User:Capstoneproject7/TSMG5330-F13-Group7

The Folks

 * TrinadhGanesh Veeravalli
 * VishnuVardhan Murughian
 * Praveen Chekka
 * Vignesh Raja Swaminathan
 * Praveen Chekka
 * Vignesh Raja Swaminathan

Motivation
The Linux server project distinguishes and helps to understand the basic difference between knowledge and skill. This project is instrumental in converting the acquired basic knowledge of the protocols and concepts to a practical design which is nothing but the implementation of networking concepts using available resources. An ideal solutions engineer would come up with a design considering the factors of capital, resources required to implement the requirements in the way they want to. This project is the best possible solution, which is robust, secure, dynamic and intelligent enough to cater to the needs of an enterprise.

DHCP
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on Bootstrap Protocol (BOOTP), a protocol with which DHCP shares many implementation details. DHCP allows hosts to obtain necessary TCP/IP configuration information from a DHCP server. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. DHCP also supports a mix of static and dynamic IP addresses. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected.

Use of DHCP:

Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses must be configured manually for new computers or computers that are moved from one subnet to another, and manually reclaimed for computers that are removed from the network. DHCP enables this entire process to be automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation. The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer.

The DHCP server stores the configuration information in a database, which includes:

Valid TCP/IP configuration parameters for all clients on the network.

Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.

Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client.

The lease duration, or the length of time for which the IP address can be used before a lease renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives a valid IP address for the subnet to which it is connecting.

DNS
Domain Name System/Service/Server is an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.tsmg5330grp7.com might translate to 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

Use of DNS:

DNS is used everywhere on the Internet, as well as in many private networks. The number of uses for DNS is nearly unlimited, as almost any network service can benefit from it in some way or another. Every page on the World Wide Web accessed by name not by IP address. E-mail uses DNS to get your mail to its destination. The World Wide Web uses DNS extensively. The web is the most visible use of DNS on the Internet though it may lag behind e-mail in popularity. Every time you access a Web site by name, such as www.g7.com, DNS references a host record to resolve that name to an IP address. The Web is actually one of the more simple uses for DNS as once the name is resolved, the web browser retrieves the content from the web server using the address. You can see DNS at work every time you load a page in your browser. E-mail is reported as the most popular use of the Internet based on the total number of users; without DNS, e-mail wouldn't function like it does today. E-mail uses DNS for mail routing; mail routing is used to get an e-mail that you send from your mail server to the recipient's mail server. This is facilitated by the mail exchanger record in DNS. The mail server first inspects the domain in the e-mail address called the host portion of the address; every thing before the @ symbol in an e-mail address is referred to as the user portion. While everything following the @ symbol is called the host portion. It then uses DNS to resolve the mail exchanger record for this domain to an IP address. Finally it uses the SMTP protocol to send the message to the receiving server's IP address resolved in the last step. Unfortunately it's hard to show an example of this process, but it occurs every time an e-mail is sent. Microsoft active directory uses DNS as one of the core building blocks in its infrastructure. DNS is used with active directory to maintain database of services on that network; these services are listed in DNS using service records. Service records allow any client in an active directory environment to locate any service it needs such as a printer. This DNS integration removes the requirement of knowing which server hosts are given a resource. As was the case in versions in Microsoft windows before active directory was released. Instead a client can use resources without knowing anything about the underlying network and server layout. DNS is used for a variety of other applications as well; any time you reference a host by its DNS name, DNS is used. This occurs regardless of the service you're using. Some examples of services that use DNS are telnet and SSH for remote system access to UNIX servers, some database client utilities, groupware clients and back-up utilities. Typically, these applications will reference the target server based on its host record.

Web Server
Web servers are computers that deliver web pages. Every Web server has an IP address and possibly a domain name. For example, if a URL http://www.tsmg5330.com/g7.html in your browser, this sends a request to the Web server whose domain name is tsmg5330.com. The server then fetches the page named g7.html and sends it to the browser. Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. Every computer on the Internet that contains a Web site must have a Web server program. Two leading Web servers are Apache, the most widely-installed Web server, and Microsoft's Internet Information Server ( IIS ). Other Web servers include Novell's Web Server for users of its NetWare operating system and IBM's family of Lotus Domino servers, primarily for IBM's OS/390 and AS/400 customers.

Web servers often come as part of a larger package of Internet- and intranet-related programs for serving e-mail, downloading requests for File Transfer Protocol ( FTP ) files, and building and publishing Web pages. Considerations in choosing a Web server include how well it works with the operating system and other servers, its ability to handle server-side programming, security characteristics, and publishing, search engine, and site building tools that may come with it.

Firewall
Firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. . A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted. There are several types of firewall techniques: 1. Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Backup Server
A server responsible for backing up and restoring files, folders, databases and hard drives on a network in order to prevent the loss of data in the event of a hard drive failure, user error, disaster or accident. In addition to numerous backup server products and services available from third-party vendors, Microsoft Windows Server operating systems also include a built-in Windows Server Backup feature that can be used to perform basic backup and recovery operations on backup servers. An alternative to standard backup server software tools are online backup and recovery services that save your network's data to a remote location in the cloud.

Architecture Fundamental Logic

VPN
VPN enable us to access the private network from outside the private network like internet. A private network can be accessed with the same privileges when accessed from internet. The VPN can be setup by establishing a new VPN connection by the remote client and entering the SSID and password generated by the access network. Thus VPN enables a client to access private network from internet securely

Network Information System
Network Information System is for smaller networks to name its network and used for administration of the system. By implementing NIS, knowledge of the entire system is possessed by each client or server computer in that system. Files or applications access in the network is possible with a single user identification and password. NIS is similar to DNS but relatively simpler and for smaller groups. NIS uses the client/server model and the. NIS consists of servers, which are nothing but a library of client programs and few administrative tools. NIS is mostly used with NFS.

DNS Requirement
1. Build one DNS Server for a start up organization in Boston.

2.Choose one domain name of our choice.

3.Configure DNS such that it handles both IPv4 and IPv6 addressing.

4.Need to configure domain name server to handle queries for our domain.

5.Configure DNS such that it handles both forward and reverse lookup for IPV4 and IPV6.

DHCP Server Requirement
A DHCP implementation - DHCP Server has to be built with the following:

1. A set of IP addresses that is required to be utilized in our project.

2. Implementing IPv4 and IPv6 addresses in DHCP

3. Network addresses need to be allocated dynamically

4. The Client-Server Protocol

WEB Server
1. Create a basic page to the web server.

2. The webpage is accessible to clients in the network.

Firewall
1. Make the server the most secured one.

2. Block unwanted traffic in the network to make the server available for maximum number of clients serving their requests.

Backup
1. Content of the web server is to be backed up and saved in another server.

2. Scheduled backup every day at 12:00 am.

DNS
Below are the Configuration steps

1.Assign Static IP address to the Interface

2.Install Bind9

3.Caching Name Server

4.Primary DNS Master Server

A)Forward Lookup Zone

B)Reverse Lookup Zone

Assign Static IP address to the Interface
It is always ideal to configure the server with static IP address, we know that DHCP assigns IP address dynamically to hosts for a random time and this address expires after that time over. Few applications tend to hard-code this address, and when the timeout expire the hosts won’t b able to reach the server, also if DHCP Server fails to renew IP address to DNS Server the entire DNS Services will be down. Hence it’s ideal to assign static address for servers.

Edit the file /etc/network/interfaces with the below commands

sudo nano /etc/network/interfaces

Auto eth0

iface eth0 inet static

address  206.64.16.5

netmask  255.255.255.0

network  206.64.16.0

broadcast 206.64.16.255

gateway  206.64.16.1

Now restart the Networking process as we have made changes to the interfaces file using the below command

Sudo /etc/init.d/networking restart

Now edit the /etc/hosts file as below
127.0.0.1 veeravalli

127.0.1.1 veeravalli.dngroupproject.com veeravalli

Now comes the most important step,

Install the BIND9 Utility using the below command
Sudo apt-get install bind9

Now configure the file named.conf.options
We are here setting up a DNS Server authoritative for our domain, so for requests outside our domain the requests will be forwarded to these ISP’s IP address. Hence we configure the named.conf.options file with these forwarders IP addresses.

sudo etc/bind/nano named.conf.options

forwarders {

192.168.83.2;

192.168.1.2;

8.8.8.8;

8.8.8.4;};

Configure the named.conf.local file with forward and reverse lookup zones
Forward lookup zones is used for hostname to IP address translation, and reverse lookup is used for IP address to hostname translation. sudo nano named.conf.local


 * 1) FORWARD LOOKUP ZONE – Holds A records, maps hostnames to IPs

zone “dngroupproject.com”

{

type master;

file “/etc/bind/zones/db.dngroupproject.com”;

};


 * 1) REVERSE LOOKUP ZONE – Holds PTR records, maps IP address to hostname


 * 1) Our reverse zone

zone "16.64.206.in-addr.arpa" {

type master;

file "/etc/bind/zones/db.206";

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.6.0.f.f.ip6.arpa" {

type master;

file "/etc/bind/zones/reverse.zone.ipv6";

};

trinadhganesh@veeravalli:~$

Now create a directory zones in order to configure forward and reverse lookup zone database files.

Sudo mkdir zones

Create the Forward Lookup Zones database file.
$TTL   604800

@      IN      SOA     veeravalli.dngroupproject.com. root.dngroupproject.com. (

2        ; Serial

604800        ; Refresh

86400        ; Retry

2419200        ; Expire

604800 )      ; Negative Cache TTL



dngroupproject.com. IN     NS      veeravalli.dngroupproject.com.

dngroupproject.com. IN     A       206.64.16.5

IN     AAAA    ff06:0000:0000:0000:0000:0000:0000:c3

veeravalli             IN      A       206.64.16.5

IN     AAAA    ff06:0000:0000:0000:0000:0000:0000:c3

gateway                IN      A       206.64.16.1

win7pc                 IN      A       206.64.16.10

www                    IN      CNAME   dngroupproject.com.

Create the Reverse Lookup Zone database file
Sudo nano /etc/bind/zones/db.206

$TTL   604800

@      IN      SOA     veeravalli.dngroupproject.com. root.dngroupproject.com. (

1        ; Serial

604800        ; Refresh

86400        ; Retry

2419200        ; Expire

604800 )      ; Negative Cache TTL



@      IN      NS      veeravalli.

1      IN      PTR     gateway.dngroupproject.com.

5      IN      PTR     veeravalli.dngroupproject.com.

10       IN      PTR     win7pc.dngroupproject.com.

Sudo nano /etc/bind/zones/reverse.zone.ipv6

TTL   604800

$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.6.0.f.f.ip6.arpa.

@      IN      SOA     veeravalli.dngroupproject.com. root.dngroupproject.com. (

5 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 )       ; Negative Cache TTL



@                                  IN      NS      veeravalli.

3.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN      PTR     veeravalli.dngroupproject.com.

Now that we have configured forward and reverse zone lookup files. We can test if these are working file. Below is the command to verify forward and reverse zone lookup files.

Named-checkzone dngroupproject.com /etc/bind/zones/db.dngroupproject.com

Named-checkzone dngroupproject.com /etc/bind/zones/db.206

If the output of these commands is as below then it implies that forward and reverse zone lookup files are configured correctly.

trinadhganesh@veeravalli:~$ named-checkzone dngroupproject.com /etc/bind/zones/db.dngroupproject.com

zone dngroupproject.com/IN: loaded serial 2

OK

trinadhganesh@veeravalli:~$ named-checkzone dngroupproject.com /etc/bind/zones/db.206

zone dngroupproject.com/IN: loaded serial 1

OK

trinadhganesh@veeravalli:~$

trinadhganesh@veeravalli:~$ named-checkzone dngroupproject.com /etc/bind/zones/reverse.zone.ipv6

zone dngroupproject.com/IN: loaded serial 5

OK

Now edit the configuration file /etc/resolv.conf
Edit your /etc/resolv/conf file to reflect your new DNS server settings.

Sudo nano resolv.conf

search dngroupproject.com.

nameserver 206.64.16.5

Restart the BIND9 Daemon to update our new configuration changes
sudo /etc/init.d/bind9 restart

Updating all the packages
All the other packages are updated before installing the DHCP server package.

sudo apt-get update

Installing DHCP server
DHCP server is installed and configured on our Ubuntu machine.

sudo apt-get install dhcp3-server

Configuring DHCP Server
(i) The dhcpd.conf file is accessed from the path below.

cd /etc/dhcp/

The configuration file is edited using nano editor

sudo nano dhcpd.conf

(ii) The following has to be changed in the DHCP configuration file:

•	IP addresses’ range which the configured DHCP server will rent.

•	Network and subnet address of the range.

•	IP address for DNS.

•	IP address for interface of the router.

•	Network’s Broadcast address.

•	Default lease time and the max lease time.

‘#’ signifies that the lines starting with ‘#’ are commented out. The lines will not be executed if the ‘#’ is preceded before the command lines. Hence, it is made sure that ‘#’ in front of the

edited lines are removed.

We configure IP addresses from 206.64.16.1 to 206.64.16.8. This range denotes the range of IP addresses, which will be allotted to new clients when the DHCP server is requested for an IP address.


 * 1) A slightly different configuration for an internal subnet.

subnet 206.64.16.0 netmask 255.255.255.248 {

range 206.64.16.1 206.64.16.8;

option domain-name-servers 206.64.16.1,8.8.4.4;


 * 1)  option domain-name "internal.example.org";

option routers 206.64.16.1;

option broadcast-address 206.64.16.8;

default-lease-time 600;

max-lease-time 7200;

}

The dhcp.conf file is saved and exited.

(iii) DHCP server is restarted.

sudo /etc/init.d/isc-dhcp-server restart

DHCP client configuration
Initially DCHP client configuration needs to be done.

(i) First step to be done is to configure the interface of the client to which it will listen to acquire IP address from DHCP server’s pool of IP addresses.

sudo nano /etc/network/interfaces

The contents of the file is replaced by the following:

auto lo eth0

iface eth0 inet dhcp

iface lo inet loopback

(ii) The interfaces’ configuration should be updated by restarting the network.

sudo /etc/init.d/networking restart

Once the network is restarted and the IP address of the client is checked, the IP address picked up by the client is from the range that is configured in the DHCP server. (206.64.16.1 to 206.64.16.8 in this case)

Implementing IPv6
IPv6 packet forwarding has to be enabled following the given below steps:

(i) The sysctl.conf file has to be opened from the path given below:

cd /etc/sysctl.conf

(ii) It is made sure that the following line has not been commented out.

net.ipv6.conf.all.forwarding=1 (iii) In the running Kernel, the following change has to be made:

sudo sysctl –w net.ipv6.conf.all.forwarding=1

(iv) A file named dhcpd6.conf, which is the configuration file for IPv6 has to be created in the following path:

cd /etc/dhcp/

(v) The following configuration commands need to be entered into the file

ddns-update-style none;

default-lease-time 7200;

max-lease-time 86400;

subnet6 ff06:0:0:0:0:0:0:c0 {

range6

ff06:0:0:0:0:0:0:c0

ff06:0:0:0:0:0:0:c7

option dhcp6.domain-search

"f13.group7 ";

}

(vi) DHCPv6 server is started using the command:

sudo service isc-dhcp-server6 start

If DHCPv6 fails, get to the path /var/log/syslog and look for error messages. Ultimately, if every functionality works fine, add to the default runlevels: sudo update-rc.d isc-dhcp-server6 defaults

Sever Side
To block ICMP traffic Sudo iptables -A INPUT -p icmp –j REJECT

To block telnet

Sudo iptables -A INPUT  -p tcp --dport 23 –j REJECT

To block Ssh

Sudo iptables -A INPUT  -p tcp --dport 22 –j REJECT

For saving rules configured in firewall
1. sudo su

2. iptables-save > /etc/iptables.rules

3. In /etc/network/if-pre-up.d/iptables,put:


 * 1) !/bin/sh

Iptables-restore < /etc/iptables.rules

exit 0

4. After, in /etc/network/if-post-down.d/iptables,put:


 * 1) !/bin/sh

iptables-save -c > /etc/iptables.rules

if [ -f /etc/iptables.rules ]; then

iptables-restore < /etc/iptables.rules

fi

exit 0

5. After, give permission to the scripts:

sudo chmod +x /etc/network/if-post-down.d/iptables

sudo chmod +x /etc/network/if-pre-up.d/iptables

Client Side
UFW rules:

Developed to ease iptables firewall configuration.

Ufw status: To check the status of Uncomplicated firewall.

Ufw enable: To enable Ufw.

To block access to http port using Ufw:

Ufw reject out http.

Ufw reject out https.

These two rules on the client side doesn't allow the client to use http and https services.

To update all the packages in the machine
Sudo apt-get update

To install apache webserver in the machine
Sudo apt-get install apache2

To edit the default webpage
•	Go to /var/www directory from the current working directory using cd /var/www.

•	After running the command user does an ls to find the files and directories in the current directory.

•	User finds index.html file which is the default web page of the server.

•	Now user launches the file in edit mode to modify the content of the file using a command Sudo nano index.html.

Flush all the ruleson port 80 in the web server
so that it can be made accessible to the clients in the network using the below command

Sudo iptables –F (If only port 80 rule is present)

Sudo iptables –A INPUT –p tcp –dport 80 –j ACCEPT

To install rsync in the server machine
Sudo apt-get install rsync

This is the basic package which serves to take the backup only in the machine locally. Backup in the same machine can be done by using the command

Rsync –av –delete /Directory1/ /Directory2/

To install Ssh rsync in the server machine
Sudo apt-get install Ssh rsync

This package enables the server to put the backup in another server on the network. This can be done by using the command

Rsync –av –delete –e Ssh /Directory1/ ubuntu@206.64.16.2:/Directory2/

To Schedule the backup every day at 12:00 am
crontab –e

0 00 *** rsync –av –delete –e Ssh /Directory1/ ubuntu@206.64.16.2:/Directory2/

To zip the backup
zip /ZippedFiles/archive.zip /Directory1/ &&  rsync –av –delete –e Ssh /ZippedFiles/Directory2/

Install pptp server using apt-get
Sudo apt-get install pptpd

Need to configure the pptpd file
Sudo nano /etc/pptpd.conf

Add server IP and client IP

Configure DNS Server for clients when they connect to the pptpserver
Sudo nano /etc/ppp/pptpd-options

Add VPN users in /etc/ppp/chap-secrets
Sudo nano /etc/ppp/chap-secrets

Start the server
/etc/init.d/ppptpd restart

NIS Server Configuration
1.In hosts.allow, the following is added

portmap ypserv ypbind : list of IP addresses

2.NIS is installed using the command:

sudo apt-get install portmap nis

3.The following file has to be modified as

/etc/default/portmap

Comment out the line ARGS=”-i 127.0.0.1"

4.The following file has to be modified as

/etc/default/nis

NISSERVER line is set to NISSERVER = master

6. The following file has to be modified as

/etc/yp.conf

A server line requires to be added: domain server

7.The following file is modified as

/var/yp/Makefile

MINGID is set to 1

8. The following file is modified as

/etc/ypserv.securenets

Line to restrict access to domain members is added.

It is made sure that the 0.0.0.0 line is commented out.

