Data Networking/Fall 2016/SARA

Motivation
This project builds a deeper understanding of basic Networking fundamentals through practical implementation of a Domain Name System Server (DNS), Dynamic Host configuration Protocol Server (DHCP), Web Server, Firewall, Backup Server. The concepts that are part of the Data Networking class (TELE5330) became clearer through the implementation of this project. The aim of this project is to deliver a complete network solution in which the servers and clients will be able to obtain an IP address from the DHCP server, and then with the help of our DNS Server, the users within our network should be able to successfully fetch the web page that is being host in our own web server... Moreover, we will implement and configure extra networking tools like firewall, backup server etc. to provide a robust, secure, intelligent inter-networking scheme that could be used at any company or organization.

Team Members
1.	Shriya Kane

2.	Aditya Kulkarni

3.	Rohit Dongare

4.	Amruta Kondra

Domain Name System
DNS resolves domain names into corresponding IP addresses also vice versa. It runs over primarily on UDP and on TCP on port number 53. Reverse look up is facilitated by in-addr.arpa. It follows hierarchical system of Local name servers, Root name servers, Top level domain (TLD) servers and Authoritative name servers. Generally, queries from host to local name server are recursive and rest all are iterative. Resource record is a four-tuple: {Name, Value, Type, TTL}

1.	A: Name is hostname and Value is IP address.

2.	AAAA: Name is hostname and Value is IPv6 address.

3.	NS: Name is hostname and Value is the hostname of the authoritative server.

4.	CNAME: Value is the canonical name for a Name hostname.

5.	MX: Translation of an alias mail server to its canonical name.

6.	PTR: Gives IP address to hostname translation.

Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol is a client/server protocol that automatically assigns IP-addresses to client machines. It also provides related configuration information like the subnet mask, DNS server, default gateway etc. DHCP is controlled by a DHCP server which helps in automatic allocation of the IP addresses to the machines from a defined range of IP's for a given network.

There are 3 ways of IP address allocation:
 * 1) Static Allocation:-IP addresses are assigned statically and remain fix until changes are made by the network administrator.
 * 2) Dynamic Allocation:-IP addresses are assigned to the machines from a specified IP address range in the DHCP server.We can assign both IPv4 and IPv6 addresses.In dynamic allocation to avoid wastage of IP addresses, we need to provide a suitable subnet mask for correct IP address allocation.
 * 3) Automatic Allocation:-Same IP address is allocated when a machine connects to a network.

Webserver & Firewall
A Webserver is a program that uses HTTP to respond to requests made by clients. A computers browser acts as a client which makes a request to a server. The Server can be requested using the fixed IP address of the server as well. Since it is difficult for users to remember the IP address of servers the fixed IP address is mapped with to a unique name using the DNS server. In this case the fixed IP address of the server is 10.10.10.5 and the name it is mapped to is Linuxsara.com. The secondary web server IP 10.10.10.6 is also mapped to the same name. Apache2 is one of the most commonly used web server. This web server is sed to serve Web pages requested by client computers.

A firewall is a network security implementation that allows or denies specific network traffic to the monitored incoming and outgoing traffic. Ubuntu has an inbuilt firewall called “uncomplicated firewall”- ufw. By default, ufw is disabled. We need to enable ufw and add the specific commands to allow or deny IP addresses and protocols.

Backup Server
In order to prevent the loss of data due to any unforeseen events backing up of the data is of at most importance. System backup provides security to the network by retaining compressed versions of the filesystems of various nodes in the network.The web server has to create a backup of its files and store in a remote server. In the event of system crash, corruption or failure, the filesystem can be restored from the backup that was stored beforehand. Systems backups are taken as frequently as desired.

Domain Name System
1.	DNS request is sent to Local DNS server.

2.	Local DNS forwards the query to Root name server.

3.	Root name server responds with the A record for TLD server.

4.	Local DNS then sends query to TLD.

5.	TLD responds with NS and A record for the Authoritative server.

6.	Local DNS then queries Authoritative server and it in turn responds with the A record for the queried hostname.

7.	Local DNS then responds with that reply from Authoritative server to the client.

Dynamic Host Configuration Protocol
DHCP signalling:-

DHCP is a connection-less service model which uses UDP (User Data-gram Protocol). DHCP uses two UDP ports for its operations, 67 is used by the DHCP server and 68 is used by the DHCP client. These ports are similar to the BOOTP protocol.

The DHCP operates as follows:-

1) DHCP DISCOVER: The DHCP server starts with a client broadcasting a request using a destination address or a specific subnet broadcast address.This is the IP address lease request.

2) DHCP OFFER: Once the DHCP server receives the DHCPrequest from the client, the server reserves an IP address for that client and makes the lease offer by sending a DHCPOFFER message to the client. The DHCP OFFER message contains the MAC address of the client, the leased IP address, the subnet mask, the lease duration and the the IP address of the DHCP server.

3) DHCP REQUEST: In response to the DHCPOFFER message, the client replies with a DHCPREQUEST to the server,requesting the offered address.The client can receive DHCP offers from multiple DHCP servers,but the client accepts only one offer. The servers are informed about whose offer is accepted by the client.When the other servers receive this message, they withdraw their offer and send back the offered IP address back to the IP pool.

4) DHCP ACKNOWLEDGEMENT: When the DHCP server receives the DHCPREQUEST message from the client,the configuration goes into the final state.In this phase a DHCPACK packet is sent to the client.This packet has the information about the lease duration and other details requested by the client.

Web Server
1.Download the apache2 package for webserver.

2.After the package is installed, the Apache 2 web server is started.

3.Change the directory if desired. (It has been done in this project)

4.The web page of the server is changed and restarted.

5.Add specific address to web server port.

6.To listen only on specific IP address we add commands to ensure web server listens only on specific IPv4 and IPv6 address. Server listens on port 80.

7.Backup data in compressed form which the backup server can retrieve when required.

Firewall
1. The IP tables are configured in the web server.

2. The HTTP response and HTTP request from the web server are accepted, forwarded or rejected based on the IP tables.

Backup Server
1. The web server backs up its data with backup server.

2. It retrieves the compressed data of .zip file format by using rsync command and with the help of ssh protocol, the data is synced between the web server and the backup serve

3. All these commands are automated using crontab

The Requirements

 * Implement a DHCP server that assigns IP addresses to the clients in the network
 * Implement a web server that hosts a web page
 * Implement a master DNS server and a slave DNS server
 * Ensure that the clients in the network can access the web pages in the server by getting the name-to-IP address resolved by the DNS server
 * Create backups of the webpages of the web server to another backup server on the network

Hierarchy
Dynamic Host Configuration Protocol (DHCP)

1. When a clients joins a private network, the Dynamic Host Configuration Protocol(DHCP) assigns an IP address based on the DHCP pool to the client. 2. The client initially sends an DHCP discover message to determine the DHCP server. 3. The DHCP server broadcasts a DHCP Offer message to the client with an IP address. 4. The client sends an DHCP request with the required IP address in the pool of IP address. 5. The DHCP server acknowledges the IP address by sending an DHCP Acknowledgement message back to the client.

Client -> DNS Server -> Client

1.Client sends HTTP request to web server by its URL. 2.DNS request is sent to the appropriate DNS server 3.Client receives DNS response with the corresponding IP address for the web server.

Web Server

1.Using the IP address corresponding to the particular Domain name the Client sends a HTTP request to the Web Server. 2.The Web server responds to the Client with its HTML page 3.Web server creates a Backup zip file.

Backup Server

1. The web server backs up its data with backup server. 2. By using rsync command and with the help of ssh protocol, the data is synced between the webserver and the backup server. 3. All these commands are automated using crontab.

DNS
BIND9 DNS server is used. Master and slave configuration is implemented in which slave is updated automatically with the master DNS. Both forward and reverse look ups have been implemented.

Steps to configure Master DNS server:

1.Installing BIND9 DNS server:

sudo apt-get install bind9 bind9utils bind9-d

2.Change hostname:

sudo nano /etc/hostname primary

3.Edit hosts file:

sudo nano /etc/hosts 127.0.0.1      localhost 10.10.10.2     primary.linuxsara.com primary

4.Edit file

sudo nano /etc/resolvconf/resolv.conf.d/head nameserver 10.10.10.2 nameserver 10.10.10.3 search linuxsara.com

5.Edit this file to configure forwarders:

sudo nano /etc/bind/named.conf.options forwarders { 10.10.10.1;        };

6.Create forward and reverse zones:

sudo nano /etc/bind/named.conf.local # Forward zone zone "linuxsara.com" { type master; file "/etc/bind/zones/db.linuxsara.com"; allow-transfer {10.10.10.3;}; };

# Reverse IPv4 Zone zone "10.10.10.in-addr.arpa" { type master; file "/etc/bind/zones/db.10"; allow-transfer {10.10.10.3;}; };


 * 1) Reverse IPv6 Zone

zone "1.0.1.f.0.0.1.0.8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/bind/zones/db.2001"; allow-transfer {10.10.10.3;}; };

