Data Networking/Fall 2014/SabrinaLiza

The Folks

edit

1. Akshata Damani

2. Sabrina Afroze Liza

3. Swetha Ganta

4. Vaibhav Shah

Motivation

edit

The linux project has created a great motivation to learn new applications on linux and this project has given a great opportunity to learn configuration of DNS server, DHCP server, Web server, Firewall, NIS, NFS, VPN and Backup server. Through this project we can be able to create a small network by the help of ubuntu.

Understanding the Protocol

edit

Domain Name System (DNS):

DNS is an application protocol that translates hostnames to IP addresses. This protocol is a distributed database which is implemented in a hierarchy of DNS servers. Hosts can query the distributed database by this DNS protocol. The DNS protocol can use either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) using port number 53 at the transport layer. Besides the translation of host names to IP addresses the DNS protocol provides many important services such as host aliasing, mail server aliasing, load distribution.

Dynamic Host Configuration Protocol (DHCP):

DHCP is an application layer protocol that assigns a random and temporary address to a host from DHCP's pool of ip addresses. When a host leaves, its ip address is returned to the pool. This is called plug-and-play protocol. Besides getting the ip address from DHCP, a host can get important information such as its subnet mask, the default gateway and the ip address of its local DNS server. So, DHCP is client-server protocol. DHCP follows four step processes such as DHCP server discovery, DHCP server offer, DHCP request and DHCP ACK.

HyperText Transfer Protocol (HTTP):

HTTP is the Web’s application layer protocol that uses TCP on port 80 at the transport layer. HTTP is used in a client program and a server program. Web browsers use the client side HTTP and web servers use the server side of HTTP. When a client requests a web page, the browser sends request message to the server using HTTP. Then the server receives the request message and gives the response message using HTTP. As an HTTP protocol does not maintain information about the clients, so this is called stateless protocol.

Network File System (NFS):

The Network File System (NFS) is a client/server application that allows a user to view and also store and update file on a remote server. The user's system needs to have an NFS client and the remote systems needs the NFS server. The NFS server and client use TCP/IP.

Virtual Private Network (VPN):

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network.

Network Information Service (NIS):

The network information Service is used for centralized authentication in a client-server network. It creates a database to provide authentication. Once the objects are created, updated and configured on the NIS server, all the NIS clients are updated with those changes. It contains the list of users and their identifications. It is used to authenticate the users.

Secure Shell (SSH):

SSH is a cryptographic network protocol that provides secure data communication, remote command line login, and remote command execution. When two computers are connected with each other through a secure channel over an insecure network SSH provides secure network services. SSH uses public-key cryptography to give permission the remote computer and allow it to give permission the user. SSH is used to backup file to another machine for security purposes. SSH uses the TCP port 22.

The Requirements

edit

We have to build a DNS server, a DHCP server, a Web server within a small network.When a client pc comes to the network, it will get an ip from DHCP ip pool. IT also can access a web page from web server. DNS should be able to resolve the name. Firewall should block the client. In this project we have used ubuntu 14.04 LTS. We need to install bind9 for set up DNS server, apache2 for configuration of web server and dhcp-server to implement DHCP server.

Steps to perform the setup / installation

edit

DNS (Domain Name System) Sever Setup

edit

1) Install bind9 for setup DNS server.

2) Edit the named.conf.local file to add forward and reverse lookup zones.

3) "project.linux" has been added in the forward lookup zone as master type.

4) "20.168.192.in-addr.arpa" has been added in the reverse lookup zone as master type.

5) Edit the named.conf.options file to add the IP addresses of our ISP’s DNS server.

6) Edit the resolv.conf file to add the IP address of our DNS server which is fixed statically to 192.168.20.2 and our domain name (project.linux) is fixed in search option.

7) Create the zones by mkdir command.

8) Edit project.linux.db file to set TTL value, create NS record and A records.

9) Edit the rev.20.168.192.in-addr.arpa file to create PTR records for each A record.

10) Restart bind9 to save our recent changes.

DHCP (Dynamic Host Configuration Protocol) Sever Setup

edit

1) Install isc-dhcp-server for setup DHCP server.

2) Edit /etc/network/interfaces file to assign the static ip address to the dhcp server. In this file, IP address of the DHCP, Network mask, Default Gateway address, Network address, Broadcast address, DNS server name used in DNS server and DNS name also has been added.

3) Restart the interfaces.

4) Edit the dhcpd.conf file to specify various parameters of the DHCP server such as domain name of the DNS server, IP address of the Name server, default lease time, maximum lease time, subnet mask, IP range for the clients, gateway router's IP address and broadcast address.

5) Start the DHCP server.

PXE BOOT Setup:

1) Install tftp server for pxe boot.

2) Edit /etc/default/isc-dhcp-server file to set interface as eth0.

3) Edit /etc/dhcp3/dhcpd.conf file.

4) Restart the server.

5) ‪Edit /etc/inetd.conf file and enable boot service.

6) Restart openbsd-inetd service and tftpd-hpa service.

7) Set up pxe boot files and give permissions to the tftp.

Web Sever Setup

edit

1) Install apache2 to configure the web server.

2) Edit /etc/hosts file to add the host name of the web server as project.linux.

3) Create the copy of the default file with different file name as project.linux.

4) Edit the project.linux.conf file to add the ServerName as *.project.linux and ServerAlias as *.www.project.linux.

5) Enable the project.linux site.

6) Restart the apache2 server.

7) Edit the index.html file and the page can be designed accordingly.

Firewall Setup

edit

1) Enable the SSH port ensures that irrespective of the base policy, the SSH port will always be available even if there happens to be a mistake in assigning the rules.

2) Use the default deny that means allow the rules in order to enable certain ports.

3) Allow all web traffic with destination port as 80 and 443.

4) Allow all loopback traffic.

5) Allow the ftp traffic to be accessed by the clients.

6) Allow the DNS traffic to access the web server for both TCP and UDP.

Added Features

edit

NFS (Network File System) Setup

edit

Server Configuration:

1) Install the nfs-kernel-server package to allow sharing the directories on the server.

2) Edit /etc/exports file to give root privileges.

3) Create the NFS table that holds the exports of shares.

4) start the nfs-kernel-server service.

Client Configuration:

1) Install nfs-common package for client configuration.

2) Mount the remote shares and this is created to keep our remote shares.

3) Mount the remote shares by addressing the host server (192.168.20.2).

VPN (Virtual Private Network) Setup

edit

1) Install the pptpd package which is used for configuring vpn.

2) Edit the pptpd.conf file to add local ip and remote ip.

3) Edit the pptpd-options file to give DNS server's IP.

4) Edit /etc/ppp/chap-secrets file to set the username and password.

NIS (Network Information Service) Setup

edit

Server Configuration:

1) Install NIS server by install portmap nis command.

2) Edit /etc/default/nis file to allow the nisserver to behave as master and allow the NIS to behave only as the server.

3) Edit /etc/yp.conf file to add the domain name as akshata.

4) Edit /etc/ypserv.securenets file to allow all the address in the pool of addresses to access the nis server.

5) Refresh the database.

6) Edit /var/yp/Makefile file where shadow file contains the users passwords and also the aging information.

Client Configuration:

1) Install NIS server by install portmap nis command.

2) Edit /etc/passwd file to add Name services to the NIS.

3) Edit /etc/yp.conf to Set ypserver’s address.

4) Restart the nis server.

Backup Configuration

edit

1) Use corntab to create backup in order to access the files even if the system crashes down.

2) create pair of public and private keys.

3) Create script file for backup.

4) Extract the backup file.

Testing

edit

Testing of DHCP server:

When the Client PC has entered the Ad-hoc network, the DHCP server assigns the IP address to it. Then we have tested by 'ifconfig' command whether the client receives an IP or not. We have tested it in our Lab via Switch and the DHCP has worked successfully.

Testing of DNS server:

When the client tries to access the website (project.linux) in the network and the client's query has gone at the DNS server. The DNS server gives the access to the client with the IP address of the web server. Now the client has gained access to get the webpage. This proves that the DNS server can resolve hostname-to-IP and also IP-to-Hostname. We tested the DNS server with 'nslookup' and 'dig' command. The DNS server works successfully.

Testing of Web server:

When the web server gets a HTTP request from the client for accessing its webpage by host name or IP address, that web page has been shown on the screen of the client PC. That means the server is working successfully.

Testing of Firewall:

We have checked the Firewall by 'Iptables-L' command to show the Firewall rules. We have blocked the ICMP and when the client tries to ping the web server, it is denied. So the web server works successfully.

Testing of NFS:

We have used 'df -h' command to check the available disk space on our client server. We have checked the NFS sever manually by creating a file in the server’s home location. And then if we check in the clients mounted location, we can see that the file that has been created in the server is already mounted to the client. So the NFS server's testing is done.

Testing of VPN:

The VPN can be tested after configuring the VPN on the server and then establishing the connection between the client and the server. By using point-to-point encryption, the connection can be established between the server and client. Also, the default gateway needs to be mentioned for both.

Testing of NIS:

To check the NIS server the command is 'rpcinfo -p localhost'. This will show the all running NIS servers components on the machine. The list will consist of the program id, protocol, port number and server name.

Testing of Backup:

We have fixed the time to check the update of zipped file on specific directory and it shows successfully.

Future Prospects

edit

1) We can try to implement ipv6 address for DHCP and DNS server.

2) Security level can be increased BY implementing Nagios for monitoring purpose.

3) We can try to implement LDAP to network authentication and authorization.

Citations

edit

Websites Reffered:

https://help.ubuntu.com/14.04/serverguide/

https://help.ubuntu.com/14.04/serverguide/dns.html

https://help.ubuntu.com/14.04/serverguide/firewall.html

https://help.ubuntu.com/14.04/serverguide/httpd.html

https://help.ubuntu.com/14.04/serverguide/network-file-system.html

https://help.ubuntu.com/14.04/serverguide/backups.html

https://help.ubuntu.com/14.04/serverguide/vpn.html

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-14-04

Books Reffered:

Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross