User:Nsbp

Team mates
1. Navaneeth Kalluru

2. Sarath Sanam

3. Baljit Singh Devgan

4. Puwen Ma

Motivation
With objective of better understanding of Linux operating system, this project helped us to learn the practical implementation of the academics learning in Data Networking Course. Moreover, it helped us to develop the deep understanding of DHCP, DNS and Web Server and we learned real time application of various networking protocols.

Understanding of Protocols
DHCP(Dynamic Host Configuration Protocol): DHCP is networking protocol which is used to assign the IP address dynamically from the server to the computers in the network. It supports both mix of static and dynamic ip address. DHCP makes things easier as it does not require any administrator to keep a check or assign the ip addresses manually instead it assigns ip address automatically. Thus errors committed while writing or manually assigning the ip is eliminated. It is also known as plug and play protocol.

DNS: It is used to remember or translate ip address to domain name and vice-verse. It is also known as phone book of the internet. Whether we are looking for a website or are sending email our computer always look up for the server we are requesting information.

Web Servers: Web servers are the machine which provides the web pages from the ip address or the domain name. It uses HTTP and operates on port 80. It has HTML file which has many objects such as images, URLs and various videos.

The Requirements
The main requirements of this project is to install the DHCP, DNS, Web Server accessable by the client and integrate with the Fire wall to make it more secure from the various threats and get the back up of the system. We also implemented the add ons to improve the performance of the system such as NFS, VPN.

DHCP
INSTALLATION:

To install dhcp server in Ubuntu machine use following command:

sudo apt-get install isc-dhcp-server

Configurations:

To configure dhcp server in a Ubuntu machine and assing IP addresses dynamically to other clients. edit /etc/dhcp/dhcpd.conf file

Make the following changes in GUI:

•     Set the lease time in seconds, which defines the IP address time that is leased for each client.

1.	Default-lease-time 600; 2.	Max-lese-time 7200;

•	Define the network with IP network address, subnet mask, range, gateway, DNS server. netmask 255.255.255.0 { subnet                                              10.0.0.0 range                                               10.0.0.5   10.0.0.100; option routers                                      10.0.0.1; option domain-name-servers                          10.0.0.2; }

•	To assign the fixed IP address to the DNS and DHCP we can use MAC address method by which we can reserve the IP address to particular machines. host server { hardware ethernet     3c:97:0e:be:10:9d; fixed-address                10.0.0.1; }

host dns1 { hardware ethernet     3c:97:0e:be:10:9d; fixed-address               10.0.0.2; }

•	Save the file

Then restart the dhcp server using following command: sudo /etc/init.d/isc-dhcp-server restart

 DHCP IPV6: INSTALLATION

For DHCP to assign IPV6 addresses to the clients, use the following commands: sudo apt-get install radvd

 DHCP IPV6: CONFIGURATION After installing configure DHCP IPV6 by editing vim /etc/radvd.conf

Then modify ‘/etc/sysctl.conf’ to enable IPV6 address forwarding by removing ‘#’ symbol infront of ‘net.ipv6.confall.forwarding=1’. Then, run this to make the change in the kernel ‘sysctl-w net.IPV6.conf.all.forwarding=1’. Then restart the DHCP server by using following command: service radvd start

PEX boot: INSTALLATION

To configure PEX in DHCP server that is already configured, install TFTP using following command: Sudo apt-get install tftpd-hpa openbsd-inetd lftp

PEX boot: CONFIGURATION

1.	Edit inetd.conf vim /etc/inetd.conf, 2.	Append tftpdgrm udp wait root  /usr/sbin/in.tftpd  /usr/sbin/in.tftpd –s /var/lib/tftpboot 3.	Enable bootservice by using: sudo update-inetd --enable boot 4.	Start service sudo /etc/init.d/openbsd-inetd restart sudo /etc/init.d/tftpd-hpa restart 5.	Edit default vim /var/lib/tftpboot/pxelinux.cfg/default 6.	Setup permissions using command sudo chmod -r 664 /var/lib/tftpboot/*

TESTING OF DHCP:

IP address assigned to DHCP: ifconfig -a

Check windows Ethernet acts as a client and receives IP address from DHCP

Lease command showing that DHCP has given the lease: sudo tail /var/lib/dhcp/dhcpd.leases

NETWORK INFORMATION SERVICE:

Installation in server: Install Nis in Ubuntu using command:

1.To install NIS and rpcbind    sudo apt-get install rpcbind nis 2.To update rpcbind sudo update-rc.d rpcbind defaults 10 3.To assign server as master sudo vim /etc/default/nis 4.To secure the data   sudo vim  /etc/ypserv.securenets 5.To hide the passwords  sudo vim  /var/yp/Makefile 6.To restart all updated packages   sudo reboot 7.To add users to the network sudo /usr/lib/yp/ypinit –m 8.To assign passwords   cd /var/yp/ sudo make

<B>INSTALLATION OF CLIENT:</B>

1.To install rpcbind and NIS in server sudo apt-get install rpcbind nis 2.To update rpcbind) sudo update-rc.d rpcbind defaults 10              3.To add domain server) sudo vim /etc/yp.conf 4.To update password) sudo vim /etc/nsswitch.conf                            5.To give permissions to groups and others to write and execute) sudo chmod 777 /home 6.To restart all the updated packages) sudo reboot                                                               Test NIS client’s connection to NIS server Ypcat passwd

DNS Server
For installing Domain Name Server (DNS) on the pc, we are using UBUNTU To make sure everything in the PC is up to date, we updated the Ubuntu first

Command for Update: sudo apt-get update

<B>Installation:</B> sudo apt-get install bind9 bind9utils bind9-doc

In the process it will ask for Y/N for installation, we gave Y to continue installation.

Configuration

1.	To start we should configure our DNS server as caching server, so we should add the forwarders in the named.conf.options file, as we our ISP can keep changing we have the google’s DNS servers as my forwarders 8.8.8.8

For resolving any query we should create a zone, so we should first edit the file /etc/bind/named.conf.local:

we created different zone by using below command: zone "www.nsbp1l.com" {

type master;

file "/etc/bind/db.nsbp1.com";

};

As we have given a location for file for our zone now we have to configure our Forward DNS file.

We copied the existing file as we can reuse most of it. Sudo cp /etc/bind/db.local /etc/bind/db.nsbp1.com

Edit the new zone file /etc/bind/db.nsbp1.com change localhost. To the Fully Qualified Domain Name of our server. One important point in whole dns is the (.), so we should keep the dot Change 127.0.0.1 to my IP address 10.0.0.2. We create a www record so that it will respond to the web request from the browser.

We created totally 5 zones we need totally 5 db files for resolving all the 5 zones. We copied one file to the other so that it’s easy to edit.

Then restart bind9 sudo service bind9 restart

Then to check if everything is fine we tail /var/log/syslog,

2.	Reverse Zone File for Ipv4:

This is used for mapping IP addresses to the name. Generally used in network administers. So we have to add a zone in the named.conf.local

We changed the file /etc/bind/named.conf.local and add command lines: zone “0.0.10.in-addr.arpa" {

type master;

file "/etc/bind/db.0.0.10";

};

Then we created the Zone file which we have mentioned in the zone. We copied the file from the existing file sudocp/etc/bind/db.nsbp1.com /etc/bind/db.0.0.10

DNS Testing in DNS Server

Then edit /etc/bind/db.0.010.and edit the records accordingly.

After creating the db.0.0.10 file then restart BIND9: sudo service bind9 restart

DNS Testing in DNS Server For testing if DNS look up is successful or not

Web Server
The main function of a web server is providing HTTP services for the clients. There are all kinds of web servers. One of the most popular web servers is Apache and it is used to serve more than half of all active websites. We choose Apache 2.4, which is the latest version, as our web server in Ubuntu.

Installation Install Apache on Ubuntu In the terminal, we can type the following commands to install Apache: sudo apt-get update sudo apt-get intall apache2

Ubuntu will automatically install the extra packages which are needed by the Apache. After installing, open the browser and issue the localhost in the address bar. If we can see the default Apache index page, Apache is working.

Sever control interface

apachectl is a front end to the Apache web server and it is useful to help administrator control the Apache httpd daemon. For example: sudo apachectl –k start            #Start the Apache httpd daemon sudo apachectl –k restart          #Restart the Apache httpd daemon. If the daemon is not running, it is started. sudo apachectl –k stop             #Stop the Apache httpd daemon

Other command: sudo service apache2 reload Reload the configuration file to Apache and make the configuration change happen:

Apache directory structure

The Apache directory has a lot of text files and sub-directories. Apache configuration doesn’t finish in a single file, but Apache use different file to take place the configuration. It is convenient to administrate.

·apache2.conf: This is primary file for server configuration. Almost all configuration can be done from within this file.

·ports.conf: This file is used to specify the ports that virtual hosts should listen on.

·conf.d/: This directory is often used to define SSL configuration and default security choices.

·sites-available/: This directory includes the virtual host files which define different web sites. These are available configurations, not active configurations.

·sites-enabled/: This directory contains the virtual host definitions which are actually being used. Commonly, this directory consists of links to files which are in the "sites-available" directory. To automatically create a link in the sites-enable to the configuration file in sites-available, type the command: sudo a2ensite file_name

·mods-enabled/ and mods-available/: These are used to define the modules and they have similar function and construction with sites-available and sites-enable.

Configuration of Web Server

Configure the apache.conf

apache.conf is the main configuration file of Apache. In it, we mainly formulate the work directory of Apace.

In sites-enable, we have a file named www.nsbp.com.conf. This file contains two websites configurations. The one is www.nsbp1.com, the other one is www.nsbp2.com. All the two sites listen the 80 port, and Apache uses the server name to distinguish different sites.

Websites

We establish two websites. The one is /var/www/www.nsbp1.com/index.html, and the other one is /var/www/www.nsbp2.com/index.html. We use the Apache default page to display. The difference is the number on the top of webpages. www.nsbp1.com is 1 and www.nsbp2.com is 2.

Install and configure MySQL

MySQL is an open-source, powerful database management system used for organizing data. With LAMP, meaning Linux, Apache, MySQL and PHP, MySQL is used by a lot of websites. To install MySQL, open terminal and use the command: sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql When installing, the MySQL needs us type the password, then several configuration. Remove anonymous users? [Y/n] y                                            ... Success! Disallow root login remotely? [Y/n] y ... Success! Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reload privilege tables now? [Y/n] y ... Success! </Pre> Finally check whether the MySQL is working. Mysqladmin –u root –p status</Pre>

Install and configure PHP

PHP is a server-side scripting language. It has advantages to deal with words and it is designed for web development. Installing PHP uses following command: sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt We also need to change the file /etc/apache2/mods-enabled.conf, and add index.php to it. Because of this, Apache can resolve the index.php file.

Firewall
Firewall can be a hardware, software or combination of both which can be implemented to an enterprise’s internet to segregate it from the complete internet. It filters packets to pass through it by blocking the remaining other packets. So, just the authorized data can travel through this firewall. For using a firewall one need to be pretty cautious while configuring the firewall.

Before Firewalls access control lists were used for the purpose of the network security but with the increase in connectivity it seemed to be ineffective and thus Digital Equipment Corporation comes up with Firewall Technology in 1992. We have used the Ubuntu Firewall Service in this project. It is the default firewall service in Ubuntu which is less complex because of IP table firewall and is more user friendly. It also has Graphic User interface for Ubuntu user.

UFW has the following features:- •	It supports IPV6 •	It provides the facility of Status Monitoring •	It contains Extendable Framework •	We can customize the rules according to needs.

Commands for UFW Command to check the current status of UFW ufw status verbose To make it active we use the below command Sudo ufw enable When we enable UFW, all the outgoing packet will be allowed and all the incoming packets will be blocked. To allow a particular port we can use the command sudo ufw allow 22 To check the status in numbered format we can use below command sudo ufw status numbered To enable logging we have used the command Sudo ufw logging on To Set the default policy which helps us to monitor mostly open or closed we can use the following command ufw default allow or ufw default deny

Testing Firewall

After installation of firewall we have blocked the ip address of the client to check the proper working of the fire wall and the screen shots of actual working has been attached in the file

Backup
Backup is needed for the webserver as it the one which is hosting the web service. So we can either manually have a backup or automatic backup. Manual backup doesn’t make sense as it takes a lot of effort and one mistake may cause a great loss to the data so automatic backup is the preferred option. As we consider webserver as a dedicated pc for the server we have to back up everything in the server. We can do it in two ways

1.	Cron Tab:

Cron Tab is a service which runs a particular set of commands based on the configuration. It is basically a small text file where we specify the commands to be executed

Command to Install Cron: sudo apt-get install gnome-schedule Command to create a Cron Tab: Crontab –e Command to add a record in Crontab: 0 5 * * * bash – /home/pu/backup.sh

The above command explains every day at 5am backup.sh will be executed which will back up my pc automatically.

2.	Déjà Dup:

This is a simpler way to backup either weekly or daily. This is an already existing application available in the Linux machine. We can search for backup and find it. When setting up for the first time we can add we have to turn on the automatic backups. Then we have to go to schedules and assign it whatever time we want. As we have already configured Crontab every day we set this once a week. Then we backup for the first time with the passwords. Then we set the location where we want to save the backup and it starts the backup. Automatically every week the same process is repeated.

VPN
Virtual Private Networking (VPN): can extend a private network across a public network. There are kinds of VPN, such as PPTP, IPSec and OpenVPN. We choose OpenVPN as our VPN protocol because OpenVPN is highly secure and very fast.

Installation and Key generation

1. To install OpenVPN, we use following command: sudo apt-get install openvpn easy-rsa

2. To change the easy-rsa scripts location: mkdir /etc/openvpn/easy-rsa cp -rf /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/

3. Change the agreements vim /etc/openvpn/easy-rsa/vars

4. Initialize the certificate authority cp openssl-1.0.0.cnf openssl.cnf source ./vars ./clean-all

5. generate CA Certificate and CA key ./build-ca In this section, we need to input the information such as company name and organization name.

6. create certificate and key for server ./build-key-server server

7. Create certificate and key for VPN clients ./build-key client

8. Generate Diffie Hellman parameter ./build-dh

Configuring VPN server

1. copy and unpack server.conf.gz to /etc/openvpn/server.conf

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

sudo gzip -d /etc/openvpn/server.conf.gz

2. edit /etc/openvpn/server.conf

ca ca.crt

cert name.crt

key name.key

dh name.pem

Configuration of IP forwarding

1. Allow IP forward

vim /etc/sysctl.conf


 * 1) Controls IP packet forwarding

net.ipv4.ip_forward = 1

NFS server
To install the NFS server, we can use following command: sudo apt-get install nfs-kernel-server

configuration of NFS

vim /etc/exports

/ubuntu *(ro,sync,no_root_squash)

/home *(rw,sync,no_root_squash)

Start the NFS

sudo service nfs-kernel-server start

NFS client

To install NFS client

sudo apt-get install nfs-common

To mount the folders in server

sudo mkdir -p /mnt/nfs/ubuntu

sudo mkdir -p /mnt/nfs/home

sudo mount 10.0.0.1:/home /mnt/nfs/home

sudo mount 10.0.0.1:/ubuntu /mnt/nfs/Ubuntu

Test the NFS This command below will help us to test the system

df -h