Data Networking/Fall 2015/Smarvind

Project Objective

edit

The goal of the Linux task is to plan a system that is powerful, progressive and secure. We plan a DHCP server, a DNS server, a space that has a Web-server and a firewall to make the system more secure. The DHCP server ought to have the capacity to rent IP to customers, the customer ought to have the capacity to get to the site page facilitated by the web program by determining its IP from the DNS and afterwards the Firewall ought to have the capacity to obstruct the customer.

Project Team members

edit

Archit Mathur

Arvind Mohan

Sunny Alagh

Jashangeet Singh

Network elements

edit

Implemented demo network consists of following elements:

  • DHCP
  • DNS
  • WEB SERVER
  • FIREWALL
  • SSH
  • Server Back-Up
  • NFS
  • NTP
  • VPN
  • NIS

Dynamic Host Configuration Protocol (DHCP)

edit

DHCP is a client/server protocol which dynamically assigns IP addresses to clients connected to the network along with other network information such as DNS IP address, default gateway etc. It lets network administrator to centrally manage and allocate IP addresses within the network.

Behaviour of the protocol

edit

It is a customer server convention; which utilizes UDP at port 67. The server progressively allocates IP addresses, subnet mask and gateways to customers from a pool of IP locations given to it.

Signalling

edit

The following steps are taken by DHCP server for IP allocation: 1. To start with, all recently entered host need to find DHCP server. For that, customer sends a revelation demand with customer id 0.0.0.0 and destination location of 255.255.255.255  2. At the point when DHCP server gets a disclosure demand from customer it sends DHCP offer message with legitimate subnet IP addresses accordingly.

3. Recently arrived customer will pick one offer from various accessible offers from diverse DHCP servers and send solicitation to that specific server.

4. That DHCP server will allocate the IP location to the customer and send an affirmation to the customer.

DHCP Configuration

edit

Most widely used DHCP servers are

  • Windows DHCP server
  • ISC-DHCP-SERVER

We have used ISC-DHCP-SERVER as it is open source software; which can be freely run on Linux machine and it’s mostly matches its performance environment. Following commands are used to implement DHCP server on ubuntu Linux machine.

1. Update package list

  sudo apt-get update

2. Install DHCP server

  sudo apt-get install isc-dhcp-server

3. Make changes into DHCP configuration file

  sudo nano /etc/dhcp/dhcpd.conf

Following changes were made in DHCP file:

  • While inspecting the dhcpd.conf file locate simple subnet configuration
  • Here, mention Subnet mask, Gateway router, leasing address range for subnet, broadcast address and Default and Max lease time as per your network need

4. Configure static IP addresses for Web server and DNS server (as we don’t want DHCP to allocate dynamic IP addresses to these everytime)

  sudo nano /etc/dhcp/dhcpd.conf

 

5. Restart DHCP server to apply the changes.

  sudo service isc-dhcp-server restart

After entering the command in terminal; the server will restart.

Testing

edit

1. DHCP leasing:- The leases on the DHCP server and the IP addresses that has been leased to the client can be verified by using the following command.

  sudo tail /var/lib/dhcp/dhcpd.leases

2. DHCP LOG: - the log output of DHCP can be verified using this command.

  sudo tail –f /var/log/syslog

Domain Name System (DNS)

edit

DNS is an application layer convention that permit hosts to determine hostnames to IP address. DNS is for the most part utilized by other application layer convention like HTTP, SMTP and FTP. The hostname-to-IP address interpretation administration acts as expressed underneath:

  1. The application in host's side would indicate the hostname that should be deciphered. (gethostbyname() is the capacity call that the application uses to perform interpretation in UNIX)
  2. DNS then sends an inquiry message into the system. All DNS inquiry and answer messages are sent inside UDP port 53.
  3. DNS in the client host gets a DNS answer message that gives the wanted mapping, thus is passed onto the summoned application.

Behaviour of Protocol

edit

DNS is a customer server sort application layer convention which utilizes UDP port 53. DNS customer solicitations host mapping with a DNS ask for bundle and the DNS server brings the comparing record, typifies it in an answer parcel and sends it over UDP.

