Data Networking/Fall 2014/Neville RJ Fernandez & Group
Linux Project to implement DNS,DHCP,Web Server, Firewall and Backup
editIn this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.
The Project Team
edit1) Can Gao
2) Zhongyuan Zhang
Why did we work on Linux??
editLinux is an Open Source & free operating system used widely in the IT & Telecommunications Industry. Our aim is to learn basic networking concepts on the linux platform and implement it successfully. By doing so we can hope to learn and get a hands-on experience in configuring our network on a Linux based platform.
Introduction
editIn this linux project,our group has tried to implement certain networking concepts such as DNS,DHCP,Web Server,Backup Web Server & a Firewall.
The flavour of Linux that we have used is Ubuntu 14.04.1.
Background
edit1) Domain Name System (DNS)
DNS (Domain Name system) is a service that translates hostnames to IP addresses. It can make users access to internet more convenient. The DNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. The DNS protocol runs over UDP and uses port 53.
2) Dynamic Host Configuration Protocol (DHCP)
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.
The three types by which DHCP allocates IP addresses to the hosts
- Static allocation
Manual IP addresses are allocated for only those hosts who have their MAC addresses listed in the IP translation tables on the router.
- Dynamic allocation
Allocation occurs from a pool of IP addresses dynamically for a certain lease period.
- Automatic allocation
The same IP is assigned to the client when it comes on the network.
3) Web Server
A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests.
The main function of the Web server is to provide on-line information browsing service.
4) Backup Web Server
As there is a possibility that the server may crash because of some reasons. So systematically create a backup of every day’s work will avoid the risk that the no data will loss.
5) Firewall
Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network.
Project requirements
edit- Linux Based OS (We have used Ubuntu 14.04.1)
- Bind9 server to configure DNS.
- Isc-dhcp-server and radvd to configure DHCP.
- Apache2 to configure our web server.
- RSync package for web backup server.
- SSH package.
Configuration Steps
editDHCP Server
edit
- For IPv4
1. Install DHCP Server
sudo apt-get install isc-dhcp-server
2. Set the static Ip address of the DHCP server
sudo vi /etc/network/interfaces
Change lo to either eth0 or wlan0 and loopback to static
auto eth0 iface eth0 inet static address 192.168.4.171 netmask 255.255.255.0 broadcast 192.168.4.255 dns-domain-nameserver 192.168.4.172
3. Configure the DHCP server
sudo vi/etc/dhcp/dhcpd.conf
subnet 192.168.4.0 netmask 255.255.255.0{ range 192.168.4.4 192.168.4.169; option routers 192.168.4.1;}
host dns { hardware ethernet 00:0c:29:8e:41:b2; fixed-address 192.168.4.172; } host dnsstandby { hardware ethernet 00:0c:29:62:36:d7; fixed-address 192.168.4.173; }
host web { hardware ethernet 00:0c:29:ff:c3:07; fixed-address 192.168.4.174; } default-lease-time 600; max-lease-time 7200; }
4. Modify the ip address for etc0
sudo ifconfig eth0 192.168.4.171 netmast 255.255.255.0
5. Restart the dhcp server
sudo service isc-dhcp-server restart
- For IPv6
1. Install the radvd to configure the parameters
sudo apt-get install radvd
2. Modify the file /etc/radvd.conf
sudo vi /etc/radvd.conf
interface eth0 { AdvSendAdvert on; AdvManagedFlag on; prefix fec0:1111:2222:3333::/64 { AdvOnLind on; AdvAutonomous on; }; };
3. Modify the file /etc/sysctl.conf
sudo vi /etc/sysctl.conf net.ipv6.conf.all.forwarding=1
4. Restart the radvd
sudo /etc/init.d/radvd restart
- For other server
sudo vi /etc/network/interfaces auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp
DNS server
edit
- For IPv4
1. Install Bind9
sudo apt-get install bind9
2. Configure static IP address getting from DHCP server for the DNS server
sudo nano /etc/network/interfaces
auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp
5. Configure zones in the named.conf.local file
sudo vi /etc/bind/named.conf.local
// For Forward zone
zone "www.gaoyuan.com" { type master; file "/etc/bind/db.www.gaoyuan.com"; allow-transfer { 192.168.4.173; } also-notify { 192.168.4.173; }; }; zone "www.gaoyuan.com" { type slave; file "/etc/bind/db.www.gaoyuan.com"; masters { 192.168.4.172; }; };
Configure the other 4 dns server, www.gaoyuan1.com, www.gaoyuan2.com, www.gaoyuan3.com, www.gaoyuan4.com
// For Reverse zone for ipv4 addresses
zone "4.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-transfer { 192.168.4.173; }; also-notify { 192.168.4.173; }; }; zone "4.168.192.in-addr.arpa" { type slave; file "/etc/bind/db.192"; masters { 192.168.4.172; }; };
// For Reverse zone for ipv6 addresses
zone "3.3.3.3.2.2.2.2.1.1.1.1.8.0.e.f.ip6.arpa" { type master; file "/etc/bind/db.ipv6"; allow-transfer { 192.168.4.173; }; also-notify { 192.168.4.173; }; }; zone "3.3.3.3.2.2.2.2.1.1.1.1.0.8.e.f.ip6.arpa" { type slave; file "/etc/bind/db.ipv6"; masters { 192.168.4.172; }; };
6. Configure the forward lookup table
sudo vi /etc/bind/db.www.gaoyuan.com
$TTL 604800 @ IN SOA www.gaoyuan.com. root.gaoyuan.com. ( . 2 ; Serial . 604800 ; Refresh . 86400 ; Retry . 2419200 ; Expire . 604800 ) ; Negative Cache TTL @ IN NS www.gaoyuan.com. @ IN A 192.168.4.179 @ IN AAAA fe08:1111:2222:3333:4444:5555:6666:aaaa
Configure other 4 dns server in the same method
7. Configure the reverse lookup table for ipv4 and ipv6 addresses
sudo nano /etc/bind/db.192
$TTL 604800 @ IN SOA www.gaoyuan.com. root.www.gaoyuan.com. ( . 2 ; Serial . 604800 ; Refresh . 86400 ; Retry . 2419200 ; Expire . 604800 ) ; Negative Cache TTL ; @ IN NS www.gaoyuan.com. 179 IN PTR www.gaoyuan..com. 175 IN PTR www.gaoyuan1.com. 176 IN PTR www.gaoyuan2.com. 177 IN PTR www.gaoyuan3.com. 178 IN PTR www.gaoyuan4.com.
sudo nano /etc/bind/db.ipv6
$TTL 604800 @ IN SOA www.gaoyuan.com. root.www.gaoyuan.com. ( . 2 ; Serial . 604800 ; Refresh . 86400 ; Retry . 2419200 ; Expire . 604800 ) ; Negative Cache TTL ; @ IN NS www.gaoyuan.com. a.a.a.a.6.6.6.6.5.5.5.5.4.4.4.4 IN PTR www.gaoyuan..com. b.b.b.b.6.6.6.6.5.5.5.5.4.4.4.4 IN PTR www.gaoyuan1.com. c.c.c.c.6.6.6.6.5.5.5.5.4.4.4.4 IN PTR www.gaoyuan2.com. d.d.d.d.6.6.6.6.5.5.5.5.4.4.4.4 IN PTR www.gaoyuan3.com. e.e.e.e.6.6.6.6.5.5.5.5.4.4.4.4 IN PTR www.gaoyuan4.com.
8. Edit the file resolv.conf
sudo vi /etc/resolv.conf
nameserver 192.168.4.172
9. Restart the Bind9 server
sudo /etc/init.d/bind9 restart
Web server
edit
1. Install Apache webserver
sudo apt-get install apache2
2. We install the server and client of mysql.
“apt-get install mysql-server mysql-client”
3. Install php5
“apt-get install php5”
4. Restart apache2
“sudo /etc/init.d/apache2 restart”
5. Modify the home page
“cd /var/www/ls” “Sudo nano /var/www/html/index.html”
Firewall
edit
1. Active ufw firewall
“sudo ufw enable” “sudo ufw default deny”
2. Start the service using the command
sudo service iptables-persistent start
3. Enable the SSH service
“sudo ufw allow ssh”
4. Open the port
“sudo ufw allow 80” “sudo ufw allow 22” “sudo ufw allow 873” “sudo ufw allow 1723”
5. Enter a rule
“Sudo ufw allow proto tcp from 192.168.4.174 to any port 22”
6. See the firewall status
“sudo ufw status
Backup Server
edit
1. Install SSH
sudo apt-get install ssh
2. Generating RSA keys
ssh-keygen –t rsa
3. Copy the RSA public key to other host over SSH
cat /home/Gandhi/id_rsa.pub “mkdir –p /root/.ssh && cat >> /root/.ssh/authorized_keys
4. Install rsync using following command
sudo apt-get install rsync
5. Use Rsync to copy the public key to virtual server
ssh root@192.168.10.120 rsync /var/www/html root@192.168.10.150 :/var/www/html
6. Use crontab for ssh commands to run periodically every 10 minutes
10 * * * * rsync /var/www/html root@192.168.10.150:/var/www/html
Test Plan
editNetwork
edit
Use ping to test whether every server can connect each other
DHCP Server
edit
Flush the IP addresses in eth0 and then restart eth0 interface to see whether it can get the IPv4 and IPv6 addresses from DHCP server.
DNS Server
edit
1. Test master DNS server
a. use command host host www.gaoyuan.com host 192.168.4.179 host fe08:1111:2222:3333:4444:5555:6666:aaa b. use nslookup nslookup www.gaoyuan.com 192.168.4.179 fe08:1111:2222:3333:4444:5555:6666:aaaa
2. Test slave DNS server
Turn off the master DNS server and use the same method with master DNS server
Web Server
edit
Firewall
edit
Backup Server
edit
References
editWebsites:
edit
1) http://www.bind9.net
2) https://help.ubuntu.com/community/BIND9ServerHowto
3) https://help.ubuntu.com/community/isc-dhcp-server
4) https://help.ubuntu.com/community/rsync
6) https://help.ubuntu.com/community
7) http://lesca.me/archives/how-to-ping-ipv6-address.html
8) http://blog.csdn.net/l0605020112/article/details/41899359
9) https://help.ubuntu.com/lts/serverguide/dns-configuration.html
Books:
edit
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross