Data Networking/Spring 2015/GROUP2
Project Members
editAdhav Chandhar Sairamgandhi
Chandra Prakash Vadivel
Kartik Ganesh
Rithvik Narayanan
Motivation
editThe objective of this project is to have a better understanding of a Linux based operating system, Ubuntu 12.04 as Linux is an essential part of any networking firm today. We are configuring and implementing network elements such as DHCP, DNS, Web Server, Firewall and Back-up.
Behavior of the protocols
editDynamic Host Configuration Protocol
editDynamic Host Configuration Protocol (DHCP) is the networking protocol used to dynamically configure IP addresses and other information that is needed for Internet communication. It's basically plug-and-play protocol. DHCP renew the lease on IP address when in use and also allows reuse of addresses (only holds address when connected "on"). It supports the mobile users who want to join the network.
DHCP follows the below four step process to assign the IP address dynamically:-
- DHCP discover message is broadcasted by the arriving client in the network in order to receive an IP address.
- DHCP offer message is broadcasted from the DHCP server receiving the DHCP discover message. with the IP address for the client from the DHCP's pool of addresses.
- DHCP request message is sent to the newly arriving client, client would have to choose from one or more server offer and respond to its selected offer.
- DHCP Ack message is sent to the client confirming the requested parameters.
Domain Name System
editDNS is an application layer protocol that allow hosts to resolve hostnames to IP address. DNS is generally employed by other application layer protocol like HTTP, SMTP and FTP. The hostname-to-IP address translation service works as stated below:
- The application in host's side would specify the hostname that needs to be translated. ( gethostbyname() is the function call that the application uses to perform translation in UNIX)
- DNS then sends a query message into the network. All DNS query and reply messages are sent within UDP port 53.
- DNS in the user host receives a DNS reply message that provides the desired mapping, which in turn is passed onto the invoked application.
HyperText Transfer Protocol
editHTTP is the web-application layer protocol that defines the structure and how the client-server messages are exchanged. HTTP also defines how the Web client requests Web pages from Web servers and how servers transfer Web pages to clients. HTTP generally consist of two messages HTTP request and HTTP response. The server receives a HTTP request message and responds with a HTTP response message that contains the base HTML file which references the other objects in the page(like a mp3 file, JPEG file or a java applet etc.)
Firewall
editFirewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set and its a scheme designed to thwart unauthorized attack to or from outside network.
Back-up
editBack up is the process of copying the data and handing over the functionality to the back-up host. These backed up data can be used to restore the original data after the data loss event or after the server crashes.
Virtual Private Network
editA virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.
Network File System
editNetwork File System (NFS) is a distributed file system protocol which allows a client to access files over a network in a manner similar to how local storage is accessed. RSA algorithm is used in this implementation where two hosts exchange the public keys between them and only after that both can view specific files in each other’s system. These files are accessible only when the folders are mounted on the host’s computers.
