Forward Proxy and DNS server @ubuntu 10.04 Lucid Lynx
Our topology like this:
Topology
Server has 2 interfaces, eth0 = 1.1.1.3/29 to ISP (1.1.1.2) and eth1 = 2.2.2.1/29 to LAN. Client uses IP address = 2.2.2.2-2.2.2.6/29. At server we will setup as forward proxy a.k.a internet gateway and DNS server. Server using Ubuntu Server 10.04.1 GNU/Linux, has been installed properly, has ssh service, has 1 user called “ubuntu” with “server” hostname. This article break to 4 part: initial network setup, forward proxy server setup, DNS server setup, and testing from client.
- Initial Network Setup. Login to server.
Login to Server Directly
Activating root account.
Activating Root Account
Setup interface, edit /etc/network/interfaces.
Setup Interfaces
Restart networking service and check routing table.
Restarting Networking and Show Routing Table
Exit from server, next step doing by remote from client. - Forward Proxy Setup.Login to server from client. If client using GNU/Linux, ssh is out favourite tool. Otherwise client using MS-Windows, we need putty to remote server.
Login to Server by Remote From Client
Activating IP forwarding. Change “0” to “1” in file /proc/sys/net/ipv4/ip_forward to activate IP forwarding now, then edit /etc/sysctl.conf to activate IP forwarding at system startup.
Activating IP Forwarding
Activating IP Forwarding at System Startup
Activating Network Address Translation (NAT) on the firewall.
Activating NAT policy
As our server act as forward proxy, put NAT script to /etc/rc.local to make sure NAT policy will be run each system startup.
Put NAT Policy to rc.local
Input google’s public name server as server need to does online installation for BIND package, which going to do in section C.
Use Public Name Server
- DNS Server Setup. Install BIND, server may need to do package updates first.
Packages Updating
BIND Installation
Put our domain in /etc/hosts. Our domain is: hackme.please. /etc/hosts file uses simple format: IP_Address[space]hostname.domain[space]hostname.
Setup Hostname and Domain
Main configuration file of BIND is /etc/BIND/named.conf, there are 3 lines default that show certain file which contains the DNS options.
BIND Main Configuration File
/etc/BIND/named.conf.options can contain some firewall-related DNS command to secure our server. /etc/BIND/named.conf.local can contain any local configuration while /etc/BIND/named.conf.default-zones as default contain serveral default zone like: . (root), localhost, 127.in-addr.arpa, 0.in-addr.arpa, 255.in-addr.arpa.
We are going to make 2 new zones for resolve and reverse lookup, let say them called by hackme.please (for resolve) and 2.2.2.in-addr.arpa (for reverse lookup). Zone 1′s name due to our domain, it task to mapping domain to IP address, while zone 2′s name due to our LAN network address (2.2.2.0/29), it task to mapping IP address to domain. 2 new zones will be added to /etc/BIND/named.conf.default-zones, open that file with editor first then write our 2 new zones.
Adding 2 New Zones
As Pic. C-5 we have just said that “hackme.please” zone will be configured in /etc/BIND/hackme.please file, and “2.2.2.in-addr.arpa” zone will be ocnfigured in /etc/BIND/2.2.2.in-addr.arpa.zone, so now we are going to create 2 files, one bye one. First, /etc/BIND/hackme.please.zone:
Create First New Zone File
TTL 86400 mean that zone records which provided by DNS server will be valid for 86400 seconds, more than it other DNS server which caching to our DNS server must doing re-check.
Every main zone files will be start with “@”. Start of Authority (SOA) record manage where this zone will be available (server.hackme.please) and who the administrator (root@hackme.please). Notify there is dot at the end domain. 1 is serial number of zone file. When there are some changes, then we can change the serial to 2. 3600 mean slave DNS server have to waiting for 3600 seconds before re-ask master DNS server about information changes. 1800 mean slave DNS server have to waiting for 1800 seconds before doing refresh if master DNS server did not gaves any responses. 604800 mean slave DNS server will release it’s responsibility as a name server if master DNS server did not gaves any responses for 604800 seconds. 86400 mean that other DNS server trying to caching zone information minimum after 86400 seconds.
Next line mean that Name Server (NS) operating in machine with Fully Qualified Domain Name (FQDN) “server.hackme.please” with address (A) 2.2.2.1. Next we re-write each hostname like in /etc/hosts file, for this time there is just one hostname called “server” with address (A) 2.2.2.1. Last we make cannonical name (CNAME) or alias for “server” hostname, alias is www. It mean if any request to www.hackme.please it will be redirected to server.hackme.please.
Second zone file is /etc/BIND/2.2.2.in-addr.arpa.zone .
Create Second New Zone File
Almost them similar to hackme.please.zone file, except we do not re-write each hostname in /etc/hosts and do not making cannonical name. 1 obvious differentiator at last line we using pointer (PTR), for network ID 2.2.2 with host ID is 1 then pointed to hostname “server.hackme.please.” Once again there is dot each last of domain.
As our DNS server has been configured properly, we do not need public DNS anymore, so edit /etc/resolv.conf to use our DNS server.
Change Name Server to the New One
Start BIND service.
Starting BIND Service
Test resolving to hostname, domain, and public domain ex: linux.com.
Examining Our DNS Server
It shows that our DNS server doing well to resolving while serve itself. - Testing From Client. Make sure IP address, gateway, and DNS server has been setup.
Client Network Setup
Test resolving to hostname, domain, and public domain ex: linux.com.
Examining DNS Server
Test browsing several website.
Browsing use our DNS Server
Well done, pdf version of this article available here. Thanks for reading 
.
References:
1.Husni, Implementasi Jaringan Komputer dengan Linux Redhat 9, Penerbit Andi, 2004.
2.Server World, http://www.server-world.info/en/note?os=Ubuntu_10.04&p=dns&f=1, 2010.
3.Canonical Ltd. and members of the Ubuntu Documentation Project, Ubuntu Server Guide, 2010.
