Data Networking/Spring 2014/Group 05

INTRODUCTION
This Linux project has given us an insight knowledge of the Linux based operating system.

The project deals with the implementation of a Domain Name System Server (DNS), Dynamic Host configuration Protocol Server (DHCP), Web Server, Firewall, Backup, and some other extra add-ons that will be shown within the Configurations Section.

The aim of this project is to deliver a complete network solution where the servers and clients will be able to obtain an IP address from the DHCP server, and then with the help of our DNS Server, the users within our network should be able to successfully fetch the web page that is being host in our own DHCP server... Moreover, we will implement and configure extra networking tools to provide a robust, secure, intelligent inter-networking scheme that could be used at any company or organization.

GROUP MEMBERS

 * 1) Ladapo Adekunola
 * 2) Mohammed Irfan Yousuf
 * 3) Paula Muñoz
 * 4) Rajat Mathur

Implementation of DNS Server
For our DNS Server we are going to use the BIND Package that stands for Berkley Internet Naming Daemon.

We have reserved in our DHCP Server the following IPv4 and IPv6 address: Master Server: * IPv4 address: 192.168.0.3 * IPv6 address: 2607:f0d0:2001:a::3

Slave Server: * IPv4 address: 192.168.0.4 * IPv6 address: 2607:f0d0:2001:a::4

The Domain name that we will be using is: group5linux.com

Below are the steps that have been taken to install and configure the Master and Slave DNS Servers:

Master Server

[1] Installation sudo apt-get install bind9
 * Install the bind9 package by using the command:

[2] Configuration

sudo nano /etc/bind/named.conf.options forwarders {      192.168.0.1;  #Our IP Gateway address 8.8.8.8;      8.8.4.4;    };
 * Configure the default DNS caching server to forward unknown requests to other DNS servers by using the command:

sudo nano /etc/bind/named.conf.local # Forward lookup Zone - Hold A records, maps hostnames to IPs zone "group5linux.com" {                type master; file "/etc/bind/zones/group5linux.com.db"; allow-transfer { 192.168.0.4; };  #Slave DNS Server };   # Reverse lookup Zone IPv4 - Holds PTR records # Server IP4 Address 192.168.0.3 zone "0.168.192.in-addr.arpa" {                 type master; file "/etc/bind/zones/rev.0.168.192.in-addr.arpa"; allow-transfer { 192.168.0.4; }; };   # Reverse lookup Zone IPv6 - Holds PTR records # Server IPv6 Address 2607:f0d0:2001:a::3 zone "0.0.0.0.0.0.0.0.0.0.0.0a.0.0.0.1.0.0.2.0.d.0.f..0.6.2.ip6.arpa" {                 type master; file "/etc/bind/zones/ipv6.arpa"; };
 * Add the Forward and Reverse resolution to bind9 by editing the named.conf.local file by using the command:

sudo mkdir /etc/bind/zones sudo nano /etc/bind/zones/group5linux.com.db sudo /etc/init.d/bind9 restart
 * Create a directory called zones under /etc/bind/ by using the command:
 * Create and edit the forward look-up zone file group5linux.com.db and include all the details for resolving host-names to IP addresses, by using the command:
 * Create and edit the reverse look-up zone file rev.0.168.192.in-addr.arpa and include all the details for resolving IPv4 addresses to host-names
 * Create and edit the reverse look-up zone file ipv6.arpa and include all the details for resolving IPv6 addresses to host-names
 * Edit the file resolv.conf and include the details for our DNS server, such as domain, IPv4 and IPv6 addresses
 * Restart the bind package by using the command:

Slave Server

If for any reason the primary server fails, we need a Slave Server as back up.