9. DB is built for the first time:

sudo /usr/lib/yp/ypinit -m

10. Portmap and NIS are restarted:

sudo /etc/init.d/portmap restart

sudo /etc/init.d/nis restart

DNS Server
1. Check forward lookup

Host dngroupproject.com

2. Check reverse lookup

nslookup 206.64.16.5

3. dig dngroupproject.com

4. dig -x 206.64.16.5

5. Host dngroupproject.com

DHCP Server
(i) The leases on DHCP server and the IP addresses which has been leased to the client can be checked using the command:

sudo tail /var/lib/dhcp/dhcpd.leases

(ii) The log output of DHCP is verified using the command below:

sudo tail –f /var/log/syslog

(iii) The messages like DHCPREQUEST and DHCPACK with name of the client and name of the interface can be verified.

Test Strategy
Pre-Conditions: Initially take a server machine in which firewall is to be configured and a client machine to test the firewall working. In the server machine, before running the rules check the status of iptables using sudo iptables –L. Both client and server should be in the same subnet for the testing to carry out.

Scenario1:
Action: Try to ping from client machine to the server and vice versa

Result: The pings should be successful as both the machines are able to communicate with each other

Command: Ping 206.64.16.2

Scenario2:
Action: Telnet from client machine to the server and vice versa

Result: Client should be able to make a telnet connection successfully with the server entering a login and password of server when prompted to do so. The same results are observed in case of server trying to make a telnet connection with the client.

Command: Telnet 206.64.16.2

Scenario3:
Action: Establish a Ssh connection from client machine to the server and vice versa

Result: Client successfully enables Ssh connection with the server entering a password of server when prompted to do so. The same results are observed when server tries to make an Ssh connection with the client.

Command: Ssh –p 22 ubuntu@206.64.16.2

Pre-Conditions: Add a rule to block icmp requests from anywhere in the server machine using a command.

Command: Sudo iptables -A INPUT -p icmp –j REJECT

Scenario4:
Action: Ping from client machine to the server machine

Result: Client should get a message ”Destination Host Unreachable”.

Command: Ping 206.64.16.2

Negative Scenario:
Action: Ping from server to the client machine

Result: Ping should be successful

Pre-Conditions: Add a rule to block the telnet port so that no more telnet requests are not accepted on the server machine from anywhere.

Command: Sudo iptables -A INPUT  -p tcp --dport 23 –j REJECT

Scenario5:
Action: Establish a telnet connection to the server machine from client machine

Result: Client should get a message “Connection refused”

Command: Telnet 206.64.16.2

Negative Scenario:
Action: Establish telnet from server to the client machine

Result: Telnet connection should be successful

Pre-Conditions: Add a rule to block the Ssh default port on the server machine so that no Ssh connections are accepted from anywhere.

Command: Sudo iptables -A INPUT  -p tcp --dport 22 –j REJECT

Scenario6:
Action: Make Ssh connection from client to the server machine

Result: Client should get a message “Connection refused”

Command: Ssh –p 22 ubuntu@206.64.16.2

Negative scenario:
Action: Establish a Ssh connection from server to client machine

Result: Connection should be successful

Pre-Conditions: If at all we need to block http/https requests from client machine we simply install and configure Ufw. After the installation add few rules to block the outgoing requests from client machine

Command: Ufw reject out http/https.

Scenario7:
Action: Browse the webserver IP from client browser.

Result: User shouldn’t be able to access the default webpage of the server.

Test Strategy
Pre-Conditions: User updates all the packages in the machine and installs the apache web server on the server machine. Now try to launch the default webpage of the server using the browser in the same machine

Scenario1:
Action: Open the browser and type “localhost or 127.0.0.1” in the address bar.

Result: User should be displayed with the default web page of the server.

Pre-Conditions: After the installation, now user tries to edit the default page of the server and saves the page successfully. Now try to launch the webpage and see whether the changes are reflected or not

Scenario2:
Action: Open the browser and type “localhost or 127.0.0.1” in the address bar.

Result: User should be able to see the edited webpage and the page displayed is in sync with the index.html file in /var/www directory.

Pre-Conditions: Try to access the webpage from client’s machine in the network.

Scenario3:
Action: Try to access the webpage from client’s browser typing the IP address of the server

Result: Webpage is displayed and all the content is loaded.

Test Strategy
Scenario1: Testing the backup archiving after running the command to save it locally. Go and check the specified destination folder and check for the contents of the file

Scenario2: Testing the backup archiving after running the command to save it across the network. Go and check the specified destination folder in the particular machine.

Scenario3: Make some changes in the webpage before 12:00 am of a day and check for the latest backup after 12:00 am either locally or in the particular machine in the network.

Scenario4: Check whether the files are zipped and saved in the specified destination paths given locally or across the network in the particular machine.

VPN
Established a VPN Connection successfully

Verified the PPP IP address using the ifconfig.

DNS Server Configuration
1.Since we have started doing the project in VMware, there was only one interface in VMware and configuring that one interface to static IP address we weren’t able to download the bind services because the single interface being static the internet wasn’t working. After several attempts of installing it and dual booting we figured out the issue and have started doing it in dual boot Ubuntu and assigned static IP address to eth0 port and wireless was running on wlan0 port.

2.We have initially installed Ubuntu 13.04 version, in this version for some strange reason we weren’t able to restart the networking and network manager services, whenever we try to attempt to restart the networking service the system use to hung up and we ended up in restarting the system. When we moved to Ubuntu 12.04 version we overcame this issue.

3.Initially we have replaced the 127.0.1.1 IP address in /etc/hosts file with the IP address of the DNS Server as the source we initially referred to pointed us in doing so. When we have restarted the networking service with this in place, there was some strange behavior observed and we weren’t able to do nslookup. Later have referred to other sources and changed it to default values that is when we observed that the domain name service was working.

4.Initially while we were checking the zone files, we have got few errors, upon re-examining the zones file we observed few human errors, re ctified those and then we were able to verify the zone file.

5.Few errors while figuring out the format for reverse zone file for IPV6 addressing, we finally got the format in which IPV6 address needs to be specified in zone file after reaching to google.com.

DHCP Server Configuration
Concerns with Ubuntu Versions

We initially configured DHCP server on an Ubuntu 13.10 (VMware) machine. Although the server was restarted after configuring the dhcpd.conf, the DHCP server did not work. Then the version of Ubuntu 12.04 was tried and still the problem persisted. Then the configuration was tried on Linux (dual boot) instead of trying it on VMware. The problem could still not be sorted out. Ultimately, the problem was rectified while using the Ubuntu version of 11.10. This successfully allowed DHCP server to restart.

Network Settings

The immediate issue that was faced once the server restarted was with the network settings. The ‘Network Adapter’ setting under the ‘Virtual Machine Settings’ was selected to be an option other than ‘Bridged: Connected directly to the physical network’. Bridged networking connects virtual machine to a network using the Ethernet adapter of host. The DHCP client and server worked perfect once this setting was changed.

Difficulties Faced
When running the rsync command to save the backup across the network in a particular machine or server, I saw below error

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

e4:02:eb:fd:7b:2a:b3:c3:74:41:2e:62:89:30:83:11.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Resolution:
Added the host key in root/.Ssh/known_hosts

e4:02:eb:fd:7b:2a:b3:c3:74:41:2e:62:89:30:83:11.

Expansion
We are planning to add few more add-ons in this project.

Growth
We have started this project from scratch and we were able to complete this successfully. Have learnt many new concept by doing this project. We wish to add few more Enhancements and continue acquiring knowledge.

Improvements
We are continuously testing our current functionality and planning on adding few enhancements to the current functionality.

Reference
Computer Networking A Top-Down Approach 6th edition Kurose and Ross.

http://technet.microsoft.com/en-us/library/cc781008(v=ws.10).aspx

http://www.howstuffworks.com/dns1.htm

http://www.youtube.com/watch?v=9Vc6-0smd64

http://www.youtube.com/watch?v=7yUVoXt31EQ

http://www.youtube.com/watch?v=NSJxphZgWYs

http://www.youtube.com/watch?v=fqlvUt8jQ84

http://askubuntu.com/questions/185369/

http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html