Data Networking/Fall 2015/ADSU

Team Members

edit

Anuj Tyagi

Deepanshu Lulla

Swarnashruti Jupudi

Umakant Kulkarni

Project Objective

edit

The goal of the Linux project is to build a DNS implementation for a start-up company. We had to design a DNS server for a startup company, a DHCP server, a domain that hosts a webserver, and a firewall to make the network more secured and efficient. We are using the following IP addresses:

Components IPV4 ADDRESS

DNS SERVER-192.168.43.72

DHCP SERVER-192.168.43.254

WEB SERVER-192.168.43.238

MAIL SERVER-192.168.43.238

BACKUP SERVER-192.168.43.159

NFS SERVER-192.168.43.72

CLIENT-It will get the IP from the DHCP Pool

Domain Name System (DNS)

edit

Behavior of protocol

edit

DNS translates hostnames/Domain names to IP addresses. It is an application level protocol that stores the DNS records for domain name, address records, name server records, and mail exchanger records. This protocol consists of distributed database which is implemented in a hierarchy of DNS servers. Hosts can request the distributed database using DNS protocol. The DNS protocol can use either TCP or UDP using port number 53. The DNS protocol consists of a UDP single request from the client and is served by a single reply from the server.

Signalling

edit

1. The client will first contact the local DNS server with the DNS query containing the hostname.

2. The local DNS server forwards the query to the root DNS server. The root DNS server sends a reply to the local DNS with a list of the possible TLD servers.

3. The local DNS server sends its query message to one of the TLD servers.

4. The TLD server responds back with the IP address of the authoritative name server to the local DNS server.

5. The local DNS server then sends its query to the authoritative DNS server which responds back with the IP address for the queried hostname.

Configuration

edit

Step 1: Install bind

$sudo apt-get install bind9

Step2: Then edit the file named.conf.options in the /etc/bind/ directory

$sudo gedit /etc/bind/named.conf.options

Step3: Our system must work atleast as a forwarder.

$dig @127.0.0.1 www.facebook.com

Step4: Next open the file named.conf.local in the /etc/bind/ directory

$sudo gedit /etc/bind/named.conf.local

Step 5: Create a file in /etc/bind/ , copy the local file to it and open it in editor

$sudo gedit db.adsu.com 

Step 6: Then open db.adsu.rev in editor.

$touch db.adsu.com
$sudo cp db.adsu.com db.adsu.rev
$sudo gedit db.adsu.rev

Step 7: Then open db6.adsu.rev in editor

$touch db6.adsu.com
$sudo cp db.adsu.rev db6.adsu.rev
$sudo gedit db6.adsu.rev


Step 8: The command below restarts the bind server.

$sudo service bind9 restart
The command below flushes the dns cache.
$sudo rdct flush
The below command reboots the server
$sudo reboot

Slave DNS

Repeat all the steps exactly as above in master DNS except in step 4,Instead of allow transfer{‘slaveIp’} use masters{‘masters IP’}

Testing

edit

We basically use nslookup command to test DNS. Try nslookup <hostname> from all PCs in the network and it should show the translated IP. Also test reverse lookup. Apart from nslookup we can also use dig, host commands to test DNS.

Dynamic Host Configuration Protocol (DHCP)

edit

Behavior of protocol

edit

IP addresses are automatically assigned by the DHCP server to the clients. This helps reduce the load on the network administrator or a user to configure these settings manually on thousands of computers. It is an application layer protocol that operates on a client-server model. It manages a pool of Ip addresses, default gateway, domain name, name server and time servers. When a host leaves, its IP address is resolved to the pool. ISC-DHCP is a software which performs all of DHCP functions such as client, server and relay agent. The protocol was designed as an extension to the Boot Strap Protocol (BOOTP). Bootp did not have a mechanism to allow the re-usage of ip address and involves extensive manual configuration to assign information to each client individually. It facilitates automatic configuration of computers even if a user changes networks. The advantage of DHCP is that if there is any change in the address of DNS server it has to be updated only in the DHCP server. When the client queries, all the hosts will be automatically reconfigured. Another advantage is that new computers can be directly added to the network and the IP address will be automatically allocated.

Signalling

edit
  1. When a client enters the network, it broadcasts a DHCPdiscover message to all the DHCP servers.
  2. The DHCP server on receiving the discover message, unicasts an offer message to the client.
  3. The client accepts the offer and responds with a request message for the IP address.
  4. The server responds back with an acknowledgement message.

Configuration

edit

Step 1: Install the package

$sudo apt-get install isc-dhcp-server 

For IPV4:

Step 2: Edit /etc/network/interfaces file and set up static IP address to the interface

  1. gedit /etc/network/interfaces
              #Edit Static IP settings
              auto eth0
              iface eth0 inet static 
              address 192.168.43.254
              netmask 255.255.255.0
              network 192.168.43.0
              broadcast 192.168.43.255

Step 3: Restart network Interface

 $sudo /etc/init.d/networking restart 

step 4: Configure DHCP server and provide the range of ip address for clients and bind the ip corresponding to mac-address of servers to assign same ip to all servers everytime.

i. sudo nano /etc/dhcp/dhcpd.conf
ii. Save and restart the dhcp configuration file.
 $sudo service isc-dhcp-server restart
 To check the DHCP lease address: 
#gedit /var/lib/dhcp/dhcpd.leases

For IPV6

i.	Configure static ipv6 address on interface
 iface eth0 inet 6 static
ii.	Create a new dhcpd6.conf file : /etc/dhcp/dhcpd6.conf 

Create new file /etc/init.d/isc-dhcp6-server and copy the contents of /etc/init.d/isc-dhcp-server to it. Add -6 everywhere the dhcpd process is called.

Testing

edit

DHCP is tested successfully by checking if the DHCP server assigns IP address to the connected client in the communication network from a given range of IP addresses as mentioned in the conf file.

Web Server and firewall

edit

Behaviour protocol

edit

Web server serves the requests via HTTP, it can be used to host websites,gaming data storage, to handle emails, FTP files etc. It delivers the webpages to clients. The webpages are generally HTML documents that includes images, scripts and text. It can be implemented in kernel this makes it work faster and it can also directly access the hardware resources.

Signalling

edit

The client initiates a TCP connection with the web server IP provider. The connection involves a 3 way handshake mechanism. First, the clients sends a SYN message requesting TCP connection to the browser at port 80. The server responds with a SYN-ACK message acknowledging the request and requests the client to open a port for the server to send information. The client responds with the ACK message and also sends a request for the HTML page.

Configuration

edit

Step 1: Install Apache2 on your server using apt-get

sudo apt-get update
sudo apt-get install apache2

Step 2: Since the webpage that we are going to host has to be accessed by other clients on network, it will be stored in /var www directory in a specified domain (here adsu.com) under public_html folder.

sudo mkdir -p /var/www/adsu.com/public_html

Step 3: Grant the permission for other clients to access those files as these are not specified in rood directories.

sudo chown -R $USER:$USER /var/www/adsu.com/public_html
sudo chmod -R 755 /var/www

Step 4: Create an html page inside the directory. Sudo gedit /var/www/adsu.com/public_html/index.html

Step 5: Now the default virtual host file in apache 2 is 000-default.conf We will copy it over to create a virtual host file for our domain.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/adsu.com.conf

Step 6: Open the new file in your editor with root privileges:

sudo gedit /etc/apache2/sites-available/adsu.conf

Step 7: Enable new host files

sudo a2ensite adsu.com.conf

Step 6: Restart the apache server sudo service apache2 restart

Firewall:

A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on set of rules.

Configuration

edit

Step 1: Install UFW, or Uncomplicated Firewall (is a front-end to iptables)

sudo apt-get install ufw

Step 2:Enable it

sudo ufw enable

Step 3:Allow ftp on port 20

sudo ufw allow 20

Step 4:Allow other users to access the webpage on port 80

sudo ufw allow 80

Step 5:Deny the access for POP3 a

sudo ufw deny 110

Step 6:Allow particular user to ssh on server

sudo ufw allow proto tcp from 192.168.43.20 to any port 22


IPTABLES are firewall utility in linux. It comes pre-installed in ubuntu. Firewall can filter the packet on the basis of source ip, destination ip or port.

#iptables  -A INPUT –p icmp –j REJECT
#iptables –A INPUT –p telnet –j REJECT
#iptables -A INPUT -p icmp -j REJECT
#iptables -A INPUT -p telnet -j REJECT
With and Without IPTABLES.

Backup

edit

Behavior of Protocol

edit

Backup is created at every minute and sent to the backup server using ftp.

Configurations for web server

edit
Step 1: Install vsftpd
$ apt-get update
$ apt-get install vsftpd

Step 2: Edit the following file:

$sudo gedit /etc/vsftpd.conf

Step 3: restart the ftp service:

$sudo service vsftpd restart

Step 4: test the service by:

ftp localhost

Step 5: To run this shell script using crontab after every minute modify the crontab as:

Sudo crontab –e

Configurations for backup server

edit

Step 1: Create a user

$sudo adduser vm1

Step 2: Edit the following file:

$sudo gedit /etc/vsftpd.conf

Step 3: make directory for this user to store the backup path

$sudo mkdir -p /home/vm1/uploads

Step 4: change priority and accessibility

$chmod 775 /home/vm1/uploads

Algorithm

edit

1. Client attempts to join the network : dknr

If the client is valid
Successfully connect to dknr
Else
Restart connection or contact network administrator for troubleshooting

2. Client needs to acquire IP address from the DHCP server

Check if wlan interface is set to static or to automatic (DHCP)
If static
Change to automatic (DHCP)
Else (DHCP discover)
Contact DHCP server to get the IP address, gateway IP address, DHCP server details, DNS server details.
If DHCP allocation is successful
Server replies with an IP address to be allocated
Else
DHCP server replies with a request failed response
Then

AD-ONS

edit

Network File System (NFS)

edit

It is a file distribution system protocol. NFS allows a client to share its content with other users on the network. In order to access the file, all clients have to mount the shared directory to make it their own directory. Configuration

Server

Step1: Install NFS server

$sudo apt-get install nfs-kernel-server

Step2: Create a directory to share and change its permissions

$sudo mkdir –p /export/sharedDrive
$sudo chmod 777 /export/sharedDrive
$ sudo chmod 777 /export


Step 3: Open the file exports in etc folder of root directory


Type the directory to shared followed by the network to share and finally the permissions(rw standing for read write).


Client

Step 1: Install NFS client

$sudo apt-get install nfs-common

Step2: Create a folder called sharedDrive on client and sharing permissions

#mkdir /sharedDrive
#chmod 777 /sharedDrive/

Check if there are any files already in that folder.

#ls –lar /sharedDrive/

Step 3: Mount your drive

#mount -t nfs 10.0.0.32:/export/sharedDrive  /sharedDrive

Now if we create files on any one the client or server it gets updated on the other side.

NTP Server: NTP is used to synchronize the date and time of clients with the server.

Step 1: Install NTP server

$ Sudo apt-get install ntp

step 2: Edit the ntp.conf file and enter ntp server ip Step 3: Place the word iburst onto one pool to indicate you want to retrieve from this as soon as possible.


On client side, we need to put ntp server ip.

Step 1: Restart the daemon on NTP server

$Sudo /etc/init.d/ntp restart

Testing


On windows client, change the NTP server ip in date and time settings.

VPN Server

edit

PPTP

PPTPD is the Poptop PPTP daemon, which manages tunneled PPP connections encapsulated in GRE using the PPTP VPN protocol. Contain features such as IP addressing management and TCP wrappers.

Step 1: install package:

apt-get install pptpd

Step 2: Now, edit sudo /etc/pptpd.conf

add server ip and client pool. 
localip 192.168.43.254
remoteip 192.168.43.150-155

Step 3: add users /etc/ppp/chap-secrets

linux pptpd test123 *

Step 4: Edit the file sysctl.conf , by using the command:

sudo gedit /etc/sysctl.conf
Uncomment the following line:
net.ipv4.ip_forward=1
Step 5: Service pptpd restart 
#etc/init.d/pptpd restart

Test

Connect from using vpn client. Input user, password and VPN server ip.On server after connection, it will create a new ppp0 interface which will be visible in #ifconfig

Mail server

edit

Step 1: install the postfix package

sudo apt-get install postfix

Step 2: Configure step by step:

sudo dpkg-reconfigure postfix

Step 3: Configure mailbox format for Maildir

sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='

Step 4: Edit /etc/postfix/sasl/smtpd.conf as follow:

pwcheck_method: saslauthd
mech_list: plain login

step 5: Configure postfix and TLS for both incoming and outgoing mails

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = server1.example.com' 


Step 6: Restart the postfix service:

sudo /etc/init.d/postfix restart

Testing 1) telnet localhost 25 2) ehlo localhost 3) Verify the status codes

Network Information Service (NIS)

edit

This is a client-server protocol which is used to exchange system configuration data between users on a computer network. NIS contains a central directory of user & group information along with other useful data.

Configuration:

Step 1: Install nis portmap sudo apt-get install nis portmap

Step 2: Edit domain as well as server name and refresh the database. sudo nano /etc/default/nis set nisserver=master sudo nano /etc/yp.conf domain Group1Server server ritesh sudo nano /etc/ypserv.securenets “255.255.255.0 192.168.3.*” Sudo /user/lib/yp/ypinit -m

Step 5: For NIS client, type following command sudo apt-get install portmap nis

Step 4: Edit domain & server name sudo nano /etc/passwd

step 5: Make following changes After making above changes update the database in the server. Add a line +: : : sudo nano /etc/shadow Add a line +: : : : : : : sudo nano /etc/yp.conf set the ypserver’s IP address

Testing:

Use commands ‘yptest ypswitch’ and ‘ypcat –x’ to test NIS.

References

edit
  1. https://help.ubuntu.com/12.04/serverguide/firewall.html
  2. https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on- an-ubuntu-and-debian-cloud-server
  3. https://help.ubuntu.com/community/isc-dhcp-server
  4. https://help.ubuntu.com/lts/serverguide/dns-configuration.html
  5. Computer Networking A TopDown Approach by KUROSE and ROSS