Data Networking/Fall 2015/Anvitha

Project Objective
To build a robust, secure, dynamic and intelligent network consisting of a DNS server, DHCP server, Web server with firewall and a client for a start-up company situated in Boston.

Project Team members
Anirudh Vasudevan Anvitha Manjunath Priyesh kiran Gawad

Sri Pradeep Dhanekula

Network elements
Implemented network consists of following elements:
 * DHCP
 * DNS
 * WEB SERVER AND FIREWALL
 * Backup

Dynamic Host Configuration Protocol (DHCP)
DHCP is a client/server protocol which dynamically assigns IP addresses to clients connected to the network along with other network information such as DNS IP address, default gateway etc. It lets network administrator to centrally manage and allocate IP addresses within the network.

Behavior of the protocol
It is a client-server protocol; which uses UDP at port 67. The server dynamically assigns IP addresses, subnet mask and gateways to clients from a pool of IP addresses given to it. When a DHCP client connects to the server by sending a DHCP message, the server processes it based on current binding state of the client. The various types of DHCP message can be following: DHCPDISCOVER DHCPREQUEST DHCPRELEASE DHCPINFORM

a.DHCPDISCOVER: To every DHCPDISCOVER message from client, the server chooses an IP address from its DHCP pool. If no IP address is available, it reports the system administrator otherwise it simply assigns the IP to the client based on the binding state with the client.

b.DHCPREQUEST: When the server offers an IP to the client in reply to DHCPDISCOVER, the clients sends a DHCPREQUEST message to the server, by checking whether the IP is previously allocated or whether the lease has ended, etc. Generally in response to DHCPOFFER given by server, the client sends a DHCP request containing 'Server Identifier' option.

c.DHCPRELEASE: If the network address is not allocated, the client sends DHCPRELEASE message to the server and the server thus makes an entry of client's initialization parameters.

d.DHCPINFORM: To every DHCPINFORM message from the client, the server sends a DHCPACK message directly to the address specified at 'ciaddr' field of DHCPINFORM message.

DHCP client behavior: A client can receive following messages from the server. DHCPOFFER DHCPACK DHCPNACK

Configuration
sudo nano /etc/dhcp/dhcpd.conf ddns-update-style none; option domain-name-servers; option domain-name ""; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.0.0 netmask 255.255.255.0{ range 10.0.0.100 10.0.0.200; option broadcast-address 10.0.0.255; option domain-name-servers ; }

The server will lease addresses on an interface and so we need to name the interface first. Command: sudonano /etc/default/isc-dhcp-server Here there will be an Interface option which we need to set up to ethernet0. INTERFACES="eth0" When we configure a server on an interface, we need to assign an IP to that interface. Here we are assigning a DHCP server which will assign IPs dynamically to all the clients but the serer itself should have a static IP. So, we will give the DHCP server a static IP first. Command: sudonano /etc/network/interfaces Set static ip address: sudo nano /etc/network/interfaces auto eth0 iface eth0 inet static address 10.0.0.254 netmask 10.0.0.0 gateway 10.0.0.1 network 10.0.0.0 broadcast 10.0.0.255 dns-domain-nameserver “ip addrerss of server” dns-domain-search “domain name” Restart the network sudo init 6 Configuration should be done in following manner: Till here, the configuration process was same for IPv4 as well as IPv6 implementation. Firstly we will discuss configuration for IPV4 addresses.

IPV4 Implementation
/etc/dhcp/dhcp.conf In this file itself, we configure a range of IPs that will be dynamically assigned(DHCP IP Pool), subnet mask, network ID, etc. The lease time for which IP will be assigned to the client will also be configured in the same file. Command: sudonano/etc/dhcp/dhcpd.conf Here all the settings have been adjusted as per the network requirement. The option domain-name is group11.lan which is the domain we have created in our network. The Dynamic IP Range given is 10.0.0.100 to 10.0.0.200. 6. The next step is to restart the dhcp service Command: sudo service isc-dhcp-server restart Once we restart the isc-dhcp-server, the server starts running and assigns IP to all the clients present in the network. Every client gets an IP from this dhcp pool. If there are more than one virtual machines in VMware then every machine gets a dynamic IP from the server.

IPv6 Implementation
1.To enable IPV6 routing, we to follow this process: Command: sudonano /etc/sysctl.conf set up the command net.ipv6.conf.default.forwarding=1; 2.To advertise IPs and let network's systems select their own IPs, we need to install router advertisement daemon radvd Command: sudo apt-get install radvd after installing the daemon, we need to edit the file /etc/radvd.conf

Command: sudonano /etc/radvd.conf To propogate IPV6 address space, we need to restart Command: sudo service radvd restart Start the DHCP server Command: sudo service isc-dhcp-server restart sudo service isc-dhcp-server6 restart : when dhcpd6.conf file is configured to enable dhcpv6 for windows

Testing
1. To test the IP given to interface on which DHCP is configured, command is ifconfig

2. To test the IPs assigned to the client from dhcp pool, Commands are for windows: ipconfig For Ubuntu: ifconfig

3. To check the assigned IP to a client and its lease time we use the command Command: sudo tail /var/lib/dhcp/dhclient.leases

Behavior of the protocol
Domain Name System (DNS) is an application layer protocol used to provide domain name to address

resolution and vice-versa. It is critical service run by different ISP providers, organizations and internet

authorities. DNS is not a centralized service and it is a distributed service. It is distributed to avoid the

single point of failure, distant centralized database, heavy traffic volume and nightmare maintenance. It

uses caching mechanism to reduce the load on network. It uses port 53 for lookups and transfers. DNS

uses UDP for lookups and TCP for replication of servers. DNS uses TCP if the response or query message

size exceeds 512 bytes. Reverse lookup provides weak security against email spoofing. Replication of

DNS servers is used for load balancing.

Distributed Hierarchy of DNS

The hierarchical server structure in the above diagram has three levels.

They are:

1) Root DNS servers – These are present at the top level of hierarchy

2) Top level domain (TLD) DNS servers – These are present at the next level to root servers in hierarchy

3) Authoritative or Local DNS servers – These are present at the next level to TLD servers in hierarchy

Query Types

There are two types of queries in DNS hierarchy. They are:

1) Recursive queries

2) Iterative queries

1) Recursive queries:

Whenever a host looks for resolution local Name server associated with that host recursively requests

another level of DNS servers for resolution and fetches the name resolution for the requested host.

Recursive queries are allowed if the hosts are in the same domain.

2) Iterative queries:

Iterative queries are handled by root DNS servers, TLD DNS servers and authoritative name servers.

Resource Records

Resource Records: In DNS hierarchy, DNS server replies to a query with one or more records.

Format of BIND9 server resource records

Name TTL  Class  Type  Pref  Value

TTL is Time To Live

Pref is the preference value (Used in the case of multiple mail servers)

Class is used to identify protocol family

Type=A

Name is the hostname

Value is the IP address

This type is simply a hostname-to-IP address mapping

Type = NS

Name is the domain, e.g., auburn.edu

Value is the hostname of the authoritative name server for this domain

This type is used as a routing function for queries

Type = CNAME

Name is the alias name, e.g., www.ibm.com

Value is the canonical name, e.g., servereast.backup2.ibm.com

This type simply provides the canonical name when requested

Type = MX

Name is domain name

Value is the name of the mail server associated with this domain

Type = PTR

Reverse DNS lookup is used to specify the name of the host associated with specific IP address

The master server contains original sets of records, whereas slave contains copy of records.

Steps to configure BIND9 Master DNS server and Slave DNS server

Master DNS configuration
Install all the required updates and packages related to BIND9 using following commands.

sudo apt-get update

sudo apt-get install bind9

Open network interfaces file to make changes as in the below screenshot using the following

command.

sudo nano /etc/network/interfaces

Open hosts file by using the following command and make the changes sudo nano /etc/hosts

Open hostname file using the following command and make below changes.

sudo nano /etc/hostname

Reboot the virtual machine by using the following command to apply changes.

sudo init 6

Open the named.conf.options file by using the following command and make the changes as below.

sudo nano /etc/bind/named.conf.options

Open the named.conf.local file by using the following command and make the changes as below.

sudo nano /etc/bind/named.conf.local

Create and open the db.adeptmaster.com forward zone file by using the following command and

make the changes as below.

