Professional Documents
Culture Documents
Project Report
On
Titled
“AUTO-IP MANAGER”
Award of degree of
BACHELOR OF ENGINEERING
IN
July, 2009
PREFACE
“AUTO-IP MANAGER”
First of all using dialog utility it collects all information for configuration
according to the administrator by the user manually. Security is provided by using
“IP-table advanced rules”. It makes user-friendly environment by “dialog” utility.
The SQUID server is used for filtering. Its main job is to allow or deny any
host or destination. It automatically works on port no. 3128. We can also filter the
contents of the packets. Squid has one primary configuration file, squid.conf.
Iptables is used to set up, maintain, and inspect the tables of IP packet
filter rules in the Linux kernel. Several different tables may be defined. Each table
contains a number of built-in chains and may also contain user-defined chains.
Acknowledgement
VARUN KUMAR
OMVEER SINGH
CERTIFICATE
Date:22 July 09
4
INDEX
01 Introduction
02 Requirements
03 Working of Project
04 Dialog Box
05 Linux as Router
06 Shell Scripting
07 Working of DHCP
08 Working of Squid
09 Working of Gateway
10 Working of IP Tables
12 Conclusion
13 References
5
1. INTRODUCTION
This project is useful on the administrator end. The project automatic configures
the whole procedure of assigning and implementation according to the requirement of
users.
First using dialog utility it collects all information for configuration according to
the administrator by the user manually. Security provided by using “IP-table advanced
rules”. It makes user-friendly environment by “dialog” utility.
If gateway receives any of the client’s requests of port no. 80, it redirects the
requests to the proxy server on port no. 3128. Proxy filters the requests according to the
rules and again sends these packets to the gateway .Now gateway send it to connect
the internet.
The OS – “REDHAT- LINUX” is use because of its high secure functionality and
it provides many of the options for configuring the servers. Packages for the project
required; are inbuilt in REDHAT-LINUX, or we can download it through the internet.
6
2. REQUIREMENTS OF THE PROJECT
The project can be implemented on both live and laboratory conditions. That
mean the minimum requirement is –
• Processor: Pentium 3-4.
• RAM min. of 256 MB.
• Ethernet card that supports OS-LINUX.
• Fast Ethernet cables.
These requirements may change according to the load and according to the
working environment.
7
3. WORKING OF PROJECT:
STEP 2: DHCP server checks the Mac address of the client; if rule matches in IP
tables, then server responses to the client with its assigned IP address as well as the
gateway entry.
STEP 4: The gateway now redirects the incoming packets to the PROXY server via IP
tables D-netting.
STEP 5: The proxy server filters the requests and again sends it to the gateway.
STEP 6: The gateway connects to the internet, gets the response of internet for the
client requests, and sends it to the proxy server.
STEP 7: Proxy server sends the response direct to the desired client.
8
4. Dialog Box:
4.1 Definition
Dialog boxes appear on top of other open windows and whatever else is
currently on the display screen, and they are sometimes accompanied by a beeping or
other sound effect. They always contain at least one button, the purpose of which is to
allow the user to close the box (i.e., remove it from the display screen). Often they also
contain additional buttons and one or more means for users to provide information, such
as check boxes and spaces to enter text.
9
indicate a user error, and to provide notification that a program that has stopped
functioning (i.e., frozen or crashed).
Dialog boxes can also be classified by whether they are modal or non-modal.
Modal dialog boxes are those which temporarily halt part or all of the GUI until the user
closes the box and, depending on what caused the box to appear, provides some
information. System modal dialog boxes freeze the entire GUI,application modal dialog
boxes freeze just the application that caused the box to appear, and document
modal dialog boxes, the newest and least intrusive modal type, merely freeze a single
window in an application (such as a document in a word processing program).
Non-modal dialog boxes, also called modeless dialog boxes, are used when the
requested information is not essential to continue, and thus no windows or other parts of
the GUI are frozen.
A commonly encountered type of dialog box on Linux is that which appears when
an ordinary user tries to open a program that requires root (i.e., administrative)
permission. For example, when a user attempts to open kppp, the KDE Internet dial-
up utility, a small, non-modal dialog box appears that asks the user to enter the root
password in a text space labeled Password for root. Entry of the correct password and
clicking on the OK button causes this box to close and a secondary (again, modeless)
box to appear. The second box allows the user to modify the connection setup if desired
and to push a button labeledConnect that initiates the connection to the Internet.
The Microsoft Windows and Macintosh operating systems use an ellipsis (i.e.,
three consecutive dots) after GUI menu items to indicate that clicking on such items will
not result in a direct action but rather will open up a dialog box that provides additional
information and options for the user.
One problem with the design of some operating systems and application
programs is that dialog boxes are inappropriately used and/or poorly designed. For
example, they may appear when not really necessary and/or contain cryptic messages
10
that most users cannot understand. This can be frustrating for users and waste their
time and energy.
Good software design calls for dialog boxes to (1) be used only where necessary
and/or helpful, (2) be as unobtrusive as possible, (3) use wording that has meaning to
users and (4) maximize user flexibility. This implies that dialog boxes should be non-
modal whenever possible, and, if they are modal, they should be document modal or
application modal to the extent possible.
The term popup window is also sometimes used to refer to a dialog box, although
this term often implies an unrelated (and usually unwanted) advertisement, whereas a
dialog box is related to the program, operating system or hardware currently being
used,
4.2 CLI Magic: Creating basic front ends with dialog and Xdialog
New Linux users are often afraid of the command line. They prefer graphical
alternatives to commands and scripts. For help, they can turn to dialog and Xdialog, two
simple tools that can be used to create front ends to command-line tools.
The fundamental difference between the tools is that while dialog can create
console or text-based front ends, Xdialogcan generate an X interface for any terminal-
11
based program.
Dialog creates the simple front ends that until recently were used in almost all
Linux distributions' installations. Remember old Red Hat and Slackware installations
that were characterized by a grey screen with a blue background? Since these front
ends are text-based, you can't use a mouse to click on buttons.
Xdialog, on the other hand, creates X interfaces, meaning that you have full use
of your mouse. It uses GTK+ for creating the front ends, and offers functions such as
directory selectors and range boxes.
Once you have installed dialog, open a shell and write dialog --title "Testing Dialog" --
yesno "This is the message" 8 25, then press Enter. This creates a very basic yesno
box. You specify box options using the general syntax dialog [common option] [box-
option] text width height . So, the 8 and 25 above are the width and height. --title is a
common option. Common options are applied to all the box options. The common
options can be omitted, you you cannot make a box without specifying the box options.
To test Xdialog, just change dialog in the above command to Xdialog. Both dialog
and Xdialog can implement several types of dialog boxes, such as checklist, form,
radiolist, menu, and textbox. Each dialog box has its own set of box options. Let's create
a simple menu to better understand the [common] and [box] options.
When making a menu, you may be overwhelmed by all the available choices. I
am going to start with a simple menu that lets you select one value out of several.
#!/bin/sh
tempfile=`tempfile`
return_value=$?
you_chose=`cat $tempfile`
case $return_value in
0)
echo "'$you_chose' is the command you find most usefull.";;
1)
echo "You pressed cancel.";;
255)
echo "You hit Esc.";;
esac
Save this code in a file called basic_menu.sh. To make this script executable,
run chmod u+x basic_menu.sh. Now you can run the script: ./basic_menu.sh.
13
This creates a very basic menu, where you can choose any command using the
up and down keys. The most noteworthy lines of this script are tempfile
='tempfile' and2> $tempfile. The first line creates a temporary file using the tempfile
utility. Dialog, by default, writes its output to standard error, so we need the second line
to redirect the output from standard error to the tempfile. We can also use the --
stdout option to send the output to standard output. We'll look at --stdout in a moment.
$? is a variable that stores the program's return value, which is either 0, when
you press OK; 1, if you press cancel; or 255, if you press Esc. return_value is another
variable where we store the value of the $? variable.
To see how this dialog would appear in X, change dialog to Xdialog. Everything else
remains the same.
You never see this type of menu in the real world. You see either a radiolist,
where you can select just one value, or a checklist, which allows you to select multiple
values. To create a radiolist, replace --menu with --radiolist, keeping rest of that line
intact. You also need to change some options as below:
See how each of the options has either "off" or "on" at the end? "On" signifies a
selected option. To select any option, move to your choice using the up and down keys
and press the spacebar.
Unlike a radiolist, a checklist allows you to select multiple values. If you change --
radiolist to --checklist, you get a checklist.
There's more
14
Most of us are so accustomed to working in graphical environments that we
cannot imagine some of the dialogs that you can create on the command line. For
example, you can easily make a progress bar or percentage gauge bar, which is part of
every software installation, with dialog and Xdialog. The syntax is --
gauge text height width [percent]. The percent value shows the initial value of the
progress bar. By default it is zero.
#!/bin/sh
percent=0
(
while test $percent != 110
do
echo $percent
echo "XXX"
echo "This is how the gauge appears"
echo "XXX"
echo "See how the message changes"
15
echo "XXX"
percent=`expr $percent + 10`
sleep 1
done
)|
dialog --title "Gauge works!" --gauge "This is how a gauge appears on the command
line" 10 60 0
As explained in the man page, if the standard input reads the string "XXX," then
subsequent lines up to another "XXX" are used for a new prompt. If you use the "XXX"
method of displaying messages, then the text supplied to --gauge is ignored. In our
case, the message This is how a gauge appears on the command line is ignored
because of the messages in "XXX."
#!/bin/sh
selection=`dialog --stdout --title "Use this dialog to select a file by pressing spacebar" --
fselect $HOME/ 10 68`
case $? in
0)
echo "You chose \"$selection\"";;
1)
echo "You pressed cancel.";;
255)
echo "You hit Esc.";;
esac
16
The file selection dialog is made up of two panes; you can use the tab key to
switch between them. Select a file by pressing the spacebar once you have scrolled to
the file name using the up and down keys. You can also write the path of the file in the
input box at the bottom of the file selection dialog. The --fselect option creates the file
selection dialog. It accepts [filepath] height width as options. The $HOME/ argument
means that we want to choose a file within the home directory.
4.3 Conclusion
Both dialog and Xdialog are complex tools that can create many types of dialog
boxes. They allow a high degree of control on all aspects of the dialogs. The detailed
man pages discuss all the features of these tools, and are a must read. With a little shell
scripting knowledge you can start making front ends to all your favorite command line
tools.
5. LINUX AS ROUTER:
Routers are amongst the most crucial components of the Internet, as each bit of
information on the Internet passes through many routers. Most of the routers used on
the Internet are made by Cisco. Although these have good performance, they come at a
high price.
If one has a small lab with several LANs and wishes to set up a reliable, as well
as secure, connection to the Internet, the cost of a commercial router may not be
17
justifiable. The most economical solution in this case is to use a low-cost processor
running the LRP.
It makes the building and maintenance of firewall, routers, switches, hubs, and so
on, cheap and straightforward.
In this article we show how to set up a Linux router for two to four LANs and test
its performance under different conditions. For comparison we also used Pentium Is and
IIs. Here we present the results of our investigation into the performance of the Linux
router and compare it with a commercial router.
The most common function of the Linux router is a connection between two
networks. Typically, this would be a LAN and the Internet. For our experiments, given
the unavailability of a connection to the Internet fast enough to stress the router
sufficiently, we used a server to simulate the Internet.
The test setup in our computer lab uses a 100Base-T Ethernet. The NICs and
switching hubs are 100Base-T. All platforms are running Linux 2.2 kernels, and the
Linux router is the default gateway for all of them.
The first configuration uses one client and one server. We connected the server
at the first NIC on the LRP box (eth0) and the client at the second NIC (eth1) through
cross-UTP 100Mb cables. Then we set the ipchains rules on the Linux router for
forwarding the traffic between client and server by issuing the following command:
19
ipchains -I forward -j ACCEPT -s 192.168.2.0/24
-d 192.168.3.0/24 –b
You can write a script to run these rules eliminating the need to enter them at the
command prompt every time you boot your LRP box. It should be placed in the root
directory so that the user is able to run all the rules by just entering ./filename. We
measured the bandwidth of the router when there was traffic between the server and
more than one client (clients may be from the same or different LANs).
20
Figure 4. Setup for Cross-Pinging
The Linux router is easy to handle and configure. It does not require any special
care for its use other than that required for a normal PC. If there is a problem,
configuring it only takes a few minutes. Moreover, it is basically software on a floppy
disk; if your LRP box gets damaged because of power fluctuations (a common problem
in the third world), you can instantly convert another available PC into your router by
adding NICs from the corrupted LRP (if they are not corrupted) and boot it off the floppy
disk. No configuration will be required for this router at all, except the runtime
configuration. You can imagine what a great advantage this is—think of what would
happen if your Cisco router were to be corrupted.
21
5.6 Comparison with a Commercial Router
The following is a comparison of the Linux router with the Cisco 2620 router
available in our laboratory.
The cost of building a good Linux router (based on a Pentium I, 200MHz MMX)
with 1FDD, 32MB of RAM is less than $100 US. (It may be nearly free if you use the
minimum required hardware, i.e., a 486DX with 16MB RAM.) A monitor is not
necessarily required. You can use a borrowed monitor temporarily at configuration time
or configure via a remote serial connection (if you include support for that through the
serial.lrp package). On the other hand, the cost of the Cisco 2620 with a 50MHz
Motorola Processor, 16MB Flash RAM and 40MB DRAM is more than $3,500 US.
You can add as many NICs in the Linux router as you wish (limited by the
number of slots on the main board). In Cisco 2600 there is only one Fast Ethernet card
available.
The modularity of the Linux router is matchless. Its packaging system allows
easy removal and addition of features. You can add/remove packages, even at runtime,
using the lrpkg command. You need to shut down the Linux router to add a module only
if it requires some additional hardware. However, the kernel module for the hardware
can be installed at runtime using insmod. The design of the Cisco router is not as
modular.
For the Linux router there are a large variety of hardware and software products
available in the open market as it has the complete structure of the ordinary Linux
operating system. You can use the product of any manufacturer that has support for the
22
Linux router. Cisco routers, on the other hand, are limited in this respect. Usually only
Cisco products are used with Cisco routers.
Having Linux as the operating system on your router gives you the extra
advantage that you can build your own packages according to your needs using shell
scripting. You also can get a lot of help from the available literature for Linux. Cisco
routers have their own specific operating system called Internet Operating System. The
Cisco 2620 uses IOS release 12.1. Although it is developed on a regular basis, you can
use only those features that are available in the specific IOS release used on your
specific router.
Like Cisco routers, the Linux router also supports the multiprotocol feature. It has
support for RIP, BGP, OSPF and many more that are added through packages.
Services such as Ethernet router, firewall, DNS and ISDN may be initialized on a
Linux router. However, initializing services like DNS (which is highly CPU-bound) will
degrade its performance. It is better to use a separate machine as a DNS server. The
Cisco router has multiservice integration of voice, data and video. As with Cisco routers,
IP masquerading, port translation, load balancing, transparent proxy and interface alias
may all be implemented on a Linux router.
Cisco routers support IPX, Token Ring, VLAN, VPN, Apple Talk and DDR for
advance routing. The Linux router also can support these features through proper
packages. Although to do so, some expertise in Linux and some additional hardware
are required, which will increase the cost of Linux router, but it still will be much less
than that of a Cisco router.
Depending upon the model and series of the Cisco router, it has a limited number
of WAN slots. In the 2620 there are two WIC (WAN Interface Cards) slots, one network
module and one advance integrated mode slot. The two-port serial WAN card has a
asynchronous speed of 115.2Kbps, and synchronous speed equals 2.048Mbps. Port 1
supports only synchronous mode. The Linux router also has support for WAN interface
23
cards. Sangoma WICs , which have a synchronous data rate of 8Mbps, are quite
popular among LRP users. With these cards you can combine many LRP boxes.
However, the disadvantage is that the cost of the LRP box increases—this card costs
about $400 US.
5.7 Routing
24
In packet switching networks, routing directs packet forwarding, the transit of
logically addressed packets from their source toward their ultimate destination through
intermediate nodes; typically hardware devices
called routers, bridges, gateways, firewalls, or switches. General-purpose computers
with multiple network cards can also forward packets and perform routing, though they
are not specialized hardware and may suffer from limited performance. The routing
process usually directs forwarding on the basis of routing tables which maintain a record
of the routes to various network destinations. Thus, constructing routing tables, which
are held in the routers' memory, is very important for efficient routing. Most routing
algorithms use only one network path at a time, but multipath routing techniques enable
the use of multiple alternative paths.
Routing, in a more narrow sense of the term, is often contrasted with bridging in
its assumption that network addresses are structured and that similar addresses imply
proximity within the network. Because structured addresses allow a single routing table
entry to represent the route to a group of devices, structured addressing (routing, in the
narrow sense) outperforms unstructured addressing (bridging) in large networks, and
has become the dominant form of addressing on the Internet, though bridging is still
widely used within localized environments.
Unicast is the dominant form of message delivery on the Internet, and this article
focuses on unicast routing algorithms.
25
Topology distribution
Small networks may involve manually configured routing tables (static routing),
while larger networks involve complex topologies and may change rapidly, making the
manual construction of routing tables unfeasible. Nevertheless, most of the public
switched telephone network (PSTN) uses pre-computed routing tables, with fallback
routes if the most direct route becomes blocked (see routing in the PSTN). Adaptive
routing attempts to solve this problem by constructing routing tables automatically,
based on information carried by routing protocols, and allowing the network to act nearly
autonomously in avoiding network failures and blockages.
Dynamic routing dominates the Internet. However, the configuration of the routing
protocols often requires a skilled touch; one should not suppose that networking
technology has developed to the point of the complete automation of routing.
5.7.1 Unicast
The term "unicast" is formed in analogy to the word "broadcast" which means
transmitting the same data to all destinations. Another multi-mode distribution
method, multicasting, is similar to IP broadcasting, but implemented in more efficient
manner.
Unicast messaging is used for all network processes where a private or unique
resource is requested making most networking traffic Unicast in form. Unicast is used
where two way connections are needed to complete the network transaction.
26
multicasting is unavailable, unicasting the exact same content to many users can be
costly. Internet radio stations may have high bandwidth costs because of this.
These terms are also used by streaming content providers' services. Unicast based
media servers open and provide a stream for each unique user. Multicast servers can
support a larger audience by serving content simultaneously to multiple users.
5.7.2 Multicast
5.7.3 Anycast
The term is intended to echo the terms unicast, broadcast and multicast.
In unicast, there is a one-to-one association between network address and network
endpoint: each destination address uniquely identifies a single receiver endpoint.
28
state. However, there are many cases where TCP Anycast is now used, including on
carrier networks such as Prolexic.
With TCP Anycast, there are cases where the receiver selected for any given
source may change from time to time as optimal routes change, silently breaking any
conversations that may be in progress at the time. These conditions are typically
referred to as a "pop switch". To correct for this issue, there have been proprietary
advancements within custom IP stacks which allow for healing of stateful protocols
where it is required. However, without any technology to heal pop switches, systems
like GeoDNS are more appropriate.
For this reason, anycast is generally used as a way to provide high availability
and load balancing for stateless services such as access to replicated data; for
example, DNS service is a distributed service over multiple geographically dispersed
servers.
5.6 Forwarding
29
A unicast forwarding pattern, typical of many networking technologies including the
overwhelming majority of Internet traffic
30
chain leading from the packet's source to its destination. However, other forwarding
strategies are commonly used. Broadcasting requires a packet to be duplicated and
copies sent on multiple links with the goal of delivering a copy to every device on the
network. In practice, broadcast packets are not forwarded everywhere on a network, but
only to devices within a broadcast domain, making broadcasta relative term. Less
common than broadcasting, but perhaps of greater utility and theoretical significance
is multicasting, where a packet is selectively duplicated and copies delivered to each of
a set of recipients.
At nodes where multiple outgoing links are available, the choice of which, all, or
any to use for forwarding a given packet requires a decision making process that, while
simple in concept, is of sometimes bewildering complexity. Since a forwarding decision
must be made for every packet handled by a node, the total time required for this can
become a major limiting factor in overall network performance. Much of the design effort
of high-speed routers and switches has been focused on making rapid forwarding
decisions for large numbers of packets.
The forwarding decision is generally made using one of two processes: routing,
which uses information encoded in a device's address to infer its location on the
31
network, or bridging, which makes no assumptions about where addresses are located
and depends heavily on broadcasting to locate unknown addresses. The heavy
overhead of broadcasting has led to the dominance of routing in large networks,
particularly the Internet; bridging is largely relegated to small networks where the
overhead of broadcasting is tolerable. However, since large networks are usually
composed of many smaller networks linked together, it would be inaccurate to state that
bridging has no use on the Internet; rather, its use is localized.
Shell is a user program or it's environment provided for user interaction. Shell is
an command language interpreter that executes commands read from the standard
input device (keyboard) or from a file.
Shell is not part of system kernel, but uses the system kernel to execute
programs, create files etc.
32
Type $ man tcsh completely compatible
version of the Berkeley
UNIX C shell (CSH).
Tip: To find all available shells in your system type following command:
$ cat /etc/shells
Note that each shell does the same job, but each understand a different command syntax and
provides different built-in functions.
In MS-DOS, Shell name is COMMAND.COM which is also used for same purpose, but
it's not as powerful as our Linux Shells are!
Any of the above shell reads command from user (via Keyboard or Mouse) and tells
Linux Os what users want. If we are giving commands from keyboard it is called command line
interface ( Usually in-front of $ prompt, This prompt is depend upon your shell and Environment
that you set or by your System Administrator, therefore you may get different prompt ).
• Shell script can take input from user, file and output them on screen.
33
• Useful to create our own commands.
• Save lots of time.
• To automate some task of day today life.
• System Administration part can be also automated.
With the thousands of commands available for the command line user, how can
you remember them all? The answer is, you don't. The real power of the computer is its
ability to do the work for you. To get it to do that, we use the power of the shell to
automate things. We write scripts.
Scripts are collections of commands that are stored in a file. The shell can read
this file and act on the commands as if they were typed at the keyboard. In addition to
the things you have learned so far, the shell also provides a variety of useful
programming features to make your scripts truly powerful.
What are scripts good for? A wide range of tasks can be automated. Here are
some of the things I automate with scripts:
A script gathers up all the files (over 2200) in this site on my computer and
transmits them to my web server. Every Friday night, all my computers copy their files to
a "backup server" on my network. This is performed by a script.
A script automatically gets the current updates from my Linux vendor and maintains a
repository of vital updates. It sends me an email message with a report of tasks that
need to be done. As you can see, scripts unlock the power of your Linux machine. So
let's have some fun!
34
To successfully write a shell script, you have to do three things:
1. Write a script
2. Give the shell permission to execute it
3. Put it somewhere the shell can find it
Writing a script
A shell script is a file that contains ASCII text. To create a shell script, you use
a text editor. A text editor is a program, like a word processor, that reads and writes
ASCII text files. There are many, many text editors available for your Linux system, both
for the command line environment and the GUI environment. Here is a list of some
common ones:
Now, fire up your text editor and type in your first script as follows:
#!/bin/bash
# My first script
echo "Hello World!"
The clever among you will have figured out how to copy and paste the text into your text
editor ;-)
The first line of the script is important. This is a special clue given to the shell
indicating what program is used to interpret the script. In this case, it is /bin/bash. Other
scripting languages such as perl, awk, tcl, Tk, and python can also use this mechanism.
The second line is a comment. Everything that appears after a "#" symbol is ignored
by bash. As your scripts become bigger and more complicated, comments become
vital. They are used by programmers to explain what is going on so that others can
35
figure it out. The last line is the echo command. This command simply prints what it is
given on the display.
Setting permissions
The next thing we have to do is give the shell permission to execute your script.
This is done with the chmod command as follows:
The "755" will give you read, write, and execute permission. Everybody else will
get only read and execute permission. If you want your script to be private (i.e., only you
can read and execute), use "700" instead.
You should see "Hello World!" displayed. If you do not, see what directory you
really saved your script in, go there and try again.
Before we go any further, I have to stop and talk a while about paths. When you type in
the name of a command, the system does not search the entire computer to find where
the program is located. That would take a long time. You have noticed that you don't
usually have to specify a complete path name to the program you want to run, the shell
just seems to know.
Well, you are right. The shell does know. Here's how: the shell maintains a list of
directories where executable files (programs) are kept, and just searches the directories
in that list. If it does not find the program after searching each directory in the list, it will
issue the famous command not found error message.
36
This list of directories is called your path. You can view the list of directories with
the following command:
This will return a colon separated list of directories that will be searched if a
specific path name is not given when a command is attempted. In our first attempt to
execute your new script, we specified a pathname ("./") to the file.
You can add directories to your path with the following command, where directory is the
name of the directory you want to add:
A better way would be to edit your .bash_profile file to include the above
command. That way, it would be done automatically every time you log in.
Most modern Linux distributions encourage a practice in which each user has a specific
directory for the programs he/she personally uses. This directory is called bin and is a
subdirectory of your home directory. If you do not already have one, create it with the
following command:
Move your script into your new bin directory and you're all set. Now you just have
to type:
37
Variables in Shell
You can see system variables by giving command like $ set, some of the
important System variables are:
NOTE that Some of the above settings can be different in your PC/Linux environment.
You can print any of the above variables contains as follows:
$ echo $USERNAME
$ echo $HOME
38
How to define User defined variables (UDV)
'value' is assigned to given 'variable name' and Value must be on right side = sign.
Example:
$ no=10# this is ok
$ 10=no# Error, NOT Ok, Value must be on right side of = sign.
To define variable called 'vech' having value Bus
$ vech=Bus
To define variable called n having value 10
$ n=10
Rules for Naming variable name (Both UDV and System Variable)
HOME
SYSTEM_VERSION
vech
no
(2) Don't put spaces on either side of the equal sign when assigning value to variable.
For e.g. In following variable declaration there will be no error
$ no=10
But there will be problem for any of the following variable declaration:
$ no =10
$ no= 10
$ no = 10
39
(3) Variables are case-sensitive, just like filename in Linux. For e.g.
$ no=10
$ No=11
$ NO=20
$ nO=2
Above all are different variable name, so to print value 20 we have to use $ echo $NO
and not any of the following
$ echo $no # will print 10 but not 20
$ echo $No# will print 11 but not 20
$ echo $nO# will print 2 but not 20
(4) You can define NULL variable as follows (NULL variable is variable which has no
value at the time of definition) For e.g.
$ vech=
$ vech=""
Try to print it's value by issuing following command
$ echo $vech
Nothing will be shown because variable has no value i.e. NULL variable.
echo Command
Shell Arithmetic
Syntax:
expr op1 math-operator op2
41
Examples:
$ expr 1 + 3
$ expr 2 - 1
$ expr 10 / 2
$ expr 20 % 3
$ expr 10 \* 3
$ echo `expr 6 + 3`
Note:
expr 20 %3 - Remainder read as 20 mod 3 and remainder is 2.
expr 10 \* 3 - Multiplication use \* and not * since its wild card.
(1) First, before expr keyword we used ` (back quote) sign not the (single quote i.e. ')
sign. Back quote is generally found on the key under tilde (~) on PC keyboard OR to the
above of TAB key.
(4) Here if you use double quote or single quote, it will NOT work
For e.g.
$ echo "expr 6 + 3" # It will print expr 6 + 3
$ echo 'expr 6 + 3' # It will print expr 6 + 3
Use to get input (data from user) from keyboard and store (data) to variable.
Syntax:
read variable1, variable2,...variableN
Following script first ask user, name and then waits to enter name from the user
via keyboard. Then user enters name from keyboard (after giving name you have to
42
press ENTER key) and entered name through keyboard is stored (assigned) to variable
fname.
$ vi sayH
#
#Script to read your name from key-board
#
echo "Your first name please:"
read fname
echo "Hello $fname, Lets be friend!"
Run it as follows:
$ chmod 755 sayH
$ ./sayH
Your first name please: vivek
Hello vivek, Lets be friend!
7. WORKING OF DHCP:
43
7.2 ROLE IN THIS PROJECT:
44
As the above dialog box is showing the 3 menu boxes for configure, add and delete the
dhcp server.
If the user presses “configure” then the dhcp wizard will be opened that will ask
for the configuration information for dhcp as below:
45
If the user presses “add” or “delete”, then a dialog box will open that will ask for the mac
address of the client machine as below:
46
8. WORKING OF SQUID:
The SQUID server is use for filtering. Its main job is to allow or deny any host or
destination. It automatically works on port no. 3128. We can also filter the contents of
the packets. Squid has one primary configuration file, squid.conf. This file is generally
located in /etc/squid/, or if you compiled Squid from source, the default location is
/usr/local/squid/etc/.
47
8.1 Access control lists
The primary use of ACLs is to control access, but they can also be used to route
requests through a hierarchy, control request rewriting, and manage quality of service.
Access controls divides into two parts: elements and rules. ACL elements are
things such as IP addresses, port numbers, hostnames, and URL patterns. Each ACL
element has a name, which you refer to when writing the access list rules. The basic
syntax of an ACL element is:
Squid has more than 20 ACL types, including types for source and destination IP
addresses, time, URLs, port numbers, and transfer protocols. After defining the ACL
elements, the next step is to combine them with Access list rules. Rules combine
elements to allow or deny certain actions. The syntax for an access control rule is:
48
Rule is-
The following screen shot represents the dialog box where it asks to the user
whether to configure the server or to add a new rule.
49
When all the entries are being done, then automatically rules are added in
/etc/squid/squid.conf on the top and services are restarted automatically.
When it is preesed OK ,then it is beng asked for adding another rule as below:
50
When the user presses OK, then again it asks for entry otherwise it closes the dialog
box.
9. WORKING OF GATEWAY:
51
9.1 Configure Linux for packet forwarding
First, we need to enable packet forwarding on the kernel level (more on what the
hell this means later). Edit your /etc/sysctl.conf so it contains the following:
Now set the eth01 interface up, which we will manually assign as 192.168.3.1 on
our internal network. This is done by editing /etc/sysconfig/network-scripts/ifcfg-eth1 like
so:
DEVICE= eth1
ONBOOT= yes
BOOTPROTO= none
Packets that are routed through the router are governed by rules in the
FORWARD chain. Connections from and to the router itself are managed by the INPUT
and OUTPUT chains. Rules should be written as if no NAT occurs, using the 'real'
addresses.
Here if a client wants to connect to the internet, then it requests to the gateway.
The gateway transfers the requests on the proxy server. It filters the packets and again
52
transfers it to the gateway; because proxy also has the entry of gateway. The gateway
gives the response to the proxy and proxy sends it to the destination client.
53
10. WORKING OF IP TABLES:
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules
in the Linux kernel. Several different tables may be defined. Each table contains a
number of built-in chains and may also contain user-defined chains.
Each chain is a list of rules which can match a set of packets. Each rule specifies what
to do with a packet that matches. This is called a 'target', which may be a jump to a
user-defined chain in the same table.
10.1 Targets
A firewall rule specifies criteria for a packet, and a target. If the packet does not
match, the next rule in the chain is the examined; if it does match, then the next rule is
specified by the value of the target, which can be the name of a user-defined chain or
one of the special values ACCEPT, DROP, QUEUE, or RETURN.
ACCEPT means to let the packet through. DROP means to drop the packet on
the floor. QUEUE means to pass the packet to userspace. (How the packet can be
received by a userspace process differs by the particular queue handler. 2.4.x and 2.6.x
kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and later
additionally include the nfnetlink_queue queue handler. Packets with a target of QUEUE
will be sent to queue number '0' in this case. Please also see the NFQUEUE target as
described later in this man page.) RETURN means stop traversing this chain and
resume at the next rule in the previous (calling) chain. If the end of a built-in chain is
reached or a rule in a built-in chain with target RETURN is matched, the target specified
by the chain policy determines the fate of the packet.
10.2 Tables
There are currently three independent tables (which tables are present at any
time depends on the kernel configuration options and which modules are present).
54
-t, --table table
This option specifies the packet matching table which the command should
operate on. If the kernel is configured with automatic module loading, an attempt will be
made to load the appropriate module for that table if it is not already there.
10.2.1 Filter:
This is the default table (if no -t option is passed). It contains the built-in chains
INPUT (for packets destined to local sockets), FORWARD (for packets being routed
through the box), and OUTPUT (for locally-generated packets).
10.2.2 nat:
10.2.3 Mangle:
This table is used for specialized packet alteration. Until kernel 2.4.17 it had two
built-in chains: PREROUTING (for altering incoming packets before routing) and
OUTPUT (for altering locally-generated packets before routing). Since kernel 2.4.18,
three other built-in chains are also supported: INPUT (for packets coming into the box
itself), FORWARD (for altering packets being routed through the box), and
POSTROUTING (for altering packets as they are about to go out).
55
10.2.4 Raw:
This table is used mainly for configuring exemptions from connection tracking in
combination with the NOTRACK target. It registers at the netfilter hooks with higher
priority and is thus called before ip_conntrack, or any other IP tables. It provides the
following built-in chains: PREROUTING (for packets arriving via any network interface)
OUTPUT (for packets generated by local processes)
Every packet contains information which helps it navigate the network and move
toward its destination. The packet can tell computers along the way, as well as the
destination machine, where it came from, where it is going, and what type of packet it is,
among other things. Most packets are designed to carry data, although some protocols
use packets in special ways. For example, the Transmission Control Protocol (TCP)
uses a SYN packet, which contains no data, to initiate communication between two
systems.
The Linux kernel contains the built-in ability to filter packets, allowing some of
them into the system while stopping others. The 2.4 kernel's netfilter has three built-in
tables or rules lists. They are as follows:
56
Nat — this table used to alter packets that create a new connection.
Each of these tables in turn have a group of built-in chains which correspond to
the actions performed on the packet by the netfilter.
OUTPUT — This chain applies to packets sent out via the same network interface which
received the packets.
FORWARD — This chain applies to packets received on one network interface and sent
out on another.
PREROUTING — This chain alters packets received via a network interface when they
arrive.
OUTPUT — This chain alters locally-generated packets before they are routed via a
network interface.
POSTROUTING — This chain alters packets before they are sent out via a network
interface.
57
PREROUTING — This chain alters packets received via a network interface before they
are routed.
OUTPUT — this chain alters locally-generated packets before they are routed via a
network interface.
11. CODING:
AUTO IP:
dialog --title "" --backtitle "by varun and omveer" --pause "Loading AUTO-IP
CONFIGURATOR TUI..." 10 60 2
sh /grras/wel
DHCP CONF:
dialog --colors --title "DHCP CONFIGURATION" --backtitle "varun n omveer" --form "\Z7
enter valid IP values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask" 3 4
"255.255.255.0" 3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end" 7
4 "192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp$
tmp=$?
subnet=`head -1 /tmp/dhcp$$`
netmask=`head -2 /tmp/dhcp$$ | tail -1`
s_range=`head -3 /tmp/dhcp$$ | tail -1`
e_range=`head -4 /tmp/dhcp$$ | tail -1`
g_way=`head -5 /tmp/dhcp$$ | tail -1`
case $tmp in
0)
echo "ddns-update-style interim;
ignore client-updates;
58
# --- default gateway
option routers $g_way;
option subnet-mask $netmask;
59
;;
1)
sh /grras/dhcpmenu
;;
*)
clear
esac
DHCP EDIT:
dialog --colors --title "DHCP EDIT" --backtitle "varun n omveer" --form "\Z7 enter valid IP
values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask" 3 4 "255.255.255.0"
3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end" 7 4
"192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp$$
tmp=$?
subnet=`head -1 /tmp/dhcp$$`
netmask=`head -2 /tmp/dhcp$$ | tail -1`
s_range=`head -3 /tmp/dhcp$$ | tail -1`
e_range=`head -4 /tmp/dhcp$$ | tail -1`
g_way=`head -5 /tmp/dhcp$$ | tail -1`
case $tmp in
0)
echo "ddns-update-style interim;
ignore client-updates;
60
# option domain-name "domain.org";
# option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
61
esac
DHCP MENU:
dialog --colors --title "DHCP" --backtitle "\Z7Do you want to make new configuration or
edit old configuration" --menu "select" 10 50 5 CONFIGURE "make new dhcp setting"
EDIT "edit old dhcp setting" 2> /tmp/dhcpmenu$$.tmp
tmp=$?
opt=`cat /tmp/dhcpmenu$$.tmp`
case $tmp in
0)
if [ "$opt" = "CONFIGURE" ]
then
sh /grras/dhcpconf;
elif [ "$opt" = "EDIT" ]
then
sh /grras/dhcpedit;
fi
;;
*)
sh /grras/menu;
;;
esac
rm /tmp/dhcpmenu$$.tmp
INSTALL.sh:
LOGS :
cat /var/log/squid/access.log
MENU:
dialog --colors --title "SERVICES" --backtitle "\Z7 select a service you want to configure"
--menu "Service List" 20 50 10 DHCP "configure and edit dhcp" PROXY "allow and
deny websites" MANAGE_USER "add or remove users" ROUTER "configure router"
LOGS "view logs" 2> /tmp/menu$$.tmp
run=$?
opt=`cat /tmp/menu$$.tmp`
case $run in
0)
if [ "$opt" = "DHCP" ]
then
sh /grras/dhcpmenu;
elif [ "$opt" = "PROXY" ]
then
sh /grras/proxymenu;
elif [ "$opt" = "ROUTER" ]
then
sh /grras/routermenu;
elif [ "$opt" = "MANAGE_USER" ]
then
63
sh /grras/usermenu;
elif [ "$opt" = "LOGS" ]
then
sh logs;
fi
;;
*)
clear
echo "
thankyou
";
;;
esac
rm -rf /tmp/menu$$.tmp
PASSWORD:
64
sh /grras/passwrd
fi
;;
*)
clear
;;
esac
PLAN:
iptables -D INPUT -m mac --mac 88:88 -j ACCEPT; service iptable save; chconfig
iptables on
PROXY ADD:
dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name or ip" --
inputbox "Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp
tmp=$?
head=`cat /grras/count`
head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp
tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp
let hi=$head+2
var=`cat /tmp/file$$.tmp`
echo $hi > /grras/count
case $tmp in
0)
cat /tmp/head$$.tmp > /etc/squid/squid.conf
echo "acl grras$$ dst $var
http_access allow grras$$" >> /etc/squid/squid.conf
cat /tmp/tail$$.tmp >> /etc/squid/squid.conf
service squid restart &> /dev/null
65
sh /grras/proxymenu
;;
1)
sh proxymenu
;;
*)
clear
;;
esac
PROXY CONF:
PROXY MENU:
dialog --colors --title "\Z1PROXY" --backtitle "varun n omveer" --menu "To add/remove
sites" 20 40 5 CONF "to configure proxy" ADD "add site to proxy" REMOVE "remove
site from proxy" 2> /tmp/pxm$$.tmp
66
tmp=$?
opt=`cat /tmp/pxm$$.tmp`
case $tmp in
0)
if [ "$opt" = "ADD" ]
then
sh /grras/proxyadd;
elif [ "$opt" = "REMOVE" ]
then
sh /grras/proxyremove;
elif [ "$opt" = "CONF" ]
then
sh /grras/proxyconf;
fi
;;
*)
sh /grras/menu;
;;
esac
PROXY REMOVE:
dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name or ip" --
inputbox "Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp
tmp=$?
head=`cat /grras/count`
head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp
tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp
let hi=$head+2
var=`cat /tmp/file$$.tmp`
echo $hi > /grras/count
case $tmp in
67
0)
cat /tmp/head$$.tmp > /etc/squid/squid.conf
echo "acl grras$$ dst $var
http_access deny grras$$" >> /etc/squid/squid.conf
cat /tmp/tail$$.tmp >> /etc/squid/squid.conf
service squid restart &> /dev/null
sh /grras/proxymenu
;;
1)
sh proxymenu
;;
*)
clear
;;
esac
ROUTER MENU:
68
ip=`cat /tmp/ip$$.tmp`
ifconfig eth0 $ip
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest $ip:3128
service iptable save
chkconfig iptables on
sh /grras/routermenu;
else
sh /grras/transmenu;
fi
;;
1)
sh /grras/menu
;;
esac
rm /tmp/r$$.tmp
rm /tmp/ip$$.tmp
TRANSPARENCY OFF:
TRANSPARENCY ON:
TRANSPARENCY MENU:
70
USER ADD:
dialog --title "ADD USER" --backtitle "varun omveer" --form "user information" 20 50 5
"mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$
tmp=$?
opt=`cat /tmp/add$$`
mac=$opt
case $tmp in
0)
iptables -I INPUT -m mac --mac $mac -j ACCEPT
error=$?
if [ "$error" != "0" ]
then
dialog --pause " SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3
sh /grras/useradd
fi
service iptable save
chconfig iptables on
dialog --colors --no-shadow --title "\Z1PLANS" --backtitle "\Z2SECURE INTERNET" --
radiolist "PERIODS" 10 110 5 1month "for one month" "" 2month "for two months" ""
3month "for three months" "" 4month "for four months" "" 6month " for six months" ""
1year "for one year" "" 2> /tmp/file$$.tmp
var=`cat /tmp/file$$.tmp`
echo "iptables -D INPUT -m mac --mac $mac -j ACCEPT; service iptable save; chconfig
iptables on" > plan
at now+$var < plan
sh /grras/useradd
;;
1)
sh /grras/menu
;;
*)
71
clear
;;
esac
USER MENU:
dialog --title "MANAGE USERS" --backtitle "varun" --menu "Add or Remove a USER" 20
30 10 ADD "add a user" REMOVE "remove a user" 2> /tmp/user$$.tmp
tmp=$?
opt=`cat /tmp/user$$.tmp`
case $tmp in
0)
if [ "$opt" = "ADD" ]
then
sh /grras/useradd;
elif [ "$opt" = "REMOVE" ]
then
sh /grras/userrem;
fi
;;
*)
sh /grras/menu;
;;
esac
rm /tmp/user$$.tmp
USER REMOVE:
dialog --title " REMOVE USER" --backtitle "varun omveer" --form "user information" 20
50 5 "mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$
72
tmp=$?
opt=`cat /tmp/add$$`
mac=$opt
case $tmp in
0)
iptables -D INPUT -m mac --mac $mac -j ACCEPT
error=$?
if [ "$error" != "0" ]
then
dialog --pause " SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3
sh /grras/useradd
fi
service iptable save
chconfig iptables on
;;
1)
sh /grras/menu
;;
*)
clear
;;
esac
WELCOME:
dialog --colors --title "\Z2 AUTO IP CONFIGURATOR" --backtitle "\Z7
WELCOME" --yesno "\Z5 Configure network" 10 100
tmp=$?
case $tmp in
0)
sh /grras/passwrd
;;
1)
73
dialog --pause " THANK YOU
....logging out TUI" 10 60 3
clear
;;
Esac
74
12. CONCLUSION
The conclusion can be made like this, the project “AUTO-IP MANAGER”
is useful on the administrator end .The project automatic configures the whole
procedure of assigning and implementation according to the requirement of users.
The project is using the dialog box utilities that makes it quite user friendly and
easy to configure. Moreover the project plays a role of a highly secure mechanism in the
IP configuration and accessing the web, manually.
All the processes will be made on the server side thus the administrator has to do
fewer efforts and the clients are having a much easier approach to gain the IP address
automatically and connect to the internet.
Thus this project, due to its easy and secure approach, can be used in any of the
lab. And live condition according to the load of work and requirements.
75
13. REFERENCES
WEBSITES:
• www.linux.org
• www.squid –cache.org
• www.google.com/linux/dhcp
• www.linux-live.org/
• www.amazon.com/Linux-Shell-Script-Programming-Meadors
BOOKS:
• Fedora-Bible 2006(TMH).
• Red hat Linux essentials.
• Red hat Linux security specialists333.
76
77