Data Networking/Fall 2015/FWZZ

Group Members
Changhao Fu Yuxi Zhang Xindi Wang Yunlu Zhou

Motivations
The project requirement is to develop our own local area network and work on it. In the network, we are asked to build a DHCP Server, a Master DNS Server, a Slave DNS Server, a Web Server and a Back Up Web Server.

DHCP
Dynamic Host Configuration Protocol is a network service that enables a server automatically assign dynamic IP addresses to the hosts in the same network. A DHCP server can also provide DNS server’s IP address, subnet mask and default gateway to the hosts. DHCP protocol is widely used because it reduces the need for a network admin to assign IP addresses manually.

DNS
Domain Name Server provides the maps of IP address and domain name, it is used to translate the domain names to IP addresses of the URL. In the project, we use a slave DNS server to provide domain name translation when the master DNS server is crashed.

Web Server
When clients type URL and request web pages on Web Browser applications, the web server is used to response web pages and image files requested. HTTP (the Hypertext Transfer Protocol) is the foundation of data communication for the World Wide Web.

Firewall
A firewall is a network security system which controls incoming and outgoing network communication.

Backup
A backup web server can automatically back up the data from the web server. When the web server is crashed, the backup server is used to provide the web service. In the project, we use SSH, rsync and cron to realize the backup function.

VPN
A Virtual Private Network extends a private network across another network. It provides a safe connection over an unsafe Internet.

NIS
The Network Information Service is a directory service protocol used to distribute system configuration information between computers in the same network. NIS is for remote login.

NFS
The Network File System is a distributed file system protocol, which allows computers in the same network to share local storage.

Mail Server
A Mail Server is used to deliver e-mails over networks, it can deliver e-mails to client hosts and receive e-mails from other hosts.

NTP
Network Time Protocol is used for clock synchronization between computer systems. In the project, we use NTP service in the web server.

The Requirements
1.DHCP Server: The DHCP server can allocate dynamic IP addresses to clients from an address pool. The DHCP server can assign static IP addresses to particular devices, such as DNS Server, Web Server and Slaved DNS Server. Use IPv4 and IPv6 addresses in the implementation of DHCP.

2.DNS Server: Use Bind9, Posadis or PowerDNS to configure DNS Server. Create 5 DNS records and use IPv4 and IPv6 addresses in the records. Create reverse domains in in-addr.arpa and ipv6.arpa. Configure a slave DNS server which can automatically update with master DNS server.

3.Web Server & Firewall: The web page is accessible to the clients in the same network. The server is safe when using firewall.

4.Back Up: The web server can send the backup file to a different server, and the back up server can automatically back up the data.

DHCP in IPv4
Step 1. Install isc-dhcp-server: sudo apt-get install isc-dhcp-server Step 2. Edit "/etc/dhcp/dhcpd.conf": Allocate the static ip address for DNS Server, DNS-Slave, Web Server and auto ip address for clients. Step 3. Edit "/etc/default/isc-dhcp-server": INTERFACES="eth0" Step 4. Edit "/etc/network interfaces": Allocate a static IP for DHCP Server. Step 5. Restart the interfaces: sudo /etc/init.d/networking restart Step 6. Restart DHCP server: sudo service isc-dhcp-server restart

DHCP in IPv6
Step 1. Install radvd: sudo apt-get install radvd Step 2. Edit "/etc/radvd.conf": interface eth0 { AdvSend Advert on; AdvManagedFlag on; AdvOtherConfigFlag on; prefix fecb:aaaa:bbbb:cccc::/64 { AdvOnLink on; AdvAutonomous on; };               };

Step 3. Open the forwarding function of ipv6: sysctl –w net.ipv6.conf.all.forwarding=1 Step 4. Edit "/etc/network interfaces": Allocate a static IPv6 for DHCP Server. Step 5. Start radvd: sudo service radvd start

Master DNS Server
Step 1 : Install bind9 on master DNS server: sudo apt-get install bind9 Step 2 : Configure "zone" in the "/etc/bind/named.conf.local". Step 3 : Config "db.fch.com", "db.172" and "db.ipv6" file.

Slave DNS Server
Step 1 : Install bind9 on slave DNS server: sudo apt-get install bind9 Step 2 : Configure "zone" in the "/etc/bind/named.conf.local".

Web Server
Step 1 : Install Apache2: sudo apt-get install apache2 Step 2 : Config “/etc/apache2/sites-available/000-default.conf” file: ServerAdmin webmaster@172.16.30.130 DocumentRoot /var/www/index.html Step 3 : Config “/var/www/index.html” file. Step 4 : Restart apache2: /etc/init.d/apache2 restart

Firewall
Step 1 : Allow entries: sudo ufw allow ssh sudo ufw allow proto tcp from 172.16.30.0/24 to any port 80 sudo ufw allow from 172.16.30.120 to any port 53 sudo ufw allow from 172.16.30.6 to any port 68 Step 2 : Enable the ufw service: sudo ufw enable

SSH
Step 1. Create public key: ssh-keygen Step 2. 1.	Exchange the public key to the backup PC: ssh-copy-id root@172.16.30.121

Rsync
Transmit web server’s file to backup computer: rsync –avz –delete –e ssh /var/www root@172.16.30.121:/home/backup

Cron
Step 1. Install cron in web server: sudo apt-get install gnome-schedule Step 2. Configure crontab, set to synchronize files to backup computer every minute.

VPN
Step 1. Install pptpd sudo apt-get install pptpd Step 2. Configure /etc/pptpd.conf, set up local ip and remote ip. Step 3. Configure /etc/ppp/pptpd-options, set up DNS server. Step 4. Configure /etc/ppp/chap-secrets, set up username, servername, password. Step 5. Edit /etc/sysctl.conf, setup IP forwarding.

NIS Server
Step1. Install nis: sudo apt-get install portmap nis Step2. Open the file "/etc/default/nis" and add: 255.255.255.0   172.16.30.7 Step3. Open the file "/etc/hosts" and add: 172.16.30.120    wangxindi Step4. Start the Server: service ypserv start

NIS Client
Step1. Install nis: sudo apt-get install portmap nis Step2. Open the file "/etc/yp.conf" and add: domain changhao server wangxindi.changhao Step3. Open the file "/etc/nsswitch.conf" and add "nis" at the end of these lines: Passwd: compat nis group: compat nis shadow: compat nis hosts: files dns nis Step4. Star the Client: sysv-rc-conf ypbind on          reboot

NFS Server
Step1. Install nfs-kernel-server on the NFS server: sudo apt-get install nfs-kernel-server Step2. Configure the file /etc/exports, set the shared_server to the NFS Server. Step3. Start the NFS server: sudo service nfs-kernel-server start

NFS Client
Step1. Install nfs-common on the NFS Client: sudo apt-get install nfs-common Step2. Mount the server’s folder to the client’s folder: mount 172.16.30.130:/export/shared_server /home/zhouyunlu/export/nfsclient

Mail Server
Step 1. Install postfix sudo apt-get update sudo apt-get install postfix Step 2. Configure postfix in "/etc/postfix/main.cf", set hostname Step 3. Set up file /etc/postfix/virtual. Add specific mail name and username.

NTP
Step1. Install ntp: sudo apt-get install ntp Step2. Open "/etc/ntp.conf" and add: Server 4.us.pool.ntp.org Step3. Restart ntp: sudo service ntp restart

Test DHCP Server
Use "ifconfig" to see whether DHCP Server can allocate static or auto IP addresses for Servers or Clients.

Test DNS Server
1. If we have master DNS server and slave DNS server in the network at the same time, nslookup will return the web server's IP and the master DNS server's IP. 2. If the slave DNS server works only, nslookup will return the web server's IP and the slave DNS server's IP.

Test Web Server
1.The client can open the webpage when enter 172.16.30.0. 2.The client can open the webpage when enter fch.com.

Test Back Up
Modify HTML files in web server. After a minute, the HTML files in backup computer is also modified automatically.

Test Firewall
Enter this command to delete an entry: sudo ufw delete allow proto tcp from 172.16.30.0/24 to any port 80 Then the client could not open the web page.

Test VPN
Configure vpn at a client, the IP will be changed to the IP configured in the VPN server.

Test NFS
1.At first, the NFS client's folder only has one file. 2.In the NFS server's folder, we add a new file. 3.In the NFS client's folder, we can see it also adds the same file, which means the NFS service is working.

Test Mail Server
Send mail from the mail server to gmail, it can receive the mail.

Future Prospects
PPTP is fast and stabilize. By default, PPTP does not implement any encryption. Its security function is based on point-to-point protocol which capacity only can encrypt 128-bits data. Therefore, PPTP is vulnerable in security issues. For preventing any security flaw, we can implement extra authentication our VPN client. For instance, we can use EAP-TLS and PEAP for authentication. We can find a way to set up encryption for PPTP tunnels as well. Although we can send mail through postfix in the domain name fch.com which we had set up, we have not set up SMTP authentication. Thus, mail server may be unsafe and vulnerable under attack. For future improvement, we can configure postfix to set up SMTP authentication through SASL. For implementing SASL, we need to install libsasl2-2, sasl2-bin and libsasl2-modules. Change the file path for fitting the file path which stores electronic mail. We can also enhance secure level by using port 587 instead of port 25. In addition, we can set up dovecot server to configure IMAP. It includes a mail delivery agent. After setting up dovecot, client can receive mail through proxy. It is more convenient for client to manage their electronic mails. For webserver, we can set up SQL for store web files, then backup SQL to backup computer. It will be more easily to manage web server.