7.Create folder ‘Zones’

sudo mkdir /etc/bind/zones

8.Copy contents of local hostname file to the file ‘db.linuxsara.com’

sudo cp /etc/bind/db.local /etc/bind/zones/db.linuxsara.com

9.Edit ‘db.linuxsara.com’ file to create records for forward and reverse zones

sudo nano /etc/bind/zones/db.linuxsara.com ; BIND data file for linuxsara.com ;       $TTL    604800 @      IN      SOA     primary.linuxsara.com. admin.linuxsara.com. (                             7         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL ;       @       IN      NS      primary.linuxsara.com. @      IN      NS      sec.linuxsara.com. @      IN      A       10.10.10.5 @      IN      A       10.10.10.6 primary IN     A       10.10.10.2 sec    IN      A       10.10.10.3 sloth  IN      A       10.10.10.5 sloth  IN      A       10.10.10.6 www    IN      CNAME   sloth.linuxsara.com. web   IN      AAAA    2001:0dbd:0100:f101::5

10.Copy contents of local hostname file to ‘db.10’

sudo cp /etc/bind/db.127 /etc/bind/zones/db.10

11.Edit ‘db.10’ to add reverse records.

sudo nano /etc/bind/zones/db.10 ; BIND reverse data file for linuxsara.com ;       $TTL    604800 @      IN      SOA     primary.linuxsara.com. admin.linuxsara.com. (                             1         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL ;       @       IN      NS      primary.linuxsara.com. @      IN      NS      sec.linuxsara.com. 5      IN      PTR     linuxsara.com. 6     IN      PTR     linuxsara.com. 2      IN      PTR     primary.linuxsara.com. 3      IN      PTR     sec.linuxsara.com.

12.	Create file ‘db.2001’ in a same way as created for IPv4 sudo nano /etc/bind/zones/db.2001

; 2001:db8:acad:abcd::/64 ; ; $TTL 1h ; Default TTL @      IN      SOA     primary.linuxsara.com. admin.linuxsara.com. (       2016120301      ; serial        1h              ; slave refresh interval        15m             ; slave retry interval        1w              ; slave copy expire time        1h              ; NXDOMAIN cache time        )

; ; domain name servers ; @      IN      NS      primary.linuxsara.com. @      IN      NS      sec.linuxsara.com.

; IPv6 PTR entries 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0   IN    PTR    web.linuxsara.com. 0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0   IN    PTR    web.linuxsara.com.

Steps to Configure Slave DNS Server:

Repeat steps from 1 to 5.

Create forward and reverse zones:

sudo nano /etc/bind/named.conf.local

zone "linuxsara.com" { type slave; masters {10.10.10.2;}; file "/etc/bind/zones/db.linuxsara.com"; };
 * 1) Forward zone
 * 1) Reverse IPv4 Zone

zone "10.10.10.in-addr.arpa" { type slave; masters {10.10.10.2;}; file "/etc/bind/zones/db.10"; };


 * 1) Reverse IPv6 Zone

zone "1.0.1.f.0.0.1.0.8.b.d.0.1.0.0.2.ip6.arpa" { type slave; file "/etc/bind/zones/db.2001"; masters {10.10.10.2;}; };

Testing

1.Use ‘nslookup’ command to query DNS server for multiple hostnames.

Example: nslookup linuxsara.com nslookup www.linuxsara.com nslookup sloth.linuxsara.com

2.Use ‘dig’ command for the detailed analysis of DNS records and authoritative servers

DHCP
STEPS TO CONFIGURE DHCP server for IPv4:-

Step 1: Update all the packages

sudo apt-get update

Step 2: Install DHCP server

sudo apt-get install isc-dhcp-server

Step 3: Edit the configuration file

cd /etc / dhcp / dhcpd.conf

sudo nano dhcpd.conf

subnet 10.10.10.0 netmask 255.255.255.0 { range 10.10.10.30 10.10.10.50; option domain-name-server 10.10.10.2, 10.10.10.3; option domain-name "linuxsara.com"; option routers 10.10.10.1; option broadcast-address 10.10.10.255; default-lease-time 21600; max-lease-time 43200; }

static IP address using DHCP

host PrimaryDNSserver{ hardware ethernet 00:0c:29:aa:ef:29; fixed-address 10.10.10.2; }

host WEBserver{ hardware ethernet 00:0c:29:87:26:23; fixed-address 10.10.10.5; }

host Backupserver{ hardware ethernet 00:0c:29:67:FF:83; fixed-address 10.10.10.10; }

host SecondaryDNSserver{ hardware ethernet 00:0c:29:6d:66:03; fixed-address 10.10.10.3; }

STEP 4: edit the interface

sudo nano /etc/default/isc-dhcp-server INTERFACES="eth0"

STEP 5: Assign a static IP to ETH0

sudo nano /etc/network/interfaces #Static IP for DHCP (IPV4) auto eth0 iface eth0 inet static address 10.10.10.4 netmask 255.255.255.0 gateway 10.10.10.1 network 10.10.10.0 broadcast 10.10.10.255 dns-domain linuxsara.com dns-search linuxsara.com dns-nameservers 10.10.10.2 10.10.10.3
 * DNS

STEP 6: Restart the interfaces and the DHCP server

sudo /etc/init.d/networking restart sudo service isc-dhcp-server restart sudo service isc-dhcp-server start sudo service isc-dhcp-server stop

STEPS TO CONFIGURE DHCP server for IPv6

STEP 1:Configure the /etc/network/interfaces with static IP of IPV6

sudo nano /etc/network/interfaces iface eth0 inet6 static pre-up modprobe ipv6 address 2001:0db8:0100:f101::4 netmask 64 gateway 2001:0db8:0100:f101::1

STEP 2:Set in /etc/sysctl.conf the following configuration

sudo nano /etc/sysctl.conf net.ipv6.conf.all.forwarding=1

STEP 3:Execute the following command to make changes in the kernel

sudo sysctl -w net.ipv6.conf.all.forwarding=1

STEP 4:Install the router advertisement daemon

sudo apt-get install radvd

STEP 5:Configure the radvd.conf file

/etc/radvd.conf

STEP 6:Start the daemon

sudo service radvd start

STEP 7:Create and edit the dhcpd6.conf file

nano /etc/dhcp/dhcpd6.conf ddns-update-style none;

default-lease-time 600; max-lease-time 720; subnet6 2001:db8:acad:abcd::/64 { range6 2001:0db8:0100:f101::30 2001:0db8:0100:f101::45; option dhcp6.name-servers 2001:0db8:0100:f101::2, 2001:0db8:0100:f101::3; option dhcp6.domain-search "linuxsara.com"; }

STEP 8:Start the dhcp server6

sudo service isc-dhcp-server6 start

DHCP Testing:-

a) ifconfig

Check whether the client has been assigned with an IP address from the given range.

b)grep -i dhcp /var/log/syslog

Check logs on the client for the DHCP message

c)sudo dhclient -r

Releases the current IP address assigned.

Webserver
1) Install the apache2 package:

sudo apt-get update

sudo apt-get install apache2

2)Change the Default Directory apache2 server: -

a)Change the directory to the user defined directory in apache2.conf file

sudo nano /etc/apache2/apache2.conf

 Options Indexes FollowSymLinks AllowOverride None Require all granted 

b)Change the Document root to point towards the Particular folder containing the html page.

sudo nano /etc/apache2/sites-enabled/000-default.conf

DocumentRoot /home/rohit/@TSM/Linux_Project

3)Change the HTML file

4)Assigning IP addresses to the Webservers:- a)The primary webserver has a statically assigned IPv4 address from the DHCP server and a static IPv6 address configured. sudo nano /etc/network/interfaces Add the following: -

auto eth0 allow-hotplug eth0 iface eth0 inet dhcp

iface eth0 inet6 static address 2001:db8:100:f101::6 netmask 64 gateway 2001:db8:100:f101::1

b)The secondary webserver has a statically configured IPv4 address and a static IPv6 address configured.   sudo nano /etc/network/interfaces   Add the following: -

iface eth0 inet static address 10.10.10.6 netmask 255.255.255.0 network 10.10.10.0 gateway 10.10.10.1 dns-nameservers 10.10.10.2 dns-nameservers 10.10.10.3

iface eth0 inet6 static address 2001:db8:100:f101::6 netmask 64 gateway 2001:db8:100:f101::1 5)Listen for HTTP requests on both IPv4 and IPv6 address for primary and secondary webservers:-   Primary:-    sudo nano /etc/apache2/ports.conf    Add the following: -

NameVirtualhost *:80 Listen 10.10.10.5:80 Listen [2001:db8:100:f101::5]:80

Secondary:-

sudo nano /etc/apache2/ports.conf Add the following: -

NameVirtualhost *:80 Listen 10.10.10.6:80 Listen [2001:db8:100:f101::6]:80

6)Restart the server   Sudo /etc/init.d/apache2 restart

Testing

1. Enter the URL in the web browser and check if the hosted html page is displayed or not.

Firewall
Firewall allows the system administrator to accept, forward or drop the packets using ip tables. Ubuntu has an inbuilt firewall called “uncomplicated firewall”- ufw. By default, ufw is disabled. We need to enable ufw and add the specific commands to allow or deny IP addresses or protocols.