DNS Server

edit

The authoritative name server of a company holds the records for its web servers, mail servers and canonical names of the servers. These records are configured in the DNS server by registrars certified by Internet Corporation for Assigned Names and Numbers (ICANN).

Signalling

edit

Following steps were performed in DNS request-reply cycle:

1. The client sends a DNS query to the LOCAL DNS.

2. The LOCAL DNS forwards query to the ROOT server and reply will be sent to LOCAL DNS containing NS and A records of corresponding TLD server.

3. The reply will be sent to ROOT DNS server containing NS and A records of corresponding AUTHORATIVE Name Server.

4. The ROOT server will then send a query to the AUTHORITATIVE server & will forward the reply to the LOCAL server.

DNS Configuration

edit

As clarified in DHCP segment, the DNS server is given a static IP address.

A portion of the DNS programming bundles accessible are BIND, Power DNS and Posadis. Among all BIND is broadly utilized and it satisfies all local necessity of DNS usefulness like recursive, legitimate, cacheing name-server and it additionally contains a resolver customer library. While, Power DNS contains two unique bundles to be specific "PowerDNS Authoritative Server" and "PowerDNS Recursor". The later bundle is more defenseless (determined starting now yet at the same time not prescribed by system directors). Posadis ,an open source DNS bundle, however it's not kept up by any group and subsequently not best.

We have utilized BIND programming. The most recent rendition is Bind9.4 which bolsters an accumulate time choice for zone methodology in an assortment of database arrangements. In addition Bind9 additionally beats a few genuine security issues which were available stuck Tough situation 4 and Bind 8. In this manner, Bind9 gives a strong construction modeling to our DNS server.

Taking after steps are utilized to execute DNS server.

1.Update the package list.

   sudo apt-get update

2.Install bind9.

  sudo apt-get install bind9

3. Create a forward zone file.

  sudo cp /etc/bind/db.local /etc/bind/forward.dnlinuxproject.tsm

4. Open file /etc/bind/forward.linuxproject.tsm and edit it. After edition the file will look like below.

 

5. Create reverse zone file

  sudo cp /etc/bind/db.127 /etc/bind/reverse.dnlinuxproject.tsm

6. Open file /etc/bind/reverse.dnlinuxproject.tsm & edit it as below.

 

7. Open /etc/bind/named.conf.local file & add forward and reverse zones.

 

8. Change nameserver.

  sudo nano /etc/resolv.conf
 

9. Restart Bind.

  sudo service bind9 restart

Web Server and Firewall

edit

Web server

edit

Web server is an Information Technology apparatus which forms HTTP asks for and circulates data in World Wide Web. The essential capacity of a web server is to store, process and convey website pages to customers. Web server not as a matter of course dependably intends to be an Internet server, huge associations have their own particular web servers which are utilized for their own particular Local Area Network to join different gadgets inside of organization premises. (e.g. printers, PCs, switches and so on.) For any situation, a server is a dependably ON machine and consequently it must be kept at legitimate temperature to stay away from breakdown because of overheating. A server is a heart of any system. On the off chance that a server comes up short entire system will separate. Consequently, associations regularly utilize a reinforcement server in the event of crisis (hot-standby design).

Behavior of Protocol

edit

Hypertext Transfer Protocol (HTTP) is an Application Layer convention most broadly utilized as a part of today's Internet. It is characterized in RFC 2616 (HTTP/1.1) which was changed into RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234 and RFC 7235. HTTP/2 is presently a work in progress. Default port for HTTP is 80. In a run of the mill HTTP correspondence, the customer sends a solicitation a page and sets up a TCP association between itself and server by means of three-way handshake process. After the association is builds up, customer demands a website page. Server sends asked for HTTP page over the TCP association. The association is either shut or kept open after the exchange contingent on the sort of association (i.e. industrious or non-determined).

Signalling

edit
  1. The client obtains server IP address from DNS server.
  2. Client initiates TCP connection by sending SYN message on port 80 of the server.
  3. Server responds with SYN-ACK message thereby opening the port for the client to request the information.
  4. Client completes three-way handshake process by sending ACK message. It also requests for basic HTML page along with this.

Web server configuration

edit

We have utilized Apache2 Web Server. The primary explanation for picking Apache is that it furnishes more similarity with extra modules and in addition rate and adaptability in little system like the one we have made. Taking after orders are utilized to introduce Web Server on Linux machine.

1. Install Web server Apache2

sudo apt-get install apache2

2. Make a directory

sudo mkdir –p /var/www/html/tsm.conf/htmll

3. Make a directory in /etc/apache2/sites-available sudo mkdir tsm.conf 4. Edit tsm.conf and provide with a nameserver or copy the details from 000-default.conf file. sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/tsm.conf sudo nano /etc/apache2/sites-available/tsm.conf 5. Edit the index.html file

sudo nano index.html

6. To enable the site sudo a2ensite tsm.conf 7. Server apache2 restart sudo service apache2 restart 8. To check the status sudo netstat –ltnp

Add these commands in the file.

ServerAdmin  webmaster@dnlinuxproject.tsm
ServerName dnlinuxproject.tsm
DocumentRoot /var/www/html/tsm.conf/htmll

Firewall

edit

A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on set of rules. We can block certain packets by configuring our firewall to certain rules.

1.Check the status of iptables

sudo iptables –L

2.Configure open and closed ports

Packages used

edit

We have used iptables to modify the set of rules for our Firewall.

IPtables for IPv4 is used to allow/deny host to access the webserver

Sudo iptables –A INPUT –i lo –j ACCEPT

•sudo iptables –A INPUT –i eth0 –p tcp –dport 80 –j ACCEPT

•sudo iptables –A INPUT –i eth0 –p tcp –dport 443 –j ACCEPT

•sudo iptables –A INPUT –i eth0 –p tcp –dport 25 –j ACCEPT

•sudo iptables –A INPUT –i eth0 –p udp –dport 67 –j ACCEPT

•sudo iptables –A INPUT –i eth0 –p tcp –dport 68 –j ACCEPT

•sudo iptables –A INPUT –I eth0 –j LOG –log-prefix “iptables-denied:” –log-level7

•sudo iptables –A INPUT –j DROP

IPtables for IPv6 is used to allow/deny host to access the webserver

•Sudo ip6tables –A INPUT –i lo –j ACCEPT

•sudo ip6tables –A INPUT –i eth0 –p tcp –dport 80 –j ACCEPT

•sudo ip6tables –A INPUT –i eth0 –p tcp –dport 443 –j ACCEPT •sudo ip6tables –A INPUT –i eth0 –p tcp –dport 25 –j ACCEPT

•sudo ip6tables –A INPUT –i eth0 –p udp –dport 67 –j ACCEPT •sudo ip6tables –A INPUT –i eth0 –p tcp –dport 68 –j ACCEPT

•sudo ip6tables –A INPUT –I eth0 –j LOG –log-prefix “iptables-denied:” –log-level7 •sudo ip6tables –A INPUT –j DROP

•sudo ip6tables –I INPUT 2 -i eth0 –p icmpv6 –j ACCEPT After completion: •sudo service iptables restart

To save the config

•sudo touch /etc/iptables.rules

•sudo sh –c “iptables-save > /etc/iptables.rules”

•sudo touch /etc/ip6tables.rules

•sudo sh –c “ip6tables-save > /etc/ip6tables.rules”

•sudo nano /etc/network/interfaces In this file edit

•auto eth0

•iface eth0 inet dhcp

•pre-up iptables-restore < /etc/iptables.rules

•auto eth0

•iface eth0 inet6 dhcp

•pre-up iptables-restore < /etc/ip6tables.rules

Firewall configuration

edit

IPTABLES: - a set of rules configured on Linux machine terminal. It has some built-in chains. INPUT chain: - for packets coming into the machine OUTPUT chain: - for packets generated inside and going outside of the machine. FORWARD: - for packets routed through the local host

Testing

edit

1. To list all rules configured in firewall.

sudo iptables -L

2. To flush/remove the rule from iptable.

sudo iptables -F
 
 

Web Server Backup

edit

To add redundancy to our network and make it robust, we have to implement a backup to our web server. So that if our server fails, whole network will automatically routed to the backup server & hence there will be no black out.

Configuration backup

edit

Backup is needed for the webserver as it is the one hosting the web service. Manual and automatic backup are the two options. But automatic backup is preferred over manual backup as manual backup requires lot of effort and we have to be very careful while taking manual backup as a small mistake can result in the whole data loss.

Two ways of automatic backup configuration in Ubuntu:

Using cron

Cron is the system deamon which is used to perform desired tasks in the background at designated times.

BACULA BACKUP

What is bacula and how it works? Advantages of Bacula over other backups.

Bacula is an open source backup solution which allows us to create backups and to perform data recovery of the systems.

Bacula follows the client-server model but it has lot of components.

Components of the Bacula Server (Backup Server which is bacula based)

  • Bacula Director (BD)
  • Storage Daemon (SD)
  • ConsoleCatalog
  • Catalog Catalog is the service which stores the database of the backup into databases such as mysql or postgresql
  • Storage Daemon
  • Storage daemon is the software that reads and writes all the backup related information
  • Bacula Director (BD)
  • Bacula director is the software which takes care of all the operations and settings performed for the backup of the host.
  • Bacula Console
  • Bacula console is the command line interface which is used to modify all the settings of backup and allows the user to adiminister and control Bacula Director All the four bacula server components i.e Software Daemon (SD), catalog, Bacula Console and Bacula Director works together to perform the backup functionality and they don’t need to be on the same server but they should be together. 
  • Bacula Client
  • The bacula client is the server which is to be backed up and bacula client is having a software called File Daemon (FD). This File daemon (FD) provides access to all the data of the client which is to be backed up. Installation Process of Bacula Server (Backup) in Ubuntu: Install MySQL Install bacula client and bacula server components Create backup and restore directories Configure bacula director Configure local jobs Configure file set Configure storage daemon connection Configure pool Configure storage daemon Configure storage resources Configure storage device Verifying storage daemon configuration Install mysql
  • sudo apt-get update
  • sudo apt-get install mysql-server
  • You have to set password for mysql administration Install bacula client and bacula server components
  • sudo apt-get install bacula-server bacula-client
  • we have to set “internet site” and FQDN (fully qualified domain  name) for the settings of the bacula server and bacula client After specifying the internet site and FQDN (fully qualified domain name) for installing bacula server and bacula client, we have to connect (link) these bacula server and bacula clients to the database, that we have installed, that is, MySQL.  So, while installing the bacula server and bacula client, we will ne prompted with some database related information. It asks for database configuration, we will say “yes” and put password (we set for MySQL Installation) and also, set new password for MySQL application password for bacula director MySQL. At last, for the installation of the bacula client and bacula server, we have to specify the bacula script that, the bacula director uses to perform all the catalog backup job      
  • sudo chmod 755 /etc/bacula/scripts/delete_catalog_backup 
  • In this way, baula client and servers are installed and now we have to create backup and restore directories Create backup and restore directories We have to create backup and restore directories for the bacula backup to work. Bacula needs backup directory to store all the backup information into it and bacula needs restore directories to place all the files which are restored.  Creating bacula backup and restore directories
  • sudo mkdir /bacula/backup /bacula/restore 
  • Now, as it is a backup of all the information, we have to specify permissions to these files to get access from bacula process or a super user only.
  • sudo chown –R bacula:bacula/bacula
  • sudo chmod –R 700/bacula 
  • After creating the backup and restore directories for placing the backup files and placing restored files and also specifying the permissions to access these files by superuser and bacula process, we have to configure bacula director  Configure bacula director We have to reconfigure various components of the bacula director configuration files in order to get all the bacula backup operations to work correctly  All the configuration files (.conf) are available in the /etc/bacula directory.  To configure bacula director  For reconfiguring bacula director, we have to open bacula director conf file in a text editor
  • sudo nano /etc/bacula/bacula-dir.conf
  • entities to configure under bacula director configuration file  Configure local jobs
  • A bacula job is used to perform the backup and restore functions. The details specified in the local jobs of a bacula director configuration file are there, these are the necessary details like which files are to backed up and what are the names of the files etc. We have to define backup files
