Data Networking/Fall 2015/Smarvind

Project Objective
The goal of the Linux task is to plan a system that is powerful, progressive and secure. We plan a DHCP server, a DNS server, a space that has a Web-server and a firewall to make the system more secure. The DHCP server ought to have the capacity to rent IP to customers, the customer ought to have the capacity to get to the site page facilitated by the web program by determining its IP from the DNS and afterwards the Firewall ought to have the capacity to obstruct the customer.

Project Team members
Archit Mathur

Arvind Mohan

Sunny Alagh

Jashangeet Singh

Network elements
Implemented demo network consists of following elements:
 * DHCP
 * DNS
 * WEB SERVER
 * FIREWALL
 * SSH
 * Server Back-Up
 * NFS
 * NTP
 * VPN
 * NIS

Dynamic Host Configuration Protocol (DHCP)
DHCP is a client/server protocol which dynamically assigns IP addresses to clients connected to the network along with other network information such as DNS IP address, default gateway etc. It lets network administrator to centrally manage and allocate IP addresses within the network.

Behaviour of the protocol
It is a customer server convention; which utilizes UDP at port 67. The server progressively allocates IP addresses, subnet mask and gateways to customers from a pool of IP locations given to it.

Signalling
The following steps are taken by DHCP server for IP allocation: 1. To start with, all recently entered host need to find DHCP server. For that, customer sends a revelation demand with customer id 0.0.0.0 and destination location of 255.255.255.255 2. At the point when DHCP server gets a disclosure demand from customer it sends DHCP offer message with legitimate subnet IP addresses accordingly.

3. Recently arrived customer will pick one offer from various accessible offers from diverse DHCP servers and send solicitation to that specific server.

4. That DHCP server will allocate the IP location to the customer and send an affirmation to the customer.

DHCP Configuration
Most widely used DHCP servers are We have used ISC-DHCP-SERVER as it is open source software; which can be freely run on Linux machine and it’s mostly matches its performance environment. Following commands are used to implement DHCP server on ubuntu Linux machine.
 * Windows DHCP server
 * ISC-DHCP-SERVER

1. Update package list sudo apt-get update 2. Install DHCP server sudo apt-get install isc-dhcp-server 3. Make changes into DHCP configuration file sudo nano /etc/dhcp/dhcpd.conf Following changes were made in DHCP file: 4. Configure static IP addresses for Web server and DNS server (as we don’t want DHCP to allocate dynamic IP addresses to these everytime) sudo nano /etc/dhcp/dhcpd.conf
 * While inspecting the dhcpd.conf file locate simple subnet configuration
 * Here, mention Subnet mask, Gateway router, leasing address range for subnet, broadcast address and Default and Max lease time as per your network need



5.	Restart DHCP server to apply the changes. sudo service isc-dhcp-server restart After entering the command in terminal; the server will restart.

Testing
1. DHCP leasing:- The leases on the DHCP server and the IP addresses that has been leased to the client can be verified by using the following command. sudo tail /var/lib/dhcp/dhcpd.leases 2. DHCP LOG: - the log output of DHCP can be verified using this command. sudo tail –f /var/log/syslog

Domain Name System (DNS)
DNS is an application layer convention that permit hosts to determine hostnames to IP address. DNS is for the most part utilized by other application layer convention like HTTP, SMTP and FTP. The hostname-to-IP address interpretation administration acts as expressed underneath:
 * 1) The application in host's side would indicate the hostname that should be deciphered. (gethostbyname is the capacity call that the application uses to perform interpretation in UNIX)
 * 2) DNS then sends an inquiry message into the system. All DNS inquiry and answer messages are sent inside UDP port 53.
 * 3) DNS in the client host gets a DNS answer message that gives the wanted mapping, thus is passed onto the summoned application.

Behaviour of Protocol
DNS is a customer server sort application layer convention which utilizes UDP port 53. DNS customer solicitations host mapping with a DNS ask for bundle and the DNS server brings the comparing record, typifies it in an answer parcel and sends it over UDP.

DNS Server
The authoritative name server of a company holds the records for its web servers, mail servers and canonical names of the servers. These records are configured in the DNS server by registrars certified by Internet Corporation for Assigned Names and Numbers (ICANN).

Signalling
Following steps were performed in DNS request-reply cycle:

1. The client sends a DNS query to the LOCAL DNS.

2. The LOCAL DNS forwards query to the ROOT server and reply will be sent to LOCAL DNS containing NS and A records of corresponding TLD server.

3. The reply will be sent to ROOT DNS server containing NS and A records of corresponding AUTHORATIVE Name Server.

4. The ROOT server will then send a query to the AUTHORITATIVE server & will forward the reply to the LOCAL server.

DNS Configuration
As clarified in DHCP segment, the DNS server is given a static IP address.

A portion of the DNS programming bundles accessible are BIND, Power DNS and Posadis. Among all BIND is broadly utilized and it satisfies all local necessity of DNS usefulness like recursive, legitimate, cacheing name-server and it additionally contains a resolver customer library. While, Power DNS contains two unique bundles to be specific "PowerDNS Authoritative Server" and "PowerDNS Recursor". The later bundle is more defenseless (determined starting now yet at the same time not prescribed by system directors). Posadis ,an open source DNS bundle, however it's not kept up by any group and subsequently not best.

We have utilized BIND programming. The most recent rendition is Bind9.4 which bolsters an accumulate time choice for zone methodology in an assortment of database arrangements. In addition Bind9 additionally beats a few genuine security issues which were available stuck Tough situation 4 and Bind 8. In this manner, Bind9 gives a strong construction modeling to our DNS server.

Taking after steps are utilized to execute DNS server.

1.Update the package list. sudo apt-get update 2.Install bind9. sudo apt-get install bind9 3. Create a forward zone file. sudo cp /etc/bind/db.local /etc/bind/forward.dnlinuxproject.tsm 4. Open file /etc/bind/forward.linuxproject.tsm and edit it. After edition the file will look like below.



5. Create reverse zone file sudo cp /etc/bind/db.127 /etc/bind/reverse.dnlinuxproject.tsm 6. Open file /etc/bind/reverse.dnlinuxproject.tsm & edit it as below.



7. Open /etc/bind/named.conf.local file & add forward and reverse zones.



8. Change nameserver. sudo nano /etc/resolv.conf

9. Restart Bind. sudo service bind9 restart

Web server
Web server is an Information Technology apparatus which forms HTTP asks for and circulates data in World Wide Web. The essential capacity of a web server is to store, process and convey website pages to customers. Web server not as a matter of course dependably intends to be an Internet server, huge associations have their own particular web servers which are utilized for their own particular Local Area Network to join different gadgets inside of organization premises. (e.g. printers, PCs, switches and so on.) For any situation, a server is a dependably ON machine and consequently it must be kept at legitimate temperature to stay away from breakdown because of overheating. A server is a heart of any system. On the off chance that a server comes up short entire system will separate. Consequently, associations regularly utilize a reinforcement server in the event of crisis (hot-standby design).

Behavior of Protocol
Hypertext Transfer Protocol (HTTP) is an Application Layer convention most broadly utilized as a part of today's Internet. It is characterized in RFC 2616 (HTTP/1.1) which was changed into RFC 7230, RFC 7231 , RFC 7232 , RFC 7233 , RFC 7234 and RFC 7235. HTTP/2 is presently a work in progress. Default port for HTTP is 80. In a run of the mill HTTP correspondence, the customer sends a solicitation a page and sets up a TCP association between itself and server by means of three-way handshake process. After the association is builds up, customer demands a website page. Server sends asked for HTTP page over the TCP association. The association is either shut or kept open after the exchange contingent on the sort of association (i.e. industrious or non-determined).

Signalling

 * 1) The client obtains server IP address from DNS server.
 * 2) Client initiates TCP connection by sending SYN message on port 80 of the server.
 * 3) Server responds with SYN-ACK message thereby opening the port for the client to request the information.
 * 4) Client completes three-way handshake process by sending ACK message. It also requests for basic HTML page along with this.