sudo nano /etc/bind/db.adeptmaster.com

Create and open the db.adeptmaster.com reverse zone file by using the following command and

make the changes as below.

sudo nano /etc/bind/db.10

Open the head file by using the following command and make the changes as below.

sudo nano /etc/resolvconf/resolv.conf.d/head

Restart BIND9 server using the below command.

sudo service bind9 restart

Slave DNS configuration
Install all the required updates and packages related to BIND9 using following commands.

sudo apt-get update

sudo apt-get install bind9

Open network interfaces file to make changes as in the below screenshot using the following

command.

sudo nano /etc/network/interfaces

Open hosts file by using the following command

sudo nano /etc/hosts

Open hostname file using the following command and make below changes.

sudo nano /etc/hostname

Reboot the virtual machine by using the following command to apply changes.

sudo init 6

Open the named.conf.options file by using the following command and make the changes as below.

sudo nano /etc/bind/named.conf.options

Open the named.conf.local file by using the following command and make the changes as below.

sudo nano /etc/bind/named.conf.local

Open the head file by using the following command and make the changes as below.

sudo nano /etc/resolvconf/resolv.conf.d/head

Restart BIND9 server using the below command.

sudo service bind9 restart

Testing
Testing on master DNS server

1) To verify whether the records updated in master are available.

2) To verify whether the records updated are checked by using nslookup and dig

Commands.

nslookup

nslookup 

dig 

nslookup –query=AAAA FQDN (For IPV6 records)

To verify whether the master is able to ping slave.

Ping

To verify whether changes made under zone files are being reflected.

Testing on slave DNS server

1) To verify whether the records updated in are available.

2) To verify whether the records updated are checked by using nslookup and dig

nslookup 

3) To verify whether the master is able to ping slave.

Ping

4) To verify whether changes made under zone files are being reflected.

5) To verify whether updated zone records in master are being transferred to slave DNS server.

Dig domain name AXFR

Web server
A Web Server is a host machine, or workstation, which has the capability to host multiple web sites. The first step is to build a list of available options for the type of Web Server we will use for our project. The available Web Servers are hosted by either Windows (Windows Web Server) or Linux (APACHE HTTP Server or NGINX). There are a lot of differences between the previously mentioned web servers, but the most important factor for a network engineer with low funding would be the cost of the system. Windows Web Servers require purchasing a license to be able to download and configure their web server. On the other hand, Linux is an open source system which provides free license for hosting websites via their web servers.

Therefore, from our previous discussion, we exclude Windows Web Servers from our list of options. The other option we are left with is Apache or Nginx. Nginx is more efficient and powerful than Apache in terms of the time and resources required to serve incoming requests. Nginx uses a parent process, referred to with PID, to dispatch worker processes who use multi‐threading to serve incoming requests. In other words, each worker process can handle multiple HTTP connections. On the other hand, Apache uses a parent process, which dispatches child processes, and each HTTP request is handled by a separate process. Apache offers a tradeoff between speed and compatibility with add‐on modules, hence providing more flexibility in terms of server configuration options. Still we can not decide whether Apache or Nginx is more suitable for our project. For our project, the web server is required to host a small number of websites for a small network. Since speed will not be a major problem in our design, therefore we will configure and implement Apache2 web server. The second step is to decide the type of host machine or workstation that will host or web server and web sites. There are multiple options, including virtual machines, standalone machines and computers. One of the drawbacks of using a Server‐Client architecture is that we need an always‐on device that will host the web server and serve incoming requests. Therefore, a standalone machine, that supports a client‐server architecture, is the preferred choice, but since we are required to demonstrate our networking project, hence we created dual‐boot for our laptops, hosting Linux on a separate partition than Windows.

Configuration
In this article, we will describe the steps and procedures required to install and configure Apache 2 web server on a Linux machine, (specifically Ubuntu 14.04).

