Data Networking/Fall 2014/Specialhost1-YTHZ
Project Team members
edit- Yang Lu
- Tongyang Zou
- Hancheng Xiao
- Zixiang Jia
Motivation
editNowadays, Linux is an important part in networking. Through this process of setting the networking, we will know more about the network architecture and the layers of network. Besides, this project will help us deeply understanding protocols, such as DHCP, DNS and etc, which will help us learning a lot of commands by testing the servers time by time. All in all, practical Linux Project is a good way for us to be familiar with Ubuntu System and Linux, it motivates us to work hard and more like a team.
Introduction
editProject Requirement
editIn brief, the network solution engineers team is provided with the requirement to design and implement servers which support Domain Name Service (DNS), Dynamic Host Control Protocol (DHCP) and Web-server for Networks. Also the team has to design the security solutions to conserve these servers. For packages,
For DNS Server: apt-get install bind9
For DHCP: apt-get install isc-dhcp-server
For Web Server: apt-get install apache2
For Backup: apt-get install openssh-server
For VPN: apt-get install pptpd
Flowchart
editBackground
editDNS- which is short for Domain Name Service- is a service that map IP addresses and fully qualified domain names to one another.
DHCP-Which is short for Dynamic Host Configuration Protocol-is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host.
Web Server-Which is used to serve Web Pages requested by clients.
Backup-is to copy a backup of every day work from the current server to a different server.
Steps to perform the setup / installation
editThe following topics are essential to the successful implementation of our servers and solutions. The details of the protocols used and servers implemented are provided in the reference links below.
Steps to set up the DNS server:
1. First switch to root user by sudo su command.
2.Now install bind9 & bind9utils. #apt-get bind9 bind9utils. The DNS configuration files are stored in the /etc/bind directory, so go to /etc/bind directory #cd /etc/bind
3.Configure named.conf.options file in the /etc/bind/named.conf.options, which tells DNS where to look for files. All files BIND uses will be relative to this directory.
#nano named.conf.options
4. Configure named.conf.local file in the /etc/bind/named.conf.local, which consists of forward zone and reverse zone. #vi named.conf.local
5. Configure for.db zone file that server resolves domain name to IP address. We can use copy command #cp db.local for.db to copy local file to my file and edit it. #vi for.db
I change localhost to the FQDN of my server & root.localhost to a valid address, leaving the additional “.” at the end. Change 127.0.0.1 to the nameserver’s IP Address. Also configure MX &CNAME records & update serial time to time. Since we should have 5 DNS records, there are 5 nearly same forward zone files with for.db.
6. Configure rev.db zone file that server resolves IP address record to net mask.
7. Check group of named.conf.options named.conf.local for.db rev.db files. Files group must be bind.
- ll named.conf.options named.conf.local for.db rev.db
8. Now set up network interface file.
#vi /etc/network/interfaces
9. Configure resolv.conf file, search domain name and nameserver IP address.
#nano /etc/resolv.conf
10. Restart bind9 service.
- /etc/init.d/bind9 restart
Steps to set up the DHCP server
1.The first thing we are doing to assign static IP address for dhcp along with netmask, gateway. The broadcast and network are not necessary. We are using Ethernet 0 in this project. First we input in the sudo vim /etc/network/interfaces file.
2.Then we have to double check we correctly use and open the eth0
3.We set the client dynamic IP address. To Assign IP addresses dynamically, change the /etc/dhcp/dhcpd.conf file. First we set domain name specialhost1.com and domain-name-servers ip address. Next, we set the default-lease-time 600 and max-lease-time 7200, then we set the network with mask and give the range that can be assigned, along with the IP addresses of the router.
4.Finally, we give the DNS and web server fixed IP-address with respective Ethernet mac address.
5.After that, restart isc-dhcp-server again; sudo /etc/init.d/isc-dhcp-server restart.
Steps to set up the WEB server:
1.Configuration of web server
a. We use apache2 as our web server, so the first step is to install it.
sudo apt-get install apache2
Then restart apache2 by: sudo /etc/init.d/apache2 restart
b. Build ‘apache+php+mysql’ architecture of web server.
- sudo apt-get install mysql-server
- sudo apt-get install php5
- sudo apt-get install libapache2-mod-php5
- sudo /etc/init.d/apache2 restart
- sudo apt-get install libapache2-mod-auth-mysql
- sudo apt-get install php5-mysql
- sudo /etc/init.d/apache2 restart
vim /var/www/info.php
In order to modify the webpage, we could use:
cd /var/www ls
sudo nano index.html
In order to modify the webpage, we could use: cd /var/www ls sudo nano index.html
Steps to set up Firewall:
Before configuring firewall, we could access to the default page of web server:
We use iptables to set firewall. There are some basic commands below: (we use 192.168.10.0/24 as our permitted client IP addresses)
a. To open HTTP
iptables –I INPUT –s 192.168.10.0/24 –p tcp --dport 80 –j ACCEPT
iptables –I INPUT –p tcp --dport 80 –j DROP
The first line is to open port 80 for the subnet 192.168.10.0/24 and the second line is to drop other access IP addresses.
