Data Networking/Fall 2016/WTJ

WTJ for (Pan Wu, Jiayi Tong and Shi Ji)

Introduction
This page is about our Linux project which creates a small networking environment including DNS server, DHCP server, Web server&Firewall and backup. Futhermore, the add-on parts are also be finished successfully. The process will be explained in details as following sections.

Domain Name System
i.	Assigned the static IP address for the server. ii. Assigned bind9 DNS server. iii. Created 5 type A records. iv. Used both ipv4 and ipv6 address in my implementation of records. v.	Created reverse domains in in-addr.arpa and ipv6.arpa. vi. Configured the slave DNS server that can automatically update with master DNS server.

Dynamic Host Configuration Protocol
i.	Assigned the static IP address for several important servers like web server and DNS server. ii. Used ipv4 and ipv6 address pool. iii. Allocated dynamic network address to the clients  . iv. The client-server protocol. v.	Set the IP address leasing time for clients.

Webserver & Firewall
i.	Assigned the static Ip address for the web server. ii. Created a basic page to the server, and used phpmyadmin to manage web server database. iii. The page is accessible for all other hosts. iv. Set the firewall for webserver by using iptables.

Back up
i.	Automated the process of backing up the data. ii. Backup file has been zipped and sent to the different server. iii. Backup file has transferred automatically.

Add-on
i.	Used scapy to complete arpspoof and let client have a wrong arp cache for webserver, so the client will wee a Hacked Web-Page when it request to the original webserver. ii. Used openswan to set up a IPSec VPN tunnel that one host can connect to the other host which in the different subnet. iii. Used the NFS to make two clients share file.

DHCP
Step1: Install DHCP server package Command: sudo apt-get install isc-dhcp-server Step2: configure DHCP server Step2.1:configure file: /etc/default/isc-dhcp-server to change the default interface to our machines interface. Command: sudo vim /etc/default/isc-dhcp-server INTERFACES="ens33 Step2.2:configure file: /etc/dhcp/dhcpd.conf, there are several places we need to change. 1.Set up lease time for clients and set up domain name Command:                  option domain-name-servers ns.wupapa.com;                  option domain-name "wupapa.com";                  default-lease-time 600;                  max-lease-time 7200; 2. Set up the network with mask and assign the range of IP, along with the IP addresses of the router and dns server in the network: Command:                   subnet 192.168.1.0 netmask 255.255.255.0 {                   range 192.168.1.10 192.168.1.30;                    option routers 192.168.1.2;                   option subnet-mask 255.255.255.0;                   option broadcast-address 192.168.1.255;                   option domain-name-servers 192.168.1.7;                   option ntp-servers 192.168.1.7; option netbios-name-servers 192.168.1.7; option netbios-node-type 8; }

3. Then we set the several reserving IP address for particular clients and servers. Command: host client { hardware ethernet 00:0c:29:04:12:4b; fixed-address 192.168.1.5; }                  host dns    { hardware ethernet 00:0c:29:87:1b:85; fixed-address 192.168.1.7; }                  host web   { hardware ethernet 00:0c:29:18:86:10; fixed-address 192.168.1.1; } 4. We set a static IPv4 and IPv6 address for interface ens33 of the DHCP server

5. Then set IPv6 DHCP server

5.1 Command: sudo vi /etc/sysctl.conf net.ipv6.conf.all.forwarding = 1 sudo sysctl -p

5.2 configure interface ens33 with ipv6 Command: sudo apt-get install radvd sudo vi /etc/radvd.conf sudo /etc/init.d/radvd restart 6. Finally, restart DHCP service Command: sudo service isc-dhcp-server restart

DNS
1. Master DNS server 1) Firstly, We need to install the DNS server by type Command:                    sudo apt-get install bind9    2) Secondly, we can define some zones that provide the domain name and the type of the dns server.Then, a domain name “wupapa.com” is defined as shown as the following figure. The IPv6 zone and the reverse zone are also defined. Command: sudo vi /etc/bind/named.conf.local 3)Thirdly, changing the data files in the created zone file. The local file which contains the initial data would be copied to the created file. For example, the zone file our group created is “db.wupapa.com". Then, the initial data could be changed by using vi editor. The following figure shows the designed data file. Command:                      sudo cp /etc/bind/db.local /etc/bind/db.wupapa.com   4)Then, the reverse zone file also could be modified. Copy the file to the created reverser zone file.  Command:                        sudo cp /etc/bind/db.127 /etc/bind.db.wupapa.rev        5)Fourthly, we need to define the default “resolv” file.         Command:                           sudo vi /etc/resolv.conf                        6) The last move for the master DNS server is restart this server.  Command:                             sudo service bind9 restart

2. Slave DNS server

The setting of slave DNS is shown below. There is no need to define the data file in the defined zones. It will be updated by the master DNS server. The only thing we need to do is create the slave zone for the DNS server.