Installing Apache2

To install Apache2 on Ubuntu 14.04, use the following commands Update Linux files

sudo apt­get update

Installs Apache2 Web Server

sudo apt­get install apache2

To check that Apache2 is successfully installed, open a web browser and type the following

http://localhost Creating Directory files After successfully installing Apache2, we'll create the html file that will contain our web site information and design. To create the directory folder, use the following command

sudo mkdir /var/www/neunetworks.com/

Change the properties of the directory to allow the web server to read the html file

sudo chmod 755 /var/www/

sudo chown $USER:$USER /var/www/neunetworks.com/

Create and edit sample.html to the layout you prefer

sudo nano /var/www/neunetworks.com/sample.html

Configuring Apache2 ­ apache2.conf

Now we have to configure it to meet our needs. The Apache2 configuration file is apache2.conf and can be accessed using the following command

sudo nano /etc/apache2/apache2.conf

We are required to do the following modifications, add the following lines to apache2.conf:

 Options Indexes FollowSymLinks AllowOverride None

Require all granted  Adding /var/www/neunetworks.com/ directory allows the Apache2 to reach our hosted web site located at that directory. The apache2.conf has many other variables that can be modified to our demands, such as KeepAlive and MaxKeepAliveRequests, which determines how the web server would handle persistent HTTP connections.

Configuring Apache2 ­ dir.conf

Since we didn't use the default .html file syntax (index.html), we have to add our 'sample.html' to the list of accessible directory indices. Modify the following file

sudo nano /etc/apache2/mods­available/dir.conf

Append sample.html to the list of indices



DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm sample.html



Configuring Apache2 ­ 000­default.conf

000­default.conf is used by the Server to identify itself. For our web site, we need to modify/add the following lines to direct the web server to our  web site

ServerAdmin webmaster@localhost ServerName neunetworks.com Document Root /var/www/neunetworks.com Restart Apache2

Now that the Apache2 configuration is complete, we need to reload the web server, so that the new configurations can be implemented

sudo service Apache2 restart

Testing
To verify that our changes have been successfully configured and implemented, simply reload the web site (you might need to delete your browser's cache)

http://localhost

configuration
Install ip-tables persistent sudo apt-get iptables-persistent Start the service using the command sudo service iptables-persistent start Accepts and deny the ports according to the necessity sudo iptables –A INPUT –p tcp –dport 22 –j ACCEPT sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT sudo iptables –A INPUT –j DROP

sudo iptables -A INPUT -p tcp -s 10.0.0.254 --dport 80 -j REJECT

Backup
Why do we need backup? This is required to take the backups of the HTML page webserver at constant intervals and make sure that we do not lose the HTML page and this can be hosted on to another IP.

Configuration
sudo ssh-keygen -t rsa   #Generating a pair of public keys ssh anirudh@10.0.0.180 mkdir -p .ssh #creating the .ssh on the host machine cat .ssh/id_rsa.pub | ssh anirudh@10.0.0.180 'cat >> .ssh/authorized_keys' appending the Web server's public key to host sudo tar -cvpzf minutebackup.tar.gz /var/www/adepmaster.com/sample.html compress the backup and keep it in the server. sudo crontab –e * * * * * sudo tar -cvpzf /home/priyesh/minutebackup.tar.gz/var/www/adeptmaster.com/sample.html * * * * * sudo scp /home/priyesh/minutebackup.tar.gzanirudh@10.0.0.180:home/anirudh/backup We do Cron jobs to take backup every minute

Algorithm
1.	A client tries to connect to the network.

2.	Client sends an IP address request to DHCP server.

3.	If DHCP request is successful, DHCP server will reply with an IP address

Else DHCP will reply with ‘request fail.’ In this case, re-connect or contact network administrator for help.

4.	Client wants to access the web page.

if domain name is correct, a request will be sent to DNS for IP address of the domain.

DNS will reply with IP address of the website.

else if 	DNS reply fails An error message will be displayed saying, ‘server not found.’

else if		URL entered is wrong An error message will be displayed saying, ‘webpage unavailable.’

Retry

5.	Client accessed the web server. Now he sends HTTP request to the server.

if the request is successful, Web page will be displayed

else Error message like ‘no data received’ will be displayed.

Retry

Virtual Private network(VPN)
A virtual private network extends your private network to public network like Internet.It lets the client connect to the private network and behave as if it is connected to a public network, while retaining features of private network such as functionality, security and management policies. Resources are accessed in same way as in a private network.

Configuration
Install packet ‘pptpd’ sudo apt-get install pptpd Edit file /etc/pptpd.conf as follows sudo nano /etc/pptpd.conf localip 10.0.0.99 remoteip 10.0.0.100-200 Edit /etc/ppp/pptpd/options file. sudo nano /etc/ppp/pptpd.options ms-dns 10.0.0.55 ms-dns 10.0.0.56 Set ‘user-id’ and ‘password’ sudo nano /etc/ppp/chap-secrets vpn pptpd user *

Testing
On the client machine, create a new VPN connection with gateway as vpn server and username and password created.

MAIL server
Mail server is responsible for receiving, sending and distributing e-mail messages from your computer to others. In Linux we call it ‘mail daemon’.

Configuration
To implement mail server, we have used postfix mail services sudo apt-get update sudo apt-get install postfix

Change the configurations in the /etc/postfix/main.cf Telnet into the server and port 25 and send a mail Mail from: Rcpt to: Data Enter data . Quit

configuration
In server: Install ntp and ntpdate sudo apt-get install ntp ntpdate

For the time server send the time to your other machines. Edit the file /etc/ntp.conf on the server. You have to add a line for your network.

broadcast 10.255.255.255

Client: Install ntp and ntpdate sudo apt-get install ntp ntpdate

Edit file: /etc/ntp.conf Add server ntps IP

Start ntp in server and client: Sudo nano /etc/init.d/ntp restart

Testing
To check if ntp is working:

ntpq -c lpeer

NETWORK FILE SYSTEM (NFS)
It is similar to an FTP protocol and used to share the files across the same networks.

Configuration
install the nfs on to server Sudo apt –get install nfs-kernel-server make directory Sudo mkdir /home/anirudh/sharing Sudo chmod 777 /sharing we are making the directory public to all Sudo chmod 777 /home/anirudh editing the exports file having the network address Sudo nano /etc/exports Write the following command /home/anirudh/sharing		10.0.0.0/24 exports sudo service nfs-kernel-service restart

Client end commands ls –l ls test making directory test to share the file of the server mkdir test making the test directory read and write ls –a test mounting the servers directory on to test sudo mount –t nfs 10.0.0.180/home/anirudh/sharing test

Network Information System (NIS)
Network Information System is used for smaller networks. It is used to name the network and for the administration of the system. NIS enables the client and server to have the information about entire system. Applications and files on the network are accessible by the user having the SSID username and password. On a broader view, NIS works in a similar way like DNS and the only difference is that NIS is used for smaller networks. The servers used in the NIS conatin the programs and some administrative tools required for the network.

Configuration of NIS
1. Configuration of NIS server sudo nano etc/hosts.allow in this file add the following portmap ypserv ypbind : list of IP addresses 2. Installation of NIS sudo apt-get install portmap nis 3.Modifying the portmap file sudo nano /etc/default/portmap Replace the line with the following ARGS=”-i 127.0.0.1"

4. Modifying the NIS file sudo nano /etc/default/nis The following line NISSERVER line is changed to NISSERVER = master

5. Modifying the yp.conf file sudo nano /etc/yp.conf Here we add a server line which is as: domain server

6. Modifying the Makefile sudo nano /var/yp/Makefile Here the value of MINDGID is set to 1

7.Modifying the securenets file sudo nano /etc/ypserv.securenets A line is added here to restrict the access to domain numbers. Here after adding the line make sure that u have removed the 0.0.0.0 line.

8. Building the Database sudo /usr/lib/yp/ypinit -m

9. Finally restart the portmap and NIS server sudo /etc/init.d/portmap restart sudo /etc/init.d/nis restart

Integration
We have used Linux ubantu for implementing DHCP,DNS,Webserver, Firewall and backup.We have used the 10.0.0.0/24 network.10.0.0.1 is our default gateway and 10.0.0.255 is the broadcast. All the devices are connected to the network via a switch.

The DHCP server will assign the reserved IPs to the DNS master (10.0.0.55), DNS slave (10.0.0.56), webserver (10.0.0.65) and an ip between 10.0.0.100-200 for the client.

The client after IP assignment will open the web browser and access 10.0.0.65 webpage and the same will be displayed.

The client can also access the webpage with the url, www.adeptmaster.com. The DNS in the network will resolve the name and point it to webserver ip address and the page is displayed.