My Final Year Project

A Project Report On

Titled “AUTO-IP MANAGER” Submitted in partial fulfillment for the Award of degree of BACHELOR OF ENGINEERING IN COMPUTER SCIENCE & ENGINEERING Submitted By: VARUN KUMAR OMVEER SINGH

Submitted To:HEMANT SHARMA Lect. CS/IT July, 2009

PREFACE “AUTO-IP MANAGER” First of all using dialog utility it collects all information for configuration according to the administrator by the user manually. Security is provided by using “IP-table advanced rules”. It makes user-friendly environment by “dialog” utility. Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices (clients) to obtain various parameters necessary for the clients to operate in an Internet Protocol (IP) network. By using this protocol, system administration workload greatly decreases, and devices can be added to the network with minimal or no manual configurations. When a DHCP-configured client (be it a computer or any other network aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server . The SQUID server is used for filtering. Its main job is to allow or deny any host or destination. It automatically works on port no. 3128. We can also filter the contents of the packets. Squid has one primary configuration file, squid.conf. Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.

Acknowledgement

I express my sincere thanks to my project guide, Mr. HEMANT SHARMA, Lecturer, Deptt CS/IT, for guiding me right form the inception till the successful completion of the project. I sincerely acknowledge him/her/them for extending their valuable guidance, support for literature, critical reviews of project and the report and above all the moral support he/she/they had provided to me with all stages of this project. I would also like to thank the supporting staff of CS/IT Department, for their help and cooperation throughout our project.

VARUN KUMAR OMVEER SINGH

CERTIFICATE This is to certify that Mr. OMVEER SINGH and MR. VARUN KUMAR from COMPUTER SCIENCE AND ENGINEERING has successfully delivered a project named ”AUTO-IP MANAGER” and has submitted a satisfactory report about it as per partial fulfillment of the requirement for the degree of B.E. (Comp.Sc.) According to the syllabus of UNIVERSITY OF RAJASTHAN , JAIPUR during the academic year 2008-09.

Date:22 July 09 Mr. Kailash Maheshwari

Mr. HEMANT SHARMA

( H.O.D ,C.S.E & I.T )

(Project Guide )

4

INDEX Sl. No.

TOPIC

01

Introduction

02

Requirements

03

Working of Project

04

Dialog Box

05

Linux as Router

06

Shell Scripting

07

Working of DHCP

08

Working of Squid

09

Working of Gateway

10

Working of IP Tables

11

Coding (Shell Scripting)

12

Conclusion

13

References

PAGE No.

5

1. INTRODUCTION This project “AUTO-IP CONFIGURATION” is practically implementable for MNC’s and colleges in both live and laboratory conditions. In the project, we are using the concepts of assigning IP addresses to the required user (via DHCP), gateway assignments and implementations of proxy server, all using IP-tables. This project is useful on the administrator end. The project automatic configures the whole procedure of assigning and implementation according to the requirement of users. First using dialog utility it collects all information for configuration according to the administrator by the user manually. Security provided by using “IP-table advanced rules”. It makes user-friendly environment by “dialog” utility. If gateway receives any of the client’s requests of port no. 80, it redirects the requests to the proxy server on port no. 3128. Proxy filters the requests according to the rules and again sends these packets to the gateway .Now gateway send it to connect the internet. The OS – “REDHAT- LINUX” is use because of its high secure functionality and it provides many of the options for configuring the servers. Packages for the project required; are inbuilt in REDHAT-LINUX, or we can download it through the internet.

6

2. REQUIREMENTS OF THE PROJECT 2.1 HARDWARE REQUIREMENTS: The project can be implemented on both live and laboratory conditions. That mean

the minimum requirement is –

•

Processor: Pentium 3-4.

•

RAM min. of 256 MB.

•

Ethernet card that supports OS-LINUX.

•

Fast Ethernet cables. These requirements may change according to the load and according to the

working environment.

2.2 SOFTWARE REQUIREMENTS: •

OS- REDHAT LINUX.

•

RPM for DHCP server with all known dependencies.

•

RPM of Squid with all known dependencies.

•

RPM of Dialog.

7

3. WORKING OF PROJECT: STEP 1: Client requests for IP address. STEP 2: DHCP server checks the Mac address of the client; if rule matches in IP tables, then server responses to the client with its assigned IP address as well as the gateway entry. STEP 3: Now client wants to go for internet; so it requests to the gateway. STEP 4: The gateway now redirects the incoming packets to the PROXY server via IP tables D-netting. STEP 5: The proxy server filters the requests and again sends it to the gateway. STEP 6: The gateway connects to the internet, gets the response of internet for the client requests, and sends it to the proxy server. STEP 7: Proxy server sends the response direct to the desired client.

8

4. Dialog Box: 4.1 Definition A dialog box is a small window or message box that appears temporarily in a GUI (graphical user interface) to alert the user to a condition and/or to request information. Dialog boxes appear on top of other open windows and whatever else is currently on the display screen, and they are sometimes accompanied by a beeping or other sound effect. They always contain at least one button, the purpose of which is to allow the user to close the box (i.e., remove it from the display screen). Often they also contain additional buttons and one or more means for users to provide information, such as check boxes and spaces to enter text. Dialog boxes can be classified in several ways, including according to the function they perform and their complexity. The simplest type of dialog box is theAlert, which displays a message and requires the user to acknowledge it by clicking on a button in order to close it. Alerts are commonly used to provide simple confirmation of an action (such as to confirm that the user really wants to terminate a program), to 9

indicate a user error, and to provide notification that a program that has stopped functioning (i.e., frozen or crashed). Dialog boxes can also be classified by whether they are modal or non-modal. Modal dialog boxes are those which temporarily halt part or all of the GUI until the user closes the box and, depending on what caused the box to appear, provides some information. System modal dialog boxes freeze the entire GUI,application modal dialog boxes freeze just the application that caused the box to appear, and document modal dialog boxes, the newest and least intrusive modal type, merely freeze a single window in an application (such as a document in a word processing program). Non-modal dialog boxes, also called modeless dialog boxes, are used when the requested information is not essential to continue, and thus no windows or other parts of the GUI are frozen. A commonly encountered type of dialog box on Linux is that which appears when an ordinary user tries to open a program that requires root (i.e., administrative) permission. For example, when a user attempts to open kppp, the KDE Internet dialup utility, a small, non-modal dialog box appears that asks the user to enter the root password in a text space labeled Password for root. Entry of the correct password and clicking on the OK button causes this box to close and a secondary (again, modeless) box to appear. The second box allows the user to modify the connection setup if desired and to push a button labeledConnect that initiates the connection to the Internet. The Microsoft Windows and Macintosh operating systems use an ellipsis (i.e., three consecutive dots) after GUI menu items to indicate that clicking on such items will not result in a direct action but rather will open up a dialog box that provides additional information and options for the user. One problem with the design of some operating systems and application programs is that dialog boxes are inappropriately used and/or poorly designed. For example, they may appear when not really necessary and/or contain cryptic messages 10

that most users cannot understand. This can be frustrating for users and waste their time and energy. An excellent example of inappropriate use is provided by some web browsers that open a dialog box that informs the user that a page will not display, even though it is obvious that the page will not display, and requires the user to click on a button to close the box. Moreover, if the user is working on another application with the browser in the background, the dialog box will interrupt that application and move the browser window to the foreground, thus requiring the user to also restore the application window to the foreground after closing the dialog box. A well-known example of clumsy and misleading wording on a dialog box is the message that resembles you has performed an illegal action and this program will shut down. Good software design calls for dialog boxes to (1) be used only where necessary and/or helpful, (2) be as unobtrusive as possible, (3) use wording that has meaning to users and (4) maximize user flexibility. This implies that dialog boxes should be nonmodal whenever possible, and, if they are modal, they should be document modal or application modal to the extent possible. The term popup window is also sometimes used to refer to a dialog box, although this term often implies an unrelated (and usually unwanted) advertisement, whereas a dialog box is related to the program, operating system or hardware currently being used,

4.2 CLI Magic: Creating basic front ends with dialog and Xdialog New Linux users are often afraid of the command line. They prefer graphical alternatives to commands and scripts. For help, they can turn to dialog and Xdialog, two simple tools that can be used to create front ends to command-line tools. The fundamental difference between the tools is that while dialog can create console or text-based front ends, Xdialogcan generate an X interface for any terminal11

based program. Dialog creates the simple front ends that until recently were used in almost all Linux distributions' installations. Remember old Red Hat and Slackware installations that were characterized by a grey screen with a blue background? Since these front ends are text-based, you can't use a mouse to click on buttons. Xdialog, on the other hand, creates X interfaces, meaning that you have full use of your mouse. It uses GTK+ for creating the front ends, and offers functions such as directory selectors and range boxes. Once you have installed dialog, open a shell and write dialog --title "Testing Dialog" -yesno "This is the message" 8 25, then press Enter. This creates a very basic yesno box. You specify box options using the general syntax dialog [common option] [boxoption] text width height . So, the 8 and 25 above are the width and height. --title is a common option. Common options are applied to all the box options. The common options can be omitted, you you cannot make a box without specifying the box options. To test Xdialog, just change dialog in the above command to Xdialog. Both dialog and Xdialog can implement several types of dialog boxes, such as checklist, form, radiolist, menu, and textbox. Each dialog box has its own set of box options. Let's create a simple menu to better understand the [common] and [box] options.

4.2.1 Creating a menu

When making a menu, you may be overwhelmed by all the available choices. I am going to start with a simple menu that lets you select one value out of several. #!/bin/sh tempfile=`tempfile` dialog --title "Most used linux command" \ 12

--menu "Please choose the most usefull command line tool:" 15 55 5 \ "man" "To read man pages" \ "ls" "To display the contents of a directory" \ "vi" "Text editor" \ "mount" "To mount partitions" \ "su" "Super user permissions" 2> $tempfile return_value=$? you_chose=`cat $tempfile` case $return_value in 0) echo "'$you_chose' is the command you find most usefull.";; 1) echo "You pressed cancel.";; 255) echo "You hit Esc.";; esac

Save this code in a file called basic_menu.sh. To make this script executable, run chmod u+x basic_menu.sh. Now you can run the script: ./basic_menu.sh. 13

This creates a very basic menu, where you can choose any command using the up and down keys. The most noteworthy lines of this script are tempfile ='tempfile' and2> $tempfile. The first line creates a temporary file using the tempfile utility. Dialog, by default, writes its output to standard error, so we need the second line to redirect the output from standard error to the tempfile. We can also use the -stdout option to send the output to standard output. We'll look at --stdout in a moment. $? is a variable that stores the program's return value, which is either 0, when you press OK; 1, if you press cancel; or 255, if you press Esc. return_value is another variable where we store the value of the $? variable. To see how this dialog would appear in X, change dialog to Xdialog. Everything else remains the same. You never see this type of menu in the real world. You see either a radiolist, where you can select just one value, or a checklist, which allows you to select multiple values. To create a radiolist, replace --menu with --radiolist, keeping rest of that line intact. You also need to change some options as below: "man" "To read man pages" off\ "ls" "To display the contents of a directory" off\ "vi" "Text editor" off\ "mount" "To mount partitions" off\ "su" "Super user permissions" ON 2> $tempfile See how each of the options has either "off" or "on" at the end? "On" signifies a selected option. To select any option, move to your choice using the up and down keys and press the spacebar. Unlike a radiolist, a checklist allows you to select multiple values. If you change -radiolist to --checklist, you get a checklist. There's more

14

Most of us are so accustomed to working in graphical environments that we cannot imagine some of the dialogs that you can create on the command line. For example, you can easily make a progress bar or percentage gauge bar, which is part of every software installation, with dialog and Xdialog. The syntax is -gauge text height width [percent]. The percent value shows the initial value of the progress bar. By default it is zero. Let's create a shell script to see how the gauge works. #!/bin/sh percent=0 ( while test $percent != 110 do echo $percent echo "XXX" echo "This is how the gauge appears" echo "XXX" echo "See how the message changes" 15

echo "XXX" percent=`expr $percent + 10` sleep 1 done )| dialog --title "Gauge works!" --gauge "This is how a gauge appears on the command line" 10 60 0 As explained in the man page, if the standard input reads the string "XXX," then subsequent lines up to another "XXX" are used for a new prompt. If you use the "XXX" method of displaying messages, then the text supplied to --gauge is ignored. In our case, the message This is how a gauge appears on the command line is ignored because of the messages in "XXX." Another common dialog is file selection. When attaching a file to an email message or opening a file in OpenOffice.org Writer, we frequently encounter the select file dialog. You can create that on a command line too. We are going to use --stdout for this. #!/bin/sh selection=`dialog --stdout --title "Use this dialog to select a file by pressing spacebar" -fselect $HOME/ 10 68` case $? in 0) echo "You chose \"$selection\"";; 1) echo "You pressed cancel.";; 255) echo "You hit Esc.";; esac

16

The file selection dialog is made up of two panes; you can use the tab key to switch between them. Select a file by pressing the spacebar once you have scrolled to the file name using the up and down keys. You can also write the path of the file in the input box at the bottom of the file selection dialog. The --fselect option creates the file selection dialog. It accepts [filepath] height width as options. The $HOME/ argument means that we want to choose a file within the home directory.

4.3 Conclusion Both dialog and Xdialog are complex tools that can create many types of dialog boxes. They allow a high degree of control on all aspects of the dialogs. The detailed man pages discuss all the features of these tools, and are a must read. With a little shell scripting knowledge you can start making front ends to all your favorite command line tools.

5. LINUX AS ROUTER: 5.1 Linux Router Routers are amongst the most crucial components of the Internet, as each bit of information on the Internet passes through many routers. Most of the routers used on the Internet are made by Cisco. Although these have good performance, they come at a high price. In situations where we need to economize, the Linux router is an attractive alternative. When used as a simple gateway for a LAN, it can be almost free. All that is needed is a machine with more than one network interface. If one has a small lab with several LANs and wishes to set up a reliable, as well as secure, connection to the Internet, the cost of a commercial router may not be

17

justifiable. The most economical solution in this case is to use a low-cost processor running the LRP. It makes the building and maintenance of firewall, routers, switches, hubs, and so on, cheap and straightforward. In this article we show how to set up a Linux router for two to four LANs and test its performance under different conditions. For comparison we also used Pentium Is and IIs. Here we present the results of our investigation into the performance of the Linux router and compare it with a commercial router.

5.2 Setting Up a Linux Router The most common function of the Linux router is a connection between two networks. Typically, this would be a LAN and the Internet. For our experiments, given the unavailability of a connection to the Internet fast enough to stress the router sufficiently, we used a server to simulate the Internet.

5.3 Performance of Linux Router The test setup in our computer lab uses a 100Base-T Ethernet. The NICs and switching hubs are 100Base-T. All platforms are running Linux 2.2 kernels, and the Linux router is the default gateway for all of them.

5.4 Bandwidth Measurement The first configuration uses one client and one server. We connected the server at the first NIC on the LRP box (eth0) and the client at the second NIC (eth1) through cross-UTP 100Mb cables. Then we set the ipchains rules on the Linux router for forwarding the traffic between client and server by issuing the following command: ipchains -I forward -j ACCEPT -s 192.168.1.0/24 18

-d 192.168.0.0/24 -b

Figure 1. Setup Number One for Measurement of Bandwidth of LRP Box The ipchains rules for this setup would look like: ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.1.0/24 –b ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.2.0/24 –b ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.3.0/24 –b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.2.0/24 –b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.3.0/24 –b 19

ipchains -I forward -j ACCEPT -s 192.168.2.0/24 -d 192.168.3.0/24 –b You can write a script to run these rules eliminating the need to enter them at the command prompt every time you boot your LRP box. It should be placed in the root directory so that the user is able to run all the rules by just entering ./filename. We measured the bandwidth of the router when there was traffic between the server and more than one client (clients may be from the same or different LANs).

Figure 2. Setup Number Two for Measurement of Bandwidth of LRP Box For the third configuration we set up multiple servers and multiple clients (crosspinging). In this test setup we used two servers connected on eth0 and eth2 of the LRP box.

20

Figure 4. Setup for Cross-Pinging

5.5 Easy to Handle The Linux router is easy to handle and configure. It does not require any special care for its use other than that required for a normal PC. If there is a problem, configuring it only takes a few minutes. Moreover, it is basically software on a floppy disk; if your LRP box gets damaged because of power fluctuations (a common problem in the third world), you can instantly convert another available PC into your router by adding NICs from the corrupted LRP (if they are not corrupted) and boot it off the floppy disk. No configuration will be required for this router at all, except the runtime configuration. You can imagine what a great advantage this is—think of what would happen if your Cisco router were to be corrupted.

21

5.6 Comparison with a Commercial Router The following is a comparison of the Linux router with the Cisco 2620 router available in our laboratory. The cost of building a good Linux router (based on a Pentium I, 200MHz MMX) with 1FDD, 32MB of RAM is less than $100 US. (It may be nearly free if you use the minimum required hardware, i.e., a 486DX with 16MB RAM.) A monitor is not necessarily required. You can use a borrowed monitor temporarily at configuration time or configure via a remote serial connection (if you include support for that through the serial.lrp package). On the other hand, the cost of the Cisco 2620 with a 50MHz Motorola Processor, 16MB Flash RAM and 40MB DRAM is more than $3,500 US. Although power consumption here is not of great concern, in most applications it is notable that the Linux router (running on PI 200MHz, MMX) consumes less than 30W of power, while Cisco 2600 series routers consume 75W. You can add as many NICs in the Linux router as you wish (limited by the number of slots on the main board). In Cisco 2600 there is only one Fast Ethernet card available. The modularity of the Linux router is matchless. Its packaging system allows easy removal and addition of features. You can add/remove packages, even at runtime, using the lrpkg command. You need to shut down the Linux router to add a module only if it requires some additional hardware. However, the kernel module for the hardware can be installed at runtime using insmod. The design of the Cisco router is not as modular. For the Linux router there are a large variety of hardware and software products available in the open market as it has the complete structure of the ordinary Linux operating system. You can use the product of any manufacturer that has support for the

22

Linux router. Cisco routers, on the other hand, are limited in this respect. Usually only Cisco products are used with Cisco routers. Having Linux as the operating system on your router gives you the extra advantage that you can build your own packages according to your needs using shell scripting. You also can get a lot of help from the available literature for Linux. Cisco routers have their own specific operating system called Internet Operating System. The Cisco 2620 uses IOS release 12.1. Although it is developed on a regular basis, you can use only those features that are available in the specific IOS release used on your specific router. Like Cisco routers, the Linux router also supports the multiprotocol feature. It has support for RIP, BGP, OSPF and many more that are added through packages. Services such as Ethernet router, firewall, DNS and ISDN may be initialized on a Linux router. However, initializing services like DNS (which is highly CPU-bound) will degrade its performance. It is better to use a separate machine as a DNS server. The Cisco router has multiservice integration of voice, data and video. As with Cisco routers, IP masquerading, port translation, load balancing, transparent proxy and interface alias may all be implemented on a Linux router. Cisco routers support IPX, Token Ring, VLAN, VPN, Apple Talk and DDR for advance routing. The Linux router also can support these features through proper packages. Although to do so, some expertise in Linux and some additional hardware are required, which will increase the cost of Linux router, but it still will be much less than that of a Cisco router. Depending upon the model and series of the Cisco router, it has a limited number of WAN slots. In the 2620 there are two WIC (WAN Interface Cards) slots, one network module and one advance integrated mode slot. The two-port serial WAN card has a asynchronous speed of 115.2Kbps, and synchronous speed equals 2.048Mbps. Port 1 supports only synchronous mode. The Linux router also has support for WAN interface 23

cards. Sangoma WICs , which have a synchronous data rate of 8Mbps, are quite popular among LRP users. With these cards you can combine many LRP boxes. However, the disadvantage is that the cost of the LRP box increases—this card costs about $400 US.

Figure 7. Typical Configuration for a Small Business

5.7 Routing

Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the network, electronic (such as the Internet), and transportation networks. This article is concerned primarily with routing in electronic data networks using packet switching technology.

24

In packet switching networks, routing directs packet forwarding, the transit of logically addressed packets from their source toward their ultimate destination through intermediate nodes; typically hardware devices called routers, bridges, gateways, firewalls, or switches. General-purpose computers with multiple network cards can also forward packets and perform routing, though they are not specialized hardware and may suffer from limited performance. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the routers' memory, is very important for efficient routing. Most routing algorithms use only one network path at a time, but multipath routing techniques enable the use of multiple alternative paths. Routing, in a more narrow sense of the term, is often contrasted with bridging in its assumption that network addresses are structured and that similar addresses imply proximity within the network. Because structured addresses allow a single routing table entry to represent the route to a group of devices, structured addressing (routing, in the narrow sense) outperforms unstructured addressing (bridging) in large networks, and has become the dominant form of addressing on the Internet, though bridging is still widely used within localized environments. Routing schemes differ in their delivery semantics: 1. unicast delivers a message to a single specified node; 2. broadcast delivers a message to all nodes in the network; 3. multicast delivers a message to a group of nodes that have expressed interest in receiving the message; 4. anycast delivers a message to any one out of a group of nodes, typically the one nearest to the source. Unicast is the dominant form of message delivery on the Internet, and this article focuses on unicast routing algorithms.

25

Topology distribution Small networks may involve manually configured routing tables (static routing), while larger networks involve complex topologies and may change rapidly, making the manual construction of routing tables unfeasible. Nevertheless, most of the public switched telephone network (PSTN) uses pre-computed routing tables, with fallback routes if the most direct route becomes blocked (see routing in the PSTN). Adaptive routing attempts to solve this problem by constructing routing tables automatically, based on information carried by routing protocols, and allowing the network to act nearly autonomously in avoiding network failures and blockages. Dynamic routing dominates the Internet. However, the configuration of the routing protocols often requires a skilled touch; one should not suppose that networking technology has developed to the point of the complete automation of routing. 5.7.1 Unicast In computer networking, unicast transmission is the sending of information packets to a single network destination. The term "unicast" is formed in analogy to the word "broadcast" which means transmitting the same data to all destinations. Another multi-mode distribution method, multicasting, is similar to IP broadcasting, but implemented in more efficient manner. Unicast messaging is used for all network processes where a private or unique resource is requested making most networking traffic Unicast in form. Unicast is used where two way connections are needed to complete the network transaction. Certain network applications which are mass-distributed are too costly to implement on Unicast. These include streaming media of many forms. And when 26

multicasting is unavailable, unicasting the exact same content to many users can be costly. Internet radio stations may have high bandwidth costs because of this. These terms are also used by streaming content providers' services. Unicast based media servers open and provide a stream for each unique user. Multicast servers can support a larger audience by serving content simultaneously to multiple users. In computer networking, broadcasting refers to transmitting a packet that will be received (conceptually) by every device on the network. In practice, the scope of the broadcast is limited to a broadcast domain. Contrast unicasting and multicasting. Not all computer networks support broadcasting; for example, neither X.25 nor frame relay supply a broadcast capability, nor is there any form of Internet-wide broadcast. Broadcasting is largely confined to local area network (LAN) technologies, most notably Ethernet and Token Ring, where the performance impact of broadcasting is not as large as it would be in a wide area network. Both Ethernet and IPv4 use an all-ones broadcast address to indicate a broadcast packet. Token Ring uses a special value in the IEEE 802.2 control field. Due to its "shotgun" approach to data distribution, broadcasting is being increasingly supplanted by multicasting. For example, IPv6 supports neither directed broadcasts nor local broadcasts.

