Wikiversity

Data Networking/Fall 2015/Riampara

< Data Networking‎ | Fall 2015

Data Networking/TELE 5330 DN-Linux Project-Anika Ramachandran & Group Linux Project to implement DNS,DHCP,Web Server & Firewall Bold textThe Project Team 1) Manasi Bhutada 2) Rini Khanna 3) Anika Ramachandran 4) Pratiksha Kulkarni Introduction In this Linux project,our group has tried to implement certain networking concepts such as DNS,DHCP,Web Server,Backup Web Server & a Firewall. The flavour of Linux that we have used is Ubuntu 14.04.1. The Basic Protocols & understanding them Bold text1) Domain Name System (DNS) Domain Name System(DNS) is a naming system for hosts connected to the internet or a private network.DNS maps domain names to IP addresses and vice-versa. When a website;say for e.g. "www.google.com" is entered,the browser has to find out the IP address of the web server. So a query is sent to the local DNS servers and a corresponding IP address is returned back. So now we can successfully access the website with the help of our web browser. The different types of DNS server records are A,AAAA,PTR,CNAME,MX,etc. We will use a Bind9 DNS server with caching. An advantage of caching would be that whenever we make a cached request,the amount of time required to fetch and display the page requested,if it was already requested previously or stored in the cache is reduced significantly by thousands of milliseconds.

Bold text2) Dynamic Host Configuration Protocol (DHCP) In modern day networking,IP addresses to the hosts can be configured dynamically instead of a manual process by using Dynamic Host Configuration Protocol (DHCP) . DHCP allows a host to get an IP address automatically. A host may be assigned a temporary IP address each time it connects to the network. It is often referred to as a Plug-and-Play protocol. DHCP is a client and server based protocol. The way it works is that a host which arrives at the network will find a DHCP server. This interaction is called DHCP server discovery. Then the DHCP server offers an IP address to the host for a leased time. This is called DHCP server offer. Then the newly arriving client will choose the server offer if it wishes to by sending a DHCP request message. Finally the DHCP server responds to this request by replying with a DHCP ACK message. Port numbers used for DHCP server and client are 67 & 68 respectively. The three types by which DHCP allocates IP addresses to the hosts Static allocation Manual IP addresses are allocated for only those hosts who have their MAC addresses listed in the IP translation tables on the router. Dynamic allocation Allocation occurs from a pool of IP addresses dynamically for a certain lease period. Automatic allocation The same IP is assigned to the client when it comes on the network. Bold text3) Web Server A web server is a computer system that is used for processing requests via HTTP. A web server is used to host a website. It also can be used to handle gaming,email,FTP and other such applications. It involves the HTTP and HTTPS protocols to listen on ports. Port numbers used are 80 for HTTP and 443 for HTTPS. To avoid overloading we can use a firewall or web caching techniques. Bold text4) Backup Web Server A very wise decision would be to backup the existing web server in case any failure occurs. So we have synced our data with another server which keeps a track of contents in the directory.So it does dynamic updating by copying only those files which have been modified. For this purpose we will use Remote Sync (RSync) which is available in Ubuntu. Bold text5) Firewall A firewall is a system used for preventing unauthorised access to or from a network. It could either be a hardware or a software. It will filter all incoming/outgoing packets based on how the firewall has been designed. Common techniques used are packet filtering,application gateways,circuit-level gateways and proxy servers. Most firewalls use more than one of these techniques in combination. A firewall is usually considered a first line of defense. Encryption on data can be used to achieve further security. Bold textConfiguration Steps Bold textDNS :- DOMAIN NAME SYSTEM DNS is responsible for directing network traffic to avoid network congestion based on name and numerical IP addresses. It's the service that allows users to type in domain names instead of IP addresses to locate a Web site or Internet resource. To provide this service, DNS creates a mapping between the numeric IP addresses and the readable domain names that Internet users are accustomed to using as they can remember more easily. The below commands are executed to create the DNS server :- 1) Install the service BIND9 :- sudo apt-get install bind9 2) Configure files inside bind9:- sudo nano /etc/bind/named.conf.local sudo nano /etc/bind/named.conf.options 3) Configure the forward and reverse tables :- sudo nano /etc/bind/db.riamp.com sudo nano /etc/bind/db.20.168.192.in-addr.arpa 4) Restart the services sudo service bind9 restart 5) configure the resolv.conf file sudo nano /etc/resolv.conf

Bold textDHCP Server Bold textFor IPv4 & IPv6 1. Install DHCP Server sudo apt-get install isc-dhcp-server sudo apt-get install radvd 2. Set the static IP address of the DHCP server sudo nano /etc/network/interfaces host web-server { hardware Ethernet 00:0c:29:20:2a:c1; fixed-address 192.168.20.100; } 4. Configure the DHCP server sudo nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.220 192.168.10.230; option routers 192.168.10.1; option domain-name-servers 192.168.10.254; option broadcast-address 192.168.0.255; option domain-name "riamp.com"; default-lease-time 600; max-lease-time 7200; } sudo nano /etc/dhcp/dhcpd6.conf 

              default-lease-time 5;

max-lease-time 20; log-facility-local7 subnet6 2001:db8:0:1::/64 { range6 2001:db8:0:1::10 2001:db8:0:1::154; range6 2001:db8:0:1::/64 temporary; option dhcp6.name-servers 2001:db8:0:1::3; option dhcp6.domain-search “riamp.com”; 

              }

5. Edit the resolv.conf file 

      nameserver 192.168.20.3

6. Restart the dhcp server sudo service isc-dhcp-server restart sudo service isc-dhcp-server6 restart 7. Testing 1. DHCP leasing: - sudo tail /var/lib/dhcp/dhcpd.leases 2. DHCP LOG: - sudo tail –f /var/log/syslog Bold textWebserver 1.Install Apache Web Server 

  Sudo apt-get install apache2

2.Creating a directory here for the Web Server 

   sudo mkdir /var/www/riamp.com

3. Creating Demo Pages for the Web Server 

   sudo nano /var/www/riamp.com/sample.html

4. Creating the Web Server file: 

   sudo nano /etc/apache2/apache2.conf
   sudo nano /etc/apache2/mods-available/dir.conf

Customizing ServerName and DocumentRoot for Web Server to match requests made on port 80 

  Sudo apt-get install gksu
  Gksu nautilus
  ServerName riamp.com
 documentRoot /var/www/riamp.com

5. Restart Apache to make these changes take into effect 

  Sudo service apache2 restart

Testing 1.By entering IP address in the URL bar the web page of the project will be displayed. 2.Also, ‘riamp.com’ will display same web page meaning the web server is working properly. Bold textFirewall 1.Installing and Starting iptables-persistent 

  Sudo apt-get install iptables-persistent
 sudo service iptables-persistent start

2. Accepting incoming connection to port 80 and 20 and rejecting others to configure the firewall 

   sudo iptables –A INPUT –p tcp –dport 22 –j ACCEPT
     sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT
    sudo iptables –A INPUT –j DROP
    sudo iptables –I INPUT 1 –I lo –j ACCEPT

3. Reject HTTP request from a particular host 

    sudo iptables -A INPUT -s 192.168.15.157 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp- 
    port-unreachable

Testing 1.This will list all the rules that are configured in firewall. 

  sudo iptables –L

2. Client with ip address 192.168.15.157 will ne unable to reach the host, which can be verified by 

  pinging.

Bold textBackUp Server 1.Install SSH 

  sudo apt-get install ssh

2. Generate RSA keys 

   ssh-keygen –t rsa

3. Using ssh to create a directory ~/.ssh 

  ssh rini@192.168.20.100 mkdir -p .ssh

4. Permissions 

   chmod 700 ~/.ssh && chmod 600 ~/.ssh/* 
  chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/

5. Appending the key 

  cat .ssh/id_rsa.pub | ssh rini@192.168.20.100 'cat >> .ssh/authorized_keys’

6.Compressing the file to be backed up 

  sudo tar –cvpzf backup.tar.gz /var/www/riamp.com

7. Using the cron jobs to schedule the backup for every minute 

   sudo crontab -e
    * * * * * sudo tar -cvpzf /home/rini/backup.tar.gz /var/www/riamp.com
    * * * * * sudo scp /home/rini/backup.tar.gz rini@192.168.20.100:

Testing The backup file on destination location can be checked by typing ls -l command and the time when the last file backup was done. Bold textADD-ON: - Bold text1. Mailserver 1. Update the ubuntu OS with packages sudo apt-get update sudo apt-get update --fix-missing 2. Install Postfix & Dovecot 

  sudo apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd dovecot-pop3d squirrelmail

3. Restart the mail server 

  sudo nano /etc/bind/named.conf.local
  invoke-rc.d bind9 restart

4. Check it using nslookup & dig tool 

  nslookup mail.anika.net
  dig mail.anika.net

5. Restart the Apache server 

  invoke-rc.d apache2 restart

6. Reconfigure Postfix 

  dpkg-reconfigure postfix
  system mail name -> mail.anika.net

7. Editing the configuration file for apache & dovecot 

  sudo nano /etc/squirrelmail/apache.conf
  sudo nano /etc/dovecot/dovecot.conf
  protocols = imap pop3
  #disable_plaintext_auth = no
  mail_location = mbox~/mail:INBOX=/var/mail/%u
  mail_location = maildir:~/Maildir

8. Setting forward and reverse zones 9. Kill all the processes 

  killall named
  killall apache2
  killall dovecot

10. Set the static IP address for the mail server 

  ifconfig eth0 192.168.20.1 netmask 255.255.255.0
  ifconfig eth0 up

11. Restart all the processes 

  invoke-rc.d bind9 restart
  invoke-rc.d postfix restart
  invoke-rc.d dovecot restart

12. Add users & assign them passwords 13. Mail received Bold text2. NFS Steps for configuring the NFS server 1. Install the NFS server 

  sudo apt-get install nfs-kernel-server

2. Creating an export filesystem 

  sudo mkdir -p /export/users

3. Provide permissions for accessing the NFS share from the client 

  sudo chmod 777 /users

4. Mount the real users directory 

  mount --bind /home/shared_users /export/users

5. To save us from retyping this after every reboot we add the following in the /etc/fstab 6. Since we are not activating security do the following edit 

  sudo nano /etc/default/nfs-kernel-server
         NEED_SVCGSSD="no"

7. Export our directories to the local network 192.168.20.0/24 

           sudo nano /etc/exports
          /export       192.168.20.0/24(rw,fsid=0,insecure,no_subtree_check,async)
          /export/yedi 192.168.20.0/24(rw,nohide,insecure,no_subtree_check,async)

8. Restart the server 

  sudo service nfs-kernel-server restart

Steps for configuring the NFS client 1. Install NFS for the client 

  sudo apt-get install nfs-common

2. Mount the export tree with the client's user 

  sudo mount 192.168.20.5:/export /home/anika

3. NTP 1. Install the NTP daemon sudo apt-get install ntp 2. Configure the NTP Servers sudo nano /etc/ntp.conf 3. Find the section within the configuration that lists the NTP Pool Project servers. The section will look like this: server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org server 192.168.1.3 4. Use the command 

 ntpq -p
Retrieved from "https://en.wikiversity.org/w/index.php?title=Data_Networking/Fall_2015/Riampara&oldid=1639280"