User:Dishapandhi/sandbox

LINUX PROJECT - TELE5330 - NETKings

This page is brief summary of our LINUX Project

1. The Folks

Disha Pandhi

Maryam Alabyadh

Vinay Vishwanath

Venkatesh Moorthy

Motivation

LINUX operating system gives you an insight of how actually an operating system works. With the shell and its profound utilities it is possible to develop an entire network topology right from the host to the servers. This motivated the ‘NETkings’ to develop network architecture taking into consideration a small start-up company.

Implementation

The servers and clients are configured on VMware workstations, and connected with each other on the virtual switch, which was configured by us, thereby enabling all the stations to be connected on the same network.

Understanding the Protocol

DNS

In today’s world, people communicate with end users located at the other end of the world, because of the INTERNET. With the increase in networking between hosts across different parts, it becomes difficult to remember the IP addresses associated with them. And, hence the communication is possible without the hosts remembering the IP addresses and the MAC addresses. TCP/IP identifies a way to let a computer find the IP address of another computer based on the name and also it needs a way to find the MAC address of the other computers located on the LAN. The DNS protocol runs on UDP on the port 53.

In the project the DNS server is configured using the BIND package and the authoritative DNS name server is venkatesh.netlab.com. The server is responsible for resolving the hostnames to IP addresses as asked by the client. The DNS server in our project works on the IP address 192.168.1.194. The various steps involved in configuring the server are as follows:

Step 1: BIND9 Nameserver Installation: The command used is ‘’’sudo apt-get install bind9’’’

Step 2: Assigning IP address to the DNS server: This is done by changing the /etc/network/interfaces file and the appropriate IP addresses are then entered along with the subnet mask and the gateway.

Step 3: Editing the /etc/bind/named.conf.local file: This is done to make entries for the forward and reverse lookup DNS zone files.

Step 4: Editing the /etc/bind/named.conf.options: In this file we create entries for the forwarders ie. the DNS servers that would be responsible for the hostname resolution.

Step 5: Creating the /etc/bind/db.netlab.com and /etc/bind/db.reverse.netlab.com file: In these file we create entries for the forward and reverse DNS lookups.

Testing parameters for the DNS server

Step 1: To check for typos and misconfiguration of files, type the following commands: named-checkconf /ect/bind/named.conf.local named-checkconf /ect/bind/named.conf.options named-checkzone netlab.com /ect/bind/db.netlab.com named-checkzone netlab.com /ect/bind/db.reverse.netlab.com If there are any errors, the same should be rectified and then, restart the bind service with command, sudo /etc/init.d/networking restart and after that one should be able to perform nslookup. The correct execution of the DNS server can be checked with the dig, hosts and nslookup commands.

DHCP

DHCP is an acronym for Dynamic Host Configuration Protocol.

Computers identify each other with IP addresses and hence for them to communicate with each other it is essential that each of them has a unique IP address associated. The same is done by the DHCP server that dynamically assigns IP addresses to the clients for a pre-determined lease period. Upon booting the computer searches for an IP address. The DHCP messages exchanged between the client and the server are: DHCP DISCOVER, DHCP OFFER, DHCP REQUEST, DHCP ACK, DHCP NACK, DHCP RELEASE, DHCP DECLINE.

In the project, to implement DHCP we need to install the DHCP server from the Ubuntu package. The command used to install DHCP server is ‘’’sudo apt-get install isc-dhc-server’’’. The various command to configure the DHCP server are as follows:

Step 1: Assigning a static IP address to the DHCP server and changing the DHCP configuration file ie /etc/dhcp/dhcpd.conf. In this file one needs to specify the IP range that the server is going to assign to the various clients in the network.

Step 2: After making changes in the dhcpd.conf file one needs to start the DHCP configuration and this is done with the command ‘’’/etc/init.d/isc-dhcp-server restart.

Testing the DHCP server

In order to test the functionality of the DHCP server, on another VMware we configured a DHCP client that was dynamically assigned an IP address by the server.

Webserver and Firewall 

In this project we also have a website that is www.netlab.com. To run a web service on LINUX one needs to run the Apache server and this utility is downloaded by, ‘’’sudo apt-get install apache2’’’.Then the web the is hosted on the web server that has an IP address 192.168.1.195. The /var/www/html/index.html file is edited to host the web page. Also some notable change that need to be made are changing the /etc/hosts file, so that our webserver will be able to get a hostname resolution although the same is not required. For, security reasons it is essential to prevent malicious entries from outside the network and this is achieved by installing the firewall on the server with the command, ‘’’uhw enable’’’.

This summarizes building a network in a basic working condition. Also to secure and add special features in the project we have added the following add-ons:

STEP 1.sudo iptables -A INPUT -m iprange --src-range 192.168.1.1-192.168.1.6 -j ACCEPT This allows the IP ranges in between the specified range to be able to communicate.

STEP 2.Allowing the clients to access web server through HTTP and SSH:

sudo iptables -A INPUT -p tcp --dport 80 -m iprange --src-range 192.168.1.197-192.168.1.200 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 22 -m iprange --src-range 192.168.1.197-192.168.1.200 -j ACCEPT

STEP 3.Command used to list out all the rules configured in the iptables: sudo iptables –L

STEP 4.Also, if the client needs to access the network from outside, he should be able to access the network and hence we have also implemented VPN in our network.

STEP 5.Additionally, we have created a back-up for the server configuration in case of failures.

Virtual Private Network

VPN allows a user to establish a point-to-point connection to a network, despite being outside the network. It uses, tunneling protocol to achieve this. There are two types of VPNs:

1. Remote Access VPN (Connecting a remote computer to a network)

2. Site-to-Site (Connecting two networks)

In this project we make use of remote access VPN, which allows access to a user outside the network. The whole process of VPN communication relies on authentication of the end users. Hence it is important to carry out the remote user authentication process with great care.

Future Prospects

We are keen on developing a mobile based application of the project report. Also more security enabled features need to be configured like NIS. We are also thinking of implementing secure http. Also more focus needs to be given on security in today's INTERNET era.

Making use of encrypted communication, having our network secure from attacks by external agents, preventing our DNS servers from Denial of service attacks, preventing the switches from mac-flooding ,etc. could all be implemented to make our existing service better.

We could also implement load-balancing in our network to resolve congestion due to many client requests, etc.

Our private network could also use a Web Proxy and DNS proxy to make it easier to make trustworthy connections with hosts outsie our network and at the same time shield our network from the rest of the Internet.

We can install and configure plenty of other servers like Own-cloud server, chat-server, Bit-Torrent Sync and so on.

Improvements

The UBUNTU/LINUX VMware that we are using can be updated and hence new packages and utilities can be installed.

Citations


 * Computer Networking a Top Down Approach,6th edition, Kurose and Ross
 * http://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
 * https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04
 * http://www.unixmen.com/setup-dhcp-server-ubuntu-14-04-lts-server/
 * https://www.debian-administration.org/article/478/Setting_up_a_server_for_PXE_network_booting
 * http://www.netbsd.org/docs/network/netboot/rarp.html