Data Networking/Spring 2016/Subramaniam Veerabahu

1. Subramaniam Veerabahu 2. Shaurya Katiyar 3. Anirudh Mittal 4. Raghav Surianarayanan

Motivation
Linux Operating system has developed into a force in almost each and every networking application, which gives us the much required motivation to play around with the OS. Linux is one of the powerful open-source operating system. Linux OS is a key skill-set to possess for a successful career in networking. Hoping to develop a good proficiency in Linux, we have decided to approach this project.

Domain Name System
The main understanding involved in DNS is that it is used to resolve host name into IP address. When a particular website is typed in the address bar of the browser, DNS server finds out the corresponding IP address of the website and returns it to the user. Initially, a DNS query is made to the servers and the server replies back with a response about the IP address of the website. After the IP address is obtained, the host can be reachable to retrieve data from them. In order to reduce the latency, BIND9 server with caching can be used. The main advantage is that whenever a response is received for a DNS query, it is cached in the server. As a result, the time taken to load the previous cached page is considerably reduced, thereby decreasing the waiting time of the user to obtain the data from the webpage.

Dynamic Host Configuration Protocol
Assigning IP addresses to the networking component can be done in the following ways. i) Static Allocation: In this method, IP addresses to networking components like computers, routers etc. are assigned statically and remain constant until changed by the network administrator. ii) Automatic Allocation: In this method, same IP addresses are allocated to the systems whenever it connects to a particular network. iii) Dynamic Allocation: In this method, a DHCP server is used to allocate IP addresses to the devices, from a selected pool of addresses as specified in the DHCP server. Both IPv4 and IPv6 addressing can be provided using the DHCP server. A suitable subnet mask needs to be provided for correct allocation of IP addresses, to prevent the wastage of IP’s.

Webserver & Firewall
In order to host a website, we need a webserver to run on the Linux OS. Apache2 is the most popularly used webserver. In addition, firewall is used to provide a layer of security to control the incoming and outgoing traffic in a network. All traffic other than the allowed set of rules made in the IP tables are denied by the firewall at the gateway router (router in between the private network and the public network). Requirements The main requirement is a Linux based OS. This project is being implemented using Ubuntu 14.04. In addition to this, BIND9 for implementing DNS caching, DHCP server for implement dynamic IP allocation and Apache2 server for hosting a website are required.

DNS
Step 1: Install bind( Command:                sudo apt-get install bind9 Step 2: Restart the networking daemon Command:                 sudo /etc/init.d/networking restart Step 3: Create a hostname Command:                 sudo nano /etc/hostname                 ubuntu       Step 4: Create a domain-name by editing /etc/hosts Command:                 sudo nano /etc/hosts Add                127.0.0.1   localhost                 192.168.1.5     ubuntu.linux.abc    ubuntu Do a restart of the server Step 5: Install BIND9 Command:                 sudo apt-get install bind9 Step 6: Configure named.conf.options Command:                 sudo nano /etc/bind/named.conf.options  Add                               forwarders {                 # ISP DNS IP’s                 192.168.1.1;                       8.8.8.8;                 8.8.4.4; }; Step 7: Configure named.conf.local Command: sudo nano /etc/bind/named.conf.local Edit # Forward zone zone "linux.abc" { type master; file "/etc/bind/zones/db.linux.abc"; };

# Reverse Zone zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192"; }; Step 8: Create two database files db.linux.abc and db.192 in zones folder Command: Make the directory etc/bind/zones sudo mkdir /etc/bind/zones Copy db.local to db.linux.abc sudo cp /etc/bind/db.local /etc/bind/zones/db.linux.abc Open db.linux.abc file sudo nano /etc/bind/zones/db.linux.abc Edit the file $TTL   604800 @      IN      SOA     linux.abc. admin.linux.abc. (                                              1         ; Serial                                          604800         ; Refresh                                           86400         ; Retry                                         2419200         ; Expire                                          604800 )       ; Negative Cache TTL ;                @               IN  NS    linux.abc Step 9: Create two database files db.linux.abc and db.192 in zones folder Command: @              IN  A     192.168.1.8 itworks        IN  A     192.168.1.10 macbook        IN  CNAME itworks.linux.abc www            IN  A     192.168.1.8 Save and Exit Copy db.127 to db.192 sudo cp /etc/bind/db.127 /etc/bind/zones/db.192 Open db.192 file sudo nano /etc/bind/zones/db.192 Edit the file $TTL   604800 @      IN      SOA     linux.abc. admin.linux.abc. (                                              1         ; Serial                                          604800         ; Refresh                                           86400         ; Retry                                         2419200         ; Expire                                          604800 )       ; Negative Cache TTL ;                @               IN  NS    linux.abc 8              IN  PTR   linux.abc 10             IN  PTR   itworks.linux.abc Save and Exit Check whether both zones are working properly # Forward Zone named-checkzone linux.abc /etc/bind/zones/db.linux.abc zone linux.abc /IN: loaded serial  1 Ok                #Reverse Zone named-checkzone linux.abc /etc/bind/zones/db.192 zone autun.hom /IN: loaded serial  1 Ok Step 10: Configure resolv.conf Command: sudo nano /etc/resolv.conf Edit Nameserver     192.168.1.5 domain         linux.abc search         linux.abc Restart the bind server and check the log file for no errors sudo /etc/init.d/bind9 restart tail -f /var/log/syslog