5.7.2 Multicast Multicast addressing is a network technology for the delivery of information to a group of destinations simultaneously using the most efficient strategy to deliver the messages over each link of the network only once, creating copies only when the links to the multiple destinations split. The word "multicast" is typically used to refer to IP multicast which is often employed for streaming media and Internet television applications. In IP multicast the implementation of the multicast concept occurs at the IP routing level, where routers create optimal distribution paths for datagrams sent to a multicast 27

destination address spanning tree in real-time. At the Data Link Layer, multicastdescribes one-to-many distribution such as Ethernet multicast addressing, Asynchronous Transfer Mode (ATM) point-to-multipoint virtual circuits or Infiniband multicast.

5.7.3 Anycast Anycast is a network addressing and routing scheme whereby data is routed to the "nearest" or "best" destination as viewed by the routing topology. The term is intended to echo the terms unicast, broadcast and multicast. In unicast, there is a one-to-one association between network address and network endpoint: each destination address uniquely identifies a single receiver endpoint. In broadcast and multicast, there is a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, to which all information is replicated. In anycast, there is also a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, but only one of them is chosen at any given time to receive information from any given sender. On the Internet, anycast is usually implemented by using BGP to simultaneously announce the same destination IP address range from many different places on the Internet. This results in packets addressed to destination addresses in this range being routed to the "nearest" point on the net announcing the given destination IP address. In the past, Anycast was suited to connectionless protocols (generally built on UDP), rather than connection-oriented protocols such as TCP that keep their own 28

state. However, there are many cases where TCP Anycast is now used, including on carrier networks such as Prolexic. With TCP Anycast, there are cases where the receiver selected for any given source may change from time to time as optimal routes change, silently breaking any conversations that may be in progress at the time. These conditions are typically referred to as a "pop switch". To correct for this issue, there have been proprietary advancements within custom IP stacks which allow for healing of stateful protocols where it is required. However, without any technology to heal pop switches, systems like GeoDNS are more appropriate. For this reason, anycast is generally used as a way to provide high availability and load balancing for stateless services such as access to replicated data; for example, DNS service is a distributed service over multiple geographically dispersed servers.

5.6 Forwarding Forwarding is the relaying of packets from one network segment to another by nodes in a computer network.

29

A unicast forwarding pattern, typical of many networking technologies including the overwhelming majority of Internet traffic

A multicast forwarding pattern, typical of PIM

A broadcast forwarding pattern, typical of bridged Ethernet. The simplest forwarding model - unicasting - involves a packet being relayed from link to link along a 30

chain leading from the packet's source to its destination. However, other forwarding strategies are commonly used. Broadcasting requires a packet to be duplicated and copies sent on multiple links with the goal of delivering a copy to every device on the network. In practice, broadcast packets are not forwarded everywhere on a network, but only to devices within a broadcast domain, making broadcasta relative term. Less common than broadcasting, but perhaps of greater utility and theoretical significance is multicasting, where a packet is selectively duplicated and copies delivered to each of a set of recipients. Networking technologies tend to naturally support certain forwarding models. For example, fiber optics and copper cables run directly from one machine to another form natural unicast media - data transmitted at one end is received by only one machine at the other end. However, as illustrated in the diagrams, nodes can forward packets to create multicast or broadcast distributions from naturally unicast media. Likewise, traditional Ethernet (10BASE5 and 10BASE2, but not the more modern 10BASE-T) are natural broadcast media - all the nodes are attached to a single, long cable and a packet transmitted by one device is seen by every other device attached to the cable. Ethernet nodes implement unicast by ignoring packets not directly addressed to them. A wireless network is naturally multicast - all devices within a reception radius of a transmitter can receive its packets. Wireless nodes ignore packets addressed to other devices, but require forwarding to reach nodes outside their reception radius. At nodes where multiple outgoing links are available, the choice of which, all, or any to use for forwarding a given packet requires a decision making process that, while simple in concept, is of sometimes bewildering complexity. Since a forwarding decision must be made for every packet handled by a node, the total time required for this can become a major limiting factor in overall network performance. Much of the design effort of high-speed routers and switches has been focused on making rapid forwarding decisions for large numbers of packets. The forwarding decision is generally made using one of two processes: routing, which uses information encoded in a device's address to infer its location on the 31

network, or bridging, which makes no assumptions about where addresses are located and depends heavily on broadcasting to locate unknown addresses. The heavy overhead of broadcasting has led to the dominance of routing in large networks, particularly the Internet; bridging is largely relegated to small networks where the overhead of broadcasting is tolerable. However, since large networks are usually composed of many smaller networks linked together, it would be inaccurate to state that bridging has no use on the Internet; rather, its use is localized.

6. What is Linux Shell ? Computer understand the language of 0's and 1's called binary language. In early days of computing, instruction are provided using binary language, which is difficult for all of us, to read and write. So in Os there is special program called Shell. Shell accepts your instruction or commands in English (mostly) and if its a valid command, it is pass to kernel. Shell is a user program or it's environment provided for user interaction. Shell is an command language interpreter that executes commands read from the standard input device (keyboard) or from a file. Shell is not part of system kernel, but uses the system kernel to execute programs, create files etc. Several shell available with Linux including: Shell Name Developed by Where Remark BASH ( Bourne-Again Brian Fox and Chet Free Software Foundation Most common shell in Shell ) CSH (C SHell)

Ramey Bill Joy

Linux. It's Freeware shell. University of California The C shell's syntax and (For BSD)

usage are very similar to the C programming language.

KSH (Korn SHell) TCSH

David Korn AT & T Bell Labs See the man page. --

-TCSH is an enhanced but 32

Type $ man tcsh

completely compatible version of the Berkeley UNIX C shell (CSH).

Tip: To find all available shells in your system type following command: $ cat /etc/shells Note that each shell does the same job, but each understand a different command syntax and provides different built-in functions. In MS-DOS, Shell name is COMMAND.COM which is also used for same purpose, but it's not as powerful as our Linux Shells are! Any of the above shell reads command from user (via Keyboard or Mouse) and tells Linux Os what users want. If we are giving commands from keyboard it is called command line interface ( Usually in-front of $ prompt, This prompt is depend upon your shell and Environment that you set or by your System Administrator, therefore you may get different prompt ). Tip: To find your current shell type following command $ echo $SHELL

What is Shell Script ? Normally shells are interactive. It means shell accept command from you (via keyboard) and execute them. But if you use command one by one (sequence of 'n' number of commands) , the you can store this sequence of command to text file and tell the shell to execute this text file instead of entering the commands. This is know as shell script. Shell script defined as: "Shell Script is series of command written in plain text file. Shell script is just like batch file is MS-DOS but have more power than the MS-DOS batch file."

Why to Write Shell Script ? •

Shell script can take input from user, file and output them on screen. 33

•

Useful to create our own commands.

•

Save lots of time.

•

To automate some task of day today life.

•

System Administration part can be also automated.

Here is where the fun begins With the thousands of commands available for the command line user, how can you remember them all? The answer is, you don't. The real power of the computer is its ability to do the work for you. To get it to do that, we use the power of the shell to automate things. We write scripts. Scripts are collections of commands that are stored in a file. The shell can read this file and act on the commands as if they were typed at the keyboard. In addition to the things you have learned so far, the shell also provides a variety of useful programming features to make your scripts truly powerful. What are scripts good for? A wide range of tasks can be automated. Here are some of the things I automate with scripts: A script gathers up all the files (over 2200) in this site on my computer and transmits them to my web server. Every Friday night, all my computers copy their files to a "backup server" on my network. This is performed by a script. A script automatically gets the current updates from my Linux vendor and maintains a repository of vital updates. It sends me an email message with a report of tasks that need to be done. As you can see, scripts unlock the power of your Linux machine. So let's have some fun!

Writing your first script and getting it to work 34

To successfully write a shell script, you have to do three things: 1. Write a script 2. Give the shell permission to execute it 3. Put it somewhere the shell can find it

Writing a script A shell script is a file that contains ASCII text. To create a shell script, you use a text editor. A text editor is a program, like a word processor, that reads and writes ASCII text files. There are many, many text editors available for your Linux system, both for the command line environment and the GUI environment. Here is a list of some common ones: Now, fire up your text editor and type in your first script as follows: #!/bin/bash # My first script echo "Hello World!"

The clever among you will have figured out how to copy and paste the text into your text editor ;-) If you have ever opened a book on programming, you would immediately recognize this as the traditional "Hello World" program. Save your file with some descriptive name. How about my_script? The first line of the script is important. This is a special clue given to the shell indicating what program is used to interpret the script. In this case, it is /bin/bash. Other scripting languages such as perl, awk, tcl, Tk, and python can also use this mechanism. The second line is a comment. Everything that appears after a "#" symbol is ignored by bash. As your scripts become bigger and more complicated, comments become vital. They are used by programmers to explain what is going on so that others can 35

figure it out. The last line is the echo command. This command simply prints what it is given on the display.

Setting permissions The next thing we have to do is give the shell permission to execute your script. This is done with the chmod command as follows: [me@linuxbox me]$ chmod 755 my_script The "755" will give you read, write, and execute permission. Everybody else will get only read and execute permission. If you want your script to be private (i.e., only you can read and execute), use "700" instead.

Putting it in your path At this point, your script will run. Try this: [me@linuxbox me]$ ./my_script You should see "Hello World!" displayed. If you do not, see what directory you really saved your script in, go there and try again. Before we go any further, I have to stop and talk a while about paths. When you type in the name of a command, the system does not search the entire computer to find where the program is located. That would take a long time. You have noticed that you don't usually have to specify a complete path name to the program you want to run, the shell just seems to know. Well, you are right. The shell does know. Here's how: the shell maintains a list of directories where executable files (programs) are kept, and just searches the directories in that list. If it does not find the program after searching each directory in the list, it will issue the famous command not found error message. 36

This list of directories is called your path. You can view the list of directories with the following command: [me@linuxbox me]$ echo $PATH This will return a colon separated list of directories that will be searched if a specific path name is not given when a command is attempted. In our first attempt to execute your new script, we specified a pathname ("./") to the file. You can add directories to your path with the following command, where directory is the name of the directory you want to add: [me@linuxbox me]$ export PATH=$PATH:directory A better way would be to edit your .bash_profile file to include the above command. That way, it would be done automatically every time you log in. Most modern Linux distributions encourage a practice in which each user has a specific directory for the programs he/she personally uses. This directory is called bin and is a subdirectory of your home directory. If you do not already have one, create it with the following command: [me@linuxbox me]$ mkdir bin Move your script into your new bin directory and you're all set. Now you just have to type: [me@linuxbox me]$ my_script and your script will run.

37

Variables in Shell To process our data/information, data must be kept in computers RAM memory. RAM memory is divided into small locations, and each location had unique number called memory location/address, which is used to hold our data. Programmer can give a unique name to this memory location/address called memory variable or variable (Its a named storage location that may take different values, but only one at a time). In Linux (Shell), there are two types of variable: (1) System variables - Created and maintained by Linux itself. This type of variable defined in CAPITAL LETTERS. (2) User defined variables (UDV) - Created and maintained by user. This type of variable defined in lower letters. You can see system variables by giving command like $ set, some of the important System variables are: System Variable BASH=/bin/bash BASH_VERSION=1.14.7(1) COLUMNS=80 HOME=/home/vivek LINES=25 LOGNAME=students OSTYPE=Linux PATH=/usr/bin:/sbin:/bin:/usr/sbin PS1=[\u@\h \W]\$ PWD=/home/students/Common SHELL=/bin/bash USERNAME=vivek

Meaning Our shell name Our shell version name No. of columns for our screen Our home directory No. of columns for our screen students Our logging name Our Os type Our path settings Our prompt settings Our current working directory Our shell name User name who is currently login to this PC

NOTE that Some of the above settings can be different in your PC/Linux environment. You can print any of the above variables contains as follows: $ echo $USERNAME $ echo $HOME 38

How to define User defined variables (UDV) To define UDV use following syntax Syntax: variable name=value 'value' is assigned to given 'variable name' and Value must be on right side = sign. Example: $ no=10# this is ok $ 10=no# Error, NOT Ok, Value must be on right side of = sign. To define variable called 'vech' having value Bus $ vech=Bus To define variable called n having value 10 $ n=10

Rules for Naming variable name (Both UDV and System Variable) (1) Variable name must begin with Alphanumeric character or underscore character (_), followed by one or more Alphanumeric character. For e.g. Valid shell variable are as follows HOME SYSTEM_VERSION vech no (2) Don't put spaces on either side of the equal sign when assigning value to variable. For e.g. In following variable declaration there will be no error $ no=10 But there will be problem for any of the following variable declaration: $ no =10 $ no= 10 $ no = 10 39

(3) Variables are case-sensitive, just like filename in Linux. For e.g. $ no=10 $ No=11 $ NO=20 $ nO=2 Above all are different variable name, so to print value 20 we have to use $ echo $NO and not any of the following $ echo $no # will print 10 but not 20 $ echo $No# will print 11 but not 20 $ echo $nO# will print 2 but not 20 (4) You can define NULL variable as follows (NULL variable is variable which has no value at the time of definition) For e.g. $ vech= $ vech="" Try to print it's value by issuing following command $ echo $vech Nothing will be shown because variable has no value i.e. NULL variable. (5) Do not use ?,* etc, to name your variable names.

How to print or access value of UDV (User defined variables) To print or access UDV use following syntax Syntax: $variablename Define variable vech and n as follows: $ vech=Bus $ n=10 To print contains of variable 'vech' type $ echo $vech It will print 'Bus',To print contains of variable 'n' type command as follows $ echo $n 40

Caution: Do not try $ echo vech, as it will print vech instead its value 'Bus' and $ echo n, as it will print n instead its value '10', You must use $ followed by variable name.

echo Command Use echo command to display text or value of variable. echo [options] [string, variables...] Displays text or variables value on screen. Options -n Do not output the trailing new line. -e Enable interpretation of the following backslash escaped characters in the strings: \a alert (bell) \b backspace \c suppress trailing new line \n new line \r carriage return \t horizontal tab \\ backslash For e.g. $ echo -e "An apple a day keeps away \a\t\tdoctor\n"

Shell Arithmetic Use to perform arithmetic operations. Syntax: expr op1 math-operator op2

41

Examples: $ expr 1 + 3 $ expr 2 - 1 $ expr 10 / 2 $ expr 20 % 3 $ expr 10 \* 3 $ echo `expr 6 + 3` Note: expr 20 %3 - Remainder read as 20 mod 3 and remainder is 2. expr 10 \* 3 - Multiplication use \* and not * since its wild card. For the last statement not the following points (1) First, before expr keyword we used ` (back quote) sign not the (single quote i.e. ') sign. Back quote is generally found on the key under tilde (~) on PC keyboard OR to the above of TAB key. (2) Second, expr is also end with ` i.e. back quote. (3) Here expr 6 + 3 is evaluated to 9, then echo command prints 9 as sum (4) Here if you use double quote or single quote, it will NOT work For e.g. $ echo "expr 6 + 3" # It will print expr 6 + 3 $ echo 'expr 6 + 3' # It will print expr 6 + 3

The read Statement Use to get input (data from user) from keyboard and store (data) to variable. Syntax: read variable1, variable2,...variableN Following script first ask user, name and then waits to enter name from the user via keyboard. Then user enters name from keyboard (after giving name you have to 42

press ENTER key) and entered name through keyboard is stored (assigned) to variable fname. $ vi sayH # #Script to read your name from key-board # echo "Your first name please:" read fname echo "Hello $fname, Lets be friend!" Run it as follows: $ chmod 755 sayH $ ./sayH Your first name please: vivek Hello vivek, Lets be friend!

7. WORKING OF DHCP: 7.1 WHAT IS DHCP? Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices (clients) to obtain various parameters necessary for the clients to operate in an Internet Protocol (IP) network. By using this protocol, system administration workload greatly decreases, and devices can be added to the network with minimal or no manual configurations. DHCP is also useful for directly assigning addresses to servers and desktop machines, and, through a Point-to-Point Protocol (PPP) proxy, for dialup and broadband on-demand hosts, as well as for residential Network address translation (NAT) gateways and routers. DHCP is usually not appropriate for infrastructure such as non-edge routers and DNS servers. The dynamic host configuration protocol (DHCP) provides automatic configuration like IP address DNS server, NIS server, gateway etc. on client machine. 43

7.2 ROLE IN THIS PROJECT: When a DHCP-configured client (be it a computer or any other network aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as the default gateway, the domain name, the DNS servers, other servers such as timeservers, and so forth. Upon receipt of a valid request the server will assign the computer an IP address, a lease (the length of time for which the allocation is valid), and other IP configuration parameters, such as the subnet mask and the default gateway. The query is typically initiated immediately after booting and must be completed before the client can initiate IP-based communication with other hosts. It is providing automatic gateway and IP addresses to the client machines here according to their requests.

7.4 Screenshots and working of DHCP:

44

As the above dialog box is showing the 3 menu boxes for configure, add and delete the dhcp server. If the user presses “configure” then the dhcp wizard will be opened that will ask for the configuration information for dhcp as below:

45

If the user presses “add” or “delete”, then a dialog box will open that will ask for the mac address of the client machine as below:

46

8. WORKING OF SQUID: The SQUID server is use for filtering. Its main job is to allow or deny any host or destination. It automatically works on port no. 3128. We can also filter the contents of the packets. Squid has one primary configuration file, squid.conf. This file is generally located in /etc/squid/, or if you compiled Squid from source, the default location is /usr/local/squid/etc/.

47

8.1 Access control lists The primary use of ACLs is to control access, but they can also be used to route requests through a hierarchy, control request rewriting, and manage quality of service. Access controls divides into two parts: elements and rules. ACL elements are things such as IP addresses, port numbers, hostnames, and URL patterns. Each ACL element has a name, which you refer to when writing the access list rules. The basic syntax of an ACL element is: ACLname type value1 value2 Squid has more than 20 ACL types, including types for source and destination IP addresses, time, URLs, port numbers, and transfer protocols. After defining the ACL elements, the next step is to combine them with Access list rules. Rules combine elements to allow or deny certain actions. The syntax for an access control rule is: access_list allow/deny [!]ACLname For example, the rule: http_access allow MyClients

8.2 ROLE IN THIS PROJECT: The squid here is working as the transparent proxy server. In transparent proxy, no work, procedure, or configuration works on the client end; rather everything is perform on the server side. In the project, by using IP table’s dnating rules, transparent proxy is use. We use rule of dnating in the IP tables on every packet for port no. 80 that it automatically transfer to the proxy server on port no. 3128.

48

Rule is- iptables –t nat –A PREROUTING -p tcp -- dport 80 -j DNAT --to-dest proxyIP:3128 Now we add the rules in /etc/squid/squid.conf that is the configuration file of proxy server; for different host name and IP.

8.3 Screen shots and working: The following screen shot represents the dialog box where it asks to the user whether to configure the server or to add a new rule.

If it is pressed “configure” then a new squid server be configured; else if it is chosen to add a new rule it will be done asked for the host name and IP as shown below: 49

When all the entries are being done, then automatically rules are added in /etc/squid/squid.conf on the top and services are restarted automatically. When it is preesed OK ,then it is beng asked for adding another rule as below:

50

When the user presses OK, then again it asks for entry otherwise it closes the dialog box.

9. WORKING OF GATEWAY: If a client receives another network’s requests then it passes it to the gateway. And the gateway works as a router here and forwards the packets in another network.

51

9.1 Configure Linux for packet forwarding First, we need to enable packet forwarding on the kernel level (more on what the hell this means later). Edit your /etc/sysctl.conf so it contains the following: # Controls IP packet forwarding net.ipv4.ip_forward = 1 Since most people have dynamic IP's, you will probably also want: # Enable dynamic-ip address hacking net.ipv4.ip_dynaddr = 1 For other potentially worthwhile settings, you can check out my whole sysctl.conf file. Now set the eth01 interface up, which we will manually assign as 192.168.3.1 on our internal network. This is done by editing /etc/sysconfig/network-scripts/ifcfg-eth1 like so: DEVICE= eth1 ONBOOT= yes BOOTPROTO= none # (put your correct value below) HWADDR= XX:XX:XX:XX:XX:XX IPADDR=192.168.3.1

9.2 ROLE IN THIS PROJECT: Packets that are routed through the router are governed by rules in the FORWARD chain. Connections from and to the router itself are managed by the INPUT and OUTPUT chains. Rules should be written as if no NAT occurs, using the 'real' addresses. Here if a client wants to connect to the internet, then it requests to the gateway. The gateway transfers the requests on the proxy server. It filters the packets and again 52

transfers it to the gateway; because proxy also has the entry of gateway. The gateway gives the response to the proxy and proxy sends it to the destination client.

9.3 CONFIGURATION OF THE GATEWAY:

53

10. WORKING OF IP TABLES: Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a 'target', which may be a jump to a user-defined chain in the same table.

10.1 Targets A firewall rule specifies criteria for a packet, and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE, or RETURN. ACCEPT means to let the packet through. DROP means to drop the packet on the floor. QUEUE means to pass the packet to userspace. (How the packet can be received by a userspace process differs by the particular queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and later additionally include the nfnetlink_queue queue handler. Packets with a target of QUEUE will be sent to queue number '0' in this case. Please also see the NFQUEUE target as described later in this man page.) RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. If the end of a built-in chain is reached or a rule in a built-in chain with target RETURN is matched, the target specified by the chain policy determines the fate of the packet.

10.2 Tables There are currently three independent tables (which tables are present at any time depends on the kernel configuration options and which modules are present). 54

-t, --table table This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows:

10.2.1 Filter: This is the default table (if no -t option is passed). It contains the built-in chains INPUT (for packets destined to local sockets), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).

10.2.2 nat: This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out).

10.2.3 Mangle: This table is used for specialized packet alteration. Until kernel 2.4.17 it had two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). Since kernel 2.4.18, three other built-in chains are also supported: INPUT (for packets coming into the box itself), FORWARD (for altering packets being routed through the box), and POSTROUTING (for altering packets as they are about to go out).

55

10.2.4 Raw: This table is used mainly for configuring exemptions from connection tracking in combination with the NOTRACK target. It registers at the netfilter hooks with higher priority and is thus called before ip_conntrack, or any other IP tables. It provides the following built-in chains: PREROUTING (for packets arriving via any network interface) OUTPUT (for packets generated by local processes)

10.3 ROLE IN THIS PROJECT: 10.3.1 Packet Filtering Traffic moves through a network in packets. A network packet is collection of data in a specific size and format. In order to transmit a file over a network, the sending computer must first break the file into packets using the rules of the network protocol. Each of these packets holds a small part of the file data. Upon receiving the transmission, the target computer reassembles the packets into the file. Every packet contains information which helps it navigate the network and move toward its destination. The packet can tell computers along the way, as well as the destination machine, where it came from, where it is going, and what type of packet it is, among other things. Most packets are designed to carry data, although some protocols use packets in special ways. For example, the Transmission Control Protocol (TCP) uses a SYN packet, which contains no data, to initiate communication between two systems. The Linux kernel contains the built-in ability to filter packets, allowing some of them into the system while stopping others. The 2.4 kernel's netfilter has three built-in tables or rules lists. They are as follows: Filter — this is the default table for handling network packets. 56

Nat — this table used to alter packets that create a new connection. Mangle — this table is used for specific types of packet alteration. Each of these tables in turn have a group of built-in chains which correspond to the actions performed on the packet by the netfilter. The built-in chains for the filter table are as follows: INPUT — This chain applies to packets received via a network interface. OUTPUT — This chain applies to packets sent out via the same network interface which received the packets. FORWARD — This chain applies to packets received on one network interface and sent out on another. The built-in chains for the nat table are as follows: PREROUTING — This chain alters packets received via a network interface when they arrive. OUTPUT — This chain alters locally-generated packets before they are routed via a network interface. POSTROUTING — This chain alters packets before they are sent out via a network interface. The built-in chains for the mangle table are as follows:

57

PREROUTING — This chain alters packets received via a network interface before they are routed. OUTPUT — this chain alters locally-generated packets before they are routed via a network interface.

11. CODING: AUTO IP: dialog --title "" --backtitle "by varun and omveer" --pause "Loading AUTO-IP CONFIGURATOR TUI..." 10 60 2 sh /grras/wel

DHCP CONF: dialog --colors --title "DHCP CONFIGURATION" --backtitle "varun n omveer" --form "\Z7 enter valid IP values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask" 3 4 "255.255.255.0" 3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end" 7 4 "192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp$ tmp=$? subnet=`head -1 /tmp/dhcp$$` netmask=`head -2 /tmp/dhcp$$ | tail -1` s_range=`head -3 /tmp/dhcp$$ | tail -1` e_range=`head -4 /tmp/dhcp$$ | tail -1` g_way=`head -5 /tmp/dhcp$$ | tail -1` case $tmp in 0) echo "ddns-update-style interim; ignore client-updates; subnet $subnet netmask $netmask { 58

# --- default gateway option routers

$g_way;

option subnet-mask

$netmask;

#

option nis-domain

"domain.org";

#

option domain-name

"domain.org";

#

option domain-name-servers

192.168.1.1;

option time-offset

-18000;

#

option ntp-servers

192.168.1.1;

#

option netbios-name-servers

# Eastern Standard Time

192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless # -- you understand Netbios very well #

option netbios-node-type 2; range dynamic-bootp $s_range $e_range; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address

}" > /etc/dhcpd.conf ser=$? if [ $ser = "0" ] then service dhcpd restart chkconfig dhcpd on sh /grras/menu; else dialog --pause "Error Occured TRY AGAIN" 20 20 3 sh /grras/menu; fi 59

;; 1) sh /grras/dhcpmenu ;; *) clear esac

DHCP EDIT: dialog --colors --title "DHCP EDIT" --backtitle "varun n omveer" --form "\Z7 enter valid IP values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask" 3 4 "255.255.255.0" 3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end" 7 4 "192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp$$ tmp=$? subnet=`head -1 /tmp/dhcp$$` netmask=`head -2 /tmp/dhcp$$ | tail -1` s_range=`head -3 /tmp/dhcp$$ | tail -1` e_range=`head -4 /tmp/dhcp$$ | tail -1` g_way=`head -5 /tmp/dhcp$$ | tail -1` case $tmp in 0) echo "ddns-update-style interim; ignore client-updates; subnet $subnet netmask $netmask { # --- default gateway option routers

#

$g_way;

option subnet-mask

$netmask;

option nis-domain

"domain.org"; 60

#

option domain-name

"domain.org";

#

option domain-name-servers

192.168.1.1;

option time-offset

-18000;

#

option ntp-servers

192.168.1.1;

#

option netbios-name-servers

# Eastern Standard Time

192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless # -- you understand Netbios very well #

option netbios-node-type 2; range dynamic-bootp $s_range $e_range; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address

}" > /etc/dhcpd.conf ser=$? if [ $ser = "0" ] then service dhcpd restart chkconfig dhcpd on sh /grras/menu else dialog --pause "Error Occured TRY AGAIN" 20 20 3 fi ;; 1) sh /grras/dhcpmenu ;; *) clear echo "error $?" ;; 61

esac

DHCP MENU: dialog --colors --title "DHCP" --backtitle "\Z7Do you want to make new configuration or edit old configuration" --menu "select" 10 50 5 CONFIGURE "make new dhcp setting" EDIT "edit old dhcp setting" 2> /tmp/dhcpmenu$$.tmp tmp=$? opt=`cat /tmp/dhcpmenu$$.tmp` case $tmp in 0) if [ "$opt" = "CONFIGURE" ] then sh /grras/dhcpconf; elif [ "$opt" = "EDIT" ] then sh /grras/dhcpedit; fi ;; *) sh /grras/menu; ;; esac rm /tmp/dhcpmenu$$.tmp

INSTALL.sh: rpm -ivh ./dhcp-3.0.5-7.el5.i386.rpm rpm -ivh ./squid-2.6.STABLE6-4.el5.i386.rpm rpm -ivh ./dialog-1.0.20051107-1.2.2.i386.rpm 62

rm -rf /grras mkdir /grras cp -rf ./* /grras echo "PATH=$PATH:/grras" >> /root/.bashrc echo "please re login"

LOGS : cat /var/log/squid/access.log

MENU: dialog --colors --title "SERVICES" --backtitle "\Z7 select a service you want to configure" --menu "Service List" 20 50 10 DHCP "configure and edit dhcp" PROXY "allow and deny websites" MANAGE_USER "add or remove users" ROUTER "configure router" LOGS "view logs" 2> /tmp/menu$$.tmp run=$? opt=`cat /tmp/menu$$.tmp` case $run in 0) if [ "$opt" = "DHCP" ] then sh /grras/dhcpmenu; elif [ "$opt" = "PROXY" ] then sh /grras/proxymenu; elif [ "$opt" = "ROUTER" ] then sh /grras/routermenu; elif [ "$opt" = "MANAGE_USER" ] then 63

sh /grras/usermenu; elif [ "$opt" = "LOGS" ] then sh logs; fi ;; *) clear echo "

thankyou "; ;; esac rm -rf /tmp/menu$$.tmp

PASSWORD: dialog --passwordbox "enter password" 10 30 2> /tmp/pas$$.tmp tmp=$? var=`cat /tmp/pas$$.tmp` case $tmp in 0) if [ "$var" = "redhat" ] then sh /grras/menu else dialog --pause "ACCESS DENIED" 10 50 1 64

sh /grras/passwrd fi ;; *) clear ;; esac

PLAN: iptables -D INPUT -m mac --mac 88:88 -j ACCEPT; service iptable save; chconfig iptables on PROXY ADD:

dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name or ip" -inputbox "Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp tmp=$? head=`cat /grras/count` head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp let hi=$head+2 var=`cat /tmp/file$$.tmp` echo $hi > /grras/count case $tmp in 0) cat /tmp/head$$.tmp > /etc/squid/squid.conf echo "acl grras$$ dst $var http_access allow grras$$" >> /etc/squid/squid.conf cat /tmp/tail$$.tmp >> /etc/squid/squid.conf service squid restart &> /dev/null 65

sh /grras/proxymenu ;; 1) sh proxymenu ;; *) clear ;; esac

PROXY CONF: cp -rf /grras/squid /etc/squid/squid.conf chkconfig squid on service squid restart &> /dev/null ser=$? if [ "$ser" = "0" ] then dialog --pause "PROXY CONFIGURED,THANKYOU" 10 30 2 echo "1805" > /grras/count; sh /grras/proxymenu else dialog --pause "Sorry, Again configure" 10 30 2 sh /grras/proxymenu fi

PROXY MENU: dialog --colors --title "\Z1PROXY" --backtitle "varun n omveer" --menu "To add/remove sites" 20 40 5 CONF "to configure proxy" ADD "add site to proxy" REMOVE "remove site from proxy" 2> /tmp/pxm$$.tmp 66

tmp=$? opt=`cat /tmp/pxm$$.tmp` case $tmp in 0) if [ "$opt" = "ADD" ] then sh /grras/proxyadd; elif [ "$opt" = "REMOVE" ] then sh /grras/proxyremove; elif [ "$opt" = "CONF" ] then sh /grras/proxyconf; fi ;; *) sh /grras/menu; ;; esac

PROXY REMOVE: dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name or ip" -inputbox "Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp tmp=$? head=`cat /grras/count` head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp let hi=$head+2 var=`cat /tmp/file$$.tmp` echo $hi > /grras/count case $tmp in 67

0) cat /tmp/head$$.tmp > /etc/squid/squid.conf echo "acl grras$$ dst $var http_access deny grras$$" >> /etc/squid/squid.conf cat /tmp/tail$$.tmp >> /etc/squid/squid.conf service squid restart &> /dev/null sh /grras/proxymenu ;; 1) sh proxymenu ;; *) clear ;; esac

ROUTER MENU: dialog --colors --title "ROUTER SETTING" --backtitle "VARUN" --menu "" 30 50 10 ROUTE "route IP packets to proxy" TRANSPARENT "enable transparent proxy" 2> /tmp/r$$.tmp opt=`cat /tmp/r$$.tmp` tmp=$? cp -f sysctl.conf /etc/sysctl.conf sysctl -p case $tmp in 0) if [ "$opt" = "ROUTE" ] then dialog --title "ENTER YOUR IP" --backtitle "varun n omveer" --inputbox "" 30 50 2> /tmp/ip$$.tmp tmp=$? 68

ip=`cat /tmp/ip$$.tmp` ifconfig eth0 $ip iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest $ip:3128 service iptable save chkconfig iptables on sh /grras/routermenu; else sh /grras/transmenu; fi ;; 1) sh /grras/menu ;; esac rm /tmp/r$$.tmp rm /tmp/ip$$.tmp

TRANSPARENCY OFF: head -72 /etc/squid/squid.conf > /tmp/sq$$ let rajat=`wc -l /etc/squid/squid.conf | cut --delimiter=" " -f1`-73 tail -$rajat /etc/squid/squid.conf > /tmp/sqd$$ cat /tmp/sq$$ > /etc/squid/squid.conf echo "http_port 3128" >> /etc/squid/squid.conf cat /tmp/sqd$$ >> /etc/squid/squid.conf

TRANSPARENCY ON: head -72 /etc/squid/squid.conf > /tmp/sq$$ let rajat=`wc -l /etc/squid/squid.conf | cut --delimiter=" " -f1`-73 tail -$rajat /etc/squid/squid.conf > /tmp/sqd$$ 69

cat /tmp/sq$$ > /etc/squid/squid.conf echo "http_port 3128 transparent" >> /etc/squid/squid.conf cat /tmp/sqd$$ >> /etc/squid/squid.conf service squid restart

TRANSPARENCY MENU: dialog --title "TRANSPARENT" --backtitle "varun n omi" --menu "Select" 20 70 10 ON "to on proxy for clients (remotely)" OFF "to off proxy for client" 2> /tmp/trans$$ tmp=$? opt=`cat /tmp/trans$$` case $tmp in 0) if [ "$opt" = "ON" ] then sh /grras/tranon dialog --pause "TRANSPARENCY IS ON" 20 20 1 sh /grras/transmenu; else sh /grras/tranoff dialog --pause "TRANSPARENCY IS OFF" 20 20 1 sh /grras/transmenu; fi ;; 1) sh /grras/menu; ;; esac

70

USER ADD: dialog --title "ADD USER" --backtitle "varun omveer" --form "user information" 20 50 5 "mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$ tmp=$? opt=`cat /tmp/add$$` mac=$opt case $tmp in 0) iptables -I INPUT -m mac --mac $mac -j ACCEPT error=$? if [ "$error" != "0" ] then dialog --pause "

SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3

sh /grras/useradd fi service iptable save chconfig iptables on dialog --colors --no-shadow --title "\Z1PLANS" --backtitle "\Z2SECURE INTERNET" -radiolist "PERIODS" 10 110 5 1month "for one month" "" 2month "for two months" "" 3month "for three months" "" 4month "for four months" "" 6month " for six months" "" 1year "for one year" "" 2> /tmp/file$$.tmp var=`cat /tmp/file$$.tmp` echo "iptables -D INPUT -m mac --mac $mac -j ACCEPT; service iptable save; chconfig iptables on" > plan at now+$var < plan sh /grras/useradd ;; 1) sh /grras/menu ;; *) 71

clear ;; esac

USER MENU: dialog --title "MANAGE USERS" --backtitle "varun" --menu "Add or Remove a USER" 20 30 10 ADD "add a user" REMOVE "remove a user" 2> /tmp/user$$.tmp tmp=$? opt=`cat /tmp/user$$.tmp` case $tmp in 0) if [ "$opt" = "ADD" ] then sh /grras/useradd; elif [ "$opt" = "REMOVE" ] then sh /grras/userrem; fi ;; *) sh /grras/menu; ;; esac rm /tmp/user$$.tmp

USER REMOVE: dialog --title " REMOVE USER" --backtitle "varun omveer" --form "user information" 20 50 5 "mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$ 72

tmp=$? opt=`cat /tmp/add$$` mac=$opt case $tmp in 0) iptables -D INPUT -m mac --mac $mac -j ACCEPT error=$? if [ "$error" != "0" ] then dialog --pause "

SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3

sh /grras/useradd fi service iptable save chconfig iptables on ;; 1) sh /grras/menu ;; *) clear ;; esac

WELCOME: dialog --colors --title "\Z2 AUTO IP CONFIGURATOR" --backtitle "\Z7 WELCOME" --yesno "\Z5

Configure network" 10 100

tmp=$? case $tmp in 0) sh /grras/passwrd ;; 1) 73

dialog --pause "

THANK YOU

....logging out TUI" 10 60 3 clear ;; Esac

74

12. CONCLUSION The conclusion can be made like this, the project “AUTO-IP MANAGER” is useful on the administrator end .The project automatic configures the whole procedure of assigning and implementation according to the requirement of users. The project is using the dialog box utilities that makes it quite user friendly and easy to configure. Moreover the project plays a role of a highly secure mechanism in the IP configuration and accessing the web, manually. All the processes will be made on the server side thus the administrator has to do fewer efforts and the clients are having a much easier approach to gain the IP address automatically and connect to the internet. Thus this project, due to its easy and secure approach, can be used in any of the lab. And live condition according to the load of work and requirements.

75

13. REFERENCES WEBSITES: •

www.linux.org

•

www.squid –cache.org

•

www.google.com/linux/dhcp

•

www.linux-live.org/

•

www.amazon.com/Linux-Shell-Script-Programming-Meadors

BOOKS: •

Fedora-Bible 2006(TMH).

•

Red hat Linux essentials.

•

Red hat Linux security specialists333.

76

77