Data Networking/Fall 2014/SRKT

Group Candidates

edit

1. Rohit Gomashe
2. Pratyusha Keerthi K R
3. Sahil Jain
4. Tushar Shinde

Purpose of Project

edit

As in today’s world we use linux in most of the industries on switches, routers and all workstations because it is the open source Operating System and it is also customisable. That is the reason why we are working on this project because it will be useful to us in industrial experience.

Protocols

edit

DNS:

DNS stands for Domain Name Server, which resolves URL into an IP address. DNS in an intranet, such as our network, can resolve only hostnames and IP addresses mentioned in its files. Whereas in internet DNS maps domain name to IP address by assigning Authoritative servers to each domain.
DNS uses UDP to fetch IP address of a hostname, which includes following processes to forward packets:
Recursive Process
Iterative Process
Hostname to IP address mapping is known as Forward DNS query and IP address to hostname mapping is known as Reverse DNS query. We configured BIND9 according to our project requirements. BIND stands for Berkley Internet Name Domain, which contains both name server and resolver library.


DHCP:

DHCP (Dynamic Host Configuration Protocol) is used on layer three protocol (Internet Protocol to assign IP addresses to the devices connected in the same network. There are three methods by which DHCP server allocates IP address:
Dynamic Allocation: Devices connected to the network are dynamically allocated with IP addresses when the network is initialized.
Static Allocation: Every device requesting for a IP address is permanently assigned withan IP address.
Automatic Allocation: DHCP allocates IP addresses based on the pre defined, MAC address IP address mapping.

IP allocation is done in four phases, which includes discover, offer, request, acknowledge.
DHCP Server Discovery: Client broadcasts a DHCP discover message with source address as 0.0.0.0
DHCP Server Offer: DHCP Server responds with an offer message, which includes Transcation ID, Processs ID, Subnet mask, and IP address lease time.
DHCP Request: Client sends a DHCP Request message in response to the DHCP Offer message, which indicates that client is ready to accept the Configuration information involved in the Offer message. Unlike Discovery message, client includes its MAC address in the Request message.
DHCP ACK: DHCP server sends ACK message in response to the DHCP Request message, which includes the information client has requested for.

The Requirements

edit

LINUX OS
BIND9
UBUNTU 14.04
APACHE 2 to Implement web server
ISC-DHCP-SERVER for DHCP Implememtation


Steps to perform the setup / installation

edit

Installation of Domain Name System (DNS):

For static interfaces:
                         auto eth0
                         iface eth0 inet static
                         address 192.168.3.254
                         netmask 255.255.255.0
                         network 192.168.3.0
                         broadcast 192.168.3.255
                         gateway 192.168.3.1
                         dns-domain-nameserver 192.168.3.254
                         dns-domain-search dnlab.net

For named.conf.local:

                         #Forward
                         zone "dnlab.net" {
                         	type master;                                                
                                 file "/etc/bind/db.dnlab.net";                         
                         };                                                     
                         #Reverse
                         zone "3.168.192.in-addr.arpa" {                          
                         	type master;                                            
                         	file "/etc/bind/db.192";                                 
                         };    

For Forward lookup table:

                         $TTL    86400
                         @       IN      SOA     dnlab.net. root.dnlab.net. (
                                                       1         ; Serial
                                                  604800         ; Refresh
                                                   86400         ; Retry
                                                 2419200         ; Expire
                                                   86400 )       ; Negative Cache TTL
                         ;
                         @       IN      NS      dnlab.net.
                                 IN      A       192.162.3.254
                         a1      IN      A       192.168.3.201
                         a2      IN      A       192.168.3.202
                         a3      IN      A       192.168.3.203
                         c1      IN      A       192.168.3.204
                         mail    IN      A       192.168.3.210
                                 IN      MX 10   mail.dnlab.net.
                         www     IN      CNAME   c1.dnlab.net.

For Reverse lookup table:

                         $TTL    86400
                         @       IN      SOA     dnlab.net. root.dnlab.net. (
                             1         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                                                 2419200         ; Expire
                         86400 )       ; Negative Cache TTL
                         ;
                         @       IN      NS      dnlab.net.
                         201     IN      PTR     a1.dnlab.net.
                         202     IN      PTR     a2.dnlab.net.
                         203     IN      PTR     a3.dnlab.net.
                         204     IN      PTR     c1.dnlab.net.
                         210     IN      PTR     mail.dnlab.net.

For Master Zone Files:

                         # Forward
                         zone "dnlab.net" {
                                 type master;
                                 file "/etc/bind/db.dnlab.net";
                                 allow-transfer { 192.168.3.253; };
                         };
                         # Reverse
                         zone "3.168.192.in-addr.arpa" {
                                 type master;
                                 file "/etc/bind/db.192";
                                 allow-transfer { 192.168.3.253; };
                         };



Commands used in installing DHCP on linux:


DHCP (IPV4) Steps


1) To install DHCP server:

                         sudo apt-get install isc-dhcp-server 

2) DHCP file Configuration:

                         sudo gedit /etc/default/isc-dhcp-server 
Interfaces= “eth0” is to be set.
sudo gedit /etc/dhcp/dhcpd.conf
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.100 192.168.3.150;
option domain-name-servers 192.168.3.254;
option domain-name "dnlab.org";
option broadcast-address 192.168.3.255;
default-lease-time 600;
max-lease-time 7200;
}

3) Command to edit network interfaces file:

                         sudo gedit /etc/network/interfaces 
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1
dns-nameserver 192.168.3.254
dns-search tsm

4) DHCP Server restart:

                         sudo /etc/init.d/isc-dhcp-server restart 

DHCP log:

                         sudo tail –f /var/log/syslog 


DHCP (IPV6) Steps:

1) Command used to install IPV6 server:

                         sudo apt-get install ravdv   

2) Command to edit the configuration file of radvd:

                         sudo gedit /etc/radvd.conf 
interface eth0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1280;
AdvSendAdvert on;
prefix A1B8:1111:1234:F110::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvRouterAddr on;
};
};

3) Command to edit dhcpv6 configuration:

                         sudo gedit /etc/dchp/dhcpd6.conf 
default-lease-time 6800;
max-lease-time 72000;
log-facility local7;
subnet6 A1B8:1111:1234:F110::/64 {
range6 A1B8:1111:1234:F110::100
A1B8:1111:1234:F110::150;

4) Command to restart the radvd:

                         sudo service radvd restart 

5) Command to restart dhcp6 :

                         sudo service isc-dhcp-server restart 


Web Server:

A Web server is a program that, using the client/server model and the World Wide Web's Hypertext Transfer Protocol (HTTP), serves the files that form Web pages to Web users (whose computers contain HTTP clients that forward their requests).

Every computer on the Internet that contains a Web site must have a Web server program. Two leading Web servers are Apache , the most widely-installed Web server, and Microsoft's Internet Information Server (IIS).

Web servers often come as part of a larger package of Internet- and intranet-related programs for serving e-mail, downloading requests for File Transfer Protocol (FTP) files, and building and publishing Web pages.

Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix environments, the Apache Web server has been ported to Windows and other network operating systems. The Apache Web server provides a full range of Web server features, including CGI, SSL, and virtual domains.


Installation Steps:

Apache:

                         sudo apt-get install apache2 
sudo /etc/init.d/apache2 restart
echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn

PHP modules (Server side scripting):

                         sudo apt-get install php5 libapache2-mod-php5 
sudo touch /var/www/test.php
sudo nano /var/www/test.php
<?php phpinfo(); ?>

PHPadmin and MySql Installation:

                         sudo apt-get install mysql-server 
sudo apt-get install libapache2-mod-auth-mysql php5–mysql phpmyadmin


Firewall:

A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

The name firewall comes from a common architectural practice of placing a brick wall between two structures, to prevent a fire in one from spreading to the other.