DHCP
Step1: Install DHCP server package Command: sudo apt-get install isc-dhcp-server Step2: Edit the isc-dhcp-server file Command: sudo nano /etc/default/isc-dhcp-server On line 11 change: INTERFACES=”eth0” Save and Exit

Step3: Editing file /etc/dhcp/dhcpd.conf create backup /etc/dhcp/dhcpd.conf Command: sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original Login as root sudo -i Create configuration file dhcpd.conf: cat > /etc/dhcp/dhcpd.conf <<-EOF option domain-name "linux.abc"; option domain-name-servers ns1.linux.abc,ns2.linux.abc; default-lease-time 600; max-lease-time 7200; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.30,192.168.1.60 192.168.1.80 ; option domain-name-servers 192.168.1.5, 192.168.1.6 ; option domain-name "serv.linux.abc"; option routers 192.168.1.1; option broadcast-address 192.168.1.255;

Step4: Restart the DHCP server Command: sudo service isc-dhcp-server restart

Webserver
Step 1: Install Apache2 Webserver Command: sudo apt-get install apache2 Step 2: Check whether the web server is able to listen on port 80 Command: netstat -a | more Step 3: Restart the web server Command: sudo /etc/init.d/apache2 stop sudo /etc/init.d/apache2 start Step 4: Develop a webpage for the server Command: cd /var/www sudo nano index.html

Firewall
Firewall allows the system administrator to configure the ip tables. 1. In order to block ICMP requests: sudo iptables -A INPUT -d  -p icmp -icmp -type 0 -j DROP 2. In order to prevent SSH login: sudo iptables -A INPUT -s  -d  -p tcp -dport ssh - j DROP 3. In order to block FTP ports: sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 20 –j DROP sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 21 –j DROP 4. In order to block the port used by Telnet: sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 23 –j DROP 5. To block a webpage: sudo iptables –A INPUT –d 192.168.1.8 –s 192.168.1.22 –p tcp –dport –j DROP

Mail Server
Postfix is the default mail transfer agent for Ubuntu. Step 1: Install postfix Command: sudo apt-get install postfix Step 2: Configure the following: Command: sudo dpkg-reconfigure postfix Insert the following details: 1.General type of mail configuration: Internet Site 2.NONE doesnot appear in current config 3.System mail name: linux.abc 4.Root and postmaster mail recipient:  5.Other destinations for mail: server1.linux.abc 6.Force synchronous updates on mail queue?: No 7:Local networks: 127.0.0.0/8 8:Yes doesnot appear to be requested in current config 9:Mailbox size limit (bytes): 0 10.Local address extension character: + 11.Internet protocols to use: all Step 3: Configure the mailbox format for Maildir Command: sudo postconf -e 'home_mailbox = Maildir/' sudo postconf -e 'mailbox_command =' Step 4: Configure Postfix to do SMTP AUTH using SASL Command: sudo postconf -e 'smtpd_sasl_local_domain =' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_sasl_security_options = noanonymous' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' sudo postconf -e 'inet_interfaces = all' Generate certificates to be used for TLS encryption and/or certificate Authentication touch smtpd.key chmod 600 smtpd.key openssl genrsa 1024 > smtpd.key openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 # has prompts sudo mv smtpd.key /etc/ssl/private/ sudo mv smtpd.crt /etc/ssl/certs/ sudo mv cakey.pem /etc/ssl/private/ sudo mv cacert.pem /etc/ssl/certs/ Step 5:Configure Postfix to do TLS encryption for incoming and outgoing mail: Command: sudo postconf -e 'smtp_tls_security_level = may' Step 6:Restart the postfix daemon Command: sudo /etc/init.d/postfix restart

VPN
Step 1:Install pptpd package used to configure VPN Command: sudo apt-get install pptpd Step 2:Edit the files in /etc/pptpd.conf and change Command: localip  remoteip 192.168.1.10 192.168.1.30 Step 3:Edit /etc/ppp/pptpd-options file Command: ms-dns 192.168.1.254 Step 4:Set userid and password Command: sudo nano /etc/ppp/chap-secrets user pptpd password *
 * indicates the IP addresses in the IP range

NFS
Step 1:Configuring the NFS-server Command: sudo apt-get install nfs-kernel-server sudo mkdir /export/shared sudo chmod 777 /export/shared Edit the file sudo nano /etc/exports On the last line append ==> /export/shared  (rw,sync,no_root_squash) Save and Exit Change the directory cd /export/shared touch newfile sudo nano new-file sudo reboot # Enter the data that is to be seen by the client Restart the server sudo service nfs-kernel-server restart Step 2:Configuring the NFS-client Command: sudo apt-get install nfs-common Make directory in /home mount serverip:/serverpath /clientpath sudo reboot sudo mount -a

Master & Slave
Step 1: Edit /etc/hosts Command: sudo nano /etc/hosts Add 127.0.0.1  localhost 192.168.1.5    ubuntu.linux.abc    ubuntu 192.168.1.6    ubuntu.linux.abc    ubuntu Step 2: Edit /etc/bind/named.conf.local on the master virtual machine Command: sudo nano /etc/bind/named.conf.local Edit # Forward zone zone "linux.abc" { type master; allow-transfer{ip address of the slave;}; file "/etc/bind/zones/db.linux.abc"; };

# Reverse Zone zone "1.168.192.in-addr.arpa" { type master; allow-transfer{ip address of the slave;}; file "/etc/bind/zones/db.192"; }; Step 3: Edit /etc/bind/named.conf.local on the slave virtual machine Command: sudo nano /etc/bind/named.conf.local Edit # Forward zone zone "linux.abc" { type slave; masters{ip address of the master;}; file "/etc/bind/zones/db.linux.abc"; };

# Reverse Zone zone "1.168.192.in-addr.arpa" { type slave; masters{ip address of the master;}; file "/etc/bind/zones/db.192"; };

Backup
The protocols used for backup are rsync and ssh. Rsync is a protocol used to synchronize files in Ubuntu. It updates only that data that is not yet synchronized with the backup file. Ssh protocol provides a secure channel to send and receive files on Unix machines.It uses encryption and decryption at the end users. Crontab is used for scheduling backups. Step 1: Install rsync sudo apt-get install rsync Step 2: Install ssh sudo apt-get install openssh-server Step 3: Create a public and a private key for security ssh-keygen -t rsa -b 1000 Step 4: Copy this into the web server ssh-copy-id -i /root/.ssh/id_rsa.pub webserver@ipaddress Step 5: Edit crontab crontab –e Step 6: Give the scheduling and run the rsync command from the crontab to automate the backup of the webserver using Rsync rsync -avzh -e ssh webserver@ipaddress:/var/www /home/backupserver/DestinationFolder

PXE Boot and RARP
The Bootstrap Protocol is a network protocol used by a client to obtain an IP address from a server which provides an IP address pool.PXE boot is an extension from the BOOTP as well as DHCP. Using PXE boot, we can boot thousands of Linux Terminals from a remote server. The configuration for PXE boot has the following four steps: Step 1: Configure dhcp service Add these lines: allow booting; allow bootp; filename “/pxelinux.0” Step 2: Restart the dhcp service Configure the tftp service sudo apt-get install tftp-server sudo nano /etc/xinetd.d/tftp Change “disable=yes” to “disable=no” sudo service xinetd restart Step 3: Configure the vsftp service sudo apt-get install vsftp sudo nano /etc/vsftp/vsftp.conf Add anon_root= /mnt Anon_upload_enable=NO Step 4: Configure the pxe service sudo mkdir /tftpboot cp /usr/lib/syslinux/pxelinux.0 /tftpboot/ Copy the file to boot Ubuntu to /tftpboot and boot Ubuntu using PXE boot.

DNS Test
The following commands are used for DNS testing: 1) Dig Domain Information Groper is used to query DNS name servers. It performs DNS lookups and returns the response from the name servers. 2) Nslookup nslookup is a command used to query DNS servers. Interactive mode gives permission to the user to query the name servers for getting information about hosts and domains. Non-interactive mode gives permission to the user for printing just the name and information that is requested for a particular host or domain. 3) Ping Ping is used for checking the network layer status of the server. 4) Host Host is used for DNS lookups. It resolves hostnames to IP addresses and vice versa.

DHCP Test
A device entering a network gets an IP address, which is allocated by the DHCP server. IP address can be verified using ifconfig/ipconfig. sudo dhclient –r                 -This command is used for refreshing cat /var/lib/dhcp/dhcpd.leases   - This command is used to view the lease provided by the DHCP server to a particular device

Webserver Test
Open the web browser and enter the host name or the local IP address. If it is working, then the web server is up and running.

Firewall Test
A client Can try to ping the servers which are blocked. If the response is request timed-out then, the firewall has blocked the client and it is working properly. The client won't gain access to the webpage because it is forbidden.