[1] Installation sudo apt-get install bind9
 * Install the bind9 package the same way as we did on the Primary Server by using the command:

[2] Configuration sudo nano /etc/bind/named.conf.local
 * Edit the file /etc/bind/named.conf.local by using the command:

And add the following lines for the Forward and Reverse zones:

zone "group5linux.com" {    type slave; file "/etc/bind/slaves/group5linux.com.db"; masters { 192.168.0.3; }; allow-transfer { 192.168.0.3; }; };

zone "0.168.192.in-addr.arpa" {    type slave; file "/etc/bind/slaves/db.192"; masters { 192.168.0.3; }; };      sudo mkdir /etc/bind/slaves  chown bind:bind /etc/bind/slaves sudo /etc/init.d/bind9 restart
 * Create a directory called slaves under /etc/file/ by using the command:
 * Give permission to write to this slaves directory, due that bind runs as user and it can only edit its owns file, use the following command:
 * Edit the file resolv.conf and include the details for our DNS servers, such as domain, IPv4 and IPv6 addresses
 * Restart the bind package by using the command:

DHCP Server
DHCP(Dynamic Host Configuration Protocol) is a protocol that allows a server to dynamically assign an IP address to hosts within a network from a range specified by the network administrator. It also allows for assigning of static addresses to hosts within a network. This is achieved by mapping an IP address within the network but outside the range specified for the dhcp, to the mac address of the client.

Behavior of Protocol
DHCP (Dynamic host configuration protocol) is an application layer protocol that allows a server to dynamically assign IP addresses to hosts in a network. Hence hosts can have automatic assignment of IP addresses once they connect on a network. This is the reason DHCP is often regarded as plug and play protocol. DHCP can be embodied in the four steps listed below 1.DHCP Server Discovery: This is a message sent by a client on arriving newly to a network. This message is sent within a UDP packet to port 67. Since the newly joined client has no ip address, An Ip datagram with broadcast destination IP address of 255.255.255.255 and a source ip address of 0.0.0.0. is used. The link layer receives the IP datagram and broadcasts the frame to all nodes attached to the subnet.

2.DHCP server offers: On receiving a dhcp offer message, the dhcp responds using the  broadcast address of 255.255.255.255 with  an offer message. The offer message contains the Ip address to be leased plus the lease time which could vary` from hours to days.

3.DHCP Request:  This is the reply sent by client in response to a particular dhcp offer message. bearing in mind that multiple dhcp offer message might be received by the client, the client responds to the dhcp offer it wants to accept

4.DHCP-ACK: The acknowledgement sent by the dhcp server to client indicating that client can make use of the address offered to it.

Implementation of DHCP Server
The DHCP server was configured following the listed steps below:

[1] Installation sudo apt-get install isc-dhcp-server
 * Installed the dhcp server

[2] Configurationtion sudo nano /etc/network/interfaces #Edit Static IP settings auto eth0 iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255"
 * Edit the /etc/network/interfaces file and set up static IP address to the interface

sudo /etc/init.d/networking restart
 * Restart the Network interfaces

a. The Network 192.168.0.0/24 b. The range 192.168.0.20 - 192.168.0.100, to be assigned dynamically to clients in the network. c. The static address of the dns servers: 192.168.0.3, 192.18.0.4. d. The Static address of the web server: 192.168.0.5 e. The static address of the mail server: 192.168.0.6
 * Set-up the dchp configuration folder stating the following:

To add the above information to /etc/dhcp/dhcpd.conf we use the command: sudo nano /etc/dhcp/dhcpd.conf

sudo service isc-dhcp-server restart
 * Save and restart the dhcp configuration file.

Web Server
Web Server is used to host web pages. The client uses HTTP to access the HTML file stored on the server.

Behavior of Protocol
The Web server stores all the HTML web pages in its repository. It works as a client-server model where the client uses the HTTP protocol to access the HTML files stored on the server. One of the most widely used web server is the Apache HTTP Server which is widely implemented on the UNIX operating systems. It is an open source software. HTTP has a request as well as a response. The HTTP request is initiated by the client and the server replies by an HTTP response. The different methods that are used are GET, POST, PUT, DELETE etc. HTTP’s underlying transport protocol is TCP which follows a 3-way handshake. 1.SYN 2.SYN-ACK 3.ACK There are basically 2 kinds of HTTP-

1.HTTP with no persistent connections:

After each data transfer the client-server session is terminated. In order to send another data transfer it goes through the TCP 3-way handshake. 2.HTTP with persistent connections:

The client-server session is not immediately terminated. Hence any new data transfer does not need to go through the TCP 3-way handshake for a limited period of time. HTTP uses port 80 whereas HTTPS uses port 443.

Implementation of Web Server
[1] Installation sudo apt-get install apache2
 * Install the apache2 server.

[2] Configuration cd /var/www sudo nano index.html
 * Edit the default index.html file by going into the www folder


 * Type in the web server link on the client's machine and the webserver is displayed.

Behavior of the protocol
Firewall is a software based security that protects its network from the outside world. It is a set of specific rules that are implemented on the firewall according to the needs of the organization. Usually ports like HTTP, SSH is kept open and the rest of the ports are blocked for security purposes.

Implementation of Firewall
[1] Configuration


 * At first allow all connections.

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


 * Allow traffic on specific ports. port 80 for http and port 22 for ssh.

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT


 * Lastly block the remaining ports for security.

sudo iptables -A INPUT -j DROP


 * We need to allow loopback.

sudo iptables -I INPUT 1 -i lo -j ACCEPT

Backup
The backup of the web server is taken and kept in the backup server. The protocols used are rsync and ssh. Rsync is a network protocol that is used to synchronize files in ubuntu. It updates only that data that is not synchronized with the backup file. It zips the file and hence reduces the network load. Ssh protocol provides a secure channel to send and receive files on Unix machines since they use encryption and decryption at the end users. Crontab is a tool used to automate commands that can be scheduled to run periodically without the network administrator’s intervention.

Install rsync sudo apt-get install rsync

Install ssh sudo apt-get install openssh-server

Since we are using ssh, create a public and a private key for security. ssh-keygen -t rsa -b 1000

Now copy this id into the web server so that the web server is acquainted with the backup server ssh-copy-id -i /root/.ssh/id_rsa.pub webserver@ipaddress

Edit the crontab crontab –e

Delete the crontab if it exists from before crontab –r

Run the rsync command from the crontab to automate the backup of the webserver using Rsync rsync -avzh -e ssh webserver@ipaddress:/var/www /home/backupserver/DestinationFolder

VPN Server
•	Package Used: pptpd

pptpd  is   the  Poptop  PPTP  daemon,  which  manages  tunneled  PPP connections encapsulated in GRE using the PPTP VPN  protocol. Contain features such as IP addressing management and  TCP  wrappers if compiled in. [9]

•	Commands used:

[1] Installation

Update the ubuntu repository sudo apt-get update

Install pptpd:

sudo apt-get install pptpd

[2] Configuration Once pptpd package has been installed, we need to edit the /etc/pptpd.conf file and modify the ‘localip’ and ‘remoteip’ settings by using the command:

We need to configure the pptpd. sudo nano /etc/pptpd.conf

Add server IP and client IP at the end of the file. You can add like below:

localip 192.168.0.7 remoteip 192.168.0.1-149

Edit the chap-secrets file, and include the usernames and passwords for the usernames that  will connect to the VPN by using the command:

sudo nano /etc/ppp/chap-secrets

Restart the PPTP/VPN server for the changes to take effect, by using the command:

sudo /etc/init.d/pptpd restart

As of right now we have configure the VPN Server, now we need to edit Firewall to allow the traffic and connection to the VPN, we can type the following lines:

sudo ipables –t nat –A POSTROUTING –s 192.168.0.0/24 -0 eth0 –j MASQUERADE sudo iptables -A FORWARD -i ppp+ -o eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT sudo iptables -A FORWARD -o ppp+ -i eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT

Edit the file /etc/sysctl.conf, by using the command: sudo nano /etc/sysctl.conf

Uncomment the following line: net.ipv4.ip_forward=1

Uncomment the following line: net.ipv4.ip_forward=1

Mail Server
Every mail that is sent or received has to go through the mail server. It is the place where all the mails are stored.

