Data Networking/Fall 2014/S2MN
The Team
edit- Sachin Sunder
- Noor Fairoza
- Mahesh Raj
- Sachin Chhajed
Modules
edit- DNS
- DHCP
- PXEboot
- Webserver
- Firewall
- Backup Server 1 (via SSH)
- Backup Server 2 (via NFS)
- Shell Scripts and CRONTAB
The Requirements For The Setup
edit
We require 4 systems serving as DNS server, DHCP server,web-server/firewall and client respectively.We require Linux based operating system as it is the most versatile, universal operating system use in PC, smartphones and routers as well.We used Ubuntu as dual boot in our systems.
We require isc-dhcp-server to configure DHCP server.We require Bind 9 to configure DNS server .We used Apache 6 as the web server
DNS
editBehaviour of DNS Protocol:
This server was installed and configured for translating the host name to IP address where. This will be needed when the web page will be browsed by the servers and clients and it fetches the actual IP address. Hosts can fire a query for distributed database by the DNS pool assigned. The DNS pool can either use TCP or UDP protocol which will use the port 53 at the transport layer. We could have even used the DNS server to do host or mail server aliasing etc.
Steps for DNS Setup:
DNS Master Server :
1-Install bind9 software in Ubuntu machine using the command "apt-get install bind9"
2-Configure "neu.test" domain and in "/etc/bind/named.conf.local" file.
3-Configure slave server details in the "/etc/bind/named.conf.local" file.
4- Configure type A entries in the "neu.test.zone" file for host to ip resolution.
5-Configured 2 ip addresses in web server for redundancy.
6-The two webserver are sync through combination of ssh and rsync services in linux.
7-Configure /etc/bind/rev.134.16.172.in-addr.arpa file for ip to hostname resolution.
8-Start DNS service by entering in the root user mode.
DNS Slave Server:
1- Install bind9 software in Ubuntu machine using the required install command.
2- Create a domain with the name "neu.test" and in the file name "/etc/bind/named.conf.local" file.
3-Configure type A entries in the file /etc/bind/neu.test.zone & /etc/bind/rev.134.16.172.in-addr.arpa same as that of master.
4-Start DNS service using the using the restart command in linux.
DHCP
editBehaviour of DHCP protocol:
DHCP (Dynamic Host Configuration Protocol) is a protocol used to assign IP address to a particular host or client when it connects to a particular network. The DHCP has an option of either assigning a temporary ip address each time it connects to the network or a fixed ip address to a particular client each time it connects. ISC-DHCP is a collection of software suite which executes and performs all of DHCP's functions such as client, server and relay agent.The protocol was designed as an extension to the Boot Strap Protocol (BOOTP). Bootp did not have a mechanism to allow the re-usage of ip address and involves extensive manual configuration to assign information to each client individually. It facilitates automatic configuration of computers even if a user changes networks. Thus its referred to as " plug and play protocol".
Steps for DHCP Setup:
1- We install isc-DHCP server in Ubuntu.
2- Assign static ip address for the DHCP address.
3- Edit dhcp.conf and provide network details such as subnet mask, broadcast address, gateway address, DNS server address, domain name and dhcp server pool.
4- Restart the dhcp server using the service command.
PXE Boot
editBehaviour of PXE BOOT:
The PXE boot is Preboot Execution environment.The PXE boot server boots software assembly in to the PXE enabled Client.It uses DHCP and TFTP network protocols. To initiate a PXE bootstrap session the DHCP component of the client's PXE broadcasts a DHCPDISCOVER packet to port 67/UDP . PXE allows networked computers that are not yet loaded with an operating system to be configured and booted.
Steps for DHCP Setup:
1- Install the tftp-hpa and openbsd in the Ubuntu server.
2- Configure the DHCP server dhcpd.conf with PXE specific settings file name and next-server ip address which is the static ip address of DHCP server.
3-Restart the DHCP server.
4-Check the status whether the protocol is up and running.
5-Perform the tftp configuration, edit the inetd.conf file.
6- enable boot service for inetd.
7- Start the openbsd-inetd and tftpd-hpa services.
8- Check the status by using netstat -lu
8- Pxe boot file setup: Download and unzip the pmagic version 4.5 .
9- If pxelinux.0 is not found in the downloads folder. get the file from syslinux-commons package installed in Ubuntu syslinux folder.
10-Copy the pmagic folder from the unzipped package to tftpboot folder. Create a folder pxelinux.cfg and default file within that folder.
