Data Networking/Fall 2015/XHDB

Group Members
Xiang Cheng Huiyu Huang Danlei Liang Bowei Zhou

Motivation
The project is to establish the internal network and provide relative functions for a company. This project help us understand the theory of the DHCP, DNS, Web Server and so on. While building this network,it showed various things that happen in today's networking world. To finish this project we improve our understanding on the different protocols and we become familar with Linux and solving various real time problems which we met. It also help us to deal with a problem, work as a team and learn various skills.

DHCP
The full name is Dynamic Host Configuration Protocol. The isc-dhcp-server module is used to provide the DHCP service. The DHCP server is used to set the IP addresses pool to assign the IP address to client automatically in this network. All IP addresses of all computers are stored in a database that resides on a DHCP server machine.

DNS
DNS - Domain Name Service (DNS) is a distributed database implemented in a hierarchy of DNS server and it is an application-layer protocol that allows hosts to query the distributed database. In this way, DNS alleviates the need to remember IP addresses. Computers that run DNS are called name servers. The DNS protocol runs over UDP and uses port 53. DNS is employed by HTTP to translate domain name into ip address.

WEB SERVER
Web Server is used to store HTML files. To fulfill the request from clients, web server will response to clients with certain .HTML files. The HTML file, lines of codes, is translated by web browser as a web page and presented to client. Clients usually use web browser, like chrome, or firefox in Linux, and type in a URL in address field to get the web page from web server.

FIREWALL
Firewall is setup on web server for secure matters. If the fire wall is enabled, no one would have the accessibility to servers except some clients and some kinds of services specified by firewall rules. Without active enabling the firewall, anyone could access server and do whatever they like, which would be a horrible situation.

BACKUP
Backup is a very useful way to protect and recover lost data. It will copy all data of daily works in current server and send it to another server in remote. As server is a busy machine as clients increases ad it is possible for the server to crashed by heavy work. Back up is necessary to protect both server and data it generated.

VPN
VPN- virtual private network (VPN) extend a private network that can run over the public network.

NIS
NIS-network information service(NIS) produces a network lookup service including the service of databases and process.

NFS
NFS-network file system(NFS) allow the laptop to mount a disk partition into a remote device as even it is a local disk. Its provides fast files sharing across the same network.

NTP
NTP-network time protocol(NTP) is a kind of protocol which is used to synchronize the clocks of computers to some time reference.

MAIL SERVER
A mail server is a server that handles and delivers e-mail over a network, usually over the Internet. A mail server can receive e-mails from client computers and deliver them to other mail servers. A mail server can also deliver e-mails to client computers. Every email that is sent passes through a series of mail servers along its way to its intended recipient. Although it may seem like a message is sent instantly - zipping from one PC to another in the blink of an eye - the reality is that a complex series of transfers takes place.

Requirements
We have set up DNS master server, DNS slave server, DHCP server, WEB server and a client in a computer, connecting with host only. For DNS server: i. Assigned the static ip address for the server ii. Assigned bind9 dns server iii. Created 5 type A records iv. Used both ipv4 and ipv6 address in my implementation of records v. Created reverse domains in in-addr.arpa and ipv6.arpa vi. Configured the slave DNS server that can automatically update with master DNS server For DHCP server: i. Assigned the static ip address for the DHCP server ii. Used ipv4 and ipv6 address iii. Allocated dynamic network address to the client iv. The client-server protocol For web server & firewall i. Assigned the static ip address for the web server ii. Created a basic page to the server iii. The page is accessible for the client iv. The page is security For back up: i. Automated the process of backing up the data ii. Backup file has been zipped and sent to the different server iii. Backup file has transferred automatically

DHCP sever for IPv4
Firstly, install the isc-dhcp-server. sudo apt-get install isc-dhcp-server Then begin to configure the dhcp server. To Assign IP addresses dynamically, change the /etc/dhcp/dhcpd.conf file, default-lease-time 600; max-lease-time 7200; Then set the network with mask and give the range that can be assigned, along with the IP addresses of the router and dns server in the network: subnet 192.168.22.0 netmask 255.255.255.0 { range 192.168.22.10 192.168.22.30; option routers 192.168.22.1; option domain-name-servers 192.168.22.11; option domain-name-servers 192.168.22.12; } The DHCP server would give the client an IP address from the range 192.168.22.10-192.168.22.30 in an address pool. It will lease an IP address for 600 seconds, and the maximum lease is 7200 seconds if the client or server makes a special request. The server also gives the client the subnet mask 255.255.255.0; the broadcast address 192.168.22.255; the gateway address 192.168.22.1; 192.168.22.11 as its master DNS server and 192.168.22.12 as its slave DNS server. The fixed address is assigned to this server. By using MAC address method can achieve reservation – reserve some of the machines or all the machines with fixed IP address. We set fixed IP addresses for master DNS server (192.168.22.11), slave DNS server (192.168.22.12) and web server (192.168.22.30). Then, restart isc-dhcp-server. sudo /etc/init.d/isc-dhcp-server restart

DHCP server for IPv6
Firstly, install the radvd. sudo apt-get install radvd After istallation, we could create proper configuration in the file ‘/etc/radvd.conf’. And we need to modify the file ‘/etc/sysctl.conf’ to enable IPv6 forwarding by removing the ‘#’ in front of ‘net.ipv6.conf.all.forwarding=1’. Also run this to make the change in the running kernel ‘sysctl –w net.ipv6.conf.all.forwarding=1’. Then we could restart the radvd by donging ’service radvd start’. At this time, client in the network will be assigned an IPv6 address.

DNS Master Server
1.	Install bind9 Install DNS on the device using Ubuntu bind9 packet. Give the server a static ip address. Command: Sudo apt-get install bind9 Nano /etc/network/interfaces 2. Forward zone(ipv4 and ipv6) Add a DNS zone to bind9 and turn bind9 into a primary master server Edit /etc/bind/named.conf.local Allow transfer to the slave server Command: Nano named.conf.local Zone “www.chengx.com”{ 	Type master; 	File “/etc/bind/db.www.chengx.com”; 	Allow-transfer { 192.168.22.12; }; }; use an sample zone to edit the database db.local copy the sample into the special database command: cp /etc/bind/db.local /etc/bind/db.www.chengx.com  edit the new zone file db.www.chengx.com change the localhost to the FQDN of the server leaving the additional “.” at the end  add 4 more forward type A record as below  3. Reverse zone file(ipv4) Set up the zone to resolve name to ip address Edit /etc/bind/named.conf.local Command: Zone “22.168.192.in-addr.arpa”{ 	Type master; 	File “/etc/bind/db.192”; 	Allow-transfer { 192.168.22.11; }; }; create the /etc/bind/db.192 file command: cp /etc/bind/db.127 /etc/bind/db.192  create the PTR record  4. Reverse zone file (ipv6) Add ipv6.arpa in named.conf.local Command: Zone “3.3.3.3.2.2.2.2.1.1.1.1.0.c.e.f.ip6.arpa”{ 	Type master; 	File “/etc/bind/db.ipv6”; }; add db.ipv6 files command: cp db.127 db.ipv6  5. Restart the bind9 Command: Sudo service bind9 restart

Slave DNS Server
1.assigned the static ip address command: nano /etc/network/interfaces 2. edit the named.conf.local add the forward zone and the reserve zone command:. zone "www.chengx.com"{ type slave; file "db.www.chengx.com" masters { 192.168.22.11; }; }; zone "22.168.192.in-addr.arpa"{ type slave; file "db.192"; masters {192.168.22.11; };

};

Web Server
install apache2 as web server: sudo apt-get install apache2 set 192.168.22.20 as the address of web server restart network interface: sudo /etc/init.d/networking restart restart webserver: sudo /etc/init.d/apache2 restart homepage modification: cd /var/www/ls sudo nano index.html

Firewall
use command ufw to configuration firewall without install the firewall, it will work as long as it was default in ubuntu enable firewall: sudo ufw enable sudo ufw allow ssh/tcp allow client to get web page from server via port 80: ufw allow 80 to show the firewall status: ufw status numbered disable firewall: ufw disable we can also allow request from certain ip address client through certain port number: ufw allow IN from 192.168.22.17 to any port 80 once the firewall is enabled, all incoming packets will be blocked except firewall rules, and all outgoing packets will still be allowed by default.

Backup
Make the server can backup everyday automatically on other host. There are 3 parts: Mysql Database, rsync and cron It is able to manage data of web server. Installation command: sudo apt-get install mysql-server

To check whether the Mysql server is running: sudo netstat -tap | grep mysql sudo nano /etc/mysql/my.cnf then change bind-address =192.168.22.20 Then restart: sudo service mysql restart

Copy the files in Web Server to ~/home. mysqldump -u root -p 44 -h --all-databases > /cheng01.sql Rsync with ssh: Install ssh command: sudo apt-get install openssh-server sudo ssh-keygen In Client side terminal: ssh web1@192.168.22.20 then input password.

In Server side terminal: ssh cheng198901@192.168.22.17 then input password.

Rsync Command: rsync -avz -e --delete -e /cheng01.sql cx198901@192.168.22.17:~backup

Cron Install command: sudo apt-get install gnome-schedule sudo crontab -e Edit the file crontab crontab -e 10 00 * * *  bash -x /home/backup.sh

VPN
Set up the PPTP VPN server by installing pptpd package and then edited conf, chap-secrets, rc.local and sysctl files. Connected the client to the VPN server.

NIS
Add the client name and IP addresses to /etc/hosts. Add the line to host.allow, portmap ypserv ypbind : list of IP addresses list of IP addresses is a list of IP addresses that consists of the server and client. sudo apt-get install portmap nis Edit the file /etc/passwd， the file /etc/group， the file /etc/shadow and /etc/yp.conf. Then restart NIS: /etc/init.d/nis restart

NFS
Install nfs-kernel-server in the server： sudo apt-get install nfs-kernel-server Edit file /etc/exports, Find the following lines, /ubuntu *(ro,sync,no_root_squash) /home *(rw,sync,no_root_squash) Replace * with the hostname formats. For security, make the hostname declaration specific, so other unwanted systems cannot access the NFS mount. Start the NFS server, sudo /etc/init.d/nfs-kernel-server start Install nfs-common in the client： sudo apt-get install nfs-common Mount a shared NFS directory from another machine

NTP
sudo apt-get install ntp Then edit the file /etc/ntp.conf.

Mail Server
Postfix is used for Mail Transfer Agent. PostfixAmavisNew is used for Mail filtering. Dovecot is used for Mail Delivery Agent. OpenWebMail is used for Webmail. Mailman is used for Mailing lists. Configure all relative files.

Testing
We connected all the modules in different virtual machines with host-only mode on the same computer. DNS testing was done using dig command on the client. The nslookup resolved to IP in the system. On the client the uRL https://www.chengx.com was accessed and it resolved to webpage was delivered in the client. DHCP was tested by checking the propor IP address assigned to the client on the internal network. Webserver was tested by accessing the link on the client machine. Backup was scheduled to update automatically and its is visible on the remote server where the backup file has to be located in the zip format. The VPN can be tested after configuring the VPN on the server and then establishing the connection between the client and the server. By using point-to-point encryption, the connection can be established between the server and client. Also, the default gateway needs to be mentioned for both. We have used 'df -h' command to check the available disk space on our client server. We have checked the NFS sever manually by creating a file in the server’s home location. And then if we check in the clients mounted location, we can see that the file that has been created in the server is already mounted to the client. So the NFS server's testing is done. To check the NIS server the command is 'rpcinfo -p localhost'. This will show the all running NIS servers components on the machine. The list will consist of the program id, protocol, port number and server name. The mail server was configured in the Webserver. Two users were created in the Mail server. One user was logged in and a mail was sent from the one user to another user. The one user was logged out and another user was logged in. The mail was received by the another user. This shows that the mail server was properly configured.

Future improvements
Use backup server with encryption for sercure protection. Use IPv6 on DHCP and DNS server for future use. The number of parallel connections to a server per client can be restricted using iptables. Improve the functions of the mail server.