A

Project Report
On
Titled
AUTO-IP MANAGER
Submitted in partial fulfillment for the
Award of degree of
BACHELOR OF ENGINEERING
IN
COMPUTER SCIENCE & ENGINEERING
Submitted By: VARUN
KUMAR
Submitted To:-
HEMANT SHARMA
OMVEER SINGH Lect. CS/IT
July, 2009
PREFACE
AUTO-IP MANAGER
First of all using dialog utility it collects all information for configuration
according to the administrator by the user manually. Security is provided by usi
ng
IP-table advanced rules. It makes user-friendly environment by dialog utility.
Dynamic Host Configuration Protocol (DHCP) is a protocol used by
networked devices (clients) to obtain various parameters necessary for the
clients to operate in an Internet Protocol (IP) network. By using this protocol,

system administration workload greatly decreases, and devices can be added to
the network with minimal or no manual configurations. When a DHCP-configured
client (be it a computer or any other network aware device) connects to a
network, the DHCP client sends a broadcast query requesting necessary
information from a DHCP server .
The SQUID server is used for filtering. Its main job is to allow or deny any
host or destination. It automatically works on port no. 3128. We can also filter
the
contents of the packets. Squid has one primary configuration file, squid.conf.
Iptables is used to set up, maintain, and inspect the tables of IP packet
filter rules in the Linux kernel. Several different tables may be defined. Each
table
contains a number of built-in chains and may also contain user-defined chains.
Acknowledgement
I express my sincere thanks to my project guide, Mr. HEMANT SHARMA,
Lecturer, Deptt CS/IT, for guiding me right form the inception till the successf
ul
completion of the project. I sincerely acknowledge him/her/them for extending
their valuable guidance, support for literature, critical reviews of project and
the
report and above all the moral support he/she/they had provided to me with all
stages of this project.
I would also like to thank the supporting staff of CS/IT Department, for
their help and cooperation throughout our project.
VARUN KUMAR
OMVEER SINGH
CERTIFICATE
This is to certify that Mr. OMVEER SINGH and MR. VARUN
KUMAR from COMPUTER SCIENCE AND ENGINEERING has successfully
delivered a project named AUTO-IP MANAGER and has submitted a
satisfactory report about it as per partial fulfillment of the requirement for t
he
degree of B.E. (Comp.Sc.) According to the syllabus of UNIVERSITY OF
RAJASTHAN , JAIPUR during the academic year 2008-09.
Date:22 July 09
Mr. Kailash Maheshwari Mr. HEMANT SHARMA
( H.O.D ,C.S.E & I.T ) (Project Guide )
I
IIN
NNDE
DEDEX
XX
Sl. No. TOPIC PAGE
No.
01 Introduction
02 Requirements
03 Working of Project
04 Dialog Box
05 Linux as Router
06 Shell Scripting
07 Working of DHCP
08 Working of Squid
09 Working of Gateway
10 Working of IP Tables
11 Coding (Shell Scripting)
12 Conclusion
13 References
1. INTRODUCTION
This project AUTO-IP CONFIGURATION is practically implementable for MNCs
and colleges in both live and laboratory conditions. In the project, we are usin
g the
concepts of assigning IP addresses to the required user (via DHCP), gateway
assignments and implementations of proxy server, all using IP-tables.
This project is useful on the administrator end. The project automatic configure
s
the whole procedure of assigning and implementation according to the requirement
of
users.
First using dialog utility it collects all information for configuration accordi
ng to
the administrator by the user manually. Security provided by using IP-table advan
ced
rules. It makes user-friendly environment by dialog utility.
If gateway receives any of the clients requests of port no. 80, it redirects the
requests to the proxy server on port no. 3128. Proxy filters the requests accord
ing to the
rules and again sends these packets to the gateway .Now gateway send it to conne
ct
the internet.
The OS REDHAT-LINUX is use because of its high secure functionality and
it provides many of the options for configuring the servers. Packages for the pr
oject
required; are inbuilt in REDHAT-LINUX, or we can download it through the interne
t.
6
2. REQUIREMENTS OF THE PROJECT
2.1 HARDWARE REQUIREMENTS:
The project can be implemented on both live and laboratory conditions. That
mean the minimum requirement is
Processor: Pentium 3-4.
RAM min. of 256 MB.
Ethernet card that supports OS-LINUX.
Fast Ethernet cables.
These requirements may change according to the load and according to the
working environment.
2.2 SOFTWARE REQUIREMENTS:
OS- REDHAT LINUX.
RPM for DHCP server with all known dependencies.
RPM of Squid with all known dependencies.
RPM of Dialog.
7
3. WORKING OF PROJECT:
STEP 1: Client requests for IP address.
STEP 2: DHCP server checks the Mac address of the client; if rule matches in IP
tables, then server responses to the client with its assigned IP address as well
as the
gateway entry.
STEP 3: Now client wants to go for internet; so it requests to the gateway.
STEP 4: The gateway now redirects the incoming packets to the PROXY server via I
P
tables D-netting.
STEP 5: The proxy server filters the requests and again sends it to the gateway.

STEP 6: The gateway connects to the internet, gets the response of internet for
the
client requests, and sends it to the proxy server.
STEP 7: Proxy server sends the response direct to the desired client.
8
4. Dialog Box:
4.1 Definition
A dialog box is a small window or message box that appears temporarily in
a GUI (graphical user interface) to alert the user to a condition and/or to requ
est
information.
Dialog boxes appear on top of other open windows and whatever else is
currently on the display screen, and they are sometimes accompanied by a beeping
or
other sound effect. They always contain at least one button, the purpose of whic
h is to
allow the user to close the box (i.e., remove it from the display screen). Often
they also
contain additional buttons and one or more means for users to provide informatio
n, such
as check boxes and spaces to enter text.
Dialog boxes can be classified in several ways, including according to the
function they perform and their complexity. The simplest type of dialog box is t
heAlert,
which displays a message and requires the user to acknowledge it by clicking on
a
button in order to close it. Alerts are commonly used to provide simple confirma
tion of
an action (such as to confirm that the user really wants to terminate a program)
, to
9
indicate a user error, and to provide notification that a program that has stopp
ed
functioning (i.e., frozen or crashed).
Dialog boxes can also be classified by whether they are modal or non-modal.
Modal dialog boxes are those which temporarily halt part or all of the GUI until
the user
closes the box and, depending on what caused the box to appear, provides some
information. System modal dialog boxes freeze the entire GUI,application modal d
ialog
boxes freeze just the application that caused the box to appear, and document
modal dialog boxes, the newest and least intrusive modal type, merely freeze a s
ingle
window in an application (such as a document in a word processing program).
Non-modal dialog boxes, also called modeless dialog boxes, are used when the
requested information is not essential to continue, and thus no windows or other
parts of
the GUI are frozen.
A commonly encountered type of dialog box on Linux is that which appears when
an ordinary user tries to open a program that requires root (i.e., administrativ
e)
permission. For example, when a user attempts to open kppp, the KDE Internet dia
lup
utility, a small, non-modal dialog box appears that asks the user to enter the r
oot
password in a text space labeled Password for root. Entry of the correct passwor
d and
clicking on the OK button causes this box to close and a secondary (again, model
ess)
box to appear. The second box allows the user to modify the connection setup if
desired
and to push a button labeledConnect that initiates the connection to the Interne
t.
The Microsoft Windows and Macintosh operating systems use an ellipsis (i.e.,
three consecutive dots) after GUI menu items to indicate that clicking on such i
tems will
not result in a direct action but rather will open up a dialog box that provides
additional
information and options for the user.
One problem with the design of some operating systems and application
programs is that dialog boxes are inappropriately used and/or poorly designed. F
or
example, they may appear when not really necessary and/or contain cryptic messag
es
10
that most users cannot understand. This can be frustrating for users and waste t
heir
time and energy.
An excellent example of inappropriate use is provided by some web browsers
that open a dialog box that informs the user that a page will not display, even
though it
is obvious that the page will not display, and requires the user to click on a b
utton to
close the box. Moreover, if the user is working on another application with the
browser
in the background, the dialog box will interrupt that application and move the b
rowser
window to the foreground, thus requiring the user to also restore the applicatio
n window
to the foreground after closing the dialog box. A well-known example of clumsy a
nd
misleading wording on a dialog box is the message that resembles you has perform
ed
an illegal action and this program will shut down.
Good software design calls for dialog boxes to (1) be used only where necessary
and/or helpful, (2) be as unobtrusive as possible, (3) use wording that has mean
ing to
users and (4) maximize user flexibility. This implies that dialog boxes should b
e non-
modal whenever possible, and, if they are modal, they should be document modal o
r
application modal to the extent possible.
The term popup window is also sometimes used to refer to a dialog box, although
this term often implies an unrelated (and usually unwanted) advertisement, where
as a
dialog box is related to the program, operating system or hardware currently bei
ng
used,
4.2 CLI Magic: Creating basic front ends with dialog and Xdialog
New Linux users are often afraid of the command line. They prefer graphical
alternatives to commands and scripts. For help, they can turn to dialog and Xdia
log, two
simple tools that can be used to create front ends to command-line tools.
The fundamental difference between the tools is that while dialog can create
console or text-based front ends, Xdialogcan generate an X interface for any ter
minal
11
based program.
Dialog creates the simple front ends that until recently were used in almost all

Linux distributions' installations. Remember old Red Hat and Slackware installat
ions
that were characterized by a grey screen with a blue background? Since these fro
nt
ends are text-based, you can't use a mouse to click on buttons.
Xdialog, on the other hand, creates X interfaces, meaning that you have full use

of your mouse. It uses GTK+ for creating the front ends, and offers functions su
ch as
directory selectors and range boxes.
Once you have installed dialog, open a shell and write dialog --title "Testing D
ialog" -yesno
"This is the message" 8 25, then press Enter. This creates a very basic yesno
box. You specify box options using the general syntax dialog [common option] [bo
xoption]
text width height . So, the 8 and 25 above are the width and height. --title is
a
common option. Common options are applied to all the box options. The common
options can be omitted, you you cannot make a box without specifying the box opt
ions.
To test Xdialog, just change dialog in the above command to Xdialog. Both dialog

and Xdialog can implement several types of dialog boxes, such as checklist, form
,
radiolist, menu, and textbox. Each dialog box has its own set of box options. Le
t's create
a simple menu to better understand the [common] and [box] options.
4.2.1 Creating a menu
When making a menu, you may be overwhelmed by all the available choices. I
am going to start with a simple menu that lets you select one value out of sever
al.
#!/bin/sh
tempfile=`tempfile`
dialog --title "Most used linux command" \
12
--menu "Please choose the most usefull command line tool:" 15 55 5 \
"man" "To read man pages" \
"ls" "To display the contents of a directory" \
"vi" "Text editor" \
"mount" "To mount partitions" \
"su" "Super user permissions" 2> $tempfile
return_value=$?
you_chose=`cat $tempfile`
case $return_value in
0)
echo "'$you_chose' is the command you find most usefull.";;
1)
echo "You pressed cancel.";;
255)
echo "You hit Esc.";;
esac
Save this code in a file called basic_menu.sh. To make this script executable,
run chmod u+x basic_menu.sh. Now you can run the script: ./basic_menu.sh.
This creates a very basic menu, where you can choose any command using the
up and down keys. The most noteworthy lines of this script are tempfile
='tempfile' and2> $tempfile. The first line creates a temporary file using the t
empfile
utility. Dialog, by default, writes its output to standard error, so we need the
second line
to redirect the output from standard error to the tempfile. We can also use the
-stdout
option to send the output to standard output. We'll look at --stdout in a moment
.
$? is a variable that stores the program's return value, which is either 0, when

