Data Networking/Fall 2015/FWZZ
Group Members edit
Changhao Fu
Yuxi Zhang
Xindi Wang
Yunlu Zhou
Motivations edit
The project requirement is to develop our own local area network and work on it. In the network, we are asked to build a DHCP Server, a Master DNS Server, a Slave DNS Server, a Web Server and a Back Up Web Server.
Understanding the protocol edit
DHCP edit
Dynamic Host Configuration Protocol is a network service that enables a server automatically assign dynamic IP addresses to the hosts in the same network. A DHCP server can also provide DNS server’s IP address, subnet mask and default gateway to the hosts. DHCP protocol is widely used because it reduces the need for a network admin to assign IP addresses manually.
DNS edit
Domain Name Server provides the maps of IP address and domain name, it is used to translate the domain names to IP addresses of the URL. In the project, we use a slave DNS server to provide domain name translation when the master DNS server is crashed.
Web Server edit
When clients type URL and request web pages on Web Browser applications, the web server is used to response web pages and image files requested. HTTP (the Hypertext Transfer Protocol) is the foundation of data communication for the World Wide Web.
Firewall edit
A firewall is a network security system which controls incoming and outgoing network communication.
Backup edit
A backup web server can automatically back up the data from the web server. When the web server is crashed, the backup server is used to provide the web service. In the project, we use SSH, rsync and cron to realize the backup function.
VPN edit
A Virtual Private Network extends a private network across another network. It provides a safe connection over an unsafe Internet.
NIS edit
The Network Information Service is a directory service protocol used to distribute system configuration information between computers in the same network. NIS is for remote login.
NFS edit
The Network File System is a distributed file system protocol, which allows computers in the same network to share local storage.
Mail Server edit
A Mail Server is used to deliver e-mails over networks, it can deliver e-mails to client hosts and receive e-mails from other hosts.
NTP edit
Network Time Protocol is used for clock synchronization between computer systems. In the project, we use NTP service in the web server.
The Requirements edit
1.DHCP Server:
The DHCP server can allocate dynamic IP addresses to clients from an address pool.
The DHCP server can assign static IP addresses to particular devices, such as DNS Server, Web Server and Slaved DNS Server.
Use IPv4 and IPv6 addresses in the implementation of DHCP.
2.DNS Server:
Use Bind9, Posadis or PowerDNS to configure DNS Server.
Create 5 DNS records and use IPv4 and IPv6 addresses in the records.
Create reverse domains in in-addr.arpa and ipv6.arpa.
Configure a slave DNS server which can automatically update with master DNS server.
3.Web Server & Firewall:
The web page is accessible to the clients in the same network.
The server is safe when using firewall.
4.Back Up:
The web server can send the backup file to a different server, and the back up server can automatically back up the data.
Steps to perform the setup / installation edit
DHCP Server edit
DHCP in IPv4 edit
Step 1. Install isc-dhcp-server:
sudo apt-get install isc-dhcp-server
Step 2. Edit "/etc/dhcp/dhcpd.conf":
Allocate the static ip address for DNS Server, DNS-Slave, Web Server and auto ip address for clients.
Step 3. Edit "/etc/default/isc-dhcp-server":
INTERFACES="eth0"
Step 4. Edit "/etc/network interfaces":
Allocate a static IP for DHCP Server.
Step 5. Restart the interfaces:
sudo /etc/init.d/networking restart
Step 6. Restart DHCP server:
sudo service isc-dhcp-server restart
DHCP in IPv6 edit
Step 1. Install radvd:
sudo apt-get install radvd
Step 2. Edit "/etc/radvd.conf":
interface eth0 {
AdvSend Advert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix fecb:aaaa:bbbb:cccc::/64 {
AdvOnLink on;
AdvAutonomous on;
};
};
Step 3. Open the forwarding function of ipv6:
sysctl –w net.ipv6.conf.all.forwarding=1
Step 4. Edit "/etc/network interfaces":
Allocate a static IPv6 for DHCP Server.
Step 5. Start radvd:
sudo service radvd start
DNS Server edit
Master DNS Server edit
Step 1 : Install bind9 on master DNS server:
sudo apt-get install bind9
Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".
Step 3 : Config "db.fch.com", "db.172" and "db.ipv6" file.
Slave DNS Server edit
Step 1 : Install bind9 on slave DNS server:
sudo apt-get install bind9
Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".
Web Server edit
Step 1 : Install Apache2:
sudo apt-get install apache2
Step 2 : Config “/etc/apache2/sites-available/000-default.conf” file:
ServerAdmin webmaster@172.16.30.130
DocumentRoot /var/www/index.html
Step 3 : Config “/var/www/index.html” file.
Step 4 : Restart apache2:
/etc/init.d/apache2 restart
Firewall edit
Step 1 : Allow entries:
sudo ufw allow ssh
sudo ufw allow proto tcp from 172.16.30.0/24 to any port 80 sudo ufw allow from 172.16.30.120 to any port 53 sudo ufw allow from 172.16.30.6 to any port 68
Step 2 : Enable the ufw service:
sudo ufw enable
Backup edit
SSH edit
Step 1. Create public key:
ssh-keygen
Step 2. 1. Exchange the public key to the backup PC:
ssh-copy-id root@172.16.30.121
Rsync edit
Transmit web server’s file to backup computer:
rsync –avz –delete –e ssh /var/www root@172.16.30.121:/home/backup
Cron edit
Step 1. Install cron in web server:
sudo apt-get install gnome-schedule
Step 2. Configure crontab, set to synchronize files to backup computer every minute.
VPN edit
Step 1. Install pptpd
sudo apt-get install pptpd
Step 2. Configure /etc/pptpd.conf, set up local ip and remote ip.
Step 3. Configure /etc/ppp/pptpd-options, set up DNS server.
Step 4. Configure /etc/ppp/chap-secrets, set up username, servername, password.
Step 5. Edit /etc/sysctl.conf, setup IP forwarding.
NIS edit
NIS Server edit
Step1. Install nis:
sudo apt-get install portmap nis
Step2. Open the file "/etc/default/nis" and add:
255.255.255.0 172.16.30.7
Step3. Open the file "/etc/hosts" and add:
172.16.30.120 wangxindi
Step4. Start the Server:
service ypserv start
NIS Client edit
Step1. Install nis:
sudo apt-get install portmap nis
Step2. Open the file "/etc/yp.conf" and add:
domain changhao server wangxindi.changhao
Step3. Open the file "/etc/nsswitch.conf" and add "nis" at the end of these lines:
Passwd: compat nis
group: compat nis
shadow: compat nis
hosts: files dns nis
Step4. Star the Client:
sysv-rc-conf ypbind on
reboot
NFS edit
NFS Server edit
Step1. Install nfs-kernel-server on the NFS server:
sudo apt-get install nfs-kernel-server
Step2. Configure the file /etc/exports, set the shared_server to the NFS Server.
Step3. Start the NFS server:
sudo service nfs-kernel-server start
NFS Client edit
Step1. Install nfs-common on the NFS Client:
sudo apt-get install nfs-common
Step2. Mount the server’s folder to the client’s folder:
mount 172.16.30.130:/export/shared_server /home/zhouyunlu/export/nfsclient
Mail Server edit
Step 1. Install postfix
sudo apt-get update
sudo apt-get install postfix
Step 2. Configure postfix in "/etc/postfix/main.cf", set hostname
Step 3. Set up file /etc/postfix/virtual. Add specific mail name and username.
NTP edit
Step1. Install ntp:
sudo apt-get install ntp
Step2. Open "/etc/ntp.conf" and add:
Server 4.us.pool.ntp.org
Step3. Restart ntp:
sudo service ntp restart
Testing edit
Test DHCP Server edit
Use "ifconfig" to see whether DHCP Server can allocate static or auto IP addresses for Servers or Clients.
Test DNS Server edit
1. If we have master DNS server and slave DNS server in the network at the same time, nslookup will return the web server's IP and the master DNS server's IP.
2. If the slave DNS server works only, nslookup will return the web server's IP and the slave DNS server's IP.
Test Web Server edit
1.The client can open the webpage when enter 172.16.30.0.
2.The client can open the webpage when enter fch.com.
Test Back Up edit
Modify HTML files in web server. After a minute, the HTML files in backup computer is also modified automatically.
Test Firewall edit
Enter this command to delete an entry:
sudo ufw delete allow proto tcp from 172.16.30.0/24 to any port 80
Then the client could not open the web page.
Test VPN edit
Configure vpn at a client, the IP will be changed to the IP configured in the VPN server.
Test NFS edit
1.At first, the NFS client's folder only has one file.
2.In the NFS server's folder, we add a new file.
3.In the NFS client's folder, we can see it also adds the same file, which means the NFS service is working.
Test Mail Server edit
Send mail from the mail server to gmail, it can receive the mail.
Future Prospects edit
PPTP is fast and stabilize. By default, PPTP does not implement any encryption. Its security function is based on point-to-point protocol which capacity only can encrypt 128-bits data. Therefore, PPTP is vulnerable in security issues.
For preventing any security flaw, we can implement extra authentication our VPN client. For instance, we can use EAP-TLS and PEAP for authentication. We can find a way to set up encryption for PPTP tunnels as well.
Although we can send mail through postfix in the domain name fch.com which we had set up, we have not set up SMTP authentication. Thus, mail server may be unsafe and vulnerable under attack. For future improvement, we can configure postfix to set up SMTP authentication through SASL. For implementing SASL, we need to install libsasl2-2, sasl2-bin and libsasl2-modules. Change the file path for fitting the file path which stores electronic mail. We can also enhance secure level by using port 587 instead of port 25.
In addition, we can set up dovecot server to configure IMAP. It includes a mail delivery agent. After setting up dovecot, client can receive mail through proxy. It is more convenient for client to manage their electronic mails.
For webserver, we can set up SQL for store web files, then backup SQL to backup computer. It will be more easily to manage web server.
Citations edit
DHCP:
https://help.ubuntu.com/12.04/serverguide/dhcp.html
https://help.ubuntu.com/community/isc-dhcp-server
http://blog.chinaunix.net/uid/563939/cid-190836-list-1.html
DNS:
https://help.ubuntu.com/community/isc-dhcp-server
Web server:
http://www8.buyerpricer.com/Video.aspx?videoid=-q8Jj4aAWYw&slk=web+server+for+ubuntu&cid=36377261359&akwd=web+server+for+ubuntu&mt=b&nid=1&iscid=2100003&term=web+server+for+ubuntu&vx=0
NFS:
https://help.ubuntu.com/lts/serverguide/network-file-system.html#nfs-client-configuration
https://help.ubuntu.com/community/SettingUpNFSHowTo
NIS:
http://www.server-world.info/en/note?os=Ubuntu_12.04&p=nis&f=1
NTP:
https://help.ubuntu.com/lts/serverguide/NTP.html
Backup:
http://askubuntu.com/questions/497895/permission-denied-for-rootlocalhost-for-ssh-connection
https://myubuntublog.wordpress.com/2009/08/31/backup-using-rsync-ssh-cron/
VPN:
https://help.ubuntu.com/community/PPTPServer
Mail server:
https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04