Web server configuration
We have utilized Apache2 Web Server. The primary explanation for picking Apache is that it furnishes more similarity with extra modules and in addition rate and adaptability in little system like the one we have made. Taking after orders are utilized to introduce Web Server on Linux machine.

1. Install Web server Apache2 sudo apt-get install apache2 2. Make a directory sudo mkdir –p /var/www/html/tsm.conf/htmll 3. Make a directory in /etc/apache2/sites-available sudo mkdir tsm.conf 4. Edit tsm.conf and provide with a nameserver or copy the details from 000-default.conf file. sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/tsm.conf sudo nano /etc/apache2/sites-available/tsm.conf 5. Edit the index.html file sudo nano index.html 6. To enable the site sudo a2ensite tsm.conf 7. Server apache2 restart sudo service apache2 restart 8. To check the status sudo netstat –ltnp

Add these commands in the file. ServerAdmin webmaster@dnlinuxproject.tsm ServerName dnlinuxproject.tsm DocumentRoot /var/www/html/tsm.conf/htmll

Firewall
A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on set of rules. We can block certain packets by configuring our firewall to certain rules.

Firewall configuration
IPTABLES: - a set of rules configured on Linux machine terminal. It has some built-in chains. INPUT chain: - for packets coming into the machine OUTPUT chain: - for packets generated inside and going outside of the machine. FORWARD: - for packets routed through the local host

Testing
1.	To list all rules configured in firewall. sudo iptables -L 2.	To flush/remove the rule from iptable. sudo iptables -F





Web Server Backup
To add redundancy to our network and make it robust, we have to implement a backup to our web server. So that if our server fails, whole network will automatically routed to the backup server & hence there will be no black out.

Configuration backup
Backup is needed for the webserver as it is the one hosting the web service. Manual and automatic backup are the two options. But automatic backup is preferred over manual backup as manual backup requires lot of effort and we have to be very careful while taking manual backup as a small mistake can result in the whole data loss.

Two ways of automatic backup configuration in Ubuntu:

Using cron

Cron is the system deamon which is used to perform desired tasks in the background at designated times.

BACULA BACKUP

What is bacula and how it works? Advantages of Bacula over other backups.

Bacula is an open source backup solution which allows us to create backups and to perform data recovery of the systems.

Bacula follows the client-server model but it has lot of components.