11-We created a labeled partmagic in the default file and appended appropriate attributes to it.
12- Setup the appropriate permissions using the command chmod.
13- Restart Ubuntu.
Web Server
editBehavior of Http Protocol:
This is a web’s application layer protocol which works on port 80 by default at the transport layer. HTTP carries the traffic within and from the Internet. The web server uses the server side HTTP and the browser uses the client side of HTTP. When any server or client pings the web server for accessing our custom made web page, it does this on port 80 and thus this port should not be blocked for any of the network component.
Steps executed to configure and set up a Web Server
1- Installed Apache Webserver on Dual booted system.
2- Webserver was configured with IP address within the pre-assigned network.
3-Hosted a custom made webpage 'Index.html' on it which was accessible to all the systems on the network.
4-The web page and webserver are ready to go.
Issues Faced here forth:
The webpage hosted replaced default 'index.html' with the page which we created and placed It in var/www/ folder. This was the default folder from which webserver hosts a webpage when gotten a httprequest (at port 80). We initially had placed out html file in different folder and so could not host the original one.
Firewall
edit
Steps to setup a Firewall after successfully hosting a webserver :-
1-The Firewall steps were configured using hierarchically assigned IPtables instead of the default Firewall.
2-The DNS server has been set as the Master server, and so it allows only SSH and webpage access, whilst blocking TELNET, ICMP request, of all the servers including the DNS.
3-Firewalls were designed on all the servers DHCP, DNS and Webserver with functionality tailored to each individually.
Steps to setup firewall Backups:-
1-The backup was taken separately using rsync and crontab, so any changes made to the webpage were automatically replaced with the file previously present and will hence save the work of purging and memory saving algorithms to be implemented.
2-The DNS server acts as the standby webserver. So even if the system crashes, the DNS server was present to handle it. The rsync keeps the back-ups synced between the Webserver and DNS.
Add On for Firewall :-
We used Hostname instead of IP address for allowing the SSH on webserver via /etc/hosts.
Backup Server (via SSH)
editSSH Pairing of two web servers:
Behavior of SSH:
Secure Shell is an application layer protocol used for securely accessing a remote server in the network. For this access you need the IP address of the remote server and user credentials for logging in to the server
Steps to perform SSH Pairing of two web servers:
1-The two web servers are allowed ssh login to each other without password.
2-For this RSA public key was shared with PCS without a passphrase.
3-And only web servers were allowed to access each other on ssh ports. other hosts are restricted via ip tables rules.
4-rsync was then used to sync the /var/www/html/folders in both the servers.
5-rsync push method was used. This helps in syncing the new web pages that may be added in the future to the backup server.
Procedure: Before beginning enter the super user mode in both servers using the command "su".
Create RSA Public Key:
1- Create Public Key of server-1 using the ssh-keygen command.
2- Don't enter the passphrase.
3-The key will be saved in the folder id_rsa.pub
4- Repeat the same set of steps for configuration of web server 2.
Access between servers:
1- Login into server-1 and append the public keys of server-2 in the authorized keys.
2- Login into server-2 and append the public keys of server-1 in the authorized keys.
3- Now when you try to login from either one of the servers into the next server it must provide access.
Backup Server (using NFS)
editNFS-Server:
Behavior of Network File System:
It is an distributed File system protocol. Using this protocol a client can access a folder/disk-partition in an NFS server remotely. For client the folders seems as if it is a local folder. So, this can be used for pushing backup data to the remote server.
Steps to perform NFS:
1- Install the NFS package using the install command.
2- Create a directory with the name /etc/backup.
3- On the addition of destination subnet mask and other network attributes enables the folder to be shared on the entire network.
4- Assign the required permissions to the export folder using the chmod command.
5- Restart the NFS service using the restart command.
NFS-Client:
1- Install the NFS package using the install command.
2-Mount the shared folder by the server to the local drive.
Shell Scripts & Crontab
editScripts
bkp.sh
1- Takes backup of bind9 and html files in DNS/Web-server-standby.
2-Creates zip files of the same and stores in the specified location.
3-This is used for backup via SSH.
sync.sh:
1- Synchronizes the html directory in the web server using rsyn service.
2- Pushes the backup of bind9 and html files in the specified location in active web server through rsync.
bkp-bind-nfs.sh/bkp-web-nfs.sh/bkp-dhcp-nfs.sh
1- Takes backup of bind /web/dhcp server config
2- Creates zip files for the same and stores in the specified location.
