Data Networking/Fall 2014/Neville RJ Fernandez & Group

Linux Project to implement DNS,DHCP,Web Server, Firewall and Backup
In this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.

The Project Team
1) Can Gao 2) Zhongyuan Zhang

Why did we work on Linux??
Linux is an Open Source & free operating system used widely in the IT & Telecommunications Industry. Our aim is to learn basic networking concepts on the linux platform and implement it successfully. By doing so we can hope to learn and get a hands-on experience in configuring our network on a Linux based platform.

Introduction
In this linux project,our group has tried to implement certain networking concepts such as DNS,DHCP,Web Server,Backup Web Server & a Firewall. The flavour of Linux that we have used is Ubuntu 14.04.1.

Background
 1) Domain Name System (DNS)  DNS (Domain Name system) is a service that translates hostnames to IP addresses. It can make users access to internet more convenient. The DNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. The DNS protocol runs over UDP and uses port 53.

 2) Dynamic Host Configuration Protocol (DHCP)  The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

The three types by which DHCP allocates IP addresses to the hosts Manual IP addresses are allocated for only those hosts who have their MAC addresses listed in the IP translation tables on the router.
 * Static allocation

Allocation occurs from a pool of IP addresses dynamically for a certain lease period.
 * Dynamic allocation

The same IP is assigned to the client when it comes on the network.
 * Automatic allocation

 3) Web Server  A web server is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The term can refer either to the entire computer system, an appliance, or specifically to the software that accepts and supervises the HTTP requests. The main function of the Web server is to provide on-line information browsing service.

 4) Backup Web Server  As there is a possibility that the server may crash because of some reasons. So systematically create a backup of every day’s work will avoid the risk that the no data will loss.

 5) Firewall  Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network.

Project requirements

 * Linux Based OS (We have used Ubuntu 14.04.1)
 * Bind9 server to configure DNS.
 * Isc-dhcp-server and radvd to configure DHCP.
 * Apache2 to configure our web server.
 * RSync package for web backup server.
 * SSH package.

DHCP Server
1. Install DHCP Server
 * For IPv4

sudo apt-get install isc-dhcp-server

2. Set the static Ip address of the DHCP server

sudo vi /etc/network/interfaces

Change lo to either eth0 or wlan0 and loopback to static

auto eth0 iface eth0 inet static address 192.168.4.171 netmask 255.255.255.0 broadcast 192.168.4.255 dns-domain-nameserver 192.168.4.172

3. Configure the DHCP server

sudo vi/etc/dhcp/dhcpd.conf

subnet 192.168.4.0 netmask 255.255.255.0{ range 192.168.4.4 192.168.4.169; option routers 192.168.4.1;}

host dns { hardware ethernet 00:0c:29:8e:41:b2; fixed-address 192.168.4.172; }               host dnsstandby { hardware ethernet 00:0c:29:62:36:d7; fixed-address 192.168.4.173; }

host web { hardware ethernet 00:0c:29:ff:c3:07; fixed-address 192.168.4.174; }               default-lease-time 600; max-lease-time 7200; }

4. Modify the ip address for etc0

sudo ifconfig eth0 192.168.4.171 netmast 255.255.255.0 

5. Restart the dhcp server

sudo service isc-dhcp-server restart 

1. Install the radvd to configure the parameters sudo apt-get install radvd 
 * For IPv6

2. Modify the file /etc/radvd.conf sudo vi /etc/radvd.conf

interface eth0 { AdvSendAdvert on; AdvManagedFlag on; prefix fec0:1111:2222:3333::/64 { AdvOnLind on; AdvAutonomous on; }; }; 3. Modify the file /etc/sysctl.conf sudo vi /etc/sysctl.conf net.ipv6.conf.all.forwarding=1

4. Restart the radvd sudo /etc/init.d/radvd restart

sudo vi /etc/network/interfaces auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp
 * For other server

DNS server
1. Install Bind9
 * For IPv4

sudo apt-get install bind9

2. Configure static IP address getting from DHCP server for the DNS server

sudo nano /etc/network/interfaces

auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp

5. Configure zones in the named.conf.local file

sudo vi /etc/bind/named.conf.local

// For Forward zone zone "www.gaoyuan.com" {        type master; file "/etc/bind/db.www.gaoyuan.com"; allow-transfer { 192.168.4.173; }        also-notify { 192.168.4.173; };        };         zone "www.gaoyuan.com" {       type slave; file "/etc/bind/db.www.gaoyuan.com"; masters { 192.168.4.172; };       };

Configure the other 4 dns server, www.gaoyuan1.com, www.gaoyuan2.com, www.gaoyuan3.com, www.gaoyuan4.com

// For Reverse zone for ipv4 addresses

zone "4.168.192.in-addr.arpa" {         type master; file "/etc/bind/db.192"; allow-transfer { 192.168.4.173; };         also-notify { 192.168.4.173; };          };          zone "4.168.192.in-addr.arpa" {         type slave; file "/etc/bind/db.192"; masters { 192.168.4.172; };         };

// For Reverse zone for ipv6 addresses

zone "3.3.3.3.2.2.2.2.1.1.1.1.8.0.e.f.ip6.arpa" {         type master; file "/etc/bind/db.ipv6"; allow-transfer { 192.168.4.173; };         also-notify { 192.168.4.173; };          };          zone "3.3.3.3.2.2.2.2.1.1.1.1.0.8.e.f.ip6.arpa" {         type slave; file "/etc/bind/db.ipv6"; masters { 192.168.4.172; };         };

6. Configure the forward lookup table

sudo vi /etc/bind/db.www.gaoyuan.com

$TTL  	         604800 @        IN	       SOA	           www.gaoyuan.com. root.gaoyuan.com. ( .                               2		; Serial .	                604800		; Refresh .			  86400		; Retry .		      2419200		; Expire .		        604800 )	        ; Negative Cache TTL @	IN	NS	       www.gaoyuan.com. @	IN	A	       192.168.4.179 @	IN	AAAA	fe08:1111:2222:3333:4444:5555:6666:aaaa

Configure other 4 dns server in the same method

7. Configure the reverse lookup table for ipv4 and ipv6 addresses

sudo nano /etc/bind/db.192

$TTL	  604800 @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. ( .	 		         2		; Serial .			 604800		; Refresh .			   86400		; Retry .		       2419200		; Expire .			 604800 )	; Negative Cache TTL ;                        @	IN	NS	www.gaoyuan.com. 179	IN	PTR	www.gaoyuan..com. 175	IN	PTR	www.gaoyuan1.com. 176	IN	PTR	www.gaoyuan2.com. 177	IN	PTR	www.gaoyuan3.com. 178 IN    PTR  www.gaoyuan4.com.

sudo nano /etc/bind/db.ipv6

$TTL	  604800 @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. ( .	 		         2		; Serial .			 604800		; Refresh .			   86400		; Retry .		       2419200		; Expire .			 604800 )	; Negative Cache TTL ;                        @	IN	NS	www.gaoyuan.com. a.a.a.a.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan..com. b.b.b.b.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan1.com. c.c.c.c.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan2.com. d.d.d.d.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan3.com. e.e.e.e.6.6.6.6.5.5.5.5.4.4.4.4    IN    PTR  www.gaoyuan4.com.

8. Edit the file resolv.conf

sudo vi /etc/resolv.conf

nameserver 192.168.4.172

9. Restart the Bind9 server

sudo /etc/init.d/bind9 restart

Web server
1. Install Apache webserver

sudo apt-get install apache2

2. We install the server and client of mysql.

“apt-get install mysql-server mysql-client”

3. Install php5

“apt-get install php5” 4. Restart apache2

“sudo /etc/init.d/apache2 restart” 5. Modify the home page “cd /var/www/ls” “Sudo nano /var/www/html/index.html”

Firewall
1. Active ufw firewall “sudo ufw enable” “sudo ufw default deny”

2. Start the service using the command

sudo service iptables-persistent start

3. Enable the SSH service “sudo ufw allow ssh”

4. Open the port “sudo ufw allow 80” “sudo ufw allow 22” “sudo ufw allow 873” “sudo ufw allow 1723”

5. Enter a rule “Sudo ufw allow proto tcp from 192.168.4.174 to any port 22”

6. See the firewall status “sudo ufw status

Backup Server
1. Install SSH

sudo apt-get install ssh

2. Generating RSA keys

ssh-keygen –t rsa

3. Copy the RSA public key to other host over SSH

cat /home/Gandhi/id_rsa.pub “mkdir –p /root/.ssh && cat >> /root/.ssh/authorized_keys

4. Install rsync using following command

sudo apt-get install rsync

5. Use Rsync to copy the public key to virtual server

ssh root@192.168.10.120 rsync /var/www/html root@192.168.10.150 :/var/www/html

6. Use crontab for ssh commands to run periodically every 10 minutes

10 * * * * rsync /var/www/html root@192.168.10.150:/var/www/html

Network
Use ping to test whether every server can connect each other

DHCP Server
Flush the IP addresses in eth0 and then restart eth0 interface to see whether it can get the IPv4 and IPv6 addresses from DHCP server.

DNS Server
1. Test master DNS server a. use command host host www.gaoyuan.com host 192.168.4.179 host fe08:1111:2222:3333:4444:5555:6666:aaa b. use nslookup nslookup www.gaoyuan.com 192.168.4.179                       fe08:1111:2222:3333:4444:5555:6666:aaaa 2. Test slave DNS server Turn off the master DNS server and use the same method with master DNS server

Websites:
1) http://www.bind9.net 2) https://help.ubuntu.com/community/BIND9ServerHowto 3) https://help.ubuntu.com/community/isc-dhcp-server 4) https://help.ubuntu.com/community/rsync 6) https://help.ubuntu.com/community 7) http://lesca.me/archives/how-to-ping-ipv6-address.html 8) http://blog.csdn.net/l0605020112/article/details/41899359 9) https://help.ubuntu.com/lts/serverguide/dns-configuration.html

Books:
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross