User:Nayakranjan.s/TSMG5330 - Data Networking, Linux Project Group 2

OBJECTIVE
Objective of this project is to create a network using linux machines. The network consists of, but not limited to the following elements

Secure Web Server

Backup Server

DHCP Server

DNS Server(Master & Slave)

FOLKS
This project is completed by group2 of TSMG 5330, class of spring 2014. This group consists of 4 members:

Arth Purohit

Jayanth Swami

Ranjan Shiriyar Nayak

Vinay Jain

MOTIVATION
Today, Linux is an essential part of any network. It is an open source and free operating system. To get hands on exposure to its various features and diversity in applications, we decided to take up this project and get familiar with Linux.

PROJECT DETAILS
We configured a Web Server (Apache2), DNS Bind9(Master and Slave)that supports both IPv4 and IPv6, DHCP that gives both IPPv4 and IPv6 addresses to the clients that are connecting to our network. These are our basic requirements of our project, other than these we are also implementing the add-ons like Mail server, Backup for webserver, NIS, NFS, NTP.

UNDERSTANDING THE PROTOCOL
DHCP


 * Dynamic Host Configuration Protocol controlled by a DHCP server is used to assign IP address to machines in the network dynamically.
 * It is refered to as a plug-and-play protocol.
 * Whenever a client enters a network, DHCP server assigns it an IP address for a particular lease time.
 * IP address can be avoided by using DHCP server.
 * We can assign reserved IP address to a particular machine through its MAC address or DU ID.
 * The different types of messages shared between client and server are DHCP Discover,DHCP Offer, DHCP request and DHCP Acknowledgement.
 * DHCP uses port numbers 67 for server and 68 for client.
 * We can assign reserved IP address to a particular machine through its MAC address or DU ID.
 * The different types of messages shared between client and server are DHCP Discover,DHCP Offer, DHCP request and DHCP Acknowledgement.
 * DHCP uses port numbers 67 for server and 68 for client.
 * The different types of messages shared between client and server are DHCP Discover,DHCP Offer, DHCP request and DHCP Acknowledgement.
 * DHCP uses port numbers 67 for server and 68 for client.
 * DHCP uses port numbers 67 for server and 68 for client.

DNS


 * DNS (Domain Name System)is a naming system for hosts connected to the internet or a private network.
 * DNS is commonly used to map domain names to IP addresses and vice versa.
 * Domain name server has different records viz. A records, AAAA records, PTR records, CNAME records etc.
 * Whenever a host has a domain name and needs to get the IP address associated with the domain name, it sends a DNS request to a domain name server.
 * Domain name server receives the request and checks the DNS records.
 * If a match is found, domain name server replies with the appropriate information associated with the requested IP address.
 * Whenever a host has a domain name and needs to get the IP address associated with the domain name, it sends a DNS request to a domain name server.
 * Domain name server receives the request and checks the DNS records.
 * If a match is found, domain name server replies with the appropriate information associated with the requested IP address.
 * If a match is found, domain name server replies with the appropriate information associated with the requested IP address.
 * If a match is found, domain name server replies with the appropriate information associated with the requested IP address.

Master and Slave DNS


 * There are 2 types of DNS servers, master DNS server and slave DNS server.
 * Master DNS server contains all the DNS records, and it can update the records any time. Master DNS server responds to DNS requests according to the DNS records.
 * Slave DNS servers do not have DNS records of their own. Slave DNS servers update themselves by querying the master DNS servers for any recent changes in DNS records.
 * If there is any recent change in the master DNS records, then slave DNS servers update themselves with the changes and respond to queries accordingly.
 * Slave DNS servers are used for redundancy and load distribution purposes.
 * If there is any recent change in the master DNS records, then slave DNS servers update themselves with the changes and respond to queries accordingly.
 * Slave DNS servers are used for redundancy and load distribution purposes.
 * Slave DNS servers are used for redundancy and load distribution purposes.
 * Slave DNS servers are used for redundancy and load distribution purposes.

WEBSERVER


 * Webserver is used host the webpage that is accessed by the clients over the internet.


 * It uses HTTP protocol and listens on port 80 for http and 443 for https.


 * It serves the client on demand whenever the client requests for the webpage it is hosting.

Firewall


 * Firewall has become a necessary component in todays world to protect the webserver from both internal and external attacks


 * Firewall can be software or hardware and it filters the incoming and outgoing packets based on the rules defined in the firewall


 * Firewall filters the packets based on the source and destination IP and port numbers

CONFIGURATION STEPS
DHCP Server

Whenever a client enters in a network, it broadcast its MAC address to assign an IP address to it. DHCP server picks a free IP from the pool and assign it to the client. DHCP server uses BOOTP protocol.

DHCP (IPv4)

1. Installing DHCP server on ubuntu machine sudo apt-get install isc-dhcp-server

2. Change the interface to eth0 sudo nano /etc/default/isc-dhcp-server (Interface "eth0")

3. Configuration file for IPV4 address sudo nano /etc/dhcp/dhcpd.conf

4. Restarting the DHCP server for IPV4 configuration sudo /etc/init.d/isc-dhcp-server restart

5. Restarting the network sudo /etc/init.d/networking restart

DHCP (IPv6)

1. Installing radvd on ubuntu machine sudo apt-get install radvd

2. Configure radvd to act as primary source for advertising routes and global addresses sudo nano /etc/radvd.conf

3. Configuration file for IPV6 address sudo nano /etc/dhcp/dhcpd6.conf

4. Enabling IPV6 forwarding sudo nano /etc/sysctl.conf

5. Restarting radvd sudo /etc/init.d/radvd restart

6. Restarting the DHCP server for IPV6 configuration sudo /etc/init.d/isc-dhcp-server6 restart

DNS

1. Installing bind9 DNS server on ubuntu machine sudo apt-get install bind9 bindutils

2. Bind9 configuration file for declaring config directory and network behaviour sudo nano /etc/bind/named.conf.options

3. Bind9 configuration file for declaring files for forward and reverse lookup sudo nano /etc/bind/named.conf.local

4. Configuration file for forward lookup sudo /etc/bind/for.db

5. Configuration file for reverse lookup sudo /etc/bind/rev.db

6. Configuration file for reverse lookup (IPv6) sudo /etc/bind/ipv6.db

7. Restarting DNS service after configuration sudo /etc/init.d/bind9 restart

WebServer

1.Install Apache2 webserver on ubuntu machine apt-get install apache2

2.To provide a static IP address to the Web Server if required nano /etc/network/interfaces 3.Consists the web page that will be hosted by the webserver, it is an html page that can be designed  according to the user. nano /var/www/index.html 4.Gives the details of port on which our webserver is listening i.e 80 netstat -a|more 5.Restart the interface and the webserver: /etc/init.d/networking restart: restart the port of the changes to take effect /etc/init.d/apache2 restart: restart the server of the new configurations to take effect

Firewall

We have implemented the firewall using IP tables

1.Install Iptables apt-get install iptables

2.Is the file in which we have described our IP rules nano /etc/iptables.test.rules: 3.To apply the iptables rule to the server iptables-restore < /etc/iptables.test.rules 4.To prevent the iptables for resetting after restarting the webserver nano /etc/network/interfaces auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.up.rules

5.Restart the webserver and the interfaces /etc/init.d/networking restart: restart the port of the changes to take effect /etc/init.d/apache2 restart: restart the server of the new configurations to take effect

Backup

We have used the rsync and crontab to schedule the backup at 00:00 on daily basis

1.apt-get install rsync 2.We need to make the backup server a trusted host for the webserver so that a scheduled backup can take place a) ssh-keygen -t dsa b) ssh-copy-id -i /root/.ssh/id_dsa.pub jayanth@192.168.1.2 Now the backup server has become a trusted host for the webserver 3.We now create a backup file in the backup server where we will be moving our file. /home/jayanth/backup 4.We write a script for rsync to transfer the file named backup.txt in the directory /home/jayanth/backup.txt rsync -e ssh -varuzP /var/www jayanth@192.168.1.2:/home/jayanth/backup/ 5 Now define the crontab for scheduled backup to take place and run the above file 0 0 * * * /home/jayanth/backup.txt Now the backup will be scheduled at 12:00 am irrespective of day, week or month

ADD-ONs
Mailserver


 * Mailserver is the server that is responsible to send receive email in the network.
 * It allows clients to maintain accounts in the server using LDAP and other protocols.
 * Clients can send, receive and delete emails from the account using the web-based email accounts.
 * Clients can send, receive and delete emails from the account using the web-based email accounts.
 * Clients can send, receive and delete emails from the account using the web-based email accounts.

Mail server Configurations

1. Un-compressing the Mailserver installable file downloaded from the internet. And also install the bzip2 package to uncomress a .bzip2 file. sudo apt-get install bzip2 cd / tar xjf 

2. Go to the un-compressed folder and run the installation script. bash ./iRedMail.sh

3. Follow the installation wizard and provide the necessary information as and when asked.

4. Please read and make note of all the user and other configurations that were set at the time of installation. more / /iRedMail.tips

5. Finally the completion screen is presented. Now you can use the webpage to login as the first mail user to verify. This user can now create other users and their account details. https:///iredadmin

6. Now the user can use the following webpage and send receive and delete emails. https:///mail

NFS


 * NFS is a distributed file system.
 * It allows clients to access a shared directory on the server much a directory in local storage.
 * We have implemented NFSv4 server and client.
 * We have implemented NFSv4 server and client.
 * We have implemented NFSv4 server and client.

NFS Configuration

1. Installing NFS server on ubuntu machine sudo apt-get install nfs-kernel-server

2. Create directories to be shared in the root directory. sudo mkdir /data1

3. Change access permissions of directory using chmod. sudo chmod 777 /data1

4. Configure the exports file to mention directories to be shared. sudo /etc/exports

5. Export the shared directory configuration settings sudo exportfs -a

6. Installing NFS client on ubuntu machine sudo apt-get install nfs-common

7. Mount the NFS server image of any data directory to your mount directory. mount -t nfs4 -o proto=tcp,port=2049 192.168.1.143:data1 mountdrive

Samba


 * Samba got its name from SMB (Server Message Block).
 * It is an implementation of the SMB/CIFS networking protocol.
 * Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.
 * Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.
 * Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.

Samba Configuration

1. Installing Samba on ubuntu machine. sudo apt-get install samba

2. Create a directory to be shared in the srv directory in root. sudo mkdir /srv/samba

3. Change access permissions of directory using chmod. sudo chown nobody.nogroup /srv/samba

4. Configure the file to mention directories to be shared. sudo /etc/samba/smb.conf

5. Restart the smbd and nmbd services to start your Samba server. sudo service smbd restart sudo service nmbd restart

6. Access the shared folder on windows thorough network locations.

NIS


 * NIS stands for Network Information Service. This service is run in the server to provide the configurations to other clients in the network.
 * It is client-server directory service protocol. Here we have created one NIS server in which we have created different users.
 * These users can login to the NIS clients, which even though do not have these users created in them individually can login into the system.
 * These users can login to the NIS clients, which even though do not have these users created in them individually can login into the system.
 * These users can login to the NIS clients, which even though do not have these users created in them individually can login into the system.

NIS Configuration

1. We download the packages essential to install and configure the NIS server first. sudo apt-get install portmap nis

2. Change ht directory and edit the nis file, where you can mention if the server is a master (NIS server) or a client. nano /etc/default/nis

3. Change the file /etc/yp.conf file where we can edit the domain name and the sever IP of the NIS. nano /etc/yp.conf

4. Edit the file /var/yp/MakeFile to let shadow passwords. nano /etc/yp/MakeFile

5. Edit the ypserv.securenet in the /etc directory so that we can restrict the access to the NIS server. Then restart the port map service in the ubuntu machine. nano /etc/ypserv.securenet service portmap restart

6. Next we need to specify the hostnames of the servers in the NIS using the flowing command. /usr/lib/yp/ypinit -m

7. we need to now create some users and compile them into the NIS database so that they can enter and use the services of those users. useradd -d /home/user1 -m user1 useradd -d /home/user2 -m user2 useradd -d /home/user2 -m user2 passwd user1 passwd user2 passwd user3 cd /var/yp make

8. Now we have compiled these three new users. Further if there are any changes then we can use the following commands to compile the users, make -C /var/yp

9. We can check the running of the NIS server by executing the following command and checking the user list in the NIS server. ypcat paswd

10. On the Client side also we need to install the portmap package in the Ubuntu machine. sudo apt-get install portmap

11. Also we need to change the nsswitch.conf in the /etc folder so that we can specify that we are using the shadow passwords. nano /etc/nsswitch.conf

12. Change the folder permissions of /etc/home on the client so that we are able to make the other users in the NIS server to use this home folder when they login to the system and then restart the port map. chmod 777 /home service portmap restart

FTP


 * FTP is file transfer protocol that is used to transfer files over a network.
 * FTP can be used in many ways over SSL or TLS for extra secure transfers as in SFTP and FTPS.
 * Here we have used vsftd to implement ftp in the network, usually FTP sends the user credentials in the plain text hence it is preferred to use SFTP and TFTPS.
 * Here we have used vsftd to implement ftp in the network, usually FTP sends the user credentials in the plain text hence it is preferred to use SFTP and TFTPS.
 * Here we have used vsftd to implement ftp in the network, usually FTP sends the user credentials in the plain text hence it is preferred to use SFTP and TFTPS.

FTP Configuration

1. We install the vstpd package in the Ubuntu machine using the following command. sudo apt-get install vsftpd.conf

2. We edit the vsftpd.conf file to edit the configurations of the vsftp. nano /etc/vsftpd.conf

3. Edit the file ftpusers in the /etc folder so that we can let the root user to also login into the FTP server nano /etc/ftpusers

VPN

Virtual Private network is ann extension of private network over public network. It facilitates communiation between two private networks over the Internet providing security and good management control point to point communication using virtual tunnelling.

1.Install VPN using the following command apt-get install pptpd

2.Edit the localip and remoteip in the follwing IP that can be given to the clients using VPN /etc/pptpd.conf

3.Uncomment the IPv4 forwarding in the following file /etc/sysctl.conf

4.Reload the configuration file using following command sysctl -p

5.Mention the DNS server IP in the following file that are to be used /etc/ppp/pptpd-options

6.Restart the VPN Server using the following command /etc/init.d/pptpd restart

TESTING
DHCP

1. ifconfig is used to display IP addresses, default gateway and subnet mask from the defined range.

Primary / Secondary DNS

1. Open the terminal and try to ping the hostname of any other host in the network. 2. Open the webpage of the webpage using the hostname of the webserver. 3. Run the nslookup and dig tools to verify the type entries. 4. Change a entry and restart the primary server and restart the secodary server. Stop the primary server and check for teh nslookup for the new entry. 5. Start the Primary server and check the nslookup again.

Webserver

1. Any client connecting to our network should be able to access the webpage using web browser

Backup

1. Test the backup directory whether the file from the webserver has been listed or not 2. Use the following command on the webserver to monitor the file transfer to the backup greg CRON/var/log/syslog

Firewall

1. Read the rules that are defined in the iptables and check them accordingly.

Mailserver

1. Open the webpage https:///iredadmin. Use the administrator login credentials and you can successfully create the users, administrator and other details of the mail server. 2. Open the webpage login as one of the users created in the previous step. Then you can send and receive emails. Also check for teh LDAP functions in the address fields in the webmail.

NIS

1. Login to the Client machine using on of the users (user1, user2, user3) created in the NIS server.

FTP

1. Open a browser in one of the host, type address ftp:// and then you can successfully login as a registered user on the FTP server.

VPN

1. Test whether VPN server is listening to the requests using following command netstat -alpn| grep:1723

FUTURE IMPROVEMENTS
1. We can have Global address so that it is a single public IP instead of having a link and then another temporary IP. This can be defined in the dhcp server. 2. In the webserver we can use more advanced languages to design the webpage, for ex: PHP 3. In the DNS server, we can implement the DDNS so that the hosts in the network can directly update the DNS server with respect to any changes in the hostname. 4. In the DNS server we can install the local DNS (cache) so that the DNS fetch is going to be faster. Also having the hierarchical architecture within the network is very beneficial. 5. Backup can be implemented on the OS level entirely onto a SAN so that it can be recovered even if the entire server fails. 6. NIS server can implement more restrictions in the access to the password lists (ypcat passwd) so that there is no security threats. 7. Actual NTP servers can be used so that there can be a real time refresh in the time configs in the hosts. 8. Usage of SFTP or FTPS can be encouraged to benefit from the TLS/SSL encryptions in the control as well as data channels in an FTP transaction.