After setting, we could not link to the default page anymore because the IP address of the linux machine doesn’t belong to the permitted IP address.
b. To open SSH
iptables –I INPUT –s 192.168.10.0/24 –p tcp –m state --state NEW --dport 22 –j ACCEPT
iptables –I INPUT–p tcp –m state --state NEW --dport 22 –j DROP
c. To open ICMP
iptables –I INPUT –s 192.168.10.0/24 –p icmp --icmp-type echo-request –j ACCEPT
iptables –I INPUT –s –p icmp --icmp-type echo-request –j DROP
Use iptables –L to look up the configuration of firewall.
Steps to set up PXE:
1. Steps for DHCP Setup:Install the tftp-hpa and openbsd in the Ubuntu server.
2. Configure the DHCP server dhcpd.conf file with PXE specific settings file name and next-server IP address, which is the static IP address of DHCP server.
3. Restart the DHCP server, it should be OK, if it fails, Reboot the Ubuntu.
4. Perform the tftp configuration, edit the inetd.conf file .
5. Enable boot service for inetd.
6. Start the openbsd-inetd and tftpd-hpa services.
7. PXE boot file setup
8. Copy the pmagic folder from the unzipped package to tftpboot folder. Create a folder pxelinux.cfg and default file within that folder.
9. We created a labeled partmagic in the default file and appended appropriate attributes to it.
10. Setup the appropriate permissions using the command chmod. If it does not get the correct permission, you will receive a “File Not Found” or “Permission Denied” Error.
11. Restart Ubuntu.
Steps to set up Backup:
1. Implemented backup using rsync and crontab.
2. Implemented backup using rsync on to the remote server.
3. Put the rsync command into crontab i.e. which acts as a scheduler.
Steps to set up NFS:
Install NFS on Web Server to make it also an NFS Server.Sudo apt-get nfs-kernel-server rpcbind
1.First, we are going to do configuration for the server.
2.Next, what we need to do is to create the directory and change the mode to have the permission to the file we create. The file is armnfs.
3.Then, sudo service nfs-kernel-server restart, it will be start/running.
4.And we showmount -e. It showes that the file is mounted successfully.
5.Sudo on the client. Then we are going to do configuration about the client. Install nfs-get install nfs-common rpcbind first.
6.Create the directory of armnfs file, and then we mount the IP address of the server or the file.
Testing
editFor DNS
editNow time to check master DNS server via nslookup, dig&host command.
Use ifconfig to look up my DNS server’s IP address which is assigned by DHCP address.
Use Nslookup command and type in hostname and IP addresses to test if each other will be mapped.
Use Dig command to Dig -x IP addresses to see if domain name will show.
Type in my domain name in browser to see if it can access to website.
For DHCP and DNS
editI check the output on the DNS server pc to input ifconfig, we can see that the DNS server will receive the IP address assigned by my DHCP server.
For DNS, DNS gets the request from client, the DNS play as the role to transfer the domain name to IP address, and then the client can get the IP address of webserver. As a result, the client can get access the website created by webserver.
For DHCP and Client
editWWhen the DHCP server and client are both connected to the switch, and we set the bridge model for DHCP server and client in Ubuntu. Then, we close the wifi in windows on DHCP server and client. In the windows terminal, we input ipconfig, we can see that the client will receive the IP address in the range that DHCP server assigns in the scope. And it also shows the our hostname of specialhost1.com.
For DHCP and Webserver
editThe DHCP can assign IP address to web server, and on the web server, after we input ifconfig in terminal. The 192.168.10.4 is the IP address assigned by the dhcp server to the web server. It is successful as it shows below.
As it shows below, as the client or even DNS server can get access to the web server, the client requests for the website and the DNS server transfer the host name to IP address. As a result, the client can get access to the website designed by the web server.
For NFS
editWe input the armnfs in the link, we can access the website to show that it is successful to mount the file of armnfs. The name of armnfs can be change if you want.
Future Improvements
edit- we can use grsync, backuppc or other tools instead of typing command lines for convenient to provide GUI, these can complete the backup and set parameters by clicking button.
- we can add more advancements such as having online backup. Users can access their files and folders anytime and anywhere by storing the backed up files in the internet.
- We can implement more add-ons like mail server into project.
Citation
edithttps://help.ubuntu.com/community/PPTPServer https://help.ubuntu.com/community/CronHowto https://help.ubuntu.com/community/BIND9ServerHowto https://help.ubuntu.com/community/isc-dhcp-server http://askubuntu.com/questions/412574/pxe-boot-server-installation-steps-in-ubuntu-server-vm http://drupalize.me/videos/installing-web-server-ubuntu http://askubuntu.com/questions/140126/how-do-i-configure-a-dhcp-server https://www.isc.org/downloads/dhcp/ http://xmodulo.com/2014/03/how-dns-works.html http://manpages.ubuntu.com/manpages/hardy/en/man8/pptpd.8.html http://www.technicalinfo.net/papers/Pharming.html