When the sender sends the receiver a mail, at first the sender’s user agent uses the SMTP protocol to push the mail to its own mail server. The sender’s mail server will then use SMTP and send the mail to the receiver’s mail server. The receiver’s user agent will have to use IMAP or POP3 to fetch the mail from the mail server since SMTP is a push protocol, whereas POP3 and IMAP are pull protocols.

POP3 and IMAP are used to fetch mails from the mail server. POP3 uses 110 and IMAP uses 143.

SMTP is used to send mails from the mail server to other mail servers. SMTP uses the 25 port.

Install the mail server agent sudo apt-get install postfix

Configure the postfix package and accept the defaults sudo dpkg-reconfigure postfix

Change to maildir format sudo postconf -e "home_mailbox = Maildir/" sudo postconf -e "mailbox_command = "

Put the network of the localhost and domain sudo postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"

Restart the postfix MTA sudo /etc/init.d/postfix restart

Installing the mail delivery agent courier sudo apt-get install courier-imap

Install the mailutils sudo apt-get install mailutils

Create directory for the users sudo maildirmake /etc/skel/Maildir sudo maildirmake /etc/skel/Maildir/.Sent sudo maildirmake /etc/skel/Maildir/.Trash

Create username and password for test user sudo useradd -m -s /bin/bash testuser sudo passwd testuser

Install apache web server and the squirrelmail webmail sudo apt-get install apache2 squirrelmail

Configure squirrel mail by selecting Dovecot sudo squirrelmail-configure

Use the a2ensite tool to configure squirrelmail sudo a2ensite squirrelmail

Restart the apache webserver sudo /etc/init.d/apache2 force-reload

NFS Server
Network File System is an application layer protocol developed by Sun Microsystems in 1984. It is basically used to share files in Linux/Unix based OS. The working of NFS protocol include mounting process. In client-server model, all the clients can easily access the data stored in the server called as mounting. This protocol is easy to implement as it’s an open source and in defined in. Many versions of NFS came upgraded and also many RFC came for the updated version of NFS. To configure and implement NFS in Linux machine we used the concept of RSA algorithm. Both the NFS client and NFS server exchange the keys and only when files to share are mounted onto client’s machine.

Package Used: nfs-kernel-server

NFS (Network File System) that allow us to 'share' a directory located on one networked computer with other computers/devices on that network. The computer 'sharing' the directory is called the server and the computers or devices connecting to that server are called clients. The clients 'mount' the shared directory, it becomes part of their own directory structure.

 Commands used:

[1] Installation

o Update the ubuntu repository

sudo apt-get update

o Install NFS by command

Sudo apt-get install nfs-kernel-server

[2] Configuration

o Execute ‘Pwd’ to see present working directory.

o Make directories to export

sudo mkdir sharegroup5

sudo mkdir shareirfan

sudo mkdir sharepaula

o See the list of the files under present directory by

ls –l

To enable both read and write permission on sharegroup5 use command

sudo chmod 777 sharegroup5

o Again see the list of files to see highlighted sharegroup5

o Edit /etc/exports by command

sudo nano /etc/exports

o Add directories to be exported to NFS client by writing

/home/rajatserver/sharegroup5 192.168.0.0/255.255.255.0(rw,sync)

/home/rajatserver/shareirfan 192.168.0.0/255.255.255.0(rw,sync)

/home/rajatserver/sharepaula 192.168.0.0/255.255.255.0(ro,sync)

o Export the file system now

sudo exportfs –a

o Restart the NFS server by command

sudo /etc/init.d/nfs-kernel-server restart

o NFS CLIENT:

o Install client tools for mounting NFS file system

sudo apt-get install nfs-common

o Make a folder under home directory named as MOUNT

o To mount network share with nfs4 use the command

sudo mount –t nfs4 –o proto=tcp,port=2049 192.168.0.9:/home/rajatserver/sharegroup5 MOUNT

o The directory sharegroup5 is now mounted to MOUNT folder. We can go there in the folder and can delete files and add files to it.

o Now, unmount the mounted folder by using command

sudo umount MOUNT

o After unmounting we can mount any new directory to it.

Network Time Protocol
Network Time Protocol is a clock synchronization protocol. It is basically implemented in a client-server model. NTP is implemented using the concept of Marzullo’s algorithm. The first rfc for NTP was. It is built over UDP transport service i.e. connectionless service. The working of NTP allows synchronizing the time among all the clients connected to server in client-server model keeping the same date on every single machine.

Package Used: ntp

NTP (Network Time Protocol, it is used for time synchronization.

 Commands used:

[1] Installation

o Update the ubuntu repository

sudo apt-get update

o To install NTP use the command

sudo apt-get install ntp

[2] Configuration

o Edit the file /etc/ntp.conf by running command on terminal

sudo nano /etc/ntp.conf

o Servers can be added and removed by editing the above file.

o Server 192.168.0.5

o 4After saving the file restart the server by command

sudo /etc/init.d/ntp restart

o To see the status of synchronization run command

sudo ntpq -p

FTP Server
File Transfer Protocol is an application layer protocol which allows different users in network to transfer files between them. This protocol uses two different connections in its working i.e. control and data connections using port number 20 and 21. [FTP] is defined in rfc 959. This allows any computer connected to a TCP/IP based network to manipulate files on another computer on that network regardless of which operating systems are involved.

FTP SERVER

1. Install the FTP packages by command

sudo apt-get install vsftpd

2. Edit the /etc/vsftpd.conf file

sudo nano /etc/vsftpd.conf 3. Add 2 lines in the files as follows local_enable=YES write_enable=YES Save this file.

4. Make a group and add users to it by commands groupadd ftp users useradd -g ftp-users -d /home/rajatserver/ftp files user passwd user

5. Restsrt the server /etc/init.d/vsftpd restart

FTP CLIENT

1. ftp x.x.x.x

2. Enter username and password

3. get file

TESTING
To test our implementation we have used a Linksys switch, where we can connect up to five hosts, we brought our own Ethernet cords, and for the period of about two weeks, the members of the team met to test the implementation and to track progress… Initially we had test the DHCP Server, along with the Web Server, then we tested the DNS server, however we were experiencing issues due that the Network Manager was uninstalled on that host, and for this reason we had to install a new Virtual Machine and reconfigure the Master DNS Server, Once we had our DCHP Server, Web Server and Master DNS working, we started implementing extra add-ons as well as the Slave DNS Server.

Some of the commands that were used during the testing process were:


 * To detect errors when performing configuration we used the command: tail /var/log/syslog
 * dig
 * ping
 * nslookup
 * ifconfig

PROGRESS UPDATE

 * 1) We have successfully configured master DNS server. It is able to provide hostname to IP translation.
 * 2) Slave DNS server is also implemented successfully to get activated whenever master DNS goes down.
 * 3) The configuration of DHCP  has been completed. It is successfully providing IP addresses to client and other machines.
 * 4) Web Server is installed and configured to reply with web pages requested by the client.
 * 5) Security is enabled on server by activating firewall. Implementation of ip tables is done to allow and block as per rules added.
 * 6) Back-up has been implemeted and tested successfully.
 * 7) Several Add-ons have been implemented in our project to provide diffrent network services to the users within the network which includes      VPN, NFS, NTP, FTP. All these add-ons are implemented successfully.
 * 8) Mail server has been implemented and tested successfully.