Data Networking/Fall 2016/Sanket Jabade
Linux Project to implement DNS, DHCP, Web Server, Firewall and Backup
editIn this webpage we describe our Linux project based on implementation of networking concepts such as DNS, DHCP, Web Server, Firewall and Backup.
Team Members
edit1) Sanket Jabade
2) Maheshwar Gurav
3) Prajwal Patil
4) Riteshkumar Gupta
Why Linux over other operating systems?
editLinux is an open source and free operating system widely used in almost all major Telecommunication and IT companies. Anyone can easily modify the source code and use it according to their needs for different applications.
Introduction
editThe main aim of this project is to implement networking concepts using Linux. We tried to implement various networking concepts like DNS, DHCP, Web Server, Backup and a Firewall.
We have used Ubuntu 16.04 LTS for implementation.
Background
edit1) Domain Name System (DNS)
DNS (Domain Name system) is a service similar to a phone-book. It basically translates any host-name to its specific IP address. This service makes it easier for users to access any website via its host-name rather than remembering its IP address. DNS runs over UDP and uses port 53. It uses few additional services along with host-name to IP address translation like host aliasing, mail server aliasing and load distribution.
2) Dynamic Host Configuration Protocol (DHCP)
DHCP (Dynamic Host Configuration Protocol) is a standardized network protocol that dynamically provides various networking parameters such as IP address, subnet mask, default gateway to any host machine who wants to communicate over a network. It basically works on DORA process i.e. D-Discovery, O-Offer, R-Request and A-Acknowledgement.
Step 1: Host machine sends "Discovery" message to request for IP address to all listening DHCP servers.
Step 2: Any DHCP server will then "Offer" an IP address from its pool of addresses.
Step 3: The host will now "Request" this offered IP address from the DHCP server.
Step 4: The DHCP server will finally "Acknowledge" this request and provides the IP address along with other necessary network parameters.
3) Web Server
A web server is a machine or a program that uses HTTP (Hypertext Transfer Protocol) to process requests from users and provides information in the form of web pages over the Internet or the World Wide Web. The users who request for information are called clients and the machines who respond to this request are called Web Servers. This process is called as a client-server model.
There are 4 primary different Web Servers like Apache, IIS, nginx and GWS.
We are using Apache web server for project implementation, currently the most popular one in the market.
4) Backup Web Server
The web server is a machine and it may crash anytime due to various reasons like increase in usage or heavy processes running on it. So it is always better to have a backup of everyday's work in some another machine so that data can be recovered easily. Hence we create a backup server to avoid loss of data.
5) Firewall
Firewall is a network security system (either hardware or software based) that manages the incoming and outgoing network traffic based on predefined set of rules. It basically acts as a barrier between a secured internal network and any outside network(either secured or unsecured).
Configuration Steps
editDHCP Server
edit
1. Install DHCP Server
sudo apt-get install isc-dhcp-server
2. Install the radvd to configure the parameters
sudo apt-get install radvd
3. To configure DHCP modify below files
sudo nano /etc/network/interfaces
sudo nano /etc/default/isc-dhcp-server
sudo nano /etc/dhcp/dhcpd.conf
4. For clients install below package
sudo apt-get install wide-dhcpv6-server
DNS server
edit
Configuring Primary DNS Server 1. Install Bind9
sudo apt-get install bind9 bind9utils bind9-doc
2. Configure caching name server (edit named.conf.options file)
sudo nano /etc/bind/named.conf.options
Un-comment the following lines and add below details
<syntaxhighilight lang="text">
forwarders { 192.168.1.13; 192.168.1.12; };
3. Restart bind9 service
sudo systemctl restart bind9
4. Edit named.conf.local file
sudo nano /etc/bind/named.conf.local
Define the forward and reverse file as shown below <syntaxhighilight lang="text">
zone "fouroseven.com" { type master; file "/etc/bind/db.fouroseven.com"; allow-transfer { 192.168.1.12; }; also-notify { 192.168.1.12; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-transfer { 192.168.1.12; }; also-notify { 192.168.1.12; }; };
</syntaxhighlight>
5. Create forward zone file
sudo nano /etc/bind/db.fouroseven.com
Add the following lines <syntaxhighilight lang="text">
$TTL 604800 @ IN SOA master.fouroseven.com. root.fouroseven.com. ( 10 ; Serial 604800 ; Refresh 34000 ; Retry 241920 ; Expire 604800 ) ; Negative Cache TTL IN A 192.168.1.14 ; @ IN NS master.fouroseven.com. @ IN NS slave.fouroseven.com. @ IN A 192.168.1.14 master IN A 192.168.1.13 slave IN A 192.168.1.12 www IN A 192.168.1.14 dee IN CNAME www.fouroseven.com. why IN CNAME www.fouroseven.com. client IN A 192.168.1.20
</syntaxhighilight>
Web Server
edit
1. Install Apache Web Server
sudo apt-get install apache2
2. Restart the web server
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
3. Modify or create the web page as per requirement
sudo nano /var/www/html/index.html
Firewall
edit
1. Install IP tables Persistent packages
sudo apt-get install -y iptables-persistent
2. Add Net filter persistent startup
sudo invoke-rc.d netfilter-persistent save
3. Stop Netfilter Persistent service
sudo service netfilter-persistent stop
4. Open the rules.v4 file from /etc/iptables and do the following changes
-A INPUT -s 192.168.1.25/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 80 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A INPUT -j DROP
5. Start netfilter persistent service
sudo service netfilter-persistent start
6. Check status
sudo iptables -L
Backup Server
edit
1. Generate a pair of public keys
sudo ssh-keygen -t rsa
2. Create .ssh on host
ssh <backupuser>@<IP addr> mkdir -p .ssh
3. Appending the Web server's public key to host
cat .ssh/id_rsa.pub | ssh <backupuser>@<IP addr> 'cat >> .ssh/authorized_keys'
4. Compress the backup
sudo tar –cvpzf /home/webserver/minbkup.tar.gz /var/www/html/
5. We use crontab to take backup every minute
sudo crontab –e
* * * * * sudo tar -cvpzf /home/webserver/minbkup.tar.gz /var/www/html/
* * * * * sudo scp /home/webserver/minbkup.tar <backupuser>@<IP addr>:/path of backup server
References
editWebsites
edit
1) https://www.ostechnix.com/install-and-configure-dns-server-ubuntu-16-04-lts/
2) https://help.ubuntu.com/
3) https://www.digitalocean.com
4) http://askubuntu.com/questions/
Books
edit
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross