Data Networking/Fall 2015/Zopgang

Group Members
1) Mitali Vikas Mathure 2) Priyanka Suresh Pawar 3) Neha Sudhir Mahajan 4) Shivani Santosh Jakhi

Motivation
The main objective of this project is to implement a network in real scenario using Linux based operating system on Ubuntu 14.04 by configuring network elements such as DHCP,DNS, Web Server, Firewall and Back-up. Linux is secure, the processing speed is faster as compared to other systems and smart enough to cater the needs of an organization.

DHCP
Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed.

With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation.

The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores the configuration information in a database that includes:

• Valid TCP/IP configuration parameters for all clients on the network.

• Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.

• Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client.

• The lease duration, or the length of time for which the IP address can be used before a lease renewal is required.

DNS
Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain namewww.example.com might translate to 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

Firewall
A firewall is a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules. Firewalls are used to protect both home and corporate networks. A typical firewall program or hardware device filters all information coming through the Internet to your network or computer system. There are several types of firewall techniques that will prevent potentially harmful information from getting through: Packet Filter Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. Application Gateway Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation. Circuit-level Gateway Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Proxy Server Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Web Server
Web servers are computers that deliver (serves up) Web pages. Every Web server has an IP address and possibly a domain name. For example, if you enter theURLhttp://www.webopedia.com/index.html in your browser, this sends a request to the Web server whose domain name is webopedia.com. The server then fetches the page named index.html and sends it to your browser.Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, including public domain software and commercial packages.

Virtual Private Network
VPN means Virtual Private Network, a secure tunnel between two devices. Protect and free yourself online with just 1 click. Express VPN creates a secure tunnel between your computer and every website or application online allowing you to anonymously appear to be anywhere you choose.

Network File System
NFS stands for Network File System, a file system developed by Sun Microsystems, Inc. It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.

Network Time Protocol
Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use.

Project Requirements
DHCP server [isc-dhcp-server]

DNS [bind9] Web server [apache2] Firewall [ip tables] Back up [ssh server].

DHCP
1. Install DHCP Server

sudo apt-get install isc-dhcp-server

2. Install radvd package

apt-get install radvd

3. Set the static IP address of the DHCP server

sudo nano /etc/network/interfaces auto lo   iface lo inet loopback

auto eth0 iface eth0 inet static address 192.168.10.4 netmask 255.255.255.0 gateway 192.168.10.1 network 192.168.10.0 broadcast 192.168.10.255 dns-domain-nameserver 192.168.10.2 dns-domain-search zopgang.com

iface eth0 inet6 static address 2001:db8:0:1::200 netmask 64 gateway 2001:db8:0:f101::130

auto eth1 iface eth1 inet dhcp

auto eth2 iface eth2 inet dhcp

4. Configure the IPv6 and IPv4 forwarding nano /etc/sysctl.conf

net.ipv4.conf.default.rp_filter=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1

5. Make eth0 as the default interface nano /etc/default/isc-dhcp-server

INTERFACES="eth0"

6. Configure the DHCP server for ipv4 nano /etc/dhcp/dhcpd.conf

subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.220 192.168.10.230; option domain-name-servers 192.168.10.2; option domain-name "zopgang.com"; option routers 192.168.10.1; option broadcast-address 192.168.10.255; default-lease-time 600; max-lease-time 7200; }

7. Edit the resolv.conf file sudo nano /etc/resolv.conf nameserver 192.168.10.2

8. Configure the DHCP server for ipv6 nano /etc/dhcp/dhcpd6.conf

default-lease-time 600; max-lease-time 7200; log-facility local7; subnet6 2001:db8:0:1::/64 { # Range for clients range6 2001:db8:0:1::129 2001:db8:0:1::254;

# Range for clients requesting a temporary address range6 2001:db8:0:1::/64 temporary;

# Additional options option dhcp6.name-servers fec0:0:0:1::1; option dhcp6.domain-search "domain.example";

# Prefix range for delegation to sub-routers prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;

# Example for a fixed host address host specialclient { host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45; fixed-address6 2001:db8:0:1::127; }    }

9. Configuration of the radvd module nano /etc/radvd.conf

interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; prefix 2001:0db8:0100:f101::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; };   };

10. Reboot the System

Sudo init 6

11.    Sudo service isc-dhcp-server

12. Restart the DHCP server Sudo service networking restart

DNS
For DNS configuration the following steps are done •	For IPv4

1) Initially the network-manager assigns a dynamic IP address to the port, but servers need to have a static IP address. This can be done changing        the configuration in the “/etc/network/interfaces” file.    sudo nano /etc/network/interfaces

In this file we need to add the address for the port required and save it using cntrl + X followed by Y.

auto lo    iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.10.2 netmask 255.255.255.0 network  192.168.10.0 broadcast 192.168.10.255 gateway  192.168.10.1

2) After changing the /network/interfaces file reboot the system by the following command

sudo init 6

3) Restart the network-manger   sudo service network-manger restart

4) Install the bind9 server    sudo apt-get install bind9

5) After installing the bind9 server we need to make changes in the configuration file in the Bind directory.   cd /etc    cd bind    sudo nano named.conf.options

6) In the named.conf.options we need to add the forwarders   forwarders    {     192.168.10.1;    8.8.8.8;    8.8.4.4;    };

7) Configure forward and reverse lookup zones in the named.conf.local   sudo nano named.conf.local    forward lookup zones    zone “zopgang.com”    { type master;    allow-transfer {192.168.10.3;};    file “/etc/bind/zones/zopgang.com.db”;    }    reverse lookup zone for IPv4     zone “10.168.192.in-addr.arpa”    {    type master;    allow-transfer {192.168.10.3;};    file “/etc/bind/zones/rev.10.168.192.in-addr.arpa”;}    };

8) Create a sub directory called ‘zones’ and create forward and reverse database files   $TTL    604800    @       IN      SOA     zopgang.com. root.zopgang.com. ( 2        ; Serial 604800        ; Refresh 86400        ; Retry 2419200        ; Expire 604800 )      ; Negative Cache TTL   ;   @                     IN      NS          neha.zopgang.com.   @                     IN      NS          ns2.zopgang.com.   neha                  IN      A           192.168.10.120   neha                  IN      AAAA        2001:db8:0:1::124   ns2                   IN      A           192.168.10.3   pri                   IN      A           192.168.10.110   pri                   IN      AAAA        2001:db8:0:1::125   www                   IN      CNAME       neha

9) Create the reverse lookup database file  ; BIND data file for local loopback interface   ;   $TTL    604800   @       IN      SOA     zopgang.com. root.zopgang.com. ( 4        ; Serial 604800        ; Refresh 86400        ; Retry 2419200        ; Expire 604800 )      ; Negative Cache TTL   ;   @       IN      NS      neha.zopgang.com.   @       IN      NS      ns2.zopgang.com.   120     IN      PTR     neha.zopgang.com.   110     IN      PTR     pri.zopgang.com.

10) Set the nameservers in the resolv.conf file   sudo nano /etc/resolv.conf    nameserver 192.168.10.2     nameserver 192.168.10.3     search zopgang.com

11) Restart the bind9 server    sudo service bind9 restart

12) For the slave server repeat steps 1 to 6 and in the named.conf.local file include the following commands    sudo nano named.conf.local

zone "zopgang.com" {    type slave; masters {192.168.10.2;}; file "/etc/bind/zones/zopgang.com.db"; };

zone "10.168.192.in-addr.arpa" {    type slave; masters {192.168.10.2;}; file "/etc/bind/zones/rev.10.168.192.in-addr.arpa"; };

13) Configure the resolv.conf file as in step 10 and restart the bind9 server.

•	For IPv6

1) Set static IPv6 address to the master and slave server by the following commands

sudo nano /etc/network/interfaces auto eth0 iface eth0 inet6 static address 2001:1200:aaaa:bbbb::254 netmask 64 gateway 2001:1200:aaaa:bbbb::1

2) In the named.conf.local file add the reverse IPv6 domain for master and slave.

In the master configuration file add zone "1.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {  type master; allow-transfer {192.168.10.3;}; file "/etc/bind/zones/rev.ip6.arpa"; };

In the slave configuration file add zone "1.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {  type slave; masters {192.168.10.2;}; file "/etc/bind/zones/rev.ip6.arpa"; };

3) In the zones directory add the IPv6 reverse zone database file in the master dns server    ;    ; BIND data file for local loopback interface    ;    $TTL    604800    @       IN      SOA     zopgang.com. root.zopgang.com. ( 3        ; Serial 604800        ; Refresh 86400        ; Retry 2419200        ; Expire 604800 )      ; Negative Cache TTL   @                                    IN      NS      neha.zopgang.com.   @                                    IN      NS      ns2.zopgang.com.   4.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0      IN      PTR     neha.zopgang.com.   5.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0      IN      PTR     pri.zopgang.com.

4) Restart both master and slave dns servers.

Web Server
1. Install apache2 install apt-get install apache2

2. Check webserver is listening on which port Netstat –an | more sudo /etc/init.d/apache2 stop

3. Recheck if the same port is removed from the list sudo /etc/init.d/apache2 restart

4. Go to html directory and open index.HTML file present in var/www/html/index.html to edit the web page sudo nano index.html

5. HTML file can be edited as required.

Firewall
1. Check from any client or device on the same network, whether it can ping to this device (using cmd). It should reach.

2. View the iptables listed Sudo iptables –L

3. Block icmp requests to check protocol filtering sudo iptables –A INPUT –p icmp –j REJECT

4. Blocks all HTTP requests from a particular client or device sudo iptables -A INPUT -p tcp –s 192.168.10.4 --dport 80 –j REJECT

4. Ping from any device connected to the same network. It will not be able to reach the device due to firewall.

Backup Server
1. Install ssh server sudo apt-get install openssh-server

2. Install ssh client on another VM   sudo apt-get install openssh-client

3. Generate public and private keys in the client sudo ssh-keygen -t rsa

4. Copy the public key to ssh server ssh backupserver @192.168.10.121 mkdir -p .ssh cat .ssh/id_rsa.pub | ssh backupserver@192.168.10.121 'cat >> .ssh/authorized_keys'

5. For executing backup. sudo tar -cvpzf minutebackup.tar.gz /var/www/html/index.html

6. For executing automatic backup sudo crontab –e * * * * * sudo tar -cvpzf minutebackup.tar.gz /var/www/html/index.html * * * * * sudo scp minutebackup.tar.gz backupserver@192.168.10.121/home/backupserver/

Virtual Private Network
1. Installating the pptpd server sudo apt-get install pptpd

2. Coniguring the pptpd file sudo nano /etc/pptpd.conf In this file we need to update the IP of the server and the IP of the client

3.Configuring the DNS server The DNS is configured for the scenario when the clients try to connect to pptp server. Sudo nano /etc/ppp/pptpd-options

4. Updating the VPN users in the chap-secrets file Sudo nano /etc/ppp/chap-secrets

5. On configuring the pptp server,it has to be restarted so that all the settings can take effect. sudo /etc/init.d/ppptpd restart

Mail Server
1. Update the Ubuntu OS with packages

sudo apt-get update sudo apt-get update --fix-missing 2. Install Postfix & Dovecot

sudo apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd dovecot-pop3d squirrelmail 3. Restart the mail server

sudo nano /etc/bind/named.conf.local invoke-rc.d bind9 restart 4. Check it using nslookup & dig tool

nslookup mail.zopgang.com dig mail.zopgang.com 5. Moving the configuration file to dovecot-core

sudo mv /etc/apache2/sites-available/mail /etc/apache2/sites-available/mail.com a2ensite mail 6. Restart the Apache server

invoke-rc.d apache2 restart 7. Reconfigure Postfix

dpkg-reconfigure postfix system mail name-mail.zopgang.com 8. Editing the configuration file for apache & dovecot

sudo nano /etc/squirrelmail/apache.conf

sudo nano /etc/dovecot/dovecot.conf protocol= imap pop3 #disable-plaintext_auth=no mail_location= mbox:~/mail: INBOX=/var/mail/%u mail_location= maildir:~/Maildir 9. Kill all the processes

killall named killall apache2 killall dovecot 10. Set the static IP address for the mail server

ifconfig eth0 192.168.0.1 netmask 255.255.255.0 ifconfig eth0 up 11. Restart all the processes

invoke-rc.d bind9 restart invoke-rc.d postfix restart invoke-rc.d dovecot restart 12. Add users & assign them passwords

Network file System (NFS)
Steps to configure NFS Server

1. Update repository

sudo apt-get update 2. Install NSF package

sudo apt-get install nfs-kernel-server 3. Create directory to share

sudo mkdir/home/neha/nfsserver 4. Configuring /etc/exports for NFS

sudo nano /etc/exports /shome 192.168.1.0/24 (rw,sync,no_root_squash) 5. Start the service

sudo /etc/init.d/nfs-kernel-server start 6. Check the status of the NFS share status

sudo exportfs -u 7. Restart the server

sudo service nfs-kernel-server restart

Steps to configure NFS Client

1. Install NFS for client and its dependencies

sudo apt-get update sudo apt-get install nfs-common rpcbind 2. Create a directory

sudo mkdir/home/nfsclient 3. Mounting the remote share /home on local directory /home/nfsclient

sudo mount 192.168.10.42:/shome/home/neha

Network Time Protocol (NTP)
1. Install NTP packages sudo apt-get install ntp sudo apt-get install ntp ntpdate 2. Edit the ntp configuration file sudo nano /etc/ntp.conf server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com 3. To start, stop, restart the ntp server

sudo service ntp start sudo service ntp stop sudo service ntp restart

Future Scope
1.	We could implement a secondary DNS server in the network so that if the first DNS server fails, then all the queries directed towards the      first DNS server will be forwarded towards backup server and will be successfully resolved.

2.	We would implement NIS which is a central directory of user and group information which acts as a global user client list.

3.	Routers can be added to the present configuration to see the communication between two different hosts on two different subnets, which is a real life scenarios.