Data Networking/Fall 2014/Neville RJ Fernandez & Group

Template:Infobox TELE 5330

Linux Project to implement DNS,DHCP,Web Server, Firewall and Backup

edit

In this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.

The Project Team

edit

1) Can Gao
2) Zhongyuan Zhang

Why did we work on Linux??

edit

Linux is an Open Source & free operating system used widely in the IT & Telecommunications Industry. Our aim is to learn basic networking concepts on the linux platform and implement it successfully. By doing so we can hope to learn and get a hands-on experience in configuring our network on a Linux based platform.

Introduction

edit

In this linux project,our group has tried to implement certain networking concepts such as DNS,DHCP,Web Server,Backup Web Server & a Firewall.
The flavour of Linux that we have used is Ubuntu 14.04.1.

Background

edit

1) Domain Name System (DNS)
DNS (Domain Name system) is a service that translates hostnames to IP addresses. It can make users access to internet more convenient. The DNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. The DNS protocol runs over UDP and uses port 53.


2) Dynamic Host Configuration Protocol (DHCP)
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

The three types by which DHCP allocates IP addresses to the hosts

  • Static allocation

Manual IP addresses are allocated for only those hosts who have their MAC addresses listed in the IP translation tables on the router.

  • Dynamic allocation

Allocation occurs from a pool of IP addresses dynamically for a certain lease period.

  • Automatic allocation

The same IP is assigned to the client when it comes on the network.


3) Web Server
A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests. The main function of the Web server is to provide on-line information browsing service.


4) Backup Web Server
As there is a possibility that the server may crash because of some reasons. So systematically create a backup of every day’s work will avoid the risk that the no data will loss.


5) Firewall
Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network.

Project requirements

edit
  • Linux Based OS (We have used Ubuntu 14.04.1)
  • Bind9 server to configure DNS.
  • Isc-dhcp-server and radvd to configure DHCP.
  • Apache2 to configure our web server.
  • RSync package for web backup server.
  • SSH package.

Configuration Steps

edit

DHCP Server

edit
  • For IPv4

1. Install DHCP Server

    sudo apt-get install isc-dhcp-server

2. Set the static Ip address of the DHCP server

    sudo vi /etc/network/interfaces 
            Change lo to either eth0 or wlan0 and loopback to static 
                auto eth0
                iface eth0 inet static 
                address 192.168.4.171
                netmask 255.255.255.0
                broadcast 192.168.4.255
                dns-domain-nameserver 192.168.4.172

3. Configure the DHCP server

    sudo vi/etc/dhcp/dhcpd.conf
               subnet 192.168.4.0 netmask 255.255.255.0{
               range 192.168.4.4 192.168.4.169;
               option routers 192.168.4.1;}
               host dns {
               hardware ethernet 00:0c:29:8e:41:b2;
               fixed-address 192.168.4.172;
               }
               
               host dnsstandby {
               hardware ethernet 00:0c:29:62:36:d7;
               fixed-address 192.168.4.173;
               }
               host web {
               hardware ethernet 00:0c:29:ff:c3:07;
               fixed-address 192.168.4.174;
               }
               default-lease-time 600;
               max-lease-time 7200;
               }

4. Modify the ip address for etc0

    sudo ifconfig eth0 192.168.4.171 netmast 255.255.255.0 

5. Restart the dhcp server

    sudo service isc-dhcp-server restart 
  • For IPv6

1. Install the radvd to configure the parameters

    sudo apt-get install radvd 

2. Modify the file /etc/radvd.conf

    sudo vi /etc/radvd.conf
               interface eth0 {
               AdvSendAdvert on;
               AdvManagedFlag on;
               prefix fec0:1111:2222:3333::/64 {
               AdvOnLind on;
               AdvAutonomous on; };
               };

3. Modify the file /etc/sysctl.conf

    sudo vi /etc/sysctl.conf
               net.ipv6.conf.all.forwarding=1

4. Restart the radvd

    sudo /etc/init.d/radvd restart


  • For other server
    sudo vi /etc/network/interfaces     
                auto eth0
                iface eth0 inet dhcp
                iface eth0 inet6 dhcp

DNS server

edit
  • For IPv4

1. Install Bind9

    sudo apt-get install bind9

2. Configure static IP address getting from DHCP server for the DNS server

    sudo nano /etc/network/interfaces
            auto eth0
            iface eth0 inet dhcp
            iface eth0 inet6 dhcp

5. Configure zones in the named.conf.local file

    sudo vi /etc/bind/named.conf.local

// For Forward zone

        zone "www.gaoyuan.com"
        {
        type master;
        file "/etc/bind/db.www.gaoyuan.com";
        allow-transfer {
        192.168.4.173; }
        also-notify {
        192.168.4.173; };
        };
      
        zone "www.gaoyuan.com" 
       {
       type slave;
       file "/etc/bind/db.www.gaoyuan.com";
       masters {
       192.168.4.172; };
       };

Configure the other 4 dns server, www.gaoyuan1.com, www.gaoyuan2.com, www.gaoyuan3.com, www.gaoyuan4.com


// For Reverse zone for ipv4 addresses

         zone "4.168.192.in-addr.arpa"
         {
         type master;
         file "/etc/bind/db.192";
         allow-transfer {
         192.168.4.173; };
         also-notify {
         192.168.4.173; }; 
         };
      
         zone "4.168.192.in-addr.arpa"
         {
         type slave;
         file "/etc/bind/db.192";
         masters {
         192.168.4.172; };
         };

// For Reverse zone for ipv6 addresses

         zone "3.3.3.3.2.2.2.2.1.1.1.1.8.0.e.f.ip6.arpa"
         {
         type master;
         file "/etc/bind/db.ipv6";
         allow-transfer {
         192.168.4.173; };
         also-notify {
         192.168.4.173; }; 
         };
 
         zone "3.3.3.3.2.2.2.2.1.1.1.1.0.8.e.f.ip6.arpa"
         {
         type slave;
         file "/etc/bind/db.ipv6";
         masters {
         192.168.4.172; };
         };


6. Configure the forward lookup table

    sudo vi /etc/bind/db.www.gaoyuan.com
                                  $TTL   	         604800
                      @         IN	       SOA	           www.gaoyuan.com.        root.gaoyuan.com. (
.                                2		; Serial
.	                604800		; Refresh
.			  86400		; Retry
.		      2419200		; Expire
.		        604800 )	        ; Negative Cache TTL
                     
                     @	IN	NS	        www.gaoyuan.com.
                     @	IN	A	        192.168.4.179
                     @	IN	AAAA	fe08:1111:2222:3333:4444:5555:6666:aaaa

Configure other 4 dns server in the same method


7. Configure the reverse lookup table for ipv4 and ipv6 addresses

    sudo nano /etc/bind/db.192
                              $TTL	   604800
                             @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. (
.	 		          2		; Serial
.			 604800		; Refresh
.			   86400		; Retry
.		       2419200		; Expire
.			 604800 )	; Negative Cache TTL
                        ;
                     
                        @	IN	NS	www.gaoyuan.com.
                       179	IN	PTR	www.gaoyuan..com.
                       175	IN	PTR	www.gaoyuan1.com.
                       176	IN	PTR	www.gaoyuan2.com.
                       177	IN	PTR	www.gaoyuan3.com.
                       178  IN    PTR  www.gaoyuan4.com.
    sudo nano /etc/bind/db.ipv6
                              $TTL	   604800
                             @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. (
.	 		          2		; Serial
.			 604800		; Refresh
.			   86400		; Retry
.		       2419200		; Expire
.			 604800 )	; Negative Cache TTL
                        ;
                     
                        @	IN	NS	www.gaoyuan.com.
                       a.a.a.a.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan..com.
                       b.b.b.b.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan1.com.
                       c.c.c.c.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan2.com.
                       d.d.d.d.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan3.com.
                       e.e.e.e.6.6.6.6.5.5.5.5.4.4.4.4     IN    PTR  www.gaoyuan4.com.

8. Edit the file resolv.conf

    sudo vi /etc/resolv.conf
                       nameserver 192.168.4.172

9. Restart the Bind9 server

    sudo /etc/init.d/bind9 restart

Web server

edit

1. Install Apache webserver

    sudo apt-get install apache2

2. We install the server and client of mysql.

    “apt-get install mysql-server mysql-client”

3. Install php5

   “apt-get install php5”

4. Restart apache2

    “sudo /etc/init.d/apache2 restart”

5. Modify the home page

    “cd /var/www/ls”
    “Sudo nano /var/www/html/index.html”

Firewall

edit

1. Active ufw firewall

   “sudo ufw enable” 
   “sudo ufw default deny”

2. Start the service using the command

    sudo service iptables-persistent start

3. Enable the SSH service

    “sudo ufw allow ssh”

4. Open the port

    “sudo ufw allow 80”
    “sudo ufw allow 22”
    “sudo ufw allow 873”
    “sudo ufw allow 1723”

5. Enter a rule

    “Sudo ufw allow proto tcp from 192.168.4.174 to any port 22”

6. See the firewall status

    “sudo ufw status

Backup Server

edit

1. Install SSH

    sudo apt-get install ssh

2. Generating RSA keys

    ssh-keygen –t rsa

3. Copy the RSA public key to other host over SSH

    cat /home/Gandhi/id_rsa.pub “mkdir –p /root/.ssh && cat >> /root/.ssh/authorized_keys

4. Install rsync using following command

    sudo apt-get install rsync

5. Use Rsync to copy the public key to virtual server

    ssh root@192.168.10.120 rsync /var/www/html  root@192.168.10.150 :/var/www/html

6. Use crontab for ssh commands to run periodically every 10 minutes

    10 * * * * rsync /var/www/html  root@192.168.10.150:/var/www/html

Test Plan

edit

Network

edit
  Use ping to test whether every server can connect each other

DHCP Server

edit
   Flush the IP addresses in eth0 and then restart eth0 interface to see whether it can get the IPv4 and IPv6 addresses from DHCP server.

DNS Server

edit

1. Test master DNS server

   a. use command host 
               host www.gaoyuan.com
               host 192.168.4.179
               host fe08:1111:2222:3333:4444:5555:6666:aaa
   b. use nslookup
               nslookup
                       www.gaoyuan.com
                       192.168.4.179
                       fe08:1111:2222:3333:4444:5555:6666:aaaa

2. Test slave DNS server

    Turn off the master DNS server and use the same method with master DNS server

Web Server

edit

Firewall

edit

Backup Server

edit

References

edit

Websites:

edit

1) http://www.bind9.net
2) https://help.ubuntu.com/community/BIND9ServerHowto
3) https://help.ubuntu.com/community/isc-dhcp-server
4) https://help.ubuntu.com/community/rsync
6) https://help.ubuntu.com/community
7) http://lesca.me/archives/how-to-ping-ipv6-address.html 8) http://blog.csdn.net/l0605020112/article/details/41899359 9) https://help.ubuntu.com/lts/serverguide/dns-configuration.html

Books:

edit

1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross