G1 : Advanced Networking Protocol Workshop
The main aim of this workshop is to realize a redundant network infrastructure to ensure maximum availability in case of a device or path failure. The architecture of the network is shown in the diagram given below.
Sommaire
Scope statement for the specific task
Task overview
We were assigned to configure one of the L3 switches to enable routing protocol(for IPv4
and IPv6
) and also to ensure layer 3 redundancy with HSRP.
Materials used for the specific task
- Layer-3 Switch : Cisco Catalyst 3560-E
- PC with serial connection
Workshop progress
Week 1 (28/09/2015)
conf files :
Week 2 (05/10/2015)
- ssh pour la machine cordouan
ssh root@cordouan.insecserv.deule.net |
- configuration de la machine virtuelle XEN
xen-create-image --hostname=WESTMALLE --ip=193.48.57.161 --netmask=255.255.255.240 --gateway=193.48.57.174 \ --nameserver=193.48.57.48 --dir=/usr/local/xen --genpass=0 --password=pasglop --dist=stable |
- permet de la créer une fois le fichier de config
xl create /etc/xen/WESTMALLE.cfg |
- emplacement fichier de configuration de la machine XEN
/etc/XEN/WESTMALLE.cfg |
Fichier:WESTMALLEcfg.txt
modification de la taille mémoire, et "bridge=IMA5sc"
- permet de lancer la machine virtuelle XEN
xl console WESTMALLE |
Week 3 (12/10/2015)
This week we started with installing few important packages in the Xen virtual server such as apache2
, fail2ban
, bind9
, dnsutils
and openssh-server
. To secure the ssh server, we changed the configuration line (as shown below) of the file /etc/ssh/sshd_config:
Port 619 PermitRootLogin no-password |
To enable root login, we had to generate an asymmetric key (private and public) where the public key will be stored in the server while the user who wishes to connect to the server must have the private key. To generate the asymmetric key, we used the command:
ssh-keygen -b 2048 |
Then, the public key had to be stored in a file called authorized_keys2 (for SSHv2
).
After that, we continued to configure the DNS server. First of all, we bought a domain name from one of the domain name registrars, Gandi. Since we wanted to host our own DNS server, we pointed the primary DNS field to our computer (ns1.troisiemesexe.lol). The secondary DNS field was filled with Gandi’s secondary NS server. It was time we configured our own DNS server.
/etc/hosts:
127.0.0.1 localhost 193.48.57.161 westmalle.troisiemesexe.lol westmalle 193.48.57.161 ns1.troisiemesexe.lol ns1 |
/etc/host.conf:
order hosts, bind multi on |
/etc/host.conf:
default 0.0.0.0 loopback 127.0.0.0 link-local 169.254.0.0 lnet.troisiemesexe.lol 193.48.57.160 |
/etc/bind/db.troisiemesexe.lol:
$TTL 604800 @ IN SOA ns1.troisiemesexe.lol. admin.troisiemesexe.lol. ( 2015101705 ; Serial 900 ; Refresh 28800 ; Retry 604800 ; Expire 86400 ) ; Minimum @ IN A 193.48.57.161 ;@ IN AAAA ::1 @ IN NS ns1.troisiemesexe.lol. @ IN NS ns6.gandi.net. ns1 IN A 193.48.57.161 ;ns1 IN AAAA :::1 westmalle IN A 193.48.57.161 arch IN A 193.48.57.174 ;arch -> router www IN A 193.48.57.161 |
/etc/bind/named.conf.local:
zone "troisiemesexe.lol" IN { type master; file "/etc/bind/db.troisiemesexe.lol"; allow-transfer {217.70.177.40;}; allow-query {any;}; notify yes; }; |
And then, we configured the apache VirtualHosts
.
/etc/apache2/sites-available/troisiemesexe.lol.conf:
<VirtualHost *:80> ServerName troisiemesexe.lol ServerAlias www.troisiemesexe.lol *.troisiemesexe.lol ServerAdmin root@troisiemesexe.lol DocumentRoot /var/www/troisiemesexe.lol #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on ReWriteCond %{HTTP_HOST} !^(westmalle|ns1) [NC] #ReWriteCond %{HTTP_HOST} !^ns1.troisiemesexe.lol [NC] ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L] RewriteRule ^(.*)$ https://www.troisiemesexe.lol$1 [R=301,L] </VirtualHost> |