Firewall helps to provide security and privacy. Normally when a client make a request to certain hostname on its web server, it will see a web page if the hostname exists. But if that particular client is denied access to a webpage by using Firewall then after making the request, the client will not be able to browse the web page.


Backup

edit

Backup is used to take a backup of the files by synchronizing files and directories from one location to another. Backup is used so as to recover files in case of loss . Backup of the DNS Server on our Linux System has been implemented using Secure Shell (SSH).This will encrypt the data during the file transfer.

Configurations

edit

[3] [4] [5] [6] [7] [8]

DNS Configuration

edit

• First step is to install bind (Berkley Internet Domain)

       "sudo apt-get install bind9"

• Second step is to edit the local file to create zones. (Forward and Reverse zones)

      " sudo nano /etc/bind/named.conf.local"

• Next step is to edit options file to give forwarders.

        "sudo nano /etc/bind/name.conf.options"

• Next step is to create a directory named zones in bind

        "sudo mkdir zones"

• Next step is to copy db.local and db.127 files from bind to zones

        "sudo cp /etc/bind/db.local /etc/bind/zones/ankit.com.db"
       
        "sudo nano /etc/bind/db.127 /etc/bind/zones/1.168.192.in-addr.arpa.db"

• Next step is to create resource records

       "sudo nano /etc/bind/zones/ankit.com.db"
       "sudo nano /etc/bind/zones/1.168.192.in-addr.arpa.db"

• Next step is to edit resolv.config

       "sudo nano /etc/resolv.conf"

• Next step is to edit hosts

       "sudo nano /etc/hosts"

• Final step is to start the bind9

       "sudo /etc/init.d/bind9 restart"

DHCP Configuration

edit

• First step is to install DHCP server

       "sudo apt-get install isc-dhcp-server"

• Next step is to edit interfaces

       "sudo nano /etc/network/interfaces"

• Next step is to edit interfaces in isc-dhcp-server file (eth0)

       "sudo nano /etc/default/isc-dhcp-server"

• Next step is to edit dhcpd.config

       "sudo nano /etc/dhcp/dhcpd.conf"

• Final step is to start the DHCP server

       "sudo service isc-dhcp-server start"

Web Server Configuration

edit

• First step is to install apache2

       "install apt-get install apache2"

• Next step is to go to html directory and open HTML file to edit the web page

       "sudo gedit /var/www/html"

• Next step is to edit the HTML file as required

Firewall Configuration

edit

• First step is to install ufw

       "sudo apt-get install ufw"

• Next step is to write rules to allow and deny

       "Command to allow: sudo ufw allow 80/tcp"
       "Command to deny: sudo ufw deny 80/tcp" 
       "Command to check ufw status: sudo ufw status verbose"

Backup Configuration

edit

• First step is to install ssh and rsync packages on server and client side

       "rsync –avz –progress –e ssh /etc/bind/ abhimanyu@192.168.1.103:/home/abhimanyu/Videos"

• Next step is to check at the client whether it has received files or not

       "cd /home/abhimanyu/Videos ls -l"

Network Information Services

edit

It provides the telnet access of the server on the client system. It is done by providing username and password on the client .This username and password is configured on NIS System on the server.

Cofiguration

Server Side: • First step is to install nis and portmap

       "Command for NIS:  sudo apt-get install nis"
       "Command for portmap: sudo apt-get install portmap"

• Next step is to edit Makefile

       "sudo nano /var/yp/Makefile"

• Next step is to edit nis file

       "sudo nano /etc/default/nis"

• Finally we have edit ypserv.securenets file to provide with range

       "sudo nano /etc/ypserv.securents"

Client Side: • Fisrt step is to install NIS and portmap

       "Command to install NIS: sudo apt-get install nis"
       "Command to install portmap: sudo apt-get install portmap"

• Next step is to edit hosts file

       "sudo nano /etc/hosts"

• Next step is to edit yp.conf

       "sudo nano /etc/yp.comf"

• Next step is to edit nsswitch.conf

       "sudo nano /etc/nsswitch.conf"

Network File System

edit

It creates an access to a file or folder on the server system to the client .We can read only (RO) or Read Write (RW) privileges for the file system .The client mounts the directory to retrieve the file.

Configuration

Server Side: • First step is to install nfs-kernel-server

       "sudo apt-get install nfs-kernel-server"

• Next step is make a directory named DATA1

       "sudo mkdir DATA1"

• Next step is to decide whetehr the client can read or write or both

       "sudo chmod 777 DATA1"

• Next step is to check whether DATA1 is created or not

       "ls -l"

• Next step is to edit export file

       "sudo nano /etc/exports"

• Finally restart the NFS

       "sudo /etc/init.d/nfs-kernel-server restart"

• Next step is used to check the mounted folder on the server and to which client it is mounted (192.168.1.103 is client’s IP address)

       "showmount -e"

Client Side: • We have to write munt command in client’s machine (IP of server)

       "mount –t nfs 192.168.1.134:/home/shubham/DATA1 /home/abhimanyu"

VPN are employed in organizations were private access is needed to a particular client. For instance, in case of Northeastern University, Boston, it requires a VPN to have a private link to its Seattle campus.

Configuration

• First step is to install pptpd telnet iptables

       "sudo apt-get install pptpd telnet iptables"

• Then edit pptpd-options file

       "sudo nano /etc/ppp/pptpd-options"

• Then edit pptpd.config

       "sudo nano /etc/pptpd.config"

• Then edit chap-secrets

       "sudo nano /etc/ppp/chap-secrets"

      "sudo iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE"
      "sudo sysct1 net.ipv4.ip_forward=1"
      "sudo /etc/init.d/pptpd restart"

DNS Load Balancing

edit

It divides the traffic coming towards particular IP to more than one IP’s by providing similar hostname for different IP addresses.

Configuration • Edit the ankit.com.db file

       "sudo nano /etc/bind/zones/ankit.com.db"

• Check by doing nslookup

       "nslookup dhaval.ankit.com or nslookup shubham.ankit.com"

Future Scope

edit

1. A backup to the DNS server by providing secondary DNS server can be added

2. Routers can be added to see communication between hosts from different subnets.

3. NFS can be used to mount the entire files from the server to a desired client as a form of backup.

4. NFS can also be used to give desired file preference to the specific client.

5. Port Security can be added to the DHCP Server.

References

edit
  1. Computer Networking - A top down approach by James F. Kurose, Keith W. Ross
  2. Computer Networking - A top down approach by James F. Kurose, Keith W. Ross
  3. www.youtube.com
  4. www.askubuntu.com
  5. techadmin.net
  6. ubuntulinuxhelp.com
  7. howtogeek.com
  8. ubuntuforums.org