Data Networking/Fall 2013/Group4

The Folks
Anand Suresh

Gaurav Parekh

Rushabh Shah

Udit Shah

Motivation
The purpose of this project is to gain a deeper understanding into the working of configured networks which involve multiple network elements and servers. The backbone of this network is being constructed using Ubuntu 12.04 command line packages.

DHCP
DHCP stands for Dynamic Host Configuration Protocol which is an application layer protocol. It is used to dynamically assign IP addresses to all the clients in the network. These IP addresses are allocated from a predefined range of IP addresses which is configured in the DHCP server. All the IP addresses are assigned to the clients for a particular lease time which is set while configuring the DHCP server. The DHCP servers are capable of providing both IPv4 (DHCPv4) and IPv6 (DHCPv6) addresses. Also it can dynamically allocate static IP addresses for certain network elements such as DNS and Web Servers as they require a permanent IP address always. To assign unique IP addresses to DHCP clients the DHCP procedure involves 4 stages - DHCP discovery, DHCP offer, DHCP request and DHCP acknowledgment.

DNS
DNS stands for Domain Name System which is an application layer protocol. It uses port number 53 and either TCP or UDP as the underlying transport layer protocol. Basic purpose of DNS is to resolve and provide hostname to IP address mapping and vice versa. All the information regarding IP addresses and domain names is stored in a distributed database.

Web Server
Web Server is a server that contains and delivers web pages when requested by network clients. It uses the application layer protocol HTTP, which works on port 80. The web pages contain a base HTML object file along with many other referenced objects. Widely used web servers are Apache and Microsoft's Internet Information Services.

Firewall
Firewall is implemented to secure a private network of Web, DNS, DHCP servers and other clients from unknown intrusion. It can either be hardware or software based and can be configured by the network admin in a manner so as to allow only that traffic which is trusted by the network and reject all other traffic. It basically protects a network from the outside world and can block anything required by the network admin such as ICMP, FTP, HTTP etc.

Backup
A backup server is used to save copies of all the data from a particular server so as to keep the data safe, secure and restorable in case the server crashes or suffers any other problem due to which data loss occurs. Server crashes are very common in any networking organization and hence a backup server is very essential. An efficient way to manage backups is by scheduling them in such a way that the data from a particular server gets backed up in the backup server each day at a predetermined time. Backups are not only used to handle data loss and server crashes but can also be helpful in order to restore particular data saved previously.

The Requirements
Build a DNS server for the start-up company in Boston - Obtain a Domain Name for the start-up, create 5 DNS records and use IPv4 and IPv6 addresses to implement the DNS records, name servers should be configured to handle all the queries for the domain, create reverse domain lookups for IP address to domain name mapping.

Build a DHCP server for the start-up - Capable of leasing IPv4 and IPv6 addresses from a particular assigned pool of IP's with a certain lease time. Should be capable of reserving certain IP's for the DNS and web servers which require static addresses. Also such addresses should be in the exclusion range i.e. not available for lease to other clients.

Build a Web Server with a basic webpage for the start-up to be accessible by all the clients in the network along with a firewall to make this a secured server.

Automatically create a backup of all files from a particular server to a different server everyday at 12:00 am.

DHCP
IP - 192.168.10.5 Netmask - 255.255.255.0 Broadcast IP - 192.168.10.255 Gateway IP - 192.168.10.2 ddns-update-style none; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; option broadcast-address 192.168.10.2; option routers 192.168.10.2; option domain-name-servers 192.168.10.10; option domain-name "gr4.DN.com"; subnet 192.168.10.0 netmask 255.255.255.0{ range 192.168.10.3 192.168.10.20; }
 * On the Linux Box we need to install the DHCP packages by using command 'sudo apt-get install isc-dhcp-server' in terminal.
 * Statically configured the Ethernet (eth0) interface with
 * Restarted the network interfaces using the command 'sudo /etc/init.d/networking restart' and then rebooted the Linux Box using command 'sudo reboot'.
 * Configured the default interface as 'eth0' using command 'sudo /etc/default/isc-dhcp-server'.
 * Entered the 'dhcpd.conf' file using command 'sudo nano /etc/dhcp/dhcpd.conf'.
 * Configured the 'dhcpd.conf' file as follows
 * Restart the DHCP server using command 'sudo service isc-dhcp-server-restart'.
 * For the DHCP server to lease out IPs and function properly, we need to set the network adapter in bridged mode which can be done in 'VM Settings/Network Adapter'.

DHCP Client -

auto eth0 iface eth0 inet dhcp
 * On the DHCP client we need to enter the network interface using command 'sudo nano /etc/network/interfaces'.
 * Here we need to configure the 'eth0' interface as
 * After configuring we need to restart the network interfaces using command 'sudo /etc/init.d/networking restart' and then reboot the Linux Box using command 'sudo reboot'.

DNS
auto eth0 iface eth0 inet static address 192.168.10.10 netmask 255.255.255.0 network 192.168.10.0 broadcast 192.168.10.255 gateway 192.168.10.2 sudo nano /etc/bind/named.conf.options sudo nano /etc/binf/named.conf.local sudo cp /etc/bind/db.local /etc/bind/zones/DN.com.db  sudo cp /etc/bind/db.127   /etc/bind/zones/10.168.192.in-addr.arpa.db  sudo nano /etc/bind/zones/DN.com.db  sudo nano /etc/bind/zones/10.168.192.in-addr.arpa.db  named-checkzone DN.com /etc/bind/zones/DN.com.db  -- for forward lookup zones named-checkzone DN.com /etc/bind/zones/10.168.192.in-addr.arpa.db -- for reverse lookup zones nameserver 192.168.10.10 search DN.com domain DN.com sudo /etc/init.d/bind9 restart
 * We need to install the Ubuntu package 'bind9' using command 'sudo apt-get install bind9' to implement DNS server on the Linux Box.
 * Configure the 'eth0' interface using command 'sudo nano /etc/network/interfaces', with a static IP address and other parameters as follows
 * Restart the networking daemon using command 'sudo /etc/init.d/networking restart'
 * Provide a hostname to the DNS Server using command 'sudo nano /etc/hostname'.
 * Provide a domain name for the DNS server using command 'sudo nano/etc/hosts'.
 * We need to edit the files '/etc/bind/named.conf.options' and 'etc/bind/named.conf.local' using commands
 * Copy the already created forward lookup and reverse lookup files in /etc/bind directory
 * Edit the forward lookup file according to the requirement
 * Edit the reverse lookup file according to the requirement
 * Check if the zone files are working properly
 * Edit the /etc/resolv.conf file to provide the nameserver details
 * Finally restart the 'bind' package using command

Web Server
sudo apt-get install apache2
 * We use 'Apache2.0 Tomcat' command line package to install the Apache Web Server in our Linux Box using command
 * This creates a directory '/var/www' which contains the default web page of our web server 'index.html'
 * This web page can be accessed by typing in 'localhost' in the address bar of the web browser.
 * This web page can also be accessed by other clients by typing in the IP address of the web server namely '192.168.10.15'.
 * This displays the default web page 'index.html' configured on our web server.

Firewall
sudo iptables -L sudo iptables -A INPUT -p tcp --dport 80 -j DROP sudo iptables -A INPUT -p tcp --dport 21 -j DROP sudo iptables -F
 * Firewall is configured on our web server using 'iptables'
 * This will list out all the current 'iptable' rules present on the server.
 * To prevent access to the web page, we use the command
 * To prevent access for FTP, we use the command
 * To release the firewall restrictions and allow access to FTP and Web Page, we use the command

Backup
rsync -r /source username@hostname:dest tar -cvpzf /folder-in-which-tar-to-be-created/ /path-of-files-to-be-zipped crontab -e
 * This has been done using 'rsync' and 'tar' which are automated together in a 'crontab' job.
 * 'rsync' is used to backup all the files from a single server to a remote server
 * We use 'tar' to zip the files being backed up to the remote server
 * These tasks are configured in a 'crontab' job to schedule daily backups

DHCP

 * After configuring the 'eth0' interface and 'dhcpd.conf' file, the DHCP server was fully configured to lease out IPv4 addresses.
 * Used command 'ifconfig' on the DHCP servers terminal to check whether the 'eth0' interface is statically configured with the IP 192.168.10.5 and other defined parameters.
 * Connected the DHCP server and DHCP client devices and used command 'ifconfig' on the DHCP clients terminal to check whether it receives an IPv4 address from the DHCP server within the assigned range.
 * Tried to ping between the DHCP server and client devices to check the network connectivity between them.
 * Tested this above procedure with multiple DHCP clients to check whether DHCP server is assigning IP addresses within the range successfully.

DNS
named-checkzone DN.com /etc/bind/zones/DN.com.db - for forward lookup named-checkzone DN.com /etc/bind/zones/10.168.192.in-addr.arpa.db - for reverse lookup dig nslookup ping gr4.DN.com
 * After configuring the DNS Server, we check the forward and reverse lookup table sanity.
 * To check if DNS is resolving hostnames correctly, we use the command
 * Connected client device to DNS server and on client's terminal we tried to ping hostname of the web server and the hostname was resolved to the IP by the DNS server.

Web Server

 * Opened web browser on web server and typed 'localhost' in the address bar.
 * The default web page of the web server was displayed.
 * Opened web browser on other devices and typed '192.168.10.15' in the address bar.
 * The default web page of the web server was displayed.

Firewall

 * Firewall was enabled on the web-server.
 * The client on the other side is unable to access the hyperlink.
 * The Firewall is disabled, and the client is then able to access the hyperlink.

Backup

 * Create a test file "test.zip" using the Tar command in home folder.
 * Use "crontab -e" to enter the "rsync" job in the cron table.
 * Use rsync -r /home/anand/test.zip gaurav@192.168.10.5:home
 * This job can be executed daily by appending the necessary time values against the above command.

Test Tools
 * 4 computers - DNS Server, DHCP Server (+Backup Server), Web Server(+Firewall), Client.
 * Ubuntu Operating System on all computers.
 * Switch and Cables.

Test Cases

Future Prospects
Expansion

Growth

Improvements