Data Networking/Fall 2014/Xiang Gao

Group Members
Xiang Gao Weiqi Yao Haichuan Zhang

Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) allows a host to obtain or be allocated an IP address automatically. It is a plug-and-play protocol, based on its ability to automate the network-related aspects of connect- ing a host into a network. Because of this feature, we use an ubuntu system as an DHCP server in our network. It will give static IP address for our Domain Name Server (DNS) and Web server in our network. Also, it will random assign IP address to the clients who connected into our network.

Domain Name Server (DNS)
DNS is a distributed database implemented in a hierarchy of DNS servers, and an application-layer protocol that allows hosts to query the distributed database. In our network, the DNS server keeps the mapping of domain names and IP addresses. It will resolve the DNS query from others.

Web Server & Firewall
web server is a computer system that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. In our network, the web server have 2 web pages. Each of them has their own content for clients to visit. Firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set.Firewall in our project has the functions of IP filtering, protocol filtering, etc. It is used to limit the particular incoming or outgoing visit. For example, We can block a client with particular IP address from visiting the web server.

Installation
We install the isc-dhcp server first. command: sudo apt-get install isc-dhcp-server

Configuration
The detail configuration in dhcpd.conf file is: Subnet mask: 255.255.255.0 Network:    192.168.1.0 Router:     192.168.1.1 IP range:   192.168.10.20 - 192.168.10.200 Static IP address for Web server:     192.168.1.4 Static IP address for DHCPserver:     192.168.1.3 Static IP address for DNS server:     192.168.1.2
 * 1)  in order to let DHCP work, we should set IP address for DHCP server manually. We go into the interface to configure the IP address for DHCP, as well as its subnetmask, broadcast IP address and gateway IP address.
 * 2) After finished above pictures’ configuration, we should restart the interface<br /
 * 3) Configure the DHCP main file by edit /etc/dhcp/dhcpd.conf file. In this file we can set IP subnet, subnet mask, and IP range and so on.
 * 4) At last, we should restart or start the disc-dhcp-server

Installation
In the designing of DNS Server, we need to install bind9 command: sudo apt-get install bind9

Configuration

 * 1) we get into the /etc/bind file by using command: cd /etc/bind
 * 2) we start configure the local file by using command: nano named.conf.local
 * 3) we gave each website a file to store the configuration detail.
 * 4) we get into the certain file we created before to give DNS specifications, by using command “nano db.site1.com”, we successfully accessed the certain file. In that file we creat several DNS records, NS, A, CNAME,AAAA.
 * 5) we need to create the reverse domains.

Installation
we need to install 3 software on Ubuntu, apache2, php5 and libapache2-mod-php5.

Configuration

 * 1) The files we need to use in the configuration for web server, /var/www and /etc/apache2/sites-available.
 * 2) In this file, /var/www, we need to create 2 documents, site1.com and site2.com, to edit and store the contents of our webpages.
 * 3) Then in the file of /etc/apache2/sites-available, we need to put some necessary information about our website.
 * 4) Once we have created the above documents, we should enable site1.com and site2.com.

Installation
We use ufw to implement the functionality of firewall. command: sudo apt-get install ufw

Configuration
We want to block the client with a particular IP address from visiting our webserver. Commands used: Sudo ufw enable Sudo ufw deny from 192.168.1.22 Sudo ufw allow from 192.168.1.0/24 Sudo ufw status

Back-up
In the backup section, we use MySQL to store our data and use some tools such as automysqlbackup and cron. We also can backup database manually. Installation command: sudo apt-get install mysql-server sudo apt-get install libapache2-mod-auth-mysql sudo apt-get install php5-mysql 1） Automysqlbackup This utility can be scheduled to automatically perform backups at regular intervals. So it is a very convenient way for our back-up. Installation command: sudo apt-get install automysqlbackup Following is the configuration for back-up. The main configuration file for automysqlbackup is located at "/etc/default/automysqlbackup": sudo nano /etc/default/automysqlbackup The default location for backups is "/var/lib/automysqlbackup". Search this directory to see the structure of the backups: ls /var/lib/automysqlbackup There are 3 files – daily, weekly and monthly – inside automysqlbackup. 2） Use cron to back-up automatically Ubuntu installs a cron script with this program that will run it every day. It will organize the files to the appropriate directory. Install cron on Unbuntu using below command: sudo apt-get install gnome-schedule Then configure crontab, set a particular timing to backup. 3） Backup database manually Create a new database which will hold all of the data from the data dump and then exit out of the MySQL prompt: CREATE DATABASE database_name; Next, we can redirect the dump file into our newly created database by issuing the following command: mysql -u username -p database_name < backup_name.sql Information should now be restored to the database we've created.

NFS
NFS (Network File System) mounts work to share a directory between several virtual servers. This has the advantage of saving disk space, as the home directory is only kept on one virtual private server, and others can connect to it over the network. When setting up mounts, NFS is most effective for permanent fixtures that should always be accessible. Installation command: Sudo apt-get install nfs-kernel-server Configure NFS server    Editing the /etc/exports file. First make a backup copy of the default NFS configuration file: Here we use /home/gxless/Desktop as the default NFS file, and allow client with IP address 192.168.1.30 to share this default file. Then we install nfs-common in the client’s host. Installation command: Sudo apt-get install nfs-common Then we can transfer the default file to client.

NIS
The Network Information Service is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Installation command sudo apt-get install portmap sudo apt-get install nis Following is configuration for NIS. sudo nano /etc/ypser.securenets sudo nano /var/yp/Makefile Then set up remote users: Sudo useradd-d /home/username –m username Sudo passwd username We can use “cat /etc/passwd” to check the remote users.

Ecryptfs
Ecryptfs can encrypt files in particular folder to enhance files more secure. Installation command: sudo apt-get install ecryptfs-utils Mount the partition to be encrypted: sudo mount –t ecryptfs /srv /srv sudo cp –r /etc/default /srv sudo umount /srv cat /srv/default/cron

VPN
First, we install the pptpd to configure the VPN server. The Command line ”apt-get install pptpd”. After that, we edit the pptpd file by giving command ” nano /etc/pptpd.conf”. We give the local IP and the remote IP for client. Then we configure the pptpd.option file Here, we give the DNS server IP address. Then we came to this file-/etc/sysctl.conf. Delete the “#” in front of net.ipv4.ip_forwards=1 Finally, we came to the /etc/rc.local file to give the IPtables.

DNS Server
We use command nslookup to test DNS Server. If DNS Server can map domain name to IP address and do this reversely, it means the DNS Server works well.

DHCP Server
we will test whether DHCP Server can assign IP addresses for other servers and Clients connected to this network. If the DHCP work well, the IP address of DNS server should be 192.168.1.2, the IP address of Web server should be 192.168.1.4, and other clients should be assign IP address in the range of 192.168.20 to 192.168.200.

Web Server
To check if the web server work well we open the web browser in different clients or servers, and type web server address: site1.com or site2.com. If it works, the web page should be shown in browser.

Firewall
As we configured ufw, commands we used to block the packet from IP address 192.168.1.22 are: sudo ufw deny from 192.168.1.22 sudo ufw allow from 192.168.1.0/24 Then we check the status of ufw using the following command: sudo ufw status If we enable ufw, this client cannot visit webpage any more. The Firewall works well.

Back-up
1) Automysqlbackup The default location for backups is "/var/lib/automysqlbackup". Search this directory to see the structure of the backups: ls /var/lib/automysqlbackup There are 3 files – daily, weekly and monthly – inside automysqlbackup. 2) Cron Command used in configuring crontab sodu crontab –e Use 0 0 * * * /etc/cron.daily to back up daily and save the back-up in file /etc/cron.daily In the file /etc/cron.daily, we can see the back-up files.

NFS
Firstly, we should restart nfs-kernel-server. Command used: sudo /etc/init.d/nfs-kernel-server start This is our default NFS file. We can see inside this file. We have hello.py, hhhh.py, etc. Now, we will transfer this file to the client’s host. Command used: sudo mount 192.168.1.4:/home/gxless/Desktop /home/nfs-gx Then it finishes without any notice. We can enter nfs-gx, and the default file in host NFS server now has transferred to client NFS server.

Future Improvements
Backup -- There are many methods that can be used as backup for our web server. In the future, we could consider more efficient and convenient way to implement backup. Mail server -- Mail server is often needed for most companies. So in the future, we could add a mail server for this company. IPv6 -- We could assign IPv4 for our servers and clients in the future.

DNS Server
During the process of configuring the DNS server, I deeply found that computer doesn’t works in human way, we have to use computer language to talk with computer. There is a lot of format requirement for the Ubuntu machine. Beside, adding the IPv6 address is sort of annoying, since I thought the IPv6 has the same format with IPv4, and it didn’t work. After going through so many videos on YouTube, we finally configured everything.

DHCP Server
First, the most important things we should pay attention to in configure DHCP server is that the IP address of the interface of the DHCP server and the subnet of your DHCP range should be in consistent. This two things is edit in two different file, so that we may make some mistake when we editing it. If these two are not in consistent, the DHCP server will not able to start. This is a big issue when we doing the DHCP configuration, after we finish everything, the DHCP server always fail. We did know what’s wrong at that time, and we almost try every possible ways even install the Ubuntu system again. Finally, we decided to check all the configurations again and we find this problem. Second, there are two possible ways to start/restart the DHCP server, the first one is “sudo service isc-dhcp-server start” and the second one is “sudo /etc/init.d/isc-dhcp-server restart”. We use the second one because we found that the first one may “cheat” us. Sometimes, it shows start successfully, but actually it did not. Hence, the most reliable ways to restart/start the DHCP server is to start/restart it under the init.d file. Third, you should be really careful when you enter the dhcpd.conf file. The format of the command in the file is very strict. You should follow the format or the file will not work. This fault is very obvious because you can actually see where you got wrong in that file by using the second command we mentioned above.