Data Networking/Fall 2014/Xiang Gao
Group Members
editXiang Gao
Weiqi Yao
Haichuan Zhang
Understanding of Components in Our Network
editDynamic Host Configuration Protocol (DHCP)
editDynamic Host Configuration Protocol (DHCP) allows a host to obtain or be allocated an IP address automatically. It is a plug-and-play protocol, based on its ability to automate the network-related aspects of connect- ing a host into a network. Because of this feature, we use an ubuntu system as an DHCP server in our network. It will give static IP address for our Domain Name Server (DNS) and Web server in our network. Also, it will random assign IP address to the clients who connected into our network.
Domain Name Server (DNS)
editDNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. In our network, the DNS server keeps the mapping of domain names and IP addresses. It will resolve the DNS query from others.
Web Server & Firewall
editweb server is a computer system that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. In our network, the web server have
2 web pages. Each of them has their own content for clients to visit.
Firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set.Firewall in our project has the functions of IP filtering, protocol filtering, etc. It is used to limit the particular incoming or outgoing visit. For example, We can block a client with particular IP address from visiting the web server.
Installation & Configuration
editDHCP
editInstallation
editWe install the isc-dhcp server first.
command: sudo apt-get install isc-dhcp-server
Configuration
edit- in order to let DHCP work, we should set IP address for DHCP server manually. We go into the interface to configure the IP address for DHCP, as well as its subnetmask, broadcast IP address and gateway IP address.
- After finished above pictures’ configuration, we should restart the interface<br /
- Configure the DHCP main file by edit /etc/dhcp/dhcpd.conf file. In this file we can set IP subnet, subnet mask, and IP range and so on.
- At last, we should restart or start the disc-dhcp-server
The detail configuration in dhcpd.conf file is:
Subnet mask: 255.255.255.0 Network: 192.168.1.0 Router: 192.168.1.1 IP range: 192.168.10.20 - 192.168.10.200 Static IP address for Web server: 192.168.1.4 Static IP address for DHCPserver: 192.168.1.3 Static IP address for DNS server: 192.168.1.2
DNS
editInstallation
editIn the designing of DNS Server, we need to install bind9
command: sudo apt-get install bind9
Configuration
edit- we get into the /etc/bind file by using command: cd /etc/bind
- we start configure the local file by using command: nano named.conf.local
- we gave each website a file to store the configuration detail.
- we get into the certain file we created before to give DNS specifications, by using command “nano db.site1.com”, we successfully accessed the certain file. In that file we creat several DNS records, NS, A, CNAME,AAAA.
- we need to create the reverse domains.
Web Server
editInstallation
editwe need to install 3 software on Ubuntu, apache2, php5 and libapache2-mod-php5.
Configuration
edit- The files we need to use in the configuration for web server, /var/www and /etc/apache2/sites-available.
- In this file, /var/www, we need to create 2 documents, site1.com and site2.com, to edit and store the contents of our webpages.
- Then in the file of /etc/apache2/sites-available, we need to put some necessary information about our website.
- Once we have created the above documents, we should enable site1.com and site2.com.
Firewall
editInstallation
editWe use ufw to implement the functionality of firewall. command: sudo apt-get install ufw
Configuration
editWe want to block the client with a particular IP address from visiting our webserver.
Commands used:
Sudo ufw enable
Sudo ufw deny from 192.168.1.22
Sudo ufw allow from 192.168.1.0/24
Sudo ufw status
Add-ons
editBack-up
editIn the backup section, we use MySQL to store our data and use some tools such as automysqlbackup and cron. We also can backup database manually.
Installation command:
sudo apt-get install mysql-server
sudo apt-get install libapache2-mod-auth-mysql
sudo apt-get install php5-mysql
1) Automysqlbackup
This utility can be scheduled to automatically perform backups at regular intervals. So it is a very convenient way for our back-up.
Installation command:
sudo apt-get install automysqlbackup
Following is the configuration for back-up.
The main configuration file for automysqlbackup is located at "/etc/default/automysqlbackup":
sudo nano /etc/default/automysqlbackup
The default location for backups is "/var/lib/automysqlbackup". Search this directory to see the structure of the backups:
ls /var/lib/automysqlbackup
There are 3 files – daily, weekly and monthly – inside automysqlbackup.
2) Use cron to back-up automatically
Ubuntu installs a cron script with this program that will run it every day. It will organize the files to the appropriate directory.
Install cron on Unbuntu using below command:
sudo apt-get install gnome-schedule
Then configure crontab, set a particular timing to backup.
3) Backup database manually
Create a new database which will hold all of the data from the data dump and then exit out of the MySQL prompt:
CREATE DATABASE database_name;
Next, we can redirect the dump file into our newly created database by issuing the following command:
mysql -u username -p database_name < backup_name.sql
Information should now be restored to the database we've created.
NFS
editNFS (Network File System) mounts work to share a directory between several virtual servers. This has the advantage of saving disk space, as the home directory is only kept on one virtual private server, and others can connect to it over the network. When setting up mounts, NFS is most effective for permanent fixtures that should always be accessible.
Installation command:
Sudo apt-get install nfs-kernel-server
Configure NFS server Editing the /etc/exports file. First make a backup copy of the default NFS configuration file:
Here we use /home/gxless/Desktop as the default NFS file, and allow client with IP address 192.168.1.30 to share this default file.
Then we install nfs-common in the client’s host.
Installation command:
Sudo apt-get install nfs-common
Then we can transfer the default file to client.
NIS
editThe Network Information Service is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.
Installation command
sudo apt-get install portmap
sudo apt-get install nis
Following is configuration for NIS.
sudo nano /etc/ypser.securenets
sudo nano /var/yp/Makefile
Then set up remote users:
Sudo useradd-d /home/username –m username Sudo passwd username
We can use “cat /etc/passwd” to check the remote users.
Ecryptfs
editEcryptfs can encrypt files in particular folder to enhance files more secure. Installation command:
sudo apt-get install ecryptfs-utils
Mount the partition to be encrypted: sudo mount –t ecryptfs /srv /srv
sudo cp –r /etc/default /srv sudo umount /srv
cat /srv/default/cron
VPN
editFirst, we install the pptpd to configure the VPN server.
The Command line ”apt-get install pptpd”.
After that, we edit the pptpd file by giving command ” nano /etc/pptpd.conf”. We give the local IP and the remote IP for client.
Then we configure the pptpd.option file
Here, we give the DNS server IP address.
Then we came to this file-/etc/sysctl.conf.
Delete the “#” in front of net.ipv4.ip_forwards=1
Finally, we came to the /etc/rc.local file to give the IPtables.
Testing
editDNS Server
editWe use command nslookup to test DNS Server. If DNS Server can map domain name to IP address and do this reversely, it means the DNS Server works well.
DHCP Server
editwe will test whether DHCP Server can assign IP addresses for other servers and Clients connected to this network.
If the DHCP work well, the IP address of DNS server should be 192.168.1.2, the IP address of Web server should be 192.168.1.4, and other clients should be assign IP address in the range of 192.168.20 to 192.168.200.
Web Server
editTo check if the web server work well we open the web browser in different clients or servers, and type web server address: site1.com or site2.com. If it works, the web page should be shown in browser.
Firewall
editAs we configured ufw, commands we used to block the packet from IP address 192.168.1.22 are:
sudo ufw deny from 192.168.1.22
sudo ufw allow from 192.168.1.0/24
Then we check the status of ufw using the following command:
sudo ufw status
If we enable ufw, this client cannot visit webpage any more. The Firewall works well.
Back-up
edit1) Automysqlbackup
The default location for backups is "/var/lib/automysqlbackup". Search this directory to see the structure of the backups:
ls /var/lib/automysqlbackup
There are 3 files – daily, weekly and monthly – inside automysqlbackup.
2) Cron
Command used in configuring crontab
sodu crontab –e
Use 0 0 * * * /etc/cron.daily to back up daily and save the back-up in file /etc/cron.daily
In the file /etc/cron.daily, we can see the back-up files.
NFS
editFirstly, we should restart nfs-kernel-server. Command used:
sudo /etc/init.d/nfs-kernel-server start
This is our default NFS file. We can see inside this file. We have hello.py, hhhh.py, etc.
Now, we will transfer this file to the client’s host.
Command used:
sudo mount 192.168.1.4:/home/gxless/Desktop /home/nfs-gx
Then it finishes without any notice.
We can enter nfs-gx, and the default file in host NFS server now has transferred to client NFS server.
Future Improvements
editBackup -- There are many methods that can be used as backup for our web server. In the future, we could consider more efficient and convenient way to implement backup.
Mail server -- Mail server is often needed for most companies. So in the future, we could add a mail server for this company.
IPv6 -- We could assign IPv4 for our servers and clients in the future.
Challenges
editDNS Server
editDuring the process of configuring the DNS server, I deeply found that computer doesn’t works in human way, we have to use computer language to talk with computer. There is a lot of format requirement for the Ubuntu machine.
Beside, adding the IPv6 address is sort of annoying, since I thought the IPv6 has the same format with IPv4, and it didn’t work.
After going through so many videos on YouTube, we finally configured everything.
DHCP Server
editFirst, the most important things we should pay attention to in configure DHCP server is that the IP address of the interface of the DHCP server and the subnet of your DHCP range should be in consistent. This two things is edit in two different file, so that we may make some mistake when we editing it. If these two are not in consistent, the DHCP server will not able to start. This is a big issue when we doing the DHCP configuration, after we finish everything, the DHCP server always fail. We did know what’s wrong at that time, and we almost try every possible ways even install the Ubuntu system again. Finally, we decided to check all the configurations again and we find this problem.
Second, there are two possible ways to start/restart the DHCP server, the first one is “sudo service isc-dhcp-server start” and the second one is “sudo /etc/init.d/isc-dhcp-server restart”. We use the second one because we found that the first one may “cheat” us. Sometimes, it shows start successfully, but actually it did not. Hence, the most reliable ways to restart/start the DHCP server is to start/restart it under the init.d file.
Third, you should be really careful when you enter the dhcpd.conf file. The format of the command in the file is very strict. You should follow the format or the file will not work. This fault is very obvious because you can actually see where you got wrong in that file by using the second command we mentioned above.
Citations
edit1. "Domain Name Service (DNS)." Ubuntu Documentation. N.p., n.d. Web. 23 Nov. 2014.
2. "Dynamic Host Configuration Protocol (DHCP)." Ubuntu Documentation. N.p., n.d. Web. 23 Nov. 2014.
3. "Firewall." Ubuntu. N.p., n.d. Web. 23 Nov. 2014.
4. "HTTPD - Apache2 Web Server." Ubuntu Documentation. N.p., n.d. Web. 23 Nov. 2014.
5."MySQL." Ubuntu Documentation. N.p., n.d. Web. 23 Nov. 2014.
6. "Network Information System (NIS)." Freebsd.org. N.p., n.d. Web. 23 Nov. 2014.
7. "OpenVPN." Ubuntu Documentation. N.p., 9 Oct. 014. Web. 23 Nov. 2014.
8. Swingle, Bill. "Network File System (NFS)." Freebsd.org. N.p., n.d. Web. 23 Nov. 2014.