Components of the Bacula Server (Backup Server which is bacula based)
 * Bacula Director (BD)
 * Storage Daemon (SD)
 * ConsoleCatalog
 * Catalog Catalog is the service which stores the database of the backup into databases such as mysql or postgresql
 * Storage Daemon
 * Storage daemon is the software that reads and writes all the backup related information
 * Bacula Director (BD)
 * Bacula director is the software which takes care of all the operations and settings performed for the backup of the host.
 * Bacula Console
 * Bacula console is the command line interface which is used to modify all the settings of backup and allows the user to adiminister and control Bacula Director All the four bacula server components i.e Software Daemon (SD), catalog, Bacula Console and Bacula Director works together to perform the backup functionality and they don’t need to be on the same server but they should be together.
 * Bacula Client
 * The bacula client is the server which is to be backed up and bacula client is having a software called File Daemon (FD). This File daemon (FD) provides access to all the data of the client which is to be backed up. Installation Process of Bacula Server (Backup) in Ubuntu:  Install MySQL  Install bacula client and bacula server components  Create backup and restore directories  Configure bacula director  Configure local jobs  Configure file set  Configure storage daemon connection  Configure pool  Configure storage daemon  Configure storage resources  Configure storage device  Verifying storage daemon configuration  Install mysql
 * You have to set password for mysql administration Install bacula client and bacula server components
 * we have to set “internet site” and FQDN (fully qualified domain  name) for the settings of the bacula server and bacula client After specifying the internet site and FQDN (fully qualified domain name) for installing bacula server and bacula client, we have to connect (link) these bacula server and bacula clients to the database, that we have installed, that is, MySQL.  So, while installing the bacula server and bacula client, we will ne prompted with some database related information. It asks for database configuration, we will say “yes” and put password (we set for MySQL Installation) and also, set new password for MySQL application password for bacula director MySQL.  At last, for the installation of the bacula client and bacula server, we have to specify the bacula script that, the bacula director uses to perform all the catalog backup job
 * In this way, baula client and servers are installed and now we have to create backup and restore directories Create backup and restore directories  We have to create backup and restore directories for the bacula backup to work.   Bacula needs backup directory to store all the backup information into it and bacula needs restore directories to place all the files which are restored.   Creating bacula backup and restore directories
 * Now, as it is a backup of all the information, we have to specify permissions to these files to get access from bacula process or a super user only.
 * After creating the backup and restore directories for placing the backup files and placing restored files and also specifying the permissions to access these files by superuser and bacula process, we have to configure bacula director  Configure bacula director  We have to reconfigure various components of the bacula director configuration files in order to get all the bacula backup operations to work correctly   All the configuration files (.conf) are available in the /etc/bacula directory.   To configure bacula director   For reconfiguring bacula director, we have to open bacula director conf file in a text editor
 * entities to configure under bacula director configuration file  Configure local jobs
 * A bacula job is used to perform the backup and restore functions. The details specified in the local jobs of a bacula director configuration file are there, these are the necessary details like which files are to backed up and what are the names of the files etc. We have to define backup files
 * Backupclient1
 * We have to search this name file i.e. backupclient1 and to change its name value to backuplocalfiles
 * We have to define the restore files
 * We have to search for the restorefiles and have to change its name value to restorelocalfiles and have to specify location i.e. where value to be /bacula/restore
 * We have to configure file set
 * All the files which are to be included and excluded for the backup selection are defined in the file set configurations.
 * We have to search for “list of files to be backed up”
 * Under the “list of files to be backed up”
 * We have to go under the resource file name “full set” and into this job…
 * We have to define three things:
 * Add the compression option which will have GZIP value which compresses the backup.
 * Change the include file from /usr/sbin to / in value of file under include sub set.
 * We have to change second exclude file to /bacula  bacula-dir.conf — Update "Full Set" FileSet  FileSet {    Name = "Full Set"    Include {      Options {        signature = MD5       compression = GZIP      }      File = /  }    Exclude {      File = /var/lib/bacula      File = /bacula      File = /proc      File = /tmp      File = /.journal      File = /.fsck    }  }
 * Configuring storage daemon configurations under bacula director configuration file (that is, under bacula-dir.conf) In the bacula-dir.conf file, there are some storage softwares that, defines the storage daemons to which bacula-dir.conf will connect.
 * We have to define the storage address under storage subset of the bacula-dir.comf file Storage {    Name = File  # Do not use "localhost" here    Address = backup_server_private_FQDN                # N.B. Use a fully qualified name here    SDPort = 9103    Password = "ITXAsuVLi1LZaSfihQ6Q6yUCYMUssdmu_"    Device = FileStorage    Media Type = File  }   We have to specify the Private FQDN (fully qualified domain name) in the value of address under storage daemon under the bacula-dir.conf file.
 * We specify the FQDN into the address field of the storage daemon of the bacula-dir.conf file so that, all the remote clients can connect to this address. We have to configure pools under the bacula-dir.conf file  The pool resource of the bacula-dir.conf file defines the set of storage used by bacula to write backups.  We have to just change the name of the label format so that all the backup related information is written over the storage files under this name.
 * Check director configuration after reconfiguring all the daemons of the bacula-dir.conf file, we have to check if all the settings are correct or not.
 * If there are no errors in the configurations of the bacula-dir.conf file, then
 * will result in no syntax errors
 * Configure Storage Daemon
 * We have to configure the storage daemon so that, Bacula knows where to store the backup files. We have to open the SD conf file (bacula-sd.conf file)
 * Configure storage resource
 * Under bacula-sd.conf file and under the storage process  We have to specify, SDAddress as IP Address of the FQDN (fully qualified domain name)   bacula-sd.conf — update SDAddress  Storage {                             # definition of myself    Name = BackupServer-sd    SDPort = 9103                  # Director's port   WorkingDirectory = "/var/lib/bacula"    Pid Directory = "/var/run/bacula"    Maximum Concurrent Jobs = 20    SDAddress = backup_server_private_FQDN  }
 * Configure Storage Device Under the bacula-sd.conf file we have to update the archive device   Archive device =bacula/backup
 * Verify Storage Daemon Configuration After all the configurations, we have to verify are all the configurations under storage daemon are correct or not
 * If there are no errors in the configurations of the bacula-dir.conf file, then
 * will result in no syntax errors
 * Configure Storage Daemon
 * We have to configure the storage daemon so that, Bacula knows where to store the backup files. We have to open the SD conf file (bacula-sd.conf file)
 * Configure storage resource
 * Under bacula-sd.conf file and under the storage process  We have to specify, SDAddress as IP Address of the FQDN (fully qualified domain name)   bacula-sd.conf — update SDAddress  Storage {                             # definition of myself    Name = BackupServer-sd    SDPort = 9103                  # Director's port   WorkingDirectory = "/var/lib/bacula"    Pid Directory = "/var/run/bacula"    Maximum Concurrent Jobs = 20    SDAddress = backup_server_private_FQDN  }
 * Configure Storage Device Under the bacula-sd.conf file we have to update the archive device   Archive device =bacula/backup
 * Verify Storage Daemon Configuration After all the configurations, we have to verify are all the configurations under storage daemon are correct or not
 * Under bacula-sd.conf file and under the storage process  We have to specify, SDAddress as IP Address of the FQDN (fully qualified domain name)   bacula-sd.conf — update SDAddress  Storage {                             # definition of myself    Name = BackupServer-sd    SDPort = 9103                  # Director's port   WorkingDirectory = "/var/lib/bacula"    Pid Directory = "/var/run/bacula"    Maximum Concurrent Jobs = 20    SDAddress = backup_server_private_FQDN  }
 * Configure Storage Device Under the bacula-sd.conf file we have to update the archive device   Archive device =bacula/backup
 * Verify Storage Daemon Configuration After all the configurations, we have to verify are all the configurations under storage daemon are correct or not