Firewall on Primary server: -

sudo ufw allow from 10.10.10.6 to any --> Allow Secondary Web server all Access

sudo ufw deny from 10.10.10.30 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw deny from 10.10.10.34 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw deny from 10.10.10.36 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw allow from 10.10.10.0/24 to any port 80 --> Allow HTTP everyone else from a network

sudo ufw deny from 0.0.0.0/0 to any --> Deny everyone for other protocols

sudo ufw enable --> to enable the firewall

Firewall on secondary server: -

sudo ufw allow from 10.10.10.5 to any --> Allow Primary Web server all Access

sudo ufw deny from 10.10.10.30 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw deny from 10.10.10.34 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw deny from 10.10.10.36 to any port 80 --> Deny HTTP access to a particular PC

sudo ufw allow from 10.10.10.0/24 to any port 80 --> Allow HTTP everyone else from a network

sudo ufw deny from 0.0.0.0/0 to any --> Deny everyone for other protocols

sudo ufw enable --> to enable the firewall

Testing:

sudo ufw status

sudo ufw status numbered

Backup
rsync is a protocol built for Unix-like systems that provides unbelievable versatility for backing up and synchronizing data. It can be used locally to back up files to different directories or can be configured to sync across the Internet to other hosts. First, we need to install/update the rsync client:

sudo apt-get install rsync

To configure rsync for external backup, we will use method of tunneling rsync through SSH. Most servers and even many clients already have SSH, and it can be used for your rsync backups.If not, install ssh on webserver and backup server:

sudo apt-get install ssh

Create and share hey generated to allow ssh access from secondary to primary without password access:- To generate a rsa key (The default is a 2048 bit key):-

ssh-keygen -t rsa

Allows a host to transfer the generated key to another host. By sharing of such a key a ssh can be perfomed without the use of any password

ssh-copy-id rohit@10.10.10.5

Automatically create a backup zip file on Primary server:- sudo crontab -e

The data files on the webserver are first zipped and compressed:

18 14 * * * sudo zip -r /home/rohit/@TSM/Backup -j /home/rohit/@TSM/Linux_Project/

Then, this compressed .zip is moved to the backup server using the following command:

Automatically retrieve backup zip file from primary server and unzip it to be in synch with the primary server:- sudo crontab -e

Retrieve File:- 19 14 * * * sudo rsync -avzhe ssh rohit@10.10.10.5:/home/rohit/@TSM/Backup.zip /home/rohitd/@TSM/Linux_Project/ -v: verbose -r: copies data recursively -a: archive mode -z: compress file data -h: human-readable format

Then this file is decompressed using unzip to obtain original files.

Unzip File:-

20 14 * * * sudo unzip -o /home/rohitd/@TSM/Linux_Project/Backup -d /home/rohitd/@TSM/Linux_Project/

Testing: To test the backup server functioning, check the files after the scheduled time in the crontab.

Integrated Testing
1) DHCP should be up and running

2) Ensure the Primary and Secondary DNS is up and running.

3) Enter the command 'ifconfig' in the terminal and check whether IP address is assigned to the client from the range assigned.

4) Execute 'nslookup' linuxsara.com' on the client. This will confirm that the client can access the DNS server.

5) Client requests for the WEB-PAGE "www.linuxsara.com" which is hosted by the webserver.

6) The firewall will authenticate the request and send the webpage as a reply to the client request.

7) Client request for the Web-Page and is blocked by the Firewall.This is because the client has the IP address which belongs to the denial range.

8) Check the system time, modify the crontab accordingly , confirm backup is taken and copied to the backup server.

ALGORITHM
1) DHCP:

Client request for an IP from DHCP server if (request==success) {          IP address is assigned to client else {          Check network connectivity, flush previous IP and reconnect }

2) DNS:

DNS Query is generated by the client and sent to the DNS server

if(DNS has entry) {            DNS server sends the DNS response to client }         else {            check for network interconnectivity, restart bind9 }

3) Webserver:

Client gets an IP address after DNS resolving

Client sends an HTTP request to the webserver to get the web page hosted on the server

if (IP address is resolved correctly) {             WEBPAGE will be displayed else {              ERROR PAGE will be reflected to client }

4) FIREWALL:

The packet received by the Web Server is authenticated

if (packet is in the IP table) {           the packet is accepted or rejected depending upon firewall settings else {            the packet is dropped }

Future Improvements
1) Security and Robustness can be improved by adding security features like VPN, NTP etc.

2) Dyanamic DNS can be implemented

3) Simulation of real-time network traffic and validating network performance.