Data Networking/Fall 2013/Group-18 Linux project

Welcome to the Group18_TSM_FALL2013 Wiki Page

Team mates
1. Aniket Muchandi 2. Philippe Yameogo 3. Sai Krishna Jonnalagadda 4. Hemanth

Motivation
Linux is one of the major and Popular Operating System Software's in the world. Mainly, because of its nature and structure this OS is adapted by many companies to create and manage their Products and Services. It was so successful from its inception because of its Open Source Nature. This is our motivation to create a Personal Area Network using this OS, to get familiarized with the LINUX and to acquire knowledge in that Software.

Understanding the Protocol
The protocol Architecture and implementation learned in the theory should be able to implement practically

The Requirements
The LINUX based OS workstations and bind9 for dns server, apache2 for web server and dhcp-server for the DHCP server. Dynamic Host Control Protocol (DHCP):

Dynamic Host Control Protocol is a standard networking protocol that dynamically configures IP addresses from the pool of IP addresses it has.

Steps to Perform the Initialization
Configuring and DHCP Server: * Step 1:Install DHCP Server Commands: sudo apt-get install isc-dhcp-server * Step 2:Assign Static IP address to the interface Commands: sudo nano /etc/network/interfaces Change lo to either eth0 or wlan0 and loopback to static auto eth0 iface eth0 inet static address 192.168.60.2 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255" * Step 3:Restart the Network Interfaces Commands:                 sudo /etc/init.d/networking restart * Step 4:Configure the DHCP Server with required range of Leasable IP address Commands:                    sudo nano /etc/dhcp/dhcpd.conf                    ddns-update-style none;                    subnet 192.168.60.0 netmask 255.255.255.0 {                    range 192.168.60.100 192.168.60.110;                    option domain-name-servers unix.project.hom, 192.168.60.3;                    option domain-name "project.hom";                    option routers 192.168.60.1;                    option broadcast-address 192.168.60.255                    default-lease-time 600;                    max-lease-time 7200;                    } * Step 5:Edit the resolv.conf file Commands:                     sudo nano /etc/resolv.conf nameserver 192.168.60.3 * Step 6:Start the DHCP Server Commands: sudo service isc-dhcp-server restart DHCP configuration for IPV6 ̈Step1ː Install radvd to build IPv6 DHCP server. Command sudo apt-get install radvd ̈Step2ːEdit the files in /etc/dhcp/dhcp6.conf default-lease-time 600; max lease time 7200; subnet6 2001ːdb8ː0ː1ːː/64 { # range for clients range6 2001ːdb8ːbeefː53ːː10 2001ːdb8ːbeefː53ːː20; option dhcp6.name server 2001ːdb8ːbeefː53ːː3; option dhcp6.domain-search "project.hom"; } ̈Step3ː Edit the files in /etc/radvd.conf Interfaces eth0 { AdvSendAdvert on;              # AdvManagedFlag on; AdvOtherConfigFlag on; Prefix 2001:db8:0:1::/64 { AdvAutonomous on; }; }; Step4ː In order to enable forwarding in ipv6 command sudo sysctl –w net.ipv6.conf.all.forwarding=1

DNS Server

A DNS server translates hostnames like www.myname.com into numerical IP addresses like 162.163.164.165 which computers understand. Here is how to configure a DNS server:

*Step1: Install bind9 Command: sudo apt-get install bind9

*Step2: Assign a static IP to your network interface Commands: sudo nano /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.60.3 netmask 255.255.255.0 network 192.168.60.0 broadcast 192.168.60.255 gateway 192.168.60.1 # dns-nameservers *Step3: Restart your network interface Command: sudo /etc/init.d/networking restart

*Step4:Change your default hostname to a hostname of your choice Command: sudo nano /etc/hostname unix

*Step4:Create a domain name for your server Commands: Sudo nano /etc/hosts

127.0.0.1      localhost 192.168.60.3   unix.project.hom unix

ːː1        ip6-localhost   ip6-loopback fe00ːː0    ip6-localnet fe00ːː0    ip6-mcastprefix fe02ːː1    ip6-allnodes fe02ːː2    ip6-allrouters
 * 1) the following lines are desirable for IPv6 capable hosts

*Step6: In named.conf.options assign some open DNS IPs to allow you to connect to some DNS servers outside your network Commands: Sudo nano /etc/bind/named.conf.options forwarders { # Give here your ISP DNS IP’s 8.8.8.8;   # gateway or router 8.8.4.4;                 75.126.98.108;                  4.2.2.2;                  4.2.2.1;                    };

*Step7: In named.conf.local, create your forward lookup and reverse lookup zones Commands:

Sudo nano /etc/bind/named.conf.local

# Our forward zone zone "project.hom" { type master; file "/etc/bind/zones/db.project.hom"; };                  # Our reverse Zone # Server IP 192.168.1.5 zone "60.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192"; }; For IPv6 write the following commands zone "3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa"{ type master; file "/etc/bind/zones/db.2001:0db8:beef"; };

*Step8: Create the directory zones in /etc/bind/ Command: sudo mkdir /etc/bind/zones

Create the two files, let's start with the forward lookup zone first db.domain.com Command: sudo cp /etc/bind/db.local /etc/bind/zones/db.domain.com

Now use the command below to edit the file Command:

sudo nano /etc/bind/zones/db.domain.com

; ; BIND data file for local loopback interface ; $TTL   604800 @      IN      SOA     Unix.project.hom. root.project.hom. (                         2         ; Serial                     604800         ; Refresh                      86400         ; Retry                    2419200         ; Expire                     604800 )       ; Negative Cache TTL ;  Project.hom. IN NS  Unix.project.hom. Project.hom. IN A   192.168.60.3 AAAA  2001:0db8:beef:53::1 unix             IN  A          192.168.60.3 AAAA  2001:0db8:beef:53::3 Gateway          IN  A          192.168.60.1 AAAA  2001:0db8:beef:53::4 Aniket           IN  A          192.168.60.2 AAAA  2001:0db8:beef:53::2 ubuntu           IN  A          192.168.60.4 AAAA  2001:0db8:beef:53::2 new              IN  A          192.168.60.6 AAAA  2001:0db8:beef:53::5 www             IN      CNAME    ubuntu Now create reverse lookup zone file Command: sudo cp /etc/bind/db.127  /etc/bind/zones/db.192

Now use the command below to edit the file Command:

Sudo nano /etc/bind/zones/db.192 ;  ; BIND reverse data file for local loopback interface ;  $TTL    604800 @      IN      SOA    Unix.project.hom. root.project.hom. (                         2               ; Serial                     604800               ; Refresh                      86400               ; Retry                    2419200               ; Expire                     604800 )             ; Negative Cache TTL ;       IN  NS  unix. 1   IN  PTR gateway.project.hom. 3   IN  PTR unix.project.hom. 2   IN  PTR aniket.project.hom. 4   IN  PTR ubuntu.project.hom. 6   IN  PTR new.project.hom.

Now use the command below to edit the file Command:

Sudo nano /etc/bind/zones/db.127 /etc/bind/zones/db.2001:0db8:beef ;  ; BIND reverse data file for local loopback interface ;  $TTL    604800 @      IN      SOA    Unix.project.hom. root.project.hom. (                          2               ; Serial                      604800               ; Refresh                       86400               ; Retry                     2419200               ; Expire                      604800               ; Negative Cache TTL                           ); IN   PTR     unix.project.hom. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0        PTR unix.project.hom. ;; 2001.0db8:beef:53::1 ;; 2001.0db8ːbeefː53ːː/120 $ORIGIN    3.5.0.0.f.e.e.b.8.b.d.0.1.0.0.2.ip6.arpa. 6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN    PTR    aniket.project.hom. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN    PTR    ubuntu.project.hom. 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN    PTR    unix.project.hom. 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN    PTR    gateway.project.hom. 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN    PTR    new.project.hom. check whether it is working correctly or not by entering the command below for forward zone file Command:

named-checkzone domain.com /etc/bind/zones/db.domain.com

zone autun.hom /IN: loaded serial  2 Ok

Now check the reverse zone file Command:

named-checkzone domain.com/etc/bind/zones/db.192

zone domain.com /IN: loaded serial  2 Ok

*Step9: Edit the file resolv.conf Command: Sudo nano /etc/resolv.conf search project.hom. Nameserver     192.168.60.3 *Step10: Restart the bind Command:

sudo /etc/init.d/bind9 restart

After bind start check your setting in log file Command:

tail -f /var/log/syslog

it must not have any error in the log

*Step 11: Checking forward zones

host –l project.hom or nslookup project.hom

OUTPUT Server: 127.0.0.1 Address: 127.0.0.1#53

Name: project.hom Address: 192.168.60.3

*Step12: Check the reverse zone Command:

host 192.168.60.4

Output 4.60.168.192.in-addr.arpa domain name pointer gateway.domain.com

Use NSLOOKUP Command:

nslookup 192.168.60.4

Server: 127.0.0.1 Address: 127.0.0.1#53

4.60.168.192.in-addr.arpa   name=ubuntu.project.hom

Web Server

A web server is a hardware/software which is used to deliver the web content through the HTTP client server model which can be accessible through the Internet. In our project we used the apache2 web server for delivering our web contents in our private network.

Commands and Procedure to configure the web server is as follows: sudo apt-get install apache2 step2ːTo check whether the web server is on port 80
 *  Step1: Installation of webserver

netstat -a | more step3ː Restart the web server sudo /etc/init.d/apache2 restart * Step3: Configuring the basic HTML file of the server cd/var/www sudo nano index.html Firewall

Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set *Step1: For blocking the ICMP requests commands: sudo iptables -A INPUT -d  -p icmp -icmp -type 0 -j DROP *Step2:For preventing ssh login Command: sudo iptables -A INPUT -p tcp -dport ssh - j DROP Step3:In order to block FTP ports Commands: sudo iptables –A INPUT –p tcp –dport 20 –j DROP sudo iptables –A INPUT –p tcp –dport 21 –j DROP Step4:In order to block Telnet Commands: sudo iptables –A INPUT –p tcp –dport 23 –j DROP

BackUp

Backup is the process of backing up, refers to the copying and archiving of data so it may be used to restore the original after a data loss event. *Step1:Installing Rsync and ssh. Usually it is preinstalled in ubuntu.If not sudo apt-get install rsync sudo apt-get install openssh-server *Step2: We perform a simple backup over a network is to use rsync via SSH. Local backup only requires rsync and read/write access to the folders. Command: Local Backup sudo rsync -av --delete /home/path/folder1/ /home/path/folder2 *step3: Backup over Network Command: sudo rsync -av --delete -e ssh /home/path/folder1/remoteuser@remotehost.remotedomain:/home/path/folder2 "'step4:"' Automating the backup using crontab sudo crontab -e 0 22 * * * rsync -av --delete /var/www/ remoteuser@remotehostname:/home/remoteuser/backup/ "'step5:"'Exchanging the keys to the hosts to whom we have to send the files and this can be done using ssh-keygen -t rsa (press enter without entering the pass phrase) then copy that key to remotehost using ssh-copy-id remotehost@remoteusername

VPN

Virtual private network extends a private network across a public network, such as the Internet. Step1ː Install pptpd packagɛ command sudo apt-get install pptpɖ step2ːEdit the files in /etc/pptpd.conf commanɖ localip  remoteip  step3ːConfigure DNS servers to use when clients connect to this PPTP server commanɖ sudo nano /etc/ppp/pptpd-options ms-dns 192.168.60.3 step4ːNow add a VPN user commanɖ sudo nano /etc/ppp/chap-secrets step5ːset username and password commanɖ TSMG PPTPD 1234 step6ːRestart the VPN serveɽ command sudo /etc/init.d/pptpd restarʈ Step7ːFor IPv4 forwarding we change /etc/sysctl.conf file Command #uncomnent the line net.ipv4.ip_forward=1 #reload the configuration sudo sysctl -p

Testing
Testing DHCPː In order to check whether IP are leased to the clients Command tail/var/lib/dhcp/dhcpd.lease ifconfig command is used to check the ip address of the client wɟho is connected to the network.

Testing DNSː

We can use ping command to find the status of the network. we can use nslookup command to check the nameservers that are connected to the network. we can use dig command as it in checks the DNS name servers and returns the solution provided by the name serve.

Testing Web Serverː Go to any web browser and type any ip address or a host id if the page is opened then the web server is working properly.

Testing Firewallː

When a client tries to ping to the server which is blocked using a firewall then for the client the reply should be destination host unreachable as firewall blocks the client from reaching the server. Testing Case The configurations made for the firewall using the iptables are tentative and so we should be wise to save the files and run the same configuration during the reboot of the system. Go to root user on your computer where we have configured the firewall using Sudo su And then save the iptables using the following commands: iptables-save > /etc/iptables.rules After that go to /etc/network/if-pre-up.d/iptables and then place the following commands iptables-restore < /etc.iptables.rules exit 0 After this procedure go to /etc/network/if-post-down.d/iptables and put the following commands iptables-save –c > /etc/iptables.rules if [-f /etc/iptables.rules]; then iptables-restore < /etc/iptables.rules fi exit 0 After these commands we have to change the permission to the files so that changes can be edited to use Sudo chmod +x /etc/network/if-post-down.d/iptables Sudo chmod +x /etc/network/if-preup.d/iptables
 * 1) !/bin/sh
 * 1) !/bin/sh

Testing BackUpː

We can check whether the files are backedup or not by going to the file directory and to check whether those specific which needed to be backup are received. Testing Case Please be aware to copy the public keys to the systems where we have to store the backup’s otherwise the backup will not be performed as those hosts are unknown to the sender. Then try to create the appropriate directory at the receiver side so that he can easily access the files without any hassles.

Testing VPNː

We use ifconfig and check for the ip address of the PPP ip addresʂ