3- This is used as a backup via NFS.
Mount.sh
This is for mounting the shared NFS backup directory in NFS server on every NFS client on reboot.
Crontab
1-Bkp-bind-nfs.sh/bkp-web-nfs.sh/bkp-dhcp-nfs.sh is configured to run every 10 th minute of evry hour .
2- Sync.sh is configured to run every 15 minutes.
3- Bkp.sh is configured to run every 10 mins.
4-Mount.sh is configured to run on reboot.
Testing
editConnectivity Test:
- Verify whether all four PCs (which are servers and clients logically) are able to ping each other in the Wi-Fi ad-hoc network.
DHCP Test:
- Verify DHCP server is reachable from client PC.
- Verify DHCP responds to DHCP broadcast from client PC.
- Verify DHCP ACK is according to the configured dhcpd.conf.
- Verify Details in client ipconfig matches with /var/lib/dhcpd.leases in DHCP server.
DNS Test:
- Verify Master and Slave DNS server is reachable from client PC.
- Verify DNS records locally using following command. “alpha.neu.test” should return the web servers’ IPs (based on RRs configuration shown in DNS config section).
- Verify nslookup from client PC. The same result as above should be returned.
- Verify reverse nslookup from client for 172.16.134.4 should return “alpha.neu.test”
- Verify all the above steps with slave DNS
Webserver:
- Verify Active and standby web server is reachable from client PC.
- Verify Active and standby web server are in sync using rsync service.
- Verify Both web servers are able display web page in their local browser.
- Verify Web server(s) respond to a HTTP request from the client for accessing its webpage.
NFS:
- Verify the NFS server and NFS client are connected via network i.e. pingable. There is a server and client NFS system configured on Webserver and DHCP server respectively.
- Verify client is able to mount the shared folder of the server (the server’s /export/backup path).
- Verify if files are added or deleted on anyone of them, the changes sync within specified period of time.
SSH pairing of the webservers:
- Verify the ssh paired server i.e. Active and standby web server are able to login into each other without password.
- Verify any other PC or server is not able to login into the active/standby server.
- Verify rsync push is working between the servers. Verify crontab is working and the rsyn is repeated within the specified duration. All of this has been configured using the shell scripting.
Future Prospects
edit1- The entire configuration can be setup if the client is IPv6 user. The mortality of the usage boundary of the network will be infinite and can be used in all scenarios given.
2- Implementation of VPN, NIS will help make the network lot more usable and real life implementable.
3- Firewall can be implemented on DNS server too to prevent DOS attacks and unauthorized access.
4- Redundant DHCP server can be implemented.
5- NFS communication could be made secure using rpcbind utility.
Citations
editWebsites Referred
https://help.ubuntu.com/community/ApacheMySQLPHP
http://www.youtube.com/watch?v=-q8Jj4aAWYw
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04
https://wiki.debian.org/WiFi/AdHoc
http://www.linuxquestions.org/questions/linux-server-73/write-permission-for-users-on-nfs-folder-852800/
https://help.ubuntu.com/community/SettingUpNFSHowTo
http://www.garron.me/en/go2linux/how-setup-dns-server-master-slave-bind.html
https://blogs.fsfe.org/marklindhout/2013/02/use-rsync-to-delete-remote-folders/
http://www.liquidweb.com/kb/using-rsync-to-transfer-and-synchronize-local-and-remote-systems/
https://help.ubuntu.com/lts/serverguide/dhcp.html
https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps
http://ss64.com/bash/date.html
http://www.youtube.com/watch?v=1PsTYAd6MiI
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-2.html
http://www.wikipedia.org
http://www.linuxquestions.org/questions/linux-newbie-8/how-to-configure-ssh-to-allow-or-deny-specify-host-ip-address-610246/
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
http://ubuntuguide.net/install-and-enable-telnet-server-in-ubuntu-linux
https://wiki.archlinux.org/index.php/simple_stateful_firewall
http://askubuntu.com/questions/412574/pxe-boot-server-installation-steps-in-ubuntu-server-vm
https://help.ubuntu.com/community/isc-dhcp-server
https://linuxlink.timesys.com/docs/linux_tftp
http://www.mmnt.net/db/0/0/194.97.2.67/pub/.disk0/filepilot/fpt/system/verschiedenes/parted_magic_pxe
http://www.syslinux.org/wiki/index.php/PXELINUX#DHCP_Config_-_PXE-1
Books referred:
Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross