User:Abhishek Senapati/sandbox

Linux Project
In this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.

The Team
1) Abhishek Senapati 2) Amit Kumar 3) Naveen Yanamaddi

But Why Linux
Many organizations and businesses worldwide are converting their core computer operating system to Linux as opposed to other operating systems. We are also seeing a shift from commercial software to free software (also referred to as open-source software). Linux LICENSE | CUSTOMIZATION | Linux SOURCE CODE | Linux SUPPORT/COMMUNITY

What Is This All About
We have built a robust, secure and effective solution for a startup company in Boston. This simple yet dynamic solution consists of DNS Server, DHCP Server, WEB Server/Firewall/Backup and a client server. So when a computer comes in this network, it gets its IP address allocated by the DHCP Server, domain name resolved to IP by the DNS and Webpages served by the Web Server. It has additional security parameters like the firewall and ARP poisoning. Redundancy by taking timely backups.

About the Servers
 1) Domain Name System (DNS)  DNS or Domain name service is the means by which domain names which humans understand get translated into IP addresses that computers understand. The Domain Name System is a distributed system. It does not reside on any one computer. There is a hierarchy to the organization of the servers, however which allows local servers to broaden their search for an answer to a DNS lookup request. These lookup requests are called "queries".

 2) Dynamic Host Configuration Protocol (DHCP)  The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

 3) Web Server  A Web server is a system that delivers content or services to end users over the Internet. A Web server consists of a physical server, server operating system (OS) and software used to facilitate HTTP communication.The primary function of a web server is to store, process and deliver web pages to clients

 4) Backup Web Server  A backup server is a type of server that enables the backup of data, files, applications and/or databases on a specialized in-house or remote server. It combines hardware and software technologies that provide backup storage and retrieval services to connected computers, servers or related devices.

 5) Firewall  A firewall is a network security device that grants or rejects network access to traffic flows between an untrusted zone (e.g., the Internet) and a trusted zone (e.g., a private or corporate network). The firewall acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is where traffic is granted or rejected access.

Project requirements

 * Linux Based OS (We have used Ubuntu 14.04.1)
 * Bind9 server to configure DNS.
 * Isc-dhcp-server and radvd to configure DHCP.
 * Apache2 to configure our web server.
 * RSync package for web backup server.
 * SSH package.

DHCP Server
1. Install DHCP Server
 * For IPv4

sudo apt-get install isc-dhcp-server

2. Set the static Ip address of the DHCP server

sudo vi /etc/network/interfaces

Change lo to either eth0 or wlan0 and loopback to static

auto eth0 iface eth0 inet static address 192.168.4.171 netmask 255.255.255.0 broadcast 192.168.4.255 dns-domain-nameserver 192.168.4.172

3. Configure the DHCP server

sudo vi/etc/dhcp/dhcpd.conf

subnet 192.168.4.0 netmask 255.255.255.0{ range 192.168.4.4 192.168.4.169; option routers 192.168.4.1;}

host dns { hardware ethernet 00:0c:29:8e:41:b2; fixed-address 192.168.4.172; }               host dnsstandby { hardware ethernet 00:0c:29:62:36:d7; fixed-address 192.168.4.173; }

host web { hardware ethernet 00:0c:29:ff:c3:07; fixed-address 192.168.4.174; }               default-lease-time 600; max-lease-time 7200; }

4. Modify the ip address for etc0

sudo ifconfig eth0 192.168.4.171 netmast 255.255.255.0 

5. Restart the dhcp server

sudo service isc-dhcp-server restart 

1. Install the radvd to configure the parameters sudo apt-get install radvd 
 * For IPv6

2. Modify the file /etc/radvd.conf sudo vi /etc/radvd.conf

interface eth0 { AdvSendAdvert on; AdvManagedFlag on; prefix fec0:1111:2222:3333::/64 { AdvOnLind on; AdvAutonomous on; }; }; 3. Modify the file /etc/sysctl.conf sudo vi /etc/sysctl.conf net.ipv6.conf.all.forwarding=1

4. Restart the radvd sudo /etc/init.d/radvd restart

sudo vi /etc/network/interfaces auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp
 * For other server

DNS server
1. Install Bind9
 * For IPv4

sudo apt-get install bind9

2. Configure static IP address getting from DHCP server for the DNS server

sudo nano /etc/network/interfaces

auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp

5. Configure zones in the named.conf.local file

sudo vi /etc/bind/named.conf.local

// For Forward zone zone "www.gaoyuan.com" {        type master; file "/etc/bind/db.www.gaoyuan.com"; allow-transfer { 192.168.4.173; }        also-notify { 192.168.4.173; };        };         zone "www.gaoyuan.com" {       type slave; file "/etc/bind/db.www.gaoyuan.com"; masters { 192.168.4.172; };       };

Configure the other 4 dns server, www.gaoyuan1.com, www.gaoyuan2.com, www.gaoyuan3.com, www.gaoyuan4.com

// For Reverse zone for ipv4 addresses

zone "4.168.192.in-addr.arpa" {         type master; file "/etc/bind/db.192"; allow-transfer { 192.168.4.173; };         also-notify { 192.168.4.173; };          };          zone "4.168.192.in-addr.arpa" {         type slave; file "/etc/bind/db.192"; masters { 192.168.4.172; };         };

// For Reverse zone for ipv6 addresses

zone "3.3.3.3.2.2.2.2.1.1.1.1.8.0.e.f.ip6.arpa" {         type master; file "/etc/bind/db.ipv6"; allow-transfer { 192.168.4.173; };         also-notify { 192.168.4.173; };          };          zone "3.3.3.3.2.2.2.2.1.1.1.1.0.8.e.f.ip6.arpa" {         type slave; file "/etc/bind/db.ipv6"; masters { 192.168.4.172; };         };

6. Configure the forward lookup table

sudo vi /etc/bind/db.www.gaoyuan.com

$TTL  	         604800 @        IN	       SOA	           www.gaoyuan.com. root.gaoyuan.com. ( .                               2		; Serial .	                604800		; Refresh .			  86400		; Retry .		      2419200		; Expire .		        604800 )	        ; Negative Cache TTL @	IN	NS	       www.gaoyuan.com. @	IN	A	       192.168.4.179 @	IN	AAAA	fe08:1111:2222:3333:4444:5555:6666:aaaa

Configure other 4 dns server in the same method

7. Configure the reverse lookup table for ipv4 and ipv6 addresses

sudo nano /etc/bind/db.192

$TTL	  604800 @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. ( .	 		         2		; Serial .			 604800		; Refresh .			   86400		; Retry .		       2419200		; Expire .			 604800 )	; Negative Cache TTL ;                        @	IN	NS	www.gaoyuan.com. 179	IN	PTR	www.gaoyuan..com. 175	IN	PTR	www.gaoyuan1.com. 176	IN	PTR	www.gaoyuan2.com. 177	IN	PTR	www.gaoyuan3.com. 178 IN    PTR  www.gaoyuan4.com.

sudo nano /etc/bind/db.ipv6

$TTL	  604800 @	IN	SOA	www.gaoyuan.com. root.www.gaoyuan.com. ( .	 		         2		; Serial .			 604800		; Refresh .			   86400		; Retry .		       2419200		; Expire .			 604800 )	; Negative Cache TTL ;                        @	IN	NS	www.gaoyuan.com. a.a.a.a.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan..com. b.b.b.b.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan1.com. c.c.c.c.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan2.com. d.d.d.d.6.6.6.6.5.5.5.5.4.4.4.4	IN	PTR	www.gaoyuan3.com. e.e.e.e.6.6.6.6.5.5.5.5.4.4.4.4    IN    PTR  www.gaoyuan4.com.

8. Edit the file resolv.conf

sudo vi /etc/resolv.conf

nameserver 192.168.4.172

9. Restart the Bind9 server

sudo /etc/init.d/bind9 restart

Web server
1. Install Apache webserver

sudo apt-get install apache2

2. We install the server and client of mysql.

“apt-get install mysql-server mysql-client”

3. Install php5

“apt-get install php5” 4. Restart apache2

“sudo /etc/init.d/apache2 restart” 5. Modify the home page “cd /var/www/ls” “Sudo nano /var/www/html/index.html”

Firewall
1. Active ufw firewall “sudo ufw enable” “sudo ufw default deny”

2. Start the service using the command

sudo service iptables-persistent start

3. Enable the SSH service “sudo ufw allow ssh”

4. Open the port “sudo ufw allow 80” “sudo ufw allow 22” “sudo ufw allow 873” “sudo ufw allow 1723”

5. Enter a rule “Sudo ufw allow proto tcp from 192.168.4.174 to any port 22”

6. See the firewall status “sudo ufw status

Backup Server
1. Install SSH

sudo apt-get install ssh

2. Generating RSA keys

ssh-keygen –t rsa

3. Copy the RSA public key to other host over SSH

cat /home/Gandhi/id_rsa.pub “mkdir –p /root/.ssh && cat >> /root/.ssh/authorized_keys

4. Install rsync using following command

sudo apt-get install rsync

5. Use Rsync to copy the public key to virtual server

ssh root@192.168.10.120 rsync /var/www/html root@192.168.10.150 :/var/www/html

6. Use crontab for ssh commands to run periodically every 10 minutes

10 * * * * rsync /var/www/html root@192.168.10.150:/var/www/html

Network
Use ping to test whether every server can connect each other

DHCP Server
Flush the IP addresses in eth0 and then restart eth0 interface to see whether it can get the IPv4 and IPv6 addresses from DHCP server.

DNS Server
1. Test master DNS server a. use command host host www.gaoyuan.com host 192.168.4.179 host fe08:1111:2222:3333:4444:5555:6666:aaa b. use nslookup nslookup www.gaoyuan.com 192.168.4.179                       fe08:1111:2222:3333:4444:5555:6666:aaaa 2. Test slave DNS server Turn off the master DNS server and use the same method with master DNS server

Websites:
1) http://www.bind9.net 2) https://help.ubuntu.com/community/BIND9ServerHowto 3) https://help.ubuntu.com/community/isc-dhcp-server 4) https://help.ubuntu.com/community/rsync 6) https://help.ubuntu.com/community 7) http://lesca.me/archives/how-to-ping-ipv6-address.html 8) http://blog.csdn.net/l0605020112/article/details/41899359 9) https://help.ubuntu.com/lts/serverguide/dns-configuration.html

Books:
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross