Data Networking/Fall 2016/Sanket Jabade

Data Networking

Linux Project to implement DNS, DHCP, Web Server, Firewall and Backup

edit

In this webpage we describe our Linux project based on implementation of networking concepts such as DNS, DHCP, Web Server, Firewall and Backup.

Team Members

edit

1) Sanket Jabade
2) Maheshwar Gurav
3) Prajwal Patil
4) Riteshkumar Gupta

Why Linux over other operating systems?

edit

Linux is an open source and free operating system widely used in almost all major Telecommunication and IT companies. Anyone can easily modify the source code and use it according to their needs for different applications.

Introduction

edit

The main aim of this project is to implement networking concepts using Linux. We tried to implement various networking concepts like DNS, DHCP, Web Server, Backup and a Firewall.
We have used Ubuntu 16.04 LTS for implementation.

Background

edit

1) Domain Name System (DNS)
DNS (Domain Name system) is a service similar to a phone-book. It basically translates any host-name to its specific IP address. This service makes it easier for users to access any website via its host-name rather than remembering its IP address. DNS runs over UDP and uses port 53. It uses few additional services along with host-name to IP address translation like host aliasing, mail server aliasing and load distribution.

2) Dynamic Host Configuration Protocol (DHCP)
DHCP (Dynamic Host Configuration Protocol) is a standardized network protocol that dynamically provides various networking parameters such as IP address, subnet mask, default gateway to any host machine who wants to communicate over a network. It basically works on DORA process i.e. D-Discovery, O-Offer, R-Request and A-Acknowledgement.
Step 1: Host machine sends "Discovery" message to request for IP address to all listening DHCP servers.
Step 2: Any DHCP server will then "Offer" an IP address from its pool of addresses.
Step 3: The host will now "Request" this offered IP address from the DHCP server.
Step 4: The DHCP server will finally "Acknowledge" this request and provides the IP address along with other necessary network parameters.

3) Web Server
A web server is a machine or a program that uses HTTP (Hypertext Transfer Protocol) to process requests from users and provides information in the form of web pages over the Internet or the World Wide Web. The users who request for information are called clients and the machines who respond to this request are called Web Servers. This process is called as a client-server model.
There are 4 primary different Web Servers like Apache, IIS, nginx and GWS. We are using Apache web server for project implementation, currently the most popular one in the market.

4) Backup Web Server
The web server is a machine and it may crash anytime due to various reasons like increase in usage or heavy processes running on it. So it is always better to have a backup of everyday's work in some another machine so that data can be recovered easily. Hence we create a backup server to avoid loss of data.

5) Firewall
Firewall is a network security system (either hardware or software based) that manages the incoming and outgoing network traffic based on predefined set of rules. It basically acts as a barrier between a secured internal network and any outside network(either secured or unsecured).

Configuration Steps

edit

DHCP Server

edit

1. Install DHCP Server

    sudo apt-get install isc-dhcp-server

2. Install the radvd to configure the parameters

    sudo apt-get install radvd

3. To configure DHCP modify below files

    sudo nano /etc/network/interfaces
sudo nano /etc/default/isc-dhcp-server
sudo nano /etc/dhcp/dhcpd.conf

4. For clients install below package

    sudo apt-get install wide-dhcpv6-server


DNS server

edit

Configuring Primary DNS Server 1. Install Bind9

    sudo apt-get install bind9 bind9utils bind9-doc

2. Configure caching name server (edit named.conf.options file)

    sudo nano /etc/bind/named.conf.options
  Un-comment the following lines and add below details

<syntaxhighilight lang="text">

    forwarders {
      192.168.1.13;
      192.168.1.12;
     };


3. Restart bind9 service

   sudo systemctl restart bind9

4. Edit named.conf.local file

   sudo nano /etc/bind/named.conf.local

Define the forward and reverse file as shown below <syntaxhighilight lang="text">

   zone "fouroseven.com" {
             type master;
             file "/etc/bind/db.fouroseven.com";
             allow-transfer { 192.168.1.12; };
             also-notify { 192.168.1.12; };
     };
     zone "1.168.192.in-addr.arpa" {
       type master;
       file "/etc/bind/db.192";
       allow-transfer { 192.168.1.12; };
       also-notify { 192.168.1.12; };
     };

</syntaxhighlight>

5. Create forward zone file

   sudo nano /etc/bind/db.fouroseven.com

Add the following lines <syntaxhighilight lang="text">

     $TTL 604800
 @   IN  SOA     master.fouroseven.com. root.fouroseven.com. (
                    10    ;   Serial
                604800    ;   Refresh
                34000     ;   Retry
                241920    ;   Expire
                604800 )  ;   Negative Cache TTL
       IN           A      192.168.1.14
 ;
 @       IN  NS          master.fouroseven.com.
 @       IN  NS          slave.fouroseven.com.
 @       IN  A           192.168.1.14
 master  IN  A           192.168.1.13
 slave   IN  A           192.168.1.12
 www     IN  A           192.168.1.14
 dee     IN  CNAME       www.fouroseven.com.
 why     IN  CNAME       www.fouroseven.com.
 client  IN  A           192.168.1.20

</syntaxhighilight>

Web Server

edit

1. Install Apache Web Server

    sudo apt-get install apache2

2. Restart the web server

    sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start

3. Modify or create the web page as per requirement

    sudo nano /var/www/html/index.html

Firewall

edit

1. Install IP tables Persistent packages

   sudo apt-get install -y iptables-persistent

2. Add Net filter persistent startup

    sudo invoke-rc.d netfilter-persistent save

3. Stop Netfilter Persistent service

    sudo service netfilter-persistent stop

4. Open the rules.v4 file from /etc/iptables and do the following changes

    -A INPUT -s 192.168.1.25/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 80 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A INPUT -j DROP

5. Start netfilter persistent service

    sudo service netfilter-persistent start

6. Check status

    sudo iptables -L

Backup Server

edit

1. Generate a pair of public keys

   sudo ssh-keygen -t rsa

2. Create .ssh on host

    ssh <backupuser>@<IP addr> mkdir -p .ssh

3. Appending the Web server's public key to host

    cat .ssh/id_rsa.pub | ssh <backupuser>@<IP addr> 'cat >> .ssh/authorized_keys'

4. Compress the backup

    sudo tar –cvpzf /home/webserver/minbkup.tar.gz /var/www/html/

5. We use crontab to take backup every minute

    sudo crontab –e
* * * * * sudo tar -cvpzf /home/webserver/minbkup.tar.gz /var/www/html/
* * * * * sudo scp /home/webserver/minbkup.tar <backupuser>@<IP addr>:/path of backup server

References

edit

Websites

edit

1) https://www.ostechnix.com/install-and-configure-dns-server-ubuntu-16-04-lts/
2) https://help.ubuntu.com/
3) https://www.digitalocean.com
4) http://askubuntu.com/questions/

Books

edit

1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross