Data Networking/Fall 2015/SSRA
Motivation
editThis project builds a deeper understanding of basic Networking fundamentals through practical implementation. The concepts that are part of the Data Networking class (TELE5330) became clearer through the implementation of this project. In this webpage we have described our Linux project based on implementations of concepts such as DNS, DHCP, Web Server,Firewalls, Backup.
Understanding the Protocol
editDNS:
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide. The Domain Name System is an essential component of the functionality of most Internet services because it is the Internet's primary directory service.
DHCP:
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.
WEB SERVER:
A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests
FIREWALL:
A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
BACKUP:
System backup provides security to the network by retaining compressed versions of the file systems of various nodes in the network. In the event of system crash, corruption or failure, the file system can be restored from the backup that was stored beforehand.
The Requirements
edit- Create a DHCP server that assigns IPV4 and IPV6 addresses to the clients in the network.
- Implement a web server.
- Create a master DNS server and a slave DNS server.
- Create firewall.
- Create backups of the client in the backup server and send them back to the client when required.
Steps to perform the setup / installation
editDNS Configuration:
1) Sudo apt-get install bind9:
This command is used to install Bind9 to setup the DNS server.
2) Sudo gedit /etc/bind/named.conf.local:
This command is used to edit the named.conf.local file and the domain zone and the reverse zone has been added to resolve an address to a name. A master server is denoted in the zone section. Now this file should be saved and return to terminal.
//Domain zone
zone "fdpro.com"
{ type master; file /etc/bind/zones/fdpro.com.db"; };
//For reverse DNS zone "17.168.172.in-addr.arpa"
{ type master; file "/etc/bind/zones/rev.17.168.172.in-addr.arpa"; };
3) Sudo gedit /etc/bind/named.conf.options:
named.conf.options file is edited to add the following IP addresses of our ISP’s DNS server. Now the file should be saved and return to the terminal.
forwarders { 172.168.17.5 172.168.17.1 };
4) sudo nano /etc/resolv.conf:
The resolv.conf file is modified to add the IP address of our DNS server which is fixed statically to 172.168.17.5 and our domain name (fdpro.com) is fixed in search option as following way: Search fdpro.com nameserver 172.168.17.5
5) sudo mkdir /etc/bind/zones:
This command is used to create the zones.
6) sudo gedit /etc/bind/zones/fdpro.com.db:
The command is used to edit fdpro.com.db file. In this file, we have set TTL value for 3 days and created NS record for domain (fdpro.com) that defines which servers serve copies of a zone and A records for Dhcpserverpc, gw and www that maps an IP addresses to a hostname. NS record defines which servers serve copies of a zone.
7) sudo gedit /etc/bind/zones/rev.17.168.172.in-addr.arpa:
rev.17.168.172.in-addr.arpa file is edited for reverse lookup. For each A record which is configured in /etc/bind/zones/fdpro.com.db for different addresses, PTR record has been created in /etc/bind/zones/rev.17.168.172.in-addr arpa.
8) sudo /etc/init.d/bind9 restart:
Bind9 has been restarted to save our recent changes.
DHCP Configuration:
Assign a static IP to the etho interface of the DHCP server.
sudo vi /etc/network/interfaces
The IPv4 address 172.168.17.7 and the IPv6 address 2001:888:db8:1::1002 have been assigned to the eth0 interface of the DHCP server. Reboot the DHCP server in order for these changes to take effect. Install the isc-DHCP-server on the VM by executing the command.
1) sudo apt-get install isc-dhcp-server
This is a command used to install DHCP server.
2)
{ Sudo nano /etc/network/interfaces Auto eth0 iface eth0 inet static address 172.168.17.7 netmask 255.255.255.0 gateway 172.168.17.1 network 172.168.17.0 broadcast 172.168.17.255 dns-domain-nameserver 172.168.17.5 dns-domain-search fdpro.com }
This is used to edit the file interfaces through the path mentioned. It is used to assign the static ip address to the dhcp server.
3) Sudo /etc/init.d/networking restart
This command is used to restart the interfaces.
4) Sudo nano /etc/dhcp/dhcpd.conf
This command edits the file dhcpd file to specify various parameters of the DHCP server.
5)
Ddns-update-style none;
Option domain-name “fdpro.com”;
Option domain-name-servers 172.168.17.5;
Default-lease-time 600;
Max-lease-time 7200;
Authoritative;
Subnet 172.168.17.0 netmask 255.255.255.0
{ range 172.168.17.1 172.168.17.200; Option routers 172.168.17.1; Option domain-name-servers 172.168.17.5; Option-domain-name “fdpro.com:; Option broadcast-address 172.168.17.255; }
The DNS server doesn’t support DDNS hence the value is kept none. The DHCP server gives a range of addresses to the client. If the server doesn’t specify any lease time, the default time taken is 600. The maximum lease time given by server is 7200.
6) Sudo service isc-dhcp-server restart
Start the DHCP server.
Web Server Configuration:
1) Sudo apt-get install apache2
Apache2 needs to be installed for the configuration of the web server on the Linux machine.
2) gedit/etc/hosts:
This will open the editable file where we have to name the hostname of the webserver as fdpro.com.
3)cp/etc/apache2/sites-available/000-default.conf/etc/apache2/sites- available/index.html:
This command is used to create the copy of the default file with different filename as index.html.
4) gedit/etc/apache2/sites-available/index.html:
This command is used to edit the index.html file.
We add the ServerName as fdpro.com.
And ServerAlias as sapan.fdpro.com.
5) a2ensite fdpro.com
This command is used to enable the default site.
6) service apache2 restart:
This command is used to restart the server.
7) nano index.html:
Type this command in this directory: /var/www/html
This command will edit the index.html file and the page can be designed accordingly.
“sudo” needs to be added if the configuration is not done using the root.
Firewall Configuration:
We have used ufw command to enable firewall.
Following are the commands used to enable firewall.
Sudo ufw enable
1) Now we will add outbound TCP rules.
Sudo ufw allow out 25, 53, 80,110, 443/TCP
2) Now we will add outbound UDP rules.
Sudo ufw allow out 53, 67, 68/UDP
Backup Configuration:
The backup is created using crontab software. This is done in order to access the files even if the system crashes down. The following are the commands:
To create pair of public and private keys
mkdir ~/.ssh chmod 700 ~/.ssh ssh-keygen –t rsa ssh sapan@172.168.17.50 mkdir –p .ssh cat .ssh/id_rsa.pub | ssh sapan@172.168.17.50 ‘cat >>.ssh/authorized_keys’
//used to make a directory .ssh //change the permissions
//generates pair
Creating script file(backup)
sudo nano /home/xyz /backup/backup.sh cd /var/www/cp index.html /home/xyz/backup/cd /home/xyz/backup
tar czf /home/xyz/backup/backup.tar.gz ds1.fw index.html sleep 1s sync:sync 1s
scp backup.tar.gz sleep sapan@172.168.17.50:/home/sapan/ sleep 1s sync:sync
Extracting the backup file:
cd /home/sapan/sudo nano backup.sh cd /home/sapan/ tar xzf backup.tar.gz0 12 * * * bash /home/sapan/backup.sh:
Testing
editDHCP Testing:
Check if the client obtained its IP address from the DHCP by executing the following command:
ifconfig
Also, check the logs on the client for DHCP messages:
grep -i dhcp /var/log/syslog
DNS Testing:
Execute the following commands on the client. "nslookup" is used to query the DNS to obtain name to IP address mapping or any specific DNS record. "dig" is a networking tool that can query DNS servers for information. It uses the operating system's local Domain Name System resolver library to perform its queries.
nslookup fdpro.com
dig fdpro.com
Web Server Testing:
1) Type the IP Address in the URL: 172.168.17.3
2) Type fdpro.com in the URL.
Firewall Testing:
We can see 404 status for blocked clients and 200 status for unblocked clients via firewall.
Backup Testing:
Check the backup server for filesystem backups taken at the time scheduled in the crontab.
ls -lrt /home/sapan/Projects/Backup
Future Prospects
edit• Security of the DNS server can be implemented, more authentication, encryption can be implemented.
• We can improve NFS, NIS and VPN for future usage.
• The level of security can be increased in future.