  • Backupclient1
  • We have to search this name file i.e. backupclient1 and to change its name value to backuplocalfiles
  • We have to define the restore files
  • We have to search for the restorefiles and have to change its name value to restorelocalfiles and have to specify location i.e. where value to be /bacula/restore
  • We have to configure file set
  • All the files which are to be included and excluded for the backup selection are defined in the file set configurations.
  • We have to search for “list of files to be backed up” 
  • Under the “list of files to be backed up”
  • We have to go under the resource file name “full set” and into this job…
  • We have to define three things:
  • Add the compression option which will have GZIP value which compresses the backup.
  • Change the include file from /usr/sbin to / in value of file under include sub set.
  • We have to change second exclude file to /bacula  bacula-dir.conf — Update "Full Set" FileSet FileSet {   Name = "Full Set"   Include {     Options {       signature = MD5       compression = GZIP     }    File = / }   Exclude {     File = /var/lib/bacula     File = /bacula     File = /proc     File = /tmp     File = /.journal     File = /.fsck   } }
  • Configuring storage daemon configurations under bacula director configuration file (that is, under bacula-dir.conf) In the bacula-dir.conf file, there are some storage softwares that, defines the storage daemons to which bacula-dir.conf will connect.
  • We have to define the storage address under storage subset of the bacula-dir.comf file Storage {   Name = File # Do not use "localhost" here   Address = backup_server_private_FQDN                # N.B. Use a fully qualified name here   SDPort = 9103   Password = "ITXAsuVLi1LZaSfihQ6Q6yUCYMUssdmu_"   Device = FileStorage   Media Type = File }  We have to specify the Private FQDN (fully qualified domain name) in the value of address under storage daemon under the bacula-dir.conf file.
  • We specify the FQDN into the address field of the storage daemon of the bacula-dir.conf file so that, all the remote clients can connect to this address. We have to configure pools under the bacula-dir.conf file The pool resource of the bacula-dir.conf file defines the set of storage used by bacula to write backups. We have to just change the name of the label format so that all the backup related information is written over the storage files under this name.
  • Check director configuration after reconfiguring all the daemons of the bacula-dir.conf file, we have to check if all the settings are correct or not.
  • sudo bacula-dir –tc /etc/bacula/bacula-dir.conf
  • If there are no errors in the configurations of the bacula-dir.conf file, then
  • sudo bacula –tc /etc/bacula/bacula-dir.conf
  • will result in no syntax errors 
  • Configure Storage Daemon
  • We have to configure the storage daemon so that, Bacula knows where to store the backup files. We have to open the SD conf file (bacula-sd.conf file) 
  • sudo nano /etc/bacula/bacula-sd.conf 
  • Configure storage resource
  • Under bacula-sd.conf file and under the storage process  We have to specify, SDAddress as IP Address of the FQDN (fully qualified domain name)  bacula-sd.conf — update SDAddress Storage {                             # definition of myself   Name = BackupServer-sd   SDPort = 9103                  # Director's port   WorkingDirectory = "/var/lib/bacula"   Pid Directory = "/var/run/bacula"   Maximum Concurrent Jobs = 20   SDAddress = backup_server_private_FQDN } 
  • Configure Storage Device Under the bacula-sd.conf file we have to update the archive device  Archive device =bacula/backup 
  • Verify Storage Daemon Configuration After all the configurations, we have to verify are all the configurations under storage daemon are correct or not
  • sudo bacula-sd –tc /etc/bacula/bacula-sd.conf
  • Restart Bacula Director and Storage Daemons
  • sudo service bacula-director restart
  • sudo service bacula-sd restart

Testing

edit

We have to enter into the bacula console for testing the bacula configurations are Ok or not

•sudo bconsole

by hitting command sudo bconsole we will move into bacula console and it will start with

* Create a label

We have to start with defining a label first

  • label

After this there occurs a prompt to enter a volume name Enter a volume name •myvolume After that, we have to define the pool to enter into, we will give 2 which says file pool which we have configured. Manually run backup job

  • run

There occurs a prompt which asks, which job Is to run select backupfiles job, enter number accordingly. Hit enter while checking the run backup job. Check messages and status After running the jobs, there occurs some messages which are the outputs generated by the running jobs. Check these messages (outputs generated by running jobs)

  • messages

Another way to check status of the job is to check status of the director We have to run command status-director at the starting of console

  • status-director

If everything is Ok, then, there will be no errors and status will be running.

CHECK RESTORE JOB

After the backup job is working fine, we have to restore this backup. We can restore the backup using restore command Run Restore all job This will restore all the files from the last backup into the restore directory.

  • restore all

Algorithm

edit

1. A client enters the network.

2. The client will send an IP address request to DHCP server.

3. If DHCP request is successful, DHCP server will reply with an IP address

Else DHCP will reply with ‘request fail.’ This happens when the client moves out of the network suddenly

4. Client wants to access the web page.

if domain name put in is correct, then the request will be sent to DNS for IP address resolving with its respective type record.

DNS will reply with IP address of the website.

else if DNS fails An error message will be displayed saying, ‘server not found.’

Retry

5. Client accessed the web server. Now he sends HTTP request to the server.

if the request is successful, Web page will be displayed

else Error message like 'no page found' will be displayed.

Retry

Flow chart

edit

 

Add-ons implemented

edit

Network File System (NFS)

edit

We have utilized Apache2 Web Server. The primary explanation for picking Apache is that it furnishes more similarity with extra modules and in addition rate and adaptability in little system like the one we have made. Taking after orders are utilized to introduce Web Server on Linux machine.

Configuration

edit

Following commands are used to install and configure NFS server as well as client. NFS server 1. To install NFS server

 sudo apt-get install nfs-kernel-server

2. Make directory which will be shared with clients.

 sudo mkdir /home/arvindhusky/exp/arvind

3. Open /etc/exports file. This is main NFS configuration file.

 sudo nano /etc/exports

 

4. Create a file in the shared directory and then create user and group sudo chown 777 /home/arvindhusky/exp/arvind/

5. Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below /home/arvindhusky/exp/arvind client-ip (rw,sync,no_root_bquash,no_subtree_check) 6. Start the service with following command.

 sudo /etc/init.d/nfs-kernel-server start

7. To see the directories or files sudo show mount –e

NFS client 6. Install client and dependencies.

 sudo apt-get install nfs-common

7. Create a directory

 sudo mkdir -p /home/arvind/NFS

8. Mount the remote share directory on client’s local directory

 sudo mount 192.168.10.47:/home/arvindhusky/exp/arvind/home/sunny/NFS

9. To check the mounted file mount -t NFS 10. To test NFS and to see mounted file in client side: sudo touch /home/sunny/NFS/1.png

Testing

edit

1. In server, type this command to see shared directories.

 sudo nano /etc/exports

Configuration

edit

1. Install the NFS server by using below command:<o:p></o:p>

sudo apt-get install nfs-kernel-server<o:p></o:p>

2. Create a directory that can be shared.provide the permissions<o:p></o:p>

sudo mkdir /home/arvindhusky/exp/arvind<o:p></o:p>

3. Create a file in the shared directory and then create user and group<o:p></o:p>

sudo chown 777 /home/arvindhusky/exp/arvind/<o:p></o:p>

4. Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below<o:p></o:p>

/home/arvindhusky/exp/arvind client-ip (rw,sync,no_root_bquash,no_subtree_check)<o:p></o:p>

5. Restart the server by using the following commmand<o:p></o:p>

sudo service nfs-kernel-server restart<o:p></o:p>

6. To see the directories or files<o:p></o:p>

sudo show mount –e<o:p></o:p>

Virtual Private Network

edit

A virtual private network extends your private network to open network like Internet.It lets the customer unite with the private network and act as though it is associated with an open network, while holding components of private network, for example, usefulness, security and administration strategies. Assets are gotten to in same route as in a private network.

Configuration

edit

1. Install packet ‘pptpd’

 sudo apt-get install pptpd

2. Edit file /etc/pptpd.conf as follows

 sudo nano /etc/pptpd.conf
 localip <VPN server IP>
 remoteip <Range of IPs of VPN clients>

3. Edit /etc/ppp/pptpd/options file.

 sudo nano /etc/ppp/pptpd.options
 ms-dns 192.168.10.20

4. Set ‘user-id’ and ‘password’

 sudo nano /etc/ppp/chap-secrets
sunny pptpd tsm *

Check status of sysctl –p

It will give output as

Net.ipv4.ip-forward=1

Add iptables details under rc.local table

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT

iptables --append FORWARD --in-interface eth0 -j ACCEPTRestart pptpd server

  • service pptpd restart

Mail Server

edit

Mail server is in charge of getting, sending and dispersing email messages from your PC to others. In Linux we call it 'mail daemon'.

Configuration

edit

To execute mailserver, we have utilized postfix mail administrations with webmail client squirrelmail. This design contains open source bundles which bolster IMAP, SMTP and POP3. This setup likewise ensure against malware and spam; subsequently the bundles satisfies the necessity of fundamental mailserver. To arrange mailserver, after bundles should be downloaded into the framework.

Sudo apt-get install postfix

Sudo postconf –e “home_mailbox = Maildir/”

 

This is also be done by editing the /etc/postfix/main.cf file directly and adding the above mentioned lines within the inverted commas.

 

To implement SMTP authentication using SASL

Sudo postconf –e “smtpd_sasl_local_domain =”  

Sudo postconf –e “smtpd_sasl_auth_enable = yes”

Sudo postconf –e “smtpd_sasl_security_options = noanonymous

Sudo postconf –e “broken_sasl_auth_clients = yes”

Sudo postconf –e “smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, reject_unauth_destination”  

Inet_interfaces = all

Do this in another file /etc/postfix/sasl/smtpd

Pwcheck_method: saslauthd

Mech_list: plain login

 

For further security

Touch smtpd.key

Chmod 600 smtpd.key

Openssl genrsa 1024 > smtpd.key

Openssl req –new –key smtpd.key –x509 –days 3650 –out smtpd.crt

 

Enter credentials on prompts

 

Openssl req –new -x509 –extensions v3_ca –keyout cakey.pem –days 3650 –out cacert.pem

 

Move the key files to /etc/ssl/private

Move the certificates to /etc/ssl/certs

 

Sudo postconf –e “smtp_tls_security_level = may”

Sudo postconf –e “smtpd_tls_security_level = may”

Sudo postconf –e “smtp_tls_auth_only = no”

Sudo postconf –e “smtp_tls_note_starttls_offer = yes”

Sudo postconf –e “smtpd_tls_key_file = /etc/ssl/private/smtpd.key”

Sudo postconf –e “smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt”

Sudo postconf –e “smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem”

Sudo postconf –e “smtpd_tls_loglevel = 1”

Sudo postconf –e “smtpd_tls_received_header = yes”

Sudo postconf –e “smtpd_tls_session_cache_timeout = 3600s”

Sudo postconf –e “tls_random_source = dev:/dev/urandom”

Sudo postconf –e “myhostname = mail1.dnlinxproject.tsm

 

Sudo /etc/init.d/postfix restart

 

For authentication we have also configured /etc/default/sasauthd file.

Copy the saslauthd file from the above path to /etc.

 

Sudo /etc/init.d/saslauthd restart

Working:

 
 

Testing

edit

1. Send a main through a telnet agent by connecting to the server. 2. we can see the email sent or received by logging into the user through ssh.

Working with an example

edit

We have utilized all Linux machines to actualize different parts like DNS, DHCP, WEB SERVER. We have utilized 192.168.10.0/24 system with 192.168.10.1 as our default portal and 192.168.10.255 as telecast location.

To start with, all gadgets will be associated with the system by means of switch. At that point DHCP will assign IP locations to clients.

Web Server will have 192.168.10.47

DNS will have 192.168.10.20

Presently, client will open his program and attempt to get to the site page.

DNS static IP allocation

 

Forward and Reverse zone lookup for DNS

 

Checking the website dnlinuxproject.tsm on browser

Future Improvement

edit

1. Router on a stick configuration could also be done implementing different Vlans

2. LAMP server can also be implemented

3. Samba server could also be implemented enabling file transfer along with additional features.

References

edit

Websites:-

 1. https://www.youtube.com

2. https://www.ubuntu.com

3. https://www.danscourses.com

4. http://www.udemy.com