Trillex install and config of servers

From Teknologisk videncenter
Jump to: navigation, search

Installation and Configuration of Ubuntu Server

A little project:

Essentially we are going to need to try and incorporate all our skills to set up a network that makes use of both Windows Server 200X as well as linux and various clients.

I will here describe how I set up the Ubuntu Server, so it will work with the services I've chosen for it.

These includes:
DNS
DHCP
Router (Sharing internet and generally acts as a router)
Firewall

Later on I will add support for Active Directory, so it will work with the Windows Server in the topology later on. Since the Ubuntu server will be the server out to the grand world, I will start with it. Also, a good idea is ALWAYS to start with DNS.

I'm editing everything with VIM - but a standard Ubuntu version only gets a very small version of it, so I will start out with: 

sudo apt-get install vim

I have not installed any packages upon installation, so everything will be fresh.

Just for the fun of it, I'm going to make use of the latest stable build from the Ubuntu developers. This can be done by typing: 

sudo do-release-upgrade -d

Remember, this is an experimental build so do not make use of it if you got a solid system already going.

The upgrade should update all installed packages, but just to be sure, do a: 

sudo apt-get update
sudo apt-get upgrade

Also, make sure that you do sudo for most configuration files. They are read-only for normal users for security reasons. If you get tired of doing this, you can just do a 

sudo bash

This will get you into a superuser bash.

If you prefer to do this from a remote terminal, you'd first have to install ssh server on the server. 

sudo apt-get install ssh

It does not need any configurations and you can connect right away after install.

Installing and Configuring DNS

If you have ever touched a Windows Server, you will know that everything is hell, unless you start out with installing DNS. So talking from bad experience, I would say that it is most important to get this installed and set up first.

Install it: 

sudo apt-get install bind9

After installation, it will start the service. It should also add itself to start up, so you do not have to start it upon every boot up.

Domain Name

I will only write what I write in the files needed.

To add a domain as well as a reverse IP, edit the file /etc/bind/named.conf.local 

sudo vi /etc/bind/named.conf.local

I entered: 

zone "trillex.dk" {
	type master;
	file "/etc/bind/zones/trillex.dk.db";
	};
zone "166.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/zones/rev.166.168.192.in-addr.arpa";
};

I will make use of 192.168.166.X/24 later on, but I add it in here so I do not have to trace back, if things don't work.

DNS Forwarder

In certain networks, especially the one here at Mercantec, we will need a DNS forwarder, so the DNS knows where to send out unknown destined packages.

To find this, you can just type: 

cat /etc/resolv.conf

The needed information is after nameserver. Now edit the file /etc/bind/named.conf.options and uncomment the forwarders and replace the IP. It should look like this: 

forwarders {
       172.16.4.77;
};

Creating the Files

As you linked to some none existing files, it'd probably be a good idea to create them. 

sudo mkdir /etc/bind/zones
sudo vi /etc/bind/zones/trillex.dk.db    # Remember to :wq to create the file
sudo vi /etc/bind/zones/rev.166.168.192.in-addr.arpa

Zone file

Edit /etc/bind/zones/trillex.dk.db

Toss this in: 

// replace example.com with your domain name. do not forget the . after the domain name!
// Also, replace ns1 with the name of your DNS server
trillex.dk.      IN      SOA     trillex.dk. trillex.dk. (
// Do not modify the following lines!
                                                       2006081401
                                                       28800
                                                       3600
                                                       604800
                                                       38400
)
// Replace the following line as necessary:
// ns1 = DNS Server name
// mta = mail server name
// example.com = domain name
trillex.dk.      IN      NS              trillex.dk.
trillex.dk.      IN      MX     10       trillex.dk.
// Replace the IP address with the right IP addresses.
www              IN      A       192.168.166.1
mta              IN      A       192.168.166.1
ns1              IN      A       192.168.166.1

Remember this file for further on, if you put services over to other servers.

Now edit /etc/bind/zones/rev.166.168.192.in-addr.arpa

Toss this in: 

//replace example.com with yoour domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server. in my case, it's 1, as my IP address is 192.168.0.1.
@ IN SOA trillex.dk. trillex.dk. (
                        2006081401;
                        28800; 
                        604800;
                        604800;
                        86400 
) 
                     IN    NS     trillex.dk.
1                    IN    PTR    trillex.dk.

NS = Nameserver. Remember this.

Finishing

Restart the service: 

sudo /etc/init.d/bind9 restart

Remember to put your nameserver into /etc/resolv.conf

Try to see if it works. 

dig trillex.dk

It does not. Why? I know why, but that is the next step.

Setting up Second Interface

The reason I cannot see or use my own domain, is because the IP I've used, does not exist. Yet!

So we need to make it start up and work. This is done through the /etc/network/interfaces file. 

sudo vi /etc/network/interfaces

At the buttom, enter this: 

# The secondary network interface
auto eth1
iface eth1 inet static
        address 192.168.166.1
        netmask 255.255.255.0

Reboot the server, just to check that everything works out.

Now try and type 

dig trillex.dk

It works!

Installing and Configuring a DHCP Server

sudo apt-get install dhcp3-server

To make it only listen to one ethernet, you will have to edit /etc/default/dhcp3-server to specify. It's pretty straightforward: 

INTERFACES="eth1"

or any other number, depending on your hardware setup.

Then to configure it, you will have to edit /etc/dhcp3/dhcpd.conf. It is already preconfigured to some extend but you will need to uncomment certain things first. This is essentially what I changed: 

# Sample /etc/dhcpd.conf
# (add your comments here) 
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.166.255;
option routers 192.168.166.1;
option domain-name-servers 192.168.166.1;
option domain-name "trillex.dk";
subnet 192.168.166.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.254;
}

Configuring NAT (Sharing Internet)

For this, we do not need to install anything new. Everything is right there but is currently disabled. First, edit /etc/sysctl.conf. Find this: 

#net.ipv4.ip_forward=1

Uncomment it by removing the #. Now forwarding is enabled in the system kernel.

Now write: 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

What this does is make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE. Then write: 

echo 1 > /proc/sys/net/ipv4/ip_forward

This will enable it without a reboot.

Just to be sure, save it. 

iptables-save > /etc/iptables.rules

Now that it’s saved we need to load the iptables.rules on starting the network: 

vi /etc/network/interfaces 

# The extended interfaces
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules

Test it out on your other client.

Retrieved from "http://mars.merhot.dk/w/index.php?title=Trillex_install_and_config_of_servers&oldid=10316"