 * Restart Bacula Director and Storage Daemons
 * sudo service bacula-director restart
 * sudo service bacula-sd restart
 * sudo service bacula-sd restart

Testing
We have to enter into the bacula console for testing the bacula configurations are Ok or not

by hitting command sudo bconsole we will move into bacula console and it will start with

* Create a label

We have to start with defining a label first After this there occurs a prompt to enter a volume name Enter a volume name •myvolume After that, we have to define the pool to enter into, we will give 2 which says file pool which we have configured. Manually run backup job There occurs a prompt which asks, which job Is to run select backupfiles job, enter number accordingly. Hit enter while checking the run backup job. Check messages and status After running the jobs, there occurs some messages which are the outputs generated by the running jobs. Check these messages (outputs generated by running jobs) Another way to check status of the job is to check status of the director We have to run command status-director at the starting of console If everything is Ok, then, there will be no errors and status will be running.
 * label
 * run
 * messages
 * status-director

CHECK RESTORE JOB

After the backup job is working fine, we have to restore this backup. We can restore the backup using restore command Run Restore all job This will restore all the files from the last backup into the restore directory.
 * restore all

Algorithm
1.	A client enters the network.

2.	The client will send an IP address request to DHCP server.

3.	If DHCP request is successful, DHCP server will reply with an IP address

Else DHCP will reply with ‘request fail.’ This happens when the client moves out of the network suddenly

4.	Client wants to access the web page.

if domain name put in is correct, then the request will be sent to DNS for IP address resolving with its respective type record.

DNS will reply with IP address of the website.

else if 	DNS fails An error message will be displayed saying, ‘server not found.’

