Data Networking/Fall 2015/FWZZ

Group Members

edit

Changhao Fu
Yuxi Zhang
Xindi Wang
Yunlu Zhou

Motivations

edit

The project requirement is to develop our own local area network and work on it. In the network, we are asked to build a DHCP Server, a Master DNS Server, a Slave DNS Server, a Web Server and a Back Up Web Server.

Understanding the protocol

edit

DHCP

edit

Dynamic Host Configuration Protocol is a network service that enables a server automatically assign dynamic IP addresses to the hosts in the same network. A DHCP server can also provide DNS server’s IP address, subnet mask and default gateway to the hosts. DHCP protocol is widely used because it reduces the need for a network admin to assign IP addresses manually.

Domain Name Server provides the maps of IP address and domain name, it is used to translate the domain names to IP addresses of the URL. In the project, we use a slave DNS server to provide domain name translation when the master DNS server is crashed.

Web Server

edit

When clients type URL and request web pages on Web Browser applications, the web server is used to response web pages and image files requested. HTTP (the Hypertext Transfer Protocol) is the foundation of data communication for the World Wide Web.

Firewall

edit

A firewall is a network security system which controls incoming and outgoing network communication.

Backup

edit

A backup web server can automatically back up the data from the web server. When the web server is crashed, the backup server is used to provide the web service. In the project, we use SSH, rsync and cron to realize the backup function.

A Virtual Private Network extends a private network across another network. It provides a safe connection over an unsafe Internet.

The Network Information Service is a directory service protocol used to distribute system configuration information between computers in the same network. NIS is for remote login.

The Network File System is a distributed file system protocol, which allows computers in the same network to share local storage.

Mail Server

edit

A Mail Server is used to deliver e-mails over networks, it can deliver e-mails to client hosts and receive e-mails from other hosts.

Network Time Protocol is used for clock synchronization between computer systems. In the project, we use NTP service in the web server.

The Requirements

edit

1.DHCP Server:
The DHCP server can allocate dynamic IP addresses to clients from an address pool.
The DHCP server can assign static IP addresses to particular devices, such as DNS Server, Web Server and Slaved DNS Server.
Use IPv4 and IPv6 addresses in the implementation of DHCP.

2.DNS Server:
Use Bind9, Posadis or PowerDNS to configure DNS Server.
Create 5 DNS records and use IPv4 and IPv6 addresses in the records.
Create reverse domains in in-addr.arpa and ipv6.arpa.
Configure a slave DNS server which can automatically update with master DNS server.

3.Web Server & Firewall:
The web page is accessible to the clients in the same network.
The server is safe when using firewall.

4.Back Up:
The web server can send the backup file to a different server, and the back up server can automatically back up the data.

Steps to perform the setup / installation

edit

DHCP Server

edit

DHCP in IPv4

edit

Step 1. Install isc-dhcp-server:

             sudo apt-get install isc-dhcp-server

Step 2. Edit "/etc/dhcp/dhcpd.conf":
Allocate the static ip address for DNS Server, DNS-Slave, Web Server and auto ip address for clients.
Step 3. Edit "/etc/default/isc-dhcp-server":

             INTERFACES="eth0"

Step 4. Edit "/etc/network interfaces":
Allocate a static IP for DHCP Server.
Step 5. Restart the interfaces:

             sudo /etc/init.d/networking restart

Step 6. Restart DHCP server:

             sudo service isc-dhcp-server restart

DHCP in IPv6

edit

Step 1. Install radvd:

             sudo apt-get install radvd

Step 2. Edit "/etc/radvd.conf":

             interface eth0 {
                           AdvSend Advert on;
                           AdvManagedFlag on;
                           AdvOtherConfigFlag on;
                           prefix fecb:aaaa:bbbb:cccc::/64 {
                           AdvOnLink on;
                           AdvAutonomous on;
                           };
               };

Step 3. Open the forwarding function of ipv6:

             sysctl –w net.ipv6.conf.all.forwarding=1

Step 4. Edit "/etc/network interfaces":
Allocate a static IPv6 for DHCP Server.
Step 5. Start radvd:

             sudo service radvd start

DNS Server

edit

Master DNS Server

edit

Step 1 : Install bind9 on master DNS server:

             sudo apt-get install bind9

Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".
Step 3 : Config "db.fch.com", "db.172" and "db.ipv6" file.

Slave DNS Server

edit

Step 1 : Install bind9 on slave DNS server:

             sudo apt-get install bind9

Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".

Web Server

edit

Step 1 : Install Apache2:

             sudo apt-get install apache2

Step 2 : Config “/etc/apache2/sites-available/000-default.conf” file:

             ServerAdmin webmaster@172.16.30.130
DocumentRoot /var/www/index.html

Step 3 : Config “/var/www/index.html” file.
Step 4 : Restart apache2:

             /etc/init.d/apache2 restart

Firewall

edit

Step 1 : Allow entries:

             sudo ufw allow ssh
sudo ufw allow proto tcp from 172.16.30.0/24 to any port 80 sudo ufw allow from 172.16.30.120 to any port 53 sudo ufw allow from 172.16.30.6 to any port 68

Step 2 : Enable the ufw service:

             sudo ufw enable

Backup

edit

Step 1. Create public key:

           ssh-keygen

Step 2. 1. Exchange the public key to the backup PC:

           ssh-copy-id root@172.16.30.121

Rsync

edit

Transmit web server’s file to backup computer:

           rsync –avz –delete –e ssh /var/www root@172.16.30.121:/home/backup

Cron

edit

Step 1. Install cron in web server:

           sudo apt-get install gnome-schedule

Step 2. Configure crontab, set to synchronize files to backup computer every minute.

Step 1. Install pptpd

           sudo apt-get install pptpd

Step 2. Configure /etc/pptpd.conf, set up local ip and remote ip.
Step 3. Configure /etc/ppp/pptpd-options, set up DNS server.
Step 4. Configure /etc/ppp/chap-secrets, set up username, servername, password.
Step 5. Edit /etc/sysctl.conf, setup IP forwarding.

NIS Server

edit

Step1. Install nis:

          sudo apt-get install portmap nis

Step2. Open the file "/etc/default/nis" and add:

          255.255.255.0    172.16.30.7 

Step3. Open the file "/etc/hosts" and add:

          172.16.30.120     wangxindi

Step4. Start the Server:

          service ypserv start

NIS Client

edit

Step1. Install nis:

          sudo apt-get install portmap nis

Step2. Open the file "/etc/yp.conf" and add:

          domain changhao server wangxindi.changhao

Step3. Open the file "/etc/nsswitch.conf" and add "nis" at the end of these lines:

          Passwd:  compat nis
          group:  compat nis
          shadow:  compat nis
          hosts:  files dns nis

Step4. Star the Client:

          sysv-rc-conf ypbind on
          reboot

NFS Server

edit

Step1. Install nfs-kernel-server on the NFS server:

          sudo apt-get install nfs-kernel-server

Step2. Configure the file /etc/exports, set the shared_server to the NFS Server.
Step3. Start the NFS server:

          sudo service nfs-kernel-server start

NFS Client

edit

Step1. Install nfs-common on the NFS Client:

          sudo apt-get install nfs-common

Step2. Mount the server’s folder to the client’s folder:

          mount 172.16.30.130:/export/shared_server /home/zhouyunlu/export/nfsclient

Mail Server

edit

Step 1. Install postfix

           sudo apt-get update
           sudo apt-get install postfix

Step 2. Configure postfix in "/etc/postfix/main.cf", set hostname
Step 3. Set up file /etc/postfix/virtual. Add specific mail name and username.

Step1. Install ntp:

          sudo apt-get install ntp

Step2. Open "/etc/ntp.conf" and add:

          Server 4.us.pool.ntp.org

Step3. Restart ntp:

          sudo service ntp restart

Testing

edit

Test DHCP Server

edit

Use "ifconfig" to see whether DHCP Server can allocate static or auto IP addresses for Servers or Clients.

Test DNS Server

edit

1. If we have master DNS server and slave DNS server in the network at the same time, nslookup will return the web server's IP and the master DNS server's IP.
2. If the slave DNS server works only, nslookup will return the web server's IP and the slave DNS server's IP.

Test Web Server

edit

1.The client can open the webpage when enter 172.16.30.0.
2.The client can open the webpage when enter fch.com.

Test Back Up

edit

Modify HTML files in web server. After a minute, the HTML files in backup computer is also modified automatically.

Test Firewall

edit

Enter this command to delete an entry:

             sudo ufw delete allow proto tcp from 172.16.30.0/24 to any port 80

Then the client could not open the web page.

Test VPN

edit

Configure vpn at a client, the IP will be changed to the IP configured in the VPN server.

Test NFS

edit

1.At first, the NFS client's folder only has one file.
2.In the NFS server's folder, we add a new file.
3.In the NFS client's folder, we can see it also adds the same file, which means the NFS service is working.

Test Mail Server

edit

Send mail from the mail server to gmail, it can receive the mail.

Future Prospects

edit

PPTP is fast and stabilize. By default, PPTP does not implement any encryption. Its security function is based on point-to-point protocol which capacity only can encrypt 128-bits data. Therefore, PPTP is vulnerable in security issues.
For preventing any security flaw, we can implement extra authentication our VPN client. For instance, we can use EAP-TLS and PEAP for authentication. We can find a way to set up encryption for PPTP tunnels as well.
Although we can send mail through postfix in the domain name fch.com which we had set up, we have not set up SMTP authentication. Thus, mail server may be unsafe and vulnerable under attack. For future improvement, we can configure postfix to set up SMTP authentication through SASL. For implementing SASL, we need to install libsasl2-2, sasl2-bin and libsasl2-modules. Change the file path for fitting the file path which stores electronic mail. We can also enhance secure level by using port 587 instead of port 25.
In addition, we can set up dovecot server to configure IMAP. It includes a mail delivery agent. After setting up dovecot, client can receive mail through proxy. It is more convenient for client to manage their electronic mails.
For webserver, we can set up SQL for store web files, then backup SQL to backup computer. It will be more easily to manage web server.

Citations

edit

DHCP:
https://help.ubuntu.com/12.04/serverguide/dhcp.html
https://help.ubuntu.com/community/isc-dhcp-server
http://blog.chinaunix.net/uid/563939/cid-190836-list-1.html
DNS:
https://help.ubuntu.com/community/isc-dhcp-server
Web server:
http://www8.buyerpricer.com/Video.aspx?videoid=-q8Jj4aAWYw&slk=web+server+for+ubuntu&cid=36377261359&akwd=web+server+for+ubuntu&mt=b&nid=1&iscid=2100003&term=web+server+for+ubuntu&vx=0
NFS:
https://help.ubuntu.com/lts/serverguide/network-file-system.html#nfs-client-configuration
https://help.ubuntu.com/community/SettingUpNFSHowTo
NIS:
http://www.server-world.info/en/note?os=Ubuntu_12.04&p=nis&f=1
NTP:
https://help.ubuntu.com/lts/serverguide/NTP.html
Backup:
http://askubuntu.com/questions/497895/permission-denied-for-rootlocalhost-for-ssh-connection
https://myubuntublog.wordpress.com/2009/08/31/backup-using-rsync-ssh-cron/
VPN:
https://help.ubuntu.com/community/PPTPServer
Mail server:
https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04