Web server & Firewall
1. Set up LAMP environment for web server In this section, i used LAMP to configure the web server. LAMP stack is a group of open source software that are used to get web servers running. The acronym stands for Linux, Apache, MySQL, and PHP. 1.1 Install apache2 Command: sudo apt-get install apahce2 1.2 Install mysql and active it Command: sudo apt-get install mysql-server sudo mysql_install_db 1.3 Install PHP Command: sudo apt-get install php5 libapache2-mod-php5 1.4 Start web server Command: sudo service apache2 restart

2. Set up our own home page for web server Command: sudo vi /var/www/html/index.html 3. Test web server using other clients After typing in the IP address of web server, the home page was shown. It means the web server works.

4. Firewall In this section, the "ufw” program is used as the firewall function. 1) install the "ufw" program Command:                       sudo apt-get install ufw 2) Changing the setting of "ufw"  Command:                        sudo ufw enable                           sudo ufw default deny  3) For example, deny a IP address   Command:                       sudo ufw deny from 192.168.1.14 to any

Back up
1. With the use of python, it backs up web data and database. Command: sudo mkdir mysql_data touch /mysql_data/mysql_databak.sh                        sudo vi /mysql_data/mysql_databak.sh

Then edit the mysql_databak.sh Command: sudo chmod +x /home/mysql_data/mysql_databak.sh

2. Set up a process that data backs up automatically Command: sudo crontab -e Achieved timing mission by using crontab. The screen shows 47 * * * * ./mysql_data/mysql_databak.sh. It indicates the server will automatically run the script file mysql_data.sh each hour. It means web configuration file and database of web server will be backup hourly. 3. Automatically send backup file to other servers 1) In this part, We used scp command to transmit a file to other hosts. Command:                          scp -r mysql_data/ wupan@192.168.1.5:~             2) Not only we need to fulfill the function that file will send to other hosts manually, we should also set up the process that can run automatically. First, we set these two transmitting files hosts without password. Command: ssh-keygen -b 1024 -t rsa scp -p .ssh/id_rsa.pub wupan@192.168.1.5:/home/.ssh/authorized_keys By using these two command lines above, we transfer our file between two hosts without passwords. Finally, the "scp" command is used into crontab.

DHCP Test
Check the DHCP server is running or not Command: sudo service isc-dhcp-server status

This command is looking at the DHCP is active or not

DNS Test
1. nslooup We can use nslookup to find the ip address of a hostname Command: sudo nslookup hostname

2. host

We also can use "host" to find both ipv4 address and ipv6 address of a hostname Command: sudo host hostname 3. dig

Web server Test
Check the web server's status Command: sudo service apache2 status

Firewall Test
Command: sudo ufw status

scapyTest
Look at the arp of the computer Command: arp

VPN tunnel Test
Check the status of the VPN tunnel Command: sudo ipsec statusall

nfs Test
Command: mkdir /opt/myfolder test.txt

Future improvements
1) Improve the security, make it more robust.

2) Improve the interface of the Web server, and add some other functions.

3) Add Mail Server to improve the whole system.

Reference
Books Referred: 1. Computer Networking: A Top-Down Approach, 6/e James F. Kurose, Keith W. Ross

Web Referred: 1. http://cn.linux.vbird.org/linux_server/0250simple_firewall_5.php 2. http://www.educity.cn/os/1769477.html 3. http://www.cnblogs.com/general0878/p/5757377.html 4. http://www.linuxdiyf.com/linux/23299.html 5. https://zhuanlan.zhihu.com/p/22196547?refer=xh-coding 6. http://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns-lan-redirect-traffic-your-fake-website-0151620/ 7. http://blog.csdn.net/bytxl/article/details/26212757 8. https://linux.cn/article-4224-2.html 9. http://www.linuxdiyf.com/linux/23018.html 10. http://www.2cto.com/os/201304/206478.html 11. https://www.howtoforge.com/tutorial/strongswan-based-ipsec-vpn-using-certificates-and-pre-shared-key-on-ubuntu-16-04/ 12. https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04 13. https://help.ubuntu.com/community/BIND9ServerHowto 14. http://askubuntu.com/questions/330148/how-do-i-do-a-complete-bind9-dns-server-configuration-with-a-hostname 15. http://www.krizna.com/ubuntu/configure-dns-server-ubuntu-14-04/