Data Networking/Spring 2015/GROUP2

Project Members
Adhav Chandhar Sairamgandhi Chandra Prakash Vadivel Kartik Ganesh Rithvik Narayanan

Motivation
The objective of this project is to have a better understanding of a Linux based operating system, Ubuntu 12.04 as Linux is an essential part of any networking firm today. We are configuring and implementing network elements such as DHCP, DNS, Web Server, Firewall and Back-up.

Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP) is the networking protocol used to dynamically configure IP addresses and other information that is needed for Internet communication. It's basically plug-and-play protocol. DHCP renew the lease on IP address when in use and also allows reuse of addresses (only holds address when connected "on"). It supports the mobile users who want to join the network.

DHCP follows the below four step process to assign the IP address dynamically:-
 * 1) DHCP discover message is broadcasted by the arriving client in the network in order to receive an IP address.
 * 2) DHCP offer message is broadcasted from the DHCP server receiving the DHCP discover message. with the IP address for the client from the DHCP's pool of addresses.
 * 3) DHCP request message is sent to the newly arriving client, client would have to choose from one or more server offer and respond to its selected offer.
 * 4) DHCP Ack message is sent to the client confirming the requested parameters.

Domain Name System
DNS is an application layer protocol that allow hosts to resolve hostnames to IP address. DNS is generally employed by other application layer protocol like HTTP, SMTP and FTP. The hostname-to-IP address translation service works as stated below:
 * 1) The application in host's side would specify the hostname that needs to be translated. ( gethostbyname is the function call that the application uses to perform translation in UNIX)
 * 2) DNS then sends a query message into the network. All DNS query and reply messages are sent within UDP port 53.
 * 3) DNS in the user host receives a DNS reply message that provides the desired mapping, which in turn is passed onto the invoked application.

HyperText Transfer Protocol
HTTP is the web-application layer protocol that defines the structure and how the client-server messages are exchanged. HTTP also defines how the Web client requests Web pages from Web servers and how servers transfer Web pages to clients. HTTP generally consist of two messages HTTP request and HTTP response. The server receives a HTTP request message and responds with a HTTP response message that contains the base HTML file which references the other objects in the page(like a mp3 file, JPEG file or a java applet etc.)

Firewall
Firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set and its a scheme designed to thwart unauthorized attack to or from outside network.

Back-up
Back up is the process of copying the data and handing over the functionality to the back-up host. These backed up data can be used to restore the original data after the data loss event or after the server crashes.

Virtual Private Network
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.

Network File System
Network File System (NFS) is a distributed file system protocol which allows a client to access files over a network in a manner similar to how local storage is accessed. RSA algorithm is used in this implementation where two hosts exchange the public keys between them and only after that both can view specific files in each other’s system. These files are accessible only when the folders are mounted on the host’s computers.

DHCP server configuration steps

 * 1) Installation of DHCP package
 * 2) Configuration of files
 * 3) Boot-up the servers

Commands used to implement
• sudo apt-get install isc-dhcp-server

• sudo nano /etc/default/isc-dhcp-server

Edit INTERFACE="eth0"

• sudo nano /etc/network/interfaces Change lo to either eth0 or wlan0 and loopback to static auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 network 192.168.1.0 broadcast 192.168.1.255 dns-domain-nameserver 192.168.1.3 dns-domain-search dn.tsm

• sudo /etc/init.d/networking restart

• sudo nano /etc/dhcp/dhcpd.conf ddns-update-style none; option domain-name-servers 192.168.1.3; option domain-name "dn.tsm"; default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.1.0 netmask 255.255.255.0{ range 192.168.1.20 192.168.1.30; option broadcast-address 192.168.1.255; option domain-name-servers 192.168.1.3;

• sudo nano /etc/resolv.conf nameserver 192.168.1.3 search dn.tsm domain dn.tsm }

• sudo service isc-dhcp-server restart

DNS server configuration steps

 * 1) Install BIND (Berkley Internet Naming Daemon)
 * 2) Turn the BIND9 into a primary master server
 * 3) Create files to enter resource records for  forward and reverse zones

Commands used to implement
• sudo apt-get install bind9 • sudo nano /etc/network/interfaces • sudo /etc/init.d/networking restart • sudo nano /etc/bind/named.conf.options • sudo nano /etc/bind/named.conf.local • sudo cp /etc/bind/db.local /etc/bind/db.dn.tsm • sudo nano /etc/bind/db.group12.com • sudo cp /etc/bind/db.127 /etc/bind/db.192 • sudo nano /etc/bind/db.192 • sudo named-checkzone dn.tsm /etc/db/zones/db.dn.tsm • sudo named-checkzone dn.tsm /etc/db/zones/db.192 • sudo nano /etc/resolv.conf • sudo /etc/init.d/bind9 restart

Web server configuration steps

 * Install apache version 2 server

Commands used to implement
• sudo apt-get install apache2 • sudo mkdir –p /var/www/html/group2tsm.dn.tsm/public_html • sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/group2tsm.dn.tsm • sudo nano /etc/apache2/sites-available/group2tsm.dn.tsm • cd /var/www/html/group2tsm.dn.tsm/public_html • sudo nano index.html • sudo a2ensite group2tsm.dn.tsm • sudo service apache2 restart • sudo netstat –ltnp

Firewall configuration steps

 * 1) Check the status of UFW(Uncomplicated Firewall)
 * 2) Enable the UFW
 * 3) Configure open and closed ports

Commands used to implement
UFW is used to allow/deny host to access the webserver
 * sudo ufw deny from 192.168.1.75
 * sudo ufw allow ssh
 * sudo ufw allow 80/tcp

After completion: To block the ICMP packets from a particular host
 * sudo ufw disable
 * sudo ufw enable
 * iptables -A INPUT -s 192.168.1.75 -p icmp -j DROP

To block all the ICMP packets, we can use
 * iptables -A INPUT -p icmp -j DROP

SSH Server
• sudo apt-get install openssh-server • sudo /etc/init.d/ssh restart • ssh-keygen -t dsa • sudo nano /etc/ssh/sshd_config

SSH Client
• sudo apt-get install openssh-client • ssh-keygen -t dsa • ssh-copy-id -i ~/.ssh/id_dsa.pub harsh@192.168.1.109 • sudo nano /home/nighthunk/dnsbackup/schedule.sh • crontab -e • sudo /etc/init.d/cron restart • crontab -l

TELNET
• sudo apt-get install xinetd telnetd

1.Install telnet use this command in terminal(Applications/Accessories/Terminal):

sudo apt-get install xinetd telnetd 2.Edit /etc/inetd.conf using your favourite file editor with root permission,add this line:

telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd

3.Edit /etc/xinetd.conf,make its content look like following:

defaults { Please note that you need a log_type line to be able to use log_on_success and log_on_failure. The default is the following : log_type = SYSLOG daemon info instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 }
 * 1) Simple configuration file for xinetd
 * 2) Some defaults, and include /etc/xinetd.d/
 * 1) Some defaults, and include /etc/xinetd.d/

4.Edit etc/xinetd.d/telnet, add following:

default: on description: The telnet server serves telnet sessions; it uses unencrypted username/password pairs for authentication. service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }

5.Use this command to start telnet server: sudo /etc/init.d/xinetd restart

Configuration of VPN

 * Install pptpd which is a package used to configure VPN

sudo apt-get install pptpd


 * Edit the files in /etc/pptpd.conf and make the following changes

localip  remoteip 


 * Edit /etc/ppp/pptpd-options file

ms-dns 192.168.0.254


 * Set userid and password

sudo nano /etc/ppp/chap-secrets group2 pptpd 123456 *   # wenrui is the user name, pptpd is the VPN server name, 123456 is the password and * indicates for all IPs

Configuration of NTP Server
Launching a new virtual private server provides the user with a clock. We can see the time on your server with the command, date. Furthermore, we can adjust the server’s time zone, if needed, with the command export TZ=America/New_York,modifying the time zone to match your location.Although the built in clock is helpful for keeping track of events on the server itself, it may begin to cause issues if the virtual server has to work with external machines. Emails sent out from a misconfigured server may arrive 3 minutes in the past on another, or users granted access only at certain times of the day, may find themselves blocked because of a time mismatch. In order to resolve this, servers can be synced using the NTP protocol, matching their time to a reference time that servers around the world agree upon

1. Install the NTP daemon

sudo apt-get install ntp

2.Configure the NTP Servers

sudo nano /etc/ntp.conf

Find the section within the configuration that lists the NTP Pool Project servers. The section will look like this:

server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org server 192.168.1.3

Use the command ntpq -p

Configuration of FTP Server
1. Install the FTP packages by command

sudo apt-get install vsftpd

2. Edit the /etc/vsftpd.conf file

sudo nano /etc/vsftpd.conf 3. Add 2 lines in the files as follows

local_enable=YES write_enable=YES Save this file.

4. Make a group and add users to it by commands

groupadd ftp users useradd -g ftp-users -d /home/RITHVIK/ftp files user passwd user

5. Restart the server

/etc/init.d/vsftpd restart

Configuration of NFS Server
1.Install the NFS server by using below command: sudo apt-get install nfs-kernel-server

2.create a directory that can be shared.provide the permissions

sudo mkdir /home/kartik/dn

3.create a file in the shared directory and then create user and group

sudo chown 777 /home/kartik/data

4.Edit the /etc/exports file and enter the details of the directory which should be shared and provide permissions accordingly and modify as shown below

/home/kartik/data       client-ip (rw,sync,no_root_bquash,no_subtree_check)

5.Restart the server by using the following commmand

sudo /etc/init.d/nfs-kernel-server restart

6.To see the directories or files

sudo show mount -e

Configuration at Client side
1.Install nfs common sudo apt-get install nfs-common

2.Now create a directory

sudo mkdir -p /home/cpvchandra92/NFS

3.Now connect both client and server and mount the file

sudo mount 192.168.1.4:/home/kartik/data/home/cpvchandra92/NFS

4. To check the mounted file

mount -t NFS

5.To test NFS and to see mounted file in client side:

sudo touch /home/cpvchandra92/NFS/projectshare.txt

Testing
1. We connect the client, DNS server and Web server to the switch via CAT5 ethernet cables. It is verified that DHCP leases the IP address to the client from the pool of addresses. The IP address assigned to DNS and web server is verified as well. ipconfig command is used to check the IP address, the default gateway and subnet mask.

2. Now the client tries to reach the domain name by typing the IP address in the browser. The web page is displayed from the Web server. localhost is typed on the apache server and therein the IP address of the configured web page is entered.

3. In order to test the DNS server the nslookup query is performed on server's domain name • Dig hostname • Dig –x IPAddress • Host IPAddress • Nslookup hostname • Nslookup IPAddress • Ping IPAddress • Ping hostname

4. The firewall which is set with IP tables rejects few IP addresses and allow rest of IP addresses. This functionality of firewall is tested using following commands • Ping IP addrs • Telnet IP addrs • SSH IP addrs

Future Improvements

 * 1) Different levels of hierarchy authoritative and top level domain servers can be implemented in DNS
 * 2) Mail server is implemented
 * 3) Certificates for the webpages can be implemented in web server/client browser
 * 4) Confidentiality, message integrity and authentication can be implemented between client and Web server or DNS server