Data Networking/Fall 2014/Specialhost1-YTHZ

• Yang Lu
• Tongyang Zou
• Hancheng Xiao
• Zixiang Jia

Nowadays, Linux is an important part in networking. Through this process of setting the networking, we will know more about the network architecture and the layers of network. Besides, this project will help us deeply understanding protocols, such as DHCP, DNS and etc, which will help us learning a lot of commands by testing the servers time by time. All in all, practical Linux Project is a good way for us to be familiar with Ubuntu System and Linux, it motivates us to work hard and more like a team.

Project Requirement edit

In brief, the network solution engineers team is provided with the requirement to design and implement servers which support Domain Name Service (DNS), Dynamic Host Control Protocol (DHCP) and Web-server for Networks. Also the team has to design the security solutions to conserve these servers. For packages,

For DNS Server: apt-get install bind9

For DHCP: apt-get install isc-dhcp-server

For Web Server: apt-get install apache2

For Backup: apt-get install openssh-server

For VPN: apt-get install pptpd

Flowchart edit

Background edit

DNS- which is short for Domain Name Service- is a service that map IP addresses and fully qualified domain names to one another.

DHCP-Which is short for Dynamic Host Configuration Protocol-is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host.

Web Server-Which is used to serve Web Pages requested by clients.

Backup-is to copy a backup of every day work from the current server to a different server.

The following topics are essential to the successful implementation of our servers and solutions. The details of the protocols used and servers implemented are provided in the reference links below.

Steps to set up the DNS server:

1. First switch to root user by sudo su command.

2.Now install bind9 & bind9utils. #apt-get bind9 bind9utils. The DNS configuration files are stored in the /etc/bind directory, so go to /etc/bind directory #cd /etc/bind

3.Configure named.conf.options file in the /etc/bind/named.conf.options, which tells DNS where to look for files. All files BIND uses will be relative to this directory.

 #nano named.conf.options

4. Configure named.conf.local file in the /etc/bind/named.conf.local, which consists of forward zone and reverse zone. #vi named.conf.local

5. Configure for.db zone file that server resolves domain name to IP address. We can use copy command #cp db.local for.db to copy local file to my file and edit it. #vi for.db

I change localhost to the FQDN of my server & root.localhost to a valid address, leaving the additional “.” at the end. Change 127.0.0.1 to the nameserver’s IP Address. Also configure MX &CNAME records & update serial time to time. Since we should have 5 DNS records, there are 5 nearly same forward zone files with for.db.

6. Configure rev.db zone file that server resolves IP address record to net mask.

7. Check group of named.conf.options named.conf.local for.db rev.db files. Files group must be bind.

1. ll named.conf.options named.conf.local for.db rev.db

8. Now set up network interface file.

 #vi  /etc/network/interfaces

9. Configure resolv.conf file, search domain name and nameserver IP address.

#nano /etc/resolv.conf

10. Restart bind9 service.

1. /etc/init.d/bind9 restart

Steps to set up the DHCP server

1.The first thing we are doing to assign static IP address for dhcp along with netmask, gateway. The broadcast and network are not necessary. We are using Ethernet 0 in this project. First we input in the sudo vim /etc/network/interfaces file.

2.Then we have to double check we correctly use and open the eth0

3.We set the client dynamic IP address. To Assign IP addresses dynamically, change the /etc/dhcp/dhcpd.conf file. First we set domain name specialhost1.com and domain-name-servers ip address. Next, we set the default-lease-time 600 and max-lease-time 7200, then we set the network with mask and give the range that can be assigned, along with the IP addresses of the router.

4.Finally, we give the DNS and web server fixed IP-address with respective Ethernet mac address.

5.After that, restart isc-dhcp-server again; sudo /etc/init.d/isc-dhcp-server restart.

Steps to set up the WEB server:

1.Configuration of web server

a. We use apache2 as our web server, so the first step is to install it.

sudo apt-get install apache2

Then restart apache2 by: sudo /etc/init.d/apache2 restart

b. Build ‘apache+php+mysql’ architecture of web server.

• sudo apt-get install mysql-server
• sudo apt-get install php5
• sudo apt-get install libapache2-mod-php5
• sudo /etc/init.d/apache2 restart
• sudo apt-get install libapache2-mod-auth-mysql
• sudo apt-get install php5-mysql
• sudo /etc/init.d/apache2 restart

vim /var/www/info.php

In order to modify the webpage, we could use:

cd /var/www ls

sudo nano index.html

In order to modify the webpage, we could use: cd /var/www ls sudo nano index.html

Steps to set up Firewall:

Before configuring firewall, we could access to the default page of web server:

We use iptables to set firewall. There are some basic commands below: (we use 192.168.10.0/24 as our permitted client IP addresses)

a. To open HTTP

iptables –I INPUT –s 192.168.10.0/24 –p tcp --dport 80 –j ACCEPT

iptables –I INPUT –p tcp --dport 80 –j DROP

The first line is to open port 80 for the subnet 192.168.10.0/24 and the second line is to drop other access IP addresses.

After setting, we could not link to the default page anymore because the IP address of the linux machine doesn’t belong to the permitted IP address.

b. To open SSH

iptables –I INPUT –s 192.168.10.0/24 –p tcp –m state --state NEW --dport 22 –j ACCEPT

iptables –I INPUT–p tcp –m state --state NEW --dport 22 –j DROP

c. To open ICMP

iptables –I INPUT –s 192.168.10.0/24 –p icmp --icmp-type echo-request –j ACCEPT

iptables –I INPUT –s –p icmp --icmp-type echo-request –j DROP

Use iptables –L to look up the configuration of firewall.

Steps to set up PXE:

1. Steps for DHCP Setup:Install the tftp-hpa and openbsd in the Ubuntu server.

2. Configure the DHCP server dhcpd.conf file with PXE specific settings file name and next-server IP address, which is the static IP address of DHCP server.

3. Restart the DHCP server, it should be OK, if it fails, Reboot the Ubuntu.

4. Perform the tftp configuration, edit the inetd.conf file .

5. Enable boot service for inetd.

6. Start the openbsd-inetd and tftpd-hpa services.

7. PXE boot file setup

8. Copy the pmagic folder from the unzipped package to tftpboot folder. Create a folder pxelinux.cfg and default file within that folder.

9. We created a labeled partmagic in the default file and appended appropriate attributes to it.

10. Setup the appropriate permissions using the command chmod. If it does not get the correct permission, you will receive a “File Not Found” or “Permission Denied” Error.

11. Restart Ubuntu.

Steps to set up Backup:

1. Implemented backup using rsync and crontab.

2. Implemented backup using rsync on to the remote server.

3. Put the rsync command into crontab i.e. which acts as a scheduler.

Steps to set up NFS:

Install NFS on Web Server to make it also an NFS Server.Sudo apt-get nfs-kernel-server rpcbind

1.First, we are going to do configuration for the server.

2.Next, what we need to do is to create the directory and change the mode to have the permission to the file we create. The file is armnfs.

3.Then, sudo service nfs-kernel-server restart, it will be start/running.

4.And we showmount -e. It showes that the file is mounted successfully.

5.Sudo on the client. Then we are going to do configuration about the client. Install nfs-get install nfs-common rpcbind first.

6.Create the directory of armnfs file, and then we mount the IP address of the server or the file.

For DNS edit

Now time to check master DNS server via nslookup, dig&host command.

Use ifconfig to look up my DNS server’s IP address which is assigned by DHCP address.

Use Nslookup command and type in hostname and IP addresses to test if each other will be mapped.

Use Dig command to Dig -x IP addresses to see if domain name will show.

Type in my domain name in browser to see if it can access to website.

For DHCP and DNS edit

I check the output on the DNS server pc to input ifconfig, we can see that the DNS server will receive the IP address assigned by my DHCP server.

For DNS, DNS gets the request from client, the DNS play as the role to transfer the domain name to IP address, and then the client can get the IP address of webserver. As a result, the client can get access the website created by webserver.

For DHCP and Client edit

WWhen the DHCP server and client are both connected to the switch, and we set the bridge model for DHCP server and client in Ubuntu. Then, we close the wifi in windows on DHCP server and client. In the windows terminal, we input ipconfig, we can see that the client will receive the IP address in the range that DHCP server assigns in the scope. And it also shows the our hostname of specialhost1.com.

For DHCP and Webserver edit

The DHCP can assign IP address to web server, and on the web server, after we input ifconfig in terminal. The 192.168.10.4 is the IP address assigned by the dhcp server to the web server. It is successful as it shows below.

As it shows below, as the client or even DNS server can get access to the web server, the client requests for the website and the DNS server transfer the host name to IP address. As a result, the client can get access to the website designed by the web server.

For NFS edit

We input the armnfs in the link, we can access the website to show that it is successful to mount the file of armnfs. The name of armnfs can be change if you want.

• we can use grsync, backuppc or other tools instead of typing command lines for convenient to provide GUI, these can complete the backup and set parameters by clicking button.
• we can add more advancements such as having online backup. Users can access their files and folders anytime and anywhere by storing the backed up files in the internet.
• We can implement more add-ons like mail server into project.

https://help.ubuntu.com/community/PPTPServer
https://help.ubuntu.com/community/CronHowto
https://help.ubuntu.com/community/BIND9ServerHowto
https://help.ubuntu.com/community/isc-dhcp-server
http://askubuntu.com/questions/412574/pxe-boot-server-installation-steps-in-ubuntu-server-vm
http://drupalize.me/videos/installing-web-server-ubuntu
http://askubuntu.com/questions/140126/how-do-i-configure-a-dhcp-server
https://www.isc.org/downloads/dhcp/
http://xmodulo.com/2014/03/how-dns-works.html
http://manpages.ubuntu.com/manpages/hardy/en/man8/pptpd.8.html
http://www.technicalinfo.net/papers/Pharming.html