The Requirement
editDHCP server configuration steps
edit- Installation of DHCP package
- Configuration of files
- Boot-up the servers
Commands used to implement
edit• sudo apt-get install isc-dhcp-server
• sudo nano /etc/default/isc-dhcp-server
Edit INTERFACE="eth0"
• sudo nano /etc/network/interfaces
Change lo to either eth0 or wlan0 and loopback to static
auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 network 192.168.1.0 broadcast 192.168.1.255 dns-domain-nameserver 192.168.1.3 dns-domain-search dn.tsm
• sudo /etc/init.d/networking restart
• sudo nano /etc/dhcp/dhcpd.conf
ddns-update-style none; option domain-name-servers 192.168.1.3; option domain-name "dn.tsm"; default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.1.0 netmask 255.255.255.0{ range 192.168.1.20 192.168.1.30; option broadcast-address 192.168.1.255; option domain-name-servers 192.168.1.3;
• sudo nano /etc/resolv.conf
nameserver 192.168.1.3 search dn.tsm domain dn.tsm }
• sudo service isc-dhcp-server restart
DNS server configuration steps
edit- Install BIND (Berkley Internet Naming Daemon)
- Turn the BIND9 into a primary master server
- Create files to enter resource records for forward and reverse zones
Commands used to implement
edit• sudo apt-get install bind9
• sudo nano /etc/network/interfaces
• sudo /etc/init.d/networking restart
• sudo nano /etc/bind/named.conf.options
• sudo nano /etc/bind/named.conf.local
• sudo cp /etc/bind/db.local /etc/bind/db.dn.tsm
• sudo nano /etc/bind/db.group12.com
• sudo cp /etc/bind/db.127 /etc/bind/db.192
• sudo nano /etc/bind/db.192
• sudo named-checkzone dn.tsm /etc/db/zones/db.dn.tsm
• sudo named-checkzone dn.tsm /etc/db/zones/db.192
• sudo nano /etc/resolv.conf
• sudo /etc/init.d/bind9 restart
Web server configuration steps
edit- Install apache version 2 server
Commands used to implement
edit• sudo apt-get install apache2
• sudo mkdir –p /var/www/html/group2tsm.dn.tsm/public_html
• sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/group2tsm.dn.tsm
• sudo nano /etc/apache2/sites-available/group2tsm.dn.tsm
• cd /var/www/html/group2tsm.dn.tsm/public_html
• sudo nano index.html
• sudo a2ensite group2tsm.dn.tsm
• sudo service apache2 restart
• sudo netstat –ltnp
Firewall configuration steps
edit- Check the status of UFW(Uncomplicated Firewall)
- Enable the UFW
- Configure open and closed ports
Commands used to implement
editUFW is used to allow/deny host to access the webserver
- sudo ufw deny from 192.168.1.75
- sudo ufw allow ssh
- sudo ufw allow 80/tcp
After completion:
- sudo ufw disable
- sudo ufw enable
To block the ICMP packets from a particular host
- iptables -A INPUT -s 192.168.1.75 -p icmp -j DROP
To block all the ICMP packets, we can use
- iptables -A INPUT -p icmp -j DROP
Back-up commands
editSSH Server
edit• sudo apt-get install openssh-server
• sudo /etc/init.d/ssh restart
• ssh-keygen -t dsa
• sudo nano /etc/ssh/sshd_config
SSH Client
edit• sudo apt-get install openssh-client
• ssh-keygen -t dsa
• ssh-copy-id -i ~/.ssh/id_dsa.pub harsh@192.168.1.109
• sudo nano /home/nighthunk/dnsbackup/schedule.sh
• crontab -e
• sudo /etc/init.d/cron restart
• crontab -l
TELNET
edit• sudo apt-get install xinetd telnetd
1.Install telnet use this command in terminal(Applications/Accessories/Terminal):
sudo apt-get install xinetd telnetd
2.Edit /etc/inetd.conf using your favourite file editor with root permission,add this line:
telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
3.Edit /etc/xinetd.conf,make its content look like following:
- Simple configuration file for xinetd
- Some defaults, and include /etc/xinetd.d/
defaults
{
Please note that you need a log_type line to be able to use log_on_success and log_on_failure. The default is the following :
log_type = SYSLOG daemon info
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
4.Edit etc/xinetd.d/telnet, add following:
default: on
description: The telnet server serves telnet sessions; it uses
unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
5.Use this command to start telnet server:
sudo /etc/init.d/xinetd restart
Add-ons
editConfiguration of VPN
edit- Install pptpd which is a package used to configure VPN
sudo apt-get install pptpd
- Edit the files in /etc/pptpd.conf and make the following changes
localip <IP of VPN server> remoteip <Range of IPs of VPN clients>
- Edit /etc/ppp/pptpd-options file
ms-dns 192.168.0.254
- Set userid and password
sudo nano /etc/ppp/chap-secrets group2 pptpd 123456 * # wenrui is the user name, pptpd is the VPN server name, 123456 is the password and * indicates for all IPs
Configuration of NTP Server
editLaunching a new virtual private server provides the user with a clock. We can see the time on your server with the command, date. Furthermore, we can adjust the server’s time zone, if needed, with the command export TZ=America/New_York,modifying the time zone to match your location.Although the built in clock is helpful for keeping track of events on the server itself, it may begin to cause issues if the virtual server has to work with external machines. Emails sent out from a misconfigured server may arrive 3 minutes in the past on another, or users granted access only at certain times of the day, may find themselves blocked because of a time mismatch. In order to resolve this, servers can be synced using the NTP protocol, matching their time to a reference time that servers around the world agree upon
1. Install the NTP daemon
sudo apt-get install ntp
2.Configure the NTP Servers
sudo nano /etc/ntp.conf
Find the section within the configuration that lists the NTP Pool Project servers. The section will look like this:
server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
server 192.168.1.3
Use the command
ntpq -p
Configuration of FTP Server
edit1. Install the FTP packages by command
sudo apt-get install vsftpd
2. Edit the /etc/vsftpd.conf file
sudo nano /etc/vsftpd.conf
3. Add 2 lines in the files as follows
local_enable=YES write_enable=YES Save this file.
4. Make a group and add users to it by commands
groupadd ftp users useradd -g ftp-users -d /home/RITHVIK/ftp files user passwd user
5. Restart the server
/etc/init.d/vsftpd restart
Configuration of NFS Server
edit1.Install the NFS server by using below command:
sudo apt-get install nfs-kernel-server
2.create a directory that can be shared.provide the permissions
sudo mkdir /home/kartik/dn
3.create a file in the shared directory and then create user and group
sudo chown 777 /home/kartik/data
4.Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below
/home/kartik/data client-ip (rw,sync,no_root_bquash,no_subtree_check)
5.Restart the server by using the following commmand
sudo /etc/init.d/nfs-kernel-server restart
6.To see the directories or files
sudo show mount -e
Configuration at Client side
edit1.Install nfs common
sudo apt-get install nfs-common
2.Now create a directory
sudo mkdir -p /home/cpvchandra92/NFS
3.Now connect both client and server and mount the file
sudo mount 192.168.1.4:/home/kartik/data/home/cpvchandra92/NFS
4. To check the mounted file
mount -t NFS
5.To test NFS and to see mounted file in client side:
sudo touch /home/cpvchandra92/NFS/projectshare.txt
Testing
edit1. We connect the client, DNS server and Web server to the switch via CAT5 ethernet cables. It is verified that DHCP leases the IP address to the client from the pool of addresses. The IP address assigned to DNS and web server is verified as well. ipconfig command is used to check the IP address, the default gateway and subnet mask.
2. Now the client tries to reach the domain name by typing the IP address in the browser. The web page is displayed from the Web server. localhost is typed on the apache server and therein the IP address of the configured web page is entered.
3. In order to test the DNS server the nslookup query is performed on server's domain name
• Dig hostname
• Dig –x IPAddress
• Host IPAddress
• Nslookup hostname
• Nslookup IPAddress
• Ping IPAddress
• Ping hostname
4. The firewall which is set with IP tables rejects few IP addresses and allow rest of IP addresses. This functionality of firewall is tested using following commands
• Ping IP addrs
• Telnet IP addrs
• SSH IP addrs
Future Improvements
edit- Different levels of hierarchy authoritative and top level domain servers can be implemented in DNS
- Mail server is implemented
- Certificates for the webpages can be implemented in web server/client browser
- Confidentiality, message integrity and authentication can be implemented between client and Web server or DNS server
References
edit• https://www.help.ubuntu.com
• https://www.askubuntu.com
• https://www.digitalocean.com/community
• http://www.ietf.org/