Retry

5.	Client accessed the web server. Now he sends HTTP request to the server.

if the request is successful, Web page will be displayed

else Error message like 'no page found' will be displayed.

Retry

Network File System (NFS)
We have utilized Apache2 Web Server. The primary explanation for picking Apache is that it furnishes more similarity with extra modules and in addition rate and adaptability in little system like the one we have made. Taking after orders are utilized to introduce Web Server on Linux machine.

Configuration
Following commands are used to install and configure NFS server as well as client. NFS server 1. To install NFS server sudo apt-get install nfs-kernel-server 2. Make directory which will be shared with clients. sudo mkdir /home/arvindhusky/exp/arvind 3. Open /etc/exports file. This is main NFS configuration file. sudo nano /etc/exports

4. Create a file in the shared directory and then create user and group sudo chown 777 /home/arvindhusky/exp/arvind/

5. Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below /home/arvindhusky/exp/arvind client-ip (rw,sync,no_root_bquash,no_subtree_check) 6. Start the service with following command. sudo /etc/init.d/nfs-kernel-server start 7. To see the directories or files sudo show mount –e

NFS client 6. Install client and dependencies. sudo apt-get install nfs-common 7. Create a directory sudo mkdir -p /home/arvind/NFS 8. Mount the remote share directory on client’s local directory sudo mount 192.168.10.47:/home/arvindhusky/exp/arvind/home/sunny/NFS 9. To check the mounted file mount -t NFS 10. To test NFS and to see mounted file in client side: sudo touch /home/sunny/NFS/1.png

Testing
1. In server, type this command to see shared directories. sudo nano /etc/exports

Configuration
1. Install the NFS server by using below command:

2. Create a directory that can be shared.provide the permissions

3. Create a file in the shared directory and then create user and group

4. Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below

5. Restart the server by using the following commmand

6. To see the directories or files

Virtual Private Network
A virtual private network extends your private network to open network like Internet.It lets the customer unite with the private network and act as though it is associated with an open network, while holding components of private network, for example, usefulness, security and administration strategies. Assets are gotten to in same route as in a private network.

Configuration
1. Install packet ‘pptpd’ sudo apt-get install pptpd 2. Edit file /etc/pptpd.conf as follows sudo nano /etc/pptpd.conf localip  remoteip  3. Edit /etc/ppp/pptpd/options file. sudo nano /etc/ppp/pptpd.options ms-dns 192.168.10.20 4. Set ‘user-id’ and ‘password’ sudo nano /etc/ppp/chap-secrets sunny pptpd tsm *

It will give output as

Add iptables details under rc.local table



Mail Server
Mail server is in charge of getting, sending and dispersing email messages from your PC to others. In Linux we call it 'mail daemon'.

Configuration
To execute mailserver, we have utilized postfix mail administrations with webmail client squirrelmail. This design contains open source bundles which bolster IMAP, SMTP and POP3. This setup likewise ensure against malware and spam; subsequently the bundles satisfies the necessity of fundamental mailserver. To arrange mailserver, after bundles should be downloaded into the framework.

Working:

Testing
1. Send a main through a telnet agent by connecting to the server. 2. we can see the email sent or received by logging into the user through ssh.

Working with an example
We have utilized all Linux machines to actualize different parts like DNS, DHCP, WEB SERVER. We have utilized 192.168.10.0/24 system with 192.168.10.1 as our default portal and 192.168.10.255 as telecast location.

To start with, all gadgets will be associated with the system by means of switch. At that point DHCP will assign IP locations to clients.

Web Server will have 192.168.10.47

DNS will have 192.168.10.20

Presently, client will open his program and attempt to get to the site page.

DNS static IP allocation



Forward and Reverse zone lookup for DNS



Checking the website dnlinuxproject.tsm on browser

Future Improvement
1. Router on a stick configuration could also be done implementing different Vlans

2. LAMP server can also be implemented

3. Samba server could also be implemented enabling file transfer along with additional features.