The National Institute of Standards and Technology (NIST) 800-10 divides firewalls into three basic types:

                         -Packet Filters
-Stateful inspection
-Proxys

Firewalls act as a platform for network security policy enforcement and network traffic inspection. They are defined by following attributes:
Standard capabilities: Packet filtering, Stateful protocol inspection, network address translation(NAT), VPN connectivity.
Truly integrated intrusion connection: Support for vulnerability-facing and threat-facing signatures and suggesting rules based on IPS activity.
Full stack visibility and application identification: Ability to enforce policy at the application layer.
Extra firewall intelligence: ability to take information from external sources and make improved decisions.
Adaptability to modern threat landscapes: Supports upgrade paths for integration of new information feeds and new techniques to address future threats.
In-line support : with minimum performance degradation or disruption to network service.


The following are the configuration commands and relevant functionalities:

                         iptables -L

iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall.

                         sudo iptables –A INPUT –m conntrack –ctstate ESTABLISHED,RELATED –j ACCEPT 

-m conntrack - Allow filter rules to match based on connection state. Permits the use of the --ctstate option.
--ctstate - Define the list of states for the rule to match on. Valid states are:

                         -NEW - The connection has not yet been seen. 
-RELATED - The connection is new, but is related to another connection already permitted.
-ESTABLISHED - The connection is already established.
-INVALID - The traffic couldn't be identified for some reason.
                         Sudo iptables –A INPUT –j ACCEPT –p tcp –destination-port 22
Sudo iptables –A INPUT –j ACCEPT –p tcp –destination-port 80
Sudo iptables –A INPUT –j DROP –p tcp –destination-port 20
Sudo iptables –A INPUT –j DROP –p tcp –destination-port 21
Sudo iptables –A INPUT –j DROP –p tcp –destination-port 23

Commands to allow and deny access to ssh, http, ftp-data, ftp-control, telnet by port address.

                         sudo iptables –A INPUT –p icmp –icmp-type echo-reply –j ACCEPT

Allows icmp ping at input chain

                         sudo iptables –A OUTPUT –p icmp –icmp-type echo-request –j ACCEPT

Allows icmp ping at output chain

                         sudo iptables-save /etc/iptables.test.rules 
sudo gedit /etc/iptables.test.rules

Save the configured file in a table

                         iptables-save > /etc/iptables.up.rules
pre-up iptables-restore < /etc/iptables.up.rules

Restore the configured file in a table


NFS

NFS allows a system (NFS server) to share files with the systems connected to it in the same network.This helps in reducing the storage of files on each and every system in the network, instead can have access to all the files stores on server using NFS.

Steps involved in configuration of NFS server and client includes the following commands

NFS at Server:

                         1) Command to install NFS server: sudo apt-get install nfs-kernel-server
2) Command to create a file on server: mkdir file
3) Command to edit export file: sudo gedit /etc/exports
4) Restart NFS server: sudo service nfs-kernel-server restart

NFS at Client:

                         1) Command to install NFS at client: sudo apt-get install nfs-common
2) Command to create file at client: mkdir /mnt/nfs/file
3) Command to mount the file: sudo mount 192.168.3.2:/file /mnt/nfs/file




Backup Server:

1) Command to Install rsync –

                         sudo apt-get install rsync 

2) Command to change the configuration of rsync client and server

                         i. To generate key : ssh-keygen -t rsa 
ii. To send public key :scpid_rsa_pubroot@192.168.3.20:/root/.ssh/authorized_keys
iii. To generate a key for client: ssh-keygen -t rsa
iv. Send the public key to server: scpid_rsa_pubroot@192.168.3.3:/root/.ssh/authorized_keys

3) Command to create a shell script to finish the backup–

                         touch autobackup.sh 

4) Command to edit the shell script –

                         vim autobackup.sh 
# ! /bin/sh
rm /var/www.zip
zip -r /var/www.zip /var/www
rsync -zvr /var/www.zip root@192.168.3.20:/home/www_$(date +%Y%m%d-%H%M%).zip

5) Command to give the privilege to execute shell script –

                         chmod +x autobackup.sh 

6) Command to add shell script to the task table to execute–

                         crontab -e 

7) Command to execute the shell script –

                         chmod +x autobackup.sh* * */1 * * /home/autobackup.sh



VPN
VPN stands for Virtual Private Network, which enables two devices on private network to connect over public network. In VPN the device in private network communicates as though it is connected to a public network, VPN ensures security. VPN is a point to point connection between two private networks through a dedicated network followed by encryption of data that can be sent over public network.
VPN in our project is enabled by creating a VPN connection with SSID and password.

For server:

1) Command to Install pptd –

                sudo apt-get install pptd 

2) Command to edit the file configuration of pptd –

                sudo gedit /etc/pptpd.conf  local ip 192.168.3.2
remoteip 192.168.3.100-150
ms-dns 192.168.3.254

3) Change the configuration file for VPN's username and password –

                sudo gedit /etc/ppp/chap-secrets


Secrets for authentication using CHAP

           client                   server secret              IP addresses 
dnlab pptpd dnlab.net *

4) Restart the server –

                sudo service pptpd restart 

NIS:
NIS stands for Network Information System, which is a directory protocol for distributing data or information with the systems in same network. Data distributed by NIS database includes login names, passwords, group names, hostnames and IP addresses. For example if NIS data such as password is recorded in NIS database, the systems in the same network with NIS client configured on it, could be able to access with same login credentials. NIS implemented in our project has a record of password and username mapping, client can only read the records.

NIS Server configuration:

1) Command to install NIS:

                sudo apt-get nisportmap (nis.dnlab.net) 

2) Command to edit configuration:

                sudo gedit /etc/yp.conf 

3) Command to initiate database:

                usr/lib/yp/ypinit –n 


NIS Client configuration:

1) Command to install on NIS client:

                sudo apt-get install nisportmap

2) Command to edit the configuration:

                sudo gedit /etc/yp.conf

3) Command to add on /etc/passed, /etc/group, /etc/shadow respectively:


              sudo gedit /etc/passwd 
sudo gedit /etc/group
sudo gedit /etc/shadow



PXE Boot and RARP:

Testing

edit

Test Plan
DNS server
Testing of following entries
1. Forward zone
2. Reverse zone
3. CNAME
4. A Name
5. Ping



Testing DNS:

Dig
Nslookup (Name Server Lookup)
Ping

Testing DHCP:
Ifconfig
cat /var/lib/dhcp/dhcpd.leases
sudo dhclient


Testing Web Server:
By entering the webpage name www.dnlab.net in the client we were able to fetch a web page from the web server.

Testing Firewall:
When client whose IP address is blocked tries to ping the server then the result will be “request time out” and “server not reachable”.

Testing Backup:
Backup Testing was performed by synchronising the files to a fixed directory. We can confirm the presence of file by using ls command.

Future Prospects

edit

Future Scope:
1. We could have implemented light weight directory access protocol for maintenance of directory. 2. We could have implemented cloud server and bit torrent server. 3. We could have implemented modularity in network. 4. We could have implemented VLAN,s.


Citations

edit

Websites referred:

https://help.ubuntu.com/community/

https://wiki.debian.org/WiFi/AdHoc

http://www.linuxquestions.org/questions/linux-server-73/write-permission-for-users-on-nfs-folder-852800/

https://help.ubuntu.com/community/SettingUpNFSHowTo

http://www.garron.me/en/go2linux/how-setup-dns-server-master-slave-bind.html

https://help.ubuntu.com/lts/serverguide/dhcp.html

https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-onan-ubuntu-or-debian-vps

http://www.syslinux.org/wiki/index.php/PXELINUX#DHCP_Config_-_PXE-1

Books referred:

Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross