Data Networking/Fall 2015/GROUP 5
Group Members
edit1. Saksham Patni
2. Asfak chini
3. Likitha Jonnagurakala
4. Keerthi Sameera Immanni
Aim Of The Project
editThe purpose of this project is to design and implement a robust & secure network solution for a start-up company on a small scale. The project demonstrates interoperability of network components using LINUX operating system. The platform being used to build the project is Ubuntu 14.04 and the components involved in the project are as follows:
• DNS Server: Domain Name Server
• DHCP Server: Dynamic Host Configuration Protocol
• Web Server, fire wall & Backup
• Client
Hierarchical Operation
edit• DHCP Server is built to dynamically assign IP addresses to the hosts in the subnet. The server has been provided with a static address.
• The hosts in the subnet are able to access the HTML web page when requested through a browser.
• WEB Server is configured to maintain the record of the files and provide the requested file in the form of a web page to the user. The Server is secured using firewall from external attacks.
• DNS Server resolves the URL provided by the user and maps it to the IP address of the Web Server which provides the particular web page to the host.
• Backup repository has been created to store the files on a local host as well as over the network
Protocol Behavior
editDNS (Domain Name Server)
edit• DNS Server is an integral part of the network which can be referred to as a dictionary of the internet
• DNS Server resolves a specific domain name and maps it to the IP address. For instance the domain name https: // www.amazon.com is mapped to its IP address say 10.57.98.5/8 when requested by a host.
• DNS can also perform reverse lookup as in the case when the user requests the particular file through the IP address instead of the domain name.
• DNS has a hierarchical infrastructure in order to save bandwidth and provide security with the following levels:
• Local DNS server near the host
• Root DNS server
• Top level domain DNS server
• Authoritative DNS server
• The port number of DNS is 53 for both TCP and UDP connections.
5 DNS records have been used in this project.
1. A Record – Returns 32 bit IPv4 address
Example: @ A NA 10.0.0.8
2. AAAA Record - Returns 128 bit IPv6 address
Example: @ AAAA NA :: 1
3. NS Record – Name server records determine the server that will communicate the DNS information.
Example: @ NS 2 Linux.project
4. CNAME Record – A Canonical name record links an alias name to another domain name
Example: www CNAME NA Linux.project
5. PTR Record – Used usually for reverse look up query. Points to a canonical name
Example: 5 PTR NA Linux.project
"
The website being resolved in the project is www.linux.project and the IP address of the web server is 10.0.0.81. The master and slave DNS has been configured with a static IP address of 10.0.0.4 and 10.0.0.11 respectively."
DHCP (Dynamic host configuration protocol)
editDHCP: DHCP is used for dynamically assigning IP address to the interfaces and devices. Thus with the help of DHCP, system connecting to the network can get IP address without administrator configuring it manually.
When host connects the network, as it needs IP address for connectivity thus system sends DHCP discovery message to locate the DHCP server on the network.
DHCP replies to the host with IP address available with it, system might get couple of IP offers from different DHCP thus system replies back to DHCP with IP request.
After getting the response from client, DHCP send the acknowledgement with along with the information thus completing the process.
As can be seen from the above configuration the
Network = 10.0.0.0/ 24
Range of addresses for host = 10.0.0.100/24 – 10.0.0.150/24
Broadcast address= 10.0.0.255
Reserved address for DNS= 10.0.0.4
Reserved address for DHCP = 10.0.0.1
Default gate way=10.0.0.2
Default lease time=600s
We can assign the static IP address to client too, we need to define MAC address of the host and specify the IP address outside the pool thus whenever system connects to the network it gets the IP address.
WEB SERVER
editA Web server is a software or an entire computer system to accept and supervise HTTP requests. Web servers such as Apache, Microsoft's Internet Information Server (IIS) are amongst the prominent Web servers. Originally designed for Unix/Linux platform, the Apache Web server has been ported to Windows and other network operating systems. Web server uses port 80 for HTTP requests and port 443 for HTTPS requests
Web servers are able to map the path component of a (URL) into:
• A local file system resource (for static requests)
• An internal or external program name (for dynamic requests)
For instance, following URL requested by a client:
http://www.linux.project/path/file.html
WEB SERVER BACKUP
The process of saving the data in a different location, so that it can be used in the case of data loss is known as backup. When situations of extra load on the web server or when the web server loses the data we can use this back up which will help in load balancing or recovering the data respectively. In our project we have timed the back up for every hour for the web server where the data will be copied to back up location after the time elapses i.e. after every hour.
FIREWALL
editFirewall is a network security system where the incoming and outgoing network traffic is controlled and monitored based on predetermined security rules. Basically a barrier is established between a secure internal network and another outside network such as an internet which is assumed not to be secure. They can be classified as network firewalls or host based firewalls where they filter both the incoming and outgoing packets based on source and destination IP address and port numbers. Implementation of the same is done using iptables.
NFS
editNetwork File System (NFS) is a distributed system protocol which allows server to share directory and files with clients over a network. In a network NFS allows server to share desired directory with the clients. NFS allows to write to the same place from multiple servers.
Advantages of NFS
• We can keep data on server and share across the network instead of duplicating data on every client.
• Since security has to be applied on one NFS server only administration of NFS export is simplified.
VIRTUAL PRIVATE NETWORK (VPN)
editA private network can be extended across a public network such as the internet using a virtual private network (VPN).A user can access the private network from outside with the same priorities as given to the root user in a private network. When the remote client enters the SSID and the password of the access network the VPN is established. Hence we can tell that with a secure connection the VPN is accessed.
Steps to Configure
editDNS
editSTEP 1: Install Bind Software (Berkley Internet Domain)
"sudo apt-get install bind9"
STEP 2: Edit hosts
"sudo nano /etc/hosts"
STEP 3: Edit the local file to create forward and reverse zones
"sudo nano /etc/bind/named.conf.local"
STEP 4: Edit options file to give forwarders.
"sudo nano /etc/bind/name.conf.options"
STEP 5: Copy db.local to db.linux.project to form forward file
"sudo cp /etc/bind/db.local /etc/bind/db.linux.project"
STEP 6: Provide the network address
"sudo nano /etc/network/interfaces"
STEP 7: Copy db.127 and db.10 files to form reverse file
"sudo cp /etc/bind/db.127 /etc/bind/db.10"
STEP 8: Edit the records in created files
"sudo nano /etc/bind/db.linux.project"
"sudo nano /etc/bind/db.10"
"sudo nano /etc/resolv.conf"
STEP 9: Edit resolv.config to provide the nameserver and domain
"sudo nano /etc/resolv.conf"
STEP 10: Restart the bind9 software
"sudo service bind9 restart"
SLAVE DNS
STEP 1: Install Bind Software (Berkley Internet Domain)
"sudo apt-get install bind9"
STEP 2: Edit hosts
"sudo nano /etc/hosts"
STEP 3: Edit the local file to create forward and reverse zones
"sudo nano /etc/bind/named.conf.local"
STEP 4: Provide the network address
"sudo nano /etc/network/interfaces"
STEP 5: Edit resolv.config to provide the nameserver and domain
"sudo nano /etc/resolv.conf"
DHCP
edit"Sudo apt-get update" - Before starting with the DHCP configuration we can updates the files and package in Ubuntu.
"sudo apt-get install dhcp3-server" - we install the DHCP server from the command line.
We need to configure the DHCP file by using the command.
"nano /etc/dhcp/dhcp.conf"
In the file we will navigate to subtitle that says slightly different configuration for an internal subnet
In that section we need to uncomment the code and define the DHCP configuration.
We define the subnet, range, DNS, default gateway, broadcast address and lease time for the DHCP.
WEB SERVER
editSTEP 1: Install Server Software (Apache)
"sudo apt-get install apache2"
STEP 2: Edit hosts
"sudo nano /etc/hosts"
STEP 4: Check the directory
"cd /var/www/html"
STEP 5: Edit the local html file
"sudo nano /var/www/html/index.html"
HTML CODE
<HTML>
<TITLE>
DATA NETWORKS
</TITLE>
<BODY>
PROJECT CONSTRUCTION
</BODY>
</HTML>
STEP 6: Edit resolv.config to provide the nameserver and domain
"sudo nano /etc/resolv.conf"
BACKUP
editStep 1: Apache installation in backup server
"sudo apt-get install apache2"
With this command the apache server will be installed on our machine.
Step 2: Rsync (in the web server and backup server) installation
The back up on the server machine is managed by the Rsync.
"sudo apt-get install rsync"
Step 3: To get the backup within other directory of web server.
"sudo rsync –avz –progress /var/www/ /path of backup directory/"
Step 4: SSH Rsync installation (In the web server and backup server)
"sudo apt-get install ssh rsync"
Step 5: placing the backup in another server (To be executed in the backup server)
"sudo rsync -avz –progress –e ssh <hostname>@10.0.0.81 /var/www/ /path of back up directory/"
Step 6: Crontab is used to schedule the backup every 5 minutes
"sudo crontab –e 60 00 ***rsync-avz-progress –e ssh<hostname>@10.0.0.81 /var/www/ /path of back up directory/"
Firewall
edit1. iptables -L
2. iptables -A INPUT -j ACCEPT -p tcp --destination-port 22 -i eth0
3. iptables -A INPUT -j ACCEPT -p tcp --destination-port 80 -i eth0
4. iptables -A INPUT -j DROP -p tcp --destination-port 21 -i eth0
5. iptables-save > /etc/iptables.up.rules
VIRTUAL PRIVATE NETWORK (VPN)
editStep 1: pptp server installation.
"sudo apt-get install pptpd"
Step 2: pptpd file configuration.
"sudo nano /etc/pptpd.conf"
IP of the server and the IP of the client are updated in this file.
Step 3: DNS server Configuration.
When the client tries to connect to the pptp server the DNS is configured.
"sudo nano /etc/ppp/pptpd-options"
Step 4: The VPN users are updated in the chap-secrets file.
"sudo nano /etc/ppp/chap-secrets"
Step 5: After configuring the pptp server has to be restarted so that all settings come into effect.
"sudo /etc/init.d/ppptpd restart"
Working
editForward Zone
editGNU nano 2.2.6 File: /etc/bind/db.linux.project
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA linux.project. root.linux.project. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; @ IN NS ns.linux.project.
@ IN NS ns2.linux.project.
@ IN A 10.0.0.81
@ IN A 10.0.0.11
@ IN AAAA ::7
ns IN A 10.0.0.81
ns2 IN A 10.0.0.11
www IN A 10.0.0.81
Reverse Zone
editGNU nano 2.2.6 File: /etc/bind/db.10
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA linux.project. root.linux.project. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
81 IN PTR linux.project.
81 IN PTR www.linux.project
Testing
editGeneral Commands
"Ifconfig" “dig linux.project” “nslookup linux.project” “tail –f /var/log/syslog”
DHCP: gedit/var/lib/dhcp/dhcpd.leases
ping www.linux.project
Future Prospects
editCitations
editWebsites referred:
https://help.ubuntu.com/community/
https://wiki.debian.org/WiFi/AdHoc
https://help.ubuntu.com/community/SettingUpNFSHowTo