you press OK; 1, if you press cancel; or 255, if you press Esc. return_value is
another
variable where we store the value of the $? variable.
To see how this dialog would appear in X, change dialog to Xdialog. Everything e
lse
remains the same.
You never see this type of menu in the real world. You see either a radiolist,
where you can select just one value, or a checklist, which allows you to select
multiple
values. To create a radiolist, replace --menu with --radiolist, keeping rest of
that line
intact. You also need to change some options as below:
"man" "To read man pages" off\
"ls" "To display the contents of a directory" off\
"vi" "Text editor" off\
"mount" "To mount partitions" off\
"su" "Super user permissions" ON 2> $tempfile
See how each of the options has either "off" or "on" at the end? "On" signifies
a
selected option. To select any option, move to your choice using the up and down
keys
and press the spacebar.
Unlike a radiolist, a checklist allows you to select multiple values. If you cha
nge -radiolist
to --checklist, you get a checklist.
There's more
14
Most of us are so accustomed to working in graphical environments that we
cannot imagine some of the dialogs that you can create on the command line. For
example, you can easily make a progress bar or percentage gauge bar, which is pa
rt of
every software installation, with dialog and Xdialog. The syntax is -gauge
text height width [percent]. The percent value shows the initial value of the
progress bar. By default it is zero.
Let's create a shell script to see how the gauge works.
#!/bin/sh
percent=0
(
while test $percent != 110
do
echo $percent
echo "XXX"
echo "This is how the gauge appears"
echo "XXX"
echo "See how the message changes"
15
echo "XXX"
percent=`expr $percent + 10`
sleep 1
done
) |
dialog --title "Gauge works!" --gauge "This is how a gauge appears on the comman
d
line" 10 60 0
As explained in the man page, if the standard input reads the string "XXX," then

subsequent lines up to another "XXX" are used for a new prompt. If you use the "
XXX"
method of displaying messages, then the text supplied to --gauge is ignored. In
our
case, the message This is how a gauge appears on the command line is ignored
because of the messages in "XXX."
Another common dialog is file selection. When attaching a file to an email
message or opening a file in OpenOffice.org Writer, we frequently encounter the
select
file dialog. You can create that on a command line too. We are going to use --st
dout for
this.
#!/bin/sh
selection=`dialog --stdout --title "Use this dialog to select a file by pressing
spacebar" -fselect
$HOME/ 10 68`
case $? in
0)
echo "You chose \"$selection\"";;
1)
echo "You pressed cancel.";;
255)
echo "You hit Esc.";;
esac
16
The file selection dialog is made up of two panes; you can use the tab key to
switch between them. Select a file by pressing the spacebar once you have scroll
ed to
the file name using the up and down keys. You can also write the path of the fil
e in the
input box at the bottom of the file selection dialog. The --fselect option creat
es the file
selection dialog. It accepts [filepath] height width as options. The $HOME/ argu
ment
means that we want to choose a file within the home directory.
4.3 Conclusion
Both dialog and Xdialog are complex tools that can create many types of dialog
boxes. They allow a high degree of control on all aspects of the dialogs. The de
tailed
man pages discuss all the features of these tools, and are a must read. With a l
ittle shell
scripting knowledge you can start making front ends to all your favorite command
line
tools.
5. LINUX AS ROUTER:
5.1 Linux Router
Routers are amongst the most crucial components of the Internet, as each bit of
information on the Internet passes through many routers. Most of the routers use
d on
the Internet are made by Cisco. Although these have good performance, they come
at a
high price.
In situations where we need to economize, the Linux router is an attractive
alternative. When used as a simple gateway for a LAN, it can be almost free. All
that is
needed is a machine with more than one network interface.
If one has a small lab with several LANs and wishes to set up a reliable, as wel
l
as secure, connection to the Internet, the cost of a commercial router may not b
e
17
justifiable. The most economical solution in this case is to use a low-cost proc
essor
running the LRP.
It makes the building and maintenance of firewall, routers, switches, hubs, and
so
on, cheap and straightforward.
In this article we show how to set up a Linux router for two to four LANs and te
st
its performance under different conditions. For comparison we also used Pentium
Is and
IIs. Here we present the results of our investigation into the performance of th
e Linux
router and compare it with a commercial router.
5.2 Setting Up a Linux Router
The most common function of the Linux router is a connection between two
networks. Typically, this would be a LAN and the Internet. For our experiments,
given
the unavailability of a connection to the Internet fast enough to stress the rou
ter
sufficiently, we used a server to simulate the Internet.
5.3 Performance of Linux Router
The test setup in our computer lab uses a 100Base-T Ethernet. The NICs and
switching hubs are 100Base-T. All platforms are running Linux 2.2 kernels, and t
he
Linux router is the default gateway for all of them.
5.4 Bandwidth Measurement
The first configuration uses one client and one server. We connected the server
at the first NIC on the LRP box (eth0) and the client at the second NIC (eth1) t
hrough
cross-UTP 100Mb cables. Then we set the ipchains rules on the Linux router for
forwarding the traffic between client and server by issuing the following comman
d:
ipchains -I forward -j ACCEPT -s 192.168.1.0/24
18
-d 192.168.0.0/24 -b
Figure 1. Setup Number One for Measurement of Bandwidth of LRP Box
The ipchains rules for this setup would look like:
ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d 192.168.1.0/24 b
ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d 192.168.2.0/24 b
ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d 192.168.3.0/24 b
ipchains -I forward -j ACCEPT -s 192.168.1.0/24
-d 192.168.2.0/24 b
ipchains -I forward -j ACCEPT -s 192.168.1.0/24
-d 192.168.3.0/24 b
ipchains -I forward -j ACCEPT -s 192.168.2.0/24
-d 192.168.3.0/24 b
You can write a script to run these rules eliminating the need to enter them at
the
command prompt every time you boot your LRP box. It should be placed in the root

directory so that the user is able to run all the rules by just entering ./filen
ame. We
measured the bandwidth of the router when there was traffic between the server a
nd
more than one client (clients may be from the same or different LANs).
Figure 2. Setup Number Two for Measurement of Bandwidth of LRP Box
For the third configuration we set up multiple servers and multiple clients (cro
sspinging).
In this test setup we used two servers connected on eth0 and eth2 of the LRP
box.
20
Figure 4. Setup for Cross-Pinging Figure 4. Setup for Cross-Pinging
5.5 Easy to Handle
The Linux router is easy to handle and configure. It does not require any specia
l
care for its use other than that required for a normal PC. If there is a problem
,
configuring it only takes a few minutes. Moreover, it is basically software on a
floppy
disk; if your LRP box gets damaged because of power fluctuations (a common probl
em
in the third world), you can instantly convert another available PC into your ro
uter by
adding NICs from the corrupted LRP (if they are not corrupted) and boot it off t
he floppy
disk. No configuration will be required for this router at all, except the runti
me
configuration. You can imagine what a great advantage this isthink of what would
happen if your Cisco router were to be corrupted.
21
5.6 Comparison with a Commercial Router
The following is a comparison of the Linux router with the Cisco 2620 router
available in our laboratory.
The cost of building a good Linux router (based on a Pentium I, 200MHz MMX)
with 1FDD, 32MB of RAM is less than $100 US. (It may be nearly free if you use t
he
minimum required hardware, i.e., a 486DX with 16MB RAM.) A monitor is not
necessarily required. You can use a borrowed monitor temporarily at configuratio
n time
or configure via a remote serial connection (if you include support for that thr
ough the
serial.lrp package). On the other hand, the cost of the Cisco 2620 with a 50MHz
Motorola Processor, 16MB Flash RAM and 40MB DRAM is more than $3,500 US.
Although power consumption here is not of great concern, in most applications it

is notable that the Linux router (running on PI 200MHz, MMX) consumes less than
30W
of power, while Cisco 2600 series routers consume 75W.
You can add as many NICs in the Linux router as you wish (limited by the
number of slots on the main board). In Cisco 2600 there is only one Fast Etherne
t card
available.
The modularity of the Linux router is matchless. Its packaging system allows
easy removal and addition of features. You can add/remove packages, even at runt
ime,
using the lrpkg command. You need to shut down the Linux router to add a module
only
if it requires some additional hardware. However, the kernel module for the hard
ware
can be installed at runtime using insmod. The design of the Cisco router is not
as
modular.
For the Linux router there are a large variety of hardware and software products

available in the open market as it has the complete structure of the ordinary Li
nux
operating system. You can use the product of any manufacturer that has support f
or the
22
Linux router. Cisco routers, on the other hand, are limited in this respect. Usu
ally only
Cisco products are used with Cisco routers.
Having Linux as the operating system on your router gives you the extra
advantage that you can build your own packages according to your needs using she
ll
scripting. You also can get a lot of help from the available literature for Linu
x. Cisco
routers have their own specific operating system called Internet Operating Syste
m. The
Cisco 2620 uses IOS release 12.1. Although it is developed on a regular basis, y
ou can
use only those features that are available in the specific IOS release used on y
our
specific router.
Like Cisco routers, the Linux router also supports the multiprotocol feature. It
has
support for RIP, BGP, OSPF and many more that are added through packages.
Services such as Ethernet router, firewall, DNS and ISDN may be initialized on a

Linux router. However, initializing services like DNS (which is highly CPU-bound
) will
degrade its performance. It is better to use a separate machine as a DNS server.
The
Cisco router has multiservice integration of voice, data and video. As with Cisc
o routers,
IP masquerading, port translation, load balancing, transparent proxy and interfa
ce alias
may all be implemented on a Linux router.
Cisco routers support IPX, Token Ring, VLAN, VPN, Apple Talk and DDR for
advance routing. The Linux router also can support these features through proper

packages. Although to do so, some expertise in Linux and some additional hardwar
e
are required, which will increase the cost of Linux router, but it still will be
much less
than that of a Cisco router.
Depending upon the model and series of the Cisco router, it has a limited number

of WAN slots. In the 2620 there are two WIC (WAN Interface Cards) slots, one net
work
module and one advance integrated mode slot. The two-port serial WAN card has a
asynchronous speed of 115.2Kbps, and synchronous speed equals 2.048Mbps. Port 1
supports only synchronous mode. The Linux router also has support for WAN interf
ace
23
cards. Sangoma WICs , which have a synchronous data rate of 8Mbps, are quite
popular among LRP users. With these cards you can combine many LRP boxes.
However, the disadvantage is that the cost of the LRP box increasesthis card cost
s
about $400 US.
Figure 7. Typical Configuration for a Small Business
5.7 Routing
Routing is the process of selecting paths in a network along which to send
network traffic. Routing is performed for many kinds of networks, including the
network,
electronic (such as the Internet), and transportation networks. This article is
concerned
primarily with routing in electronic data networks using packet switching techno
logy.
24
In packet switching networks, routing directs packet forwarding, the transit of
logically addressed packets from their source toward their ultimate destination
through
intermediate nodes; typically hardware devices
called routers, bridges, gateways, firewalls, or switches. General-purpose compu
ters
with multiple network cards can also forward packets and perform routing, though
they
are not specialized hardware and may suffer from limited performance. The routin
g
process usually directs forwarding on the basis of routing tables which maintain
a record
of the routes to various network destinations. Thus, constructing routing tables
, which
are held in the routers' memory, is very important for efficient routing. Most r
outing
algorithms use only one network path at a time, but multipath routing techniques
enable
the use of multiple alternative paths.
Routing, in a more narrow sense of the term, is often contrasted with bridging i
n
its assumption that network addresses are structured and that similar addresses
imply
proximity within the network. Because structured addresses allow a single routin
g table
entry to represent the route to a group of devices, structured addressing (routi
ng, in the
narrow sense) outperforms unstructured addressing (bridging) in large networks,
and
has become the dominant form of addressing on the Internet, though bridging is s
till
widely used within localized environments.
Routing schemes differ in their delivery semantics:
1. unicast delivers a message to a single specified node;
2. broadcast delivers a message to all nodes in the network;
3. multicast delivers a message to a group of nodes that have expressed interest
in
receiving the message;
4. anycast delivers a message to any one out of a group of nodes, typically the
one
nearest to the source.
Unicast is the dominant form of message delivery on the Internet, and this artic
le
focuses on unicast routing algorithms.
25
Topology distribution
Small networks may involve manually configured routing tables (static routing),
while larger networks involve complex topologies and may change rapidly, making
the
manual construction of routing tables unfeasible. Nevertheless, most of the publ
ic
switched telephone network (PSTN) uses pre-computed routing tables, with fallbac
k
routes if the most direct route becomes blocked (see routing in the PSTN). Adapt
ive
routing attempts to solve this problem by constructing routing tables automatica
lly,
based on information carried by routing protocols, and allowing the network to a
ct nearly
autonomously in avoiding network failures and blockages.
Dynamic routing dominates the Internet. However, the configuration of the routin
g
protocols often requires a skilled touch; one should not suppose that networking

technology has developed to the point of the complete automation of routing.
5.7.1 Unicast
In computer networking, unicast transmission is the sending of information
packets to a single network destination.
The term "unicast" is formed in analogy to the word "broadcast" which means
transmitting the same data to all destinations. Another multi-mode distribution
method, multicasting, is similar to IP broadcasting, but implemented in more eff
icient
manner.
Unicast messaging is used for all network processes where a private or unique
resource is requested making most networking traffic Unicast in form. Unicast is
used
where two way connections are needed to complete the network transaction.
Certain network applications which are mass-distributed are too costly to
implement on Unicast. These include streaming media of many forms. And when
26
multicasting is unavailable, unicasting the exact same content to many users can
be
costly. Internet radio stations may have high bandwidth costs because of this.
These terms are also used by streaming content providers' services. Unicast base
d
media servers open and provide a stream for each unique user. Multicast servers
can
support a larger audience by serving content simultaneously to multiple users.
In computer networking, broadcasting refers to transmitting a packet that will b
e
received (conceptually) by every device on the network. In practice, the scope o
f the
broadcast is limited to a broadcast domain. Contrast unicasting and multicasting
.
Not all computer networks support broadcasting; for example,
neither X.25 nor frame relay supply a broadcast capability, nor is there any for
m of
Internet-wide broadcast. Broadcasting is largely confined to local area network
(LAN)
technologies, most notably Ethernet and Token Ring, where the performance impact
of
broadcasting is not as large as it would be in a wide area network.
Both Ethernet and IPv4 use an all-ones broadcast address to indicate a
broadcast packet. Token Ring uses a special value in the IEEE 802.2 control fiel
d.
Due to its "shotgun" approach to data distribution, broadcasting is being
increasingly supplanted by multicasting. For example, IPv6 supports neither dire
cted
broadcasts nor local broadcasts.
5.7.2 Multicast
Multicast addressing is a network technology for the delivery of information to
a
group of destinations simultaneously using the most efficient strategy to delive
r the
messages over each link of the network only once, creating copies only when the
links
to the multiple destinations split.
The word "multicast" is typically used to refer to IP multicast which is often e
mployed
for streaming media and Internet television applications. In IP multicast the
implementation of the multicast concept occurs at the IP routing level,
where routers create optimal distribution paths for datagrams sent to a multicas
t
27
destination address spanning tree in real-time. At the Data Link
Layer, multicastdescribes one-to-many distribution such as Ethernet multicast
addressing, Asynchronous Transfer Mode (ATM) point-to-multipoint virtual circuit
s
or Infiniband multicast.
5.7.3 Anycast
Anycast is a network addressing and routing scheme whereby data is routed to
the "nearest" or "best" destination as viewed by the routing topology.
The term is intended to echo the terms unicast, broadcast and multicast.
In unicast, there is a one-to-one association between network address and networ
k
endpoint: each destination address uniquely identifies a single receiver endpoin
t.
In broadcast and multicast, there is a one-to-many association between network
addresses and network endpoints: each destination address identifies a set of re
ceiver
endpoints, to which all information is replicated.
In anycast, there is also a one-to-many association between network addresses
and network endpoints: each destination address identifies a set of receiver end
points,
but only one of them is chosen at any given time to receive information from any
given
sender.
On the Internet, anycast is usually implemented by using BGP to simultaneously
announce the same destination IP address range from many different places on the

Internet. This results in packets addressed to destination addresses in this ran
ge being
routed to the "nearest" point on the net announcing the given destination IP add
ress.
In the past, Anycast was suited to connectionless protocols (generally built
on UDP), rather than connection-oriented protocols such as TCP that keep their o
wn
28
state. However, there are many cases where TCP Anycast is now used, including on

carrier networks such as Prolexic.
With TCP Anycast, there are cases where the receiver selected for any given
source may change from time to time as optimal routes change, silently breaking
any
conversations that may be in progress at the time. These conditions are typicall
y
referred to as a "pop switch". To correct for this issue, there have been propri
etary
advancements within custom IP stacks which allow for healing of stateful protoco
ls
where it is required. However, without any technology to heal pop switches, syst
ems
like GeoDNS are more appropriate.
For this reason, anycast is generally used as a way to provide high availability

and load balancing for stateless services such as access to replicated data; for

example, DNS service is a distributed service over multiple geographically dispe
rsed
servers.
5.6 Forwarding
Forwarding is the relaying of packets from one network segment to another
by nodes in a computer network.
29
A unicast forwarding pattern, typical of many networking technologies including
the
overwhelming majority of Internet traffic
A multicast forwarding pattern, typical of PIM
A broadcast forwarding pattern, typical of bridged Ethernet. The simplest
forwarding model -unicasting - involves a packet being relayed from link to link
along a
30
chain leading from the packet's source to its destination. However, other forwar
ding
strategies are commonly used. Broadcasting requires a packet to be duplicated an
d
copies sent on multiple links with the goal of delivering a copy to every device
on the
network. In practice, broadcast packets are not forwarded everywhere on a networ
k, but
only to devices within a broadcast domain, making broadcasta relative term. Less

common than broadcasting, but perhaps of greater utility and theoretical signifi
cance
is multicasting, where a packet is selectively duplicated and copies delivered t
o each of
a set of recipients.
Networking technologies tend to naturally support certain forwarding models. For

example, fiber optics and copper cables run directly from one machine to another
form
natural unicast media - data transmitted at one end is received by only one mach
ine at
the other end. However, as illustrated in the diagrams, nodes can forward packet
s to
create multicast or broadcast distributions from naturally unicast media. Likewi
se,
traditional Ethernet (10BASE5 and 10BASE2, but not the more modern 10BASE-T) are

natural broadcast media - all the nodes are attached to a single, long cable and
a
packet transmitted by one device is seen by every other device attached to the c
able.
Ethernet nodes implement unicast by ignoring packets not directly addressed to t
hem.
A wireless network is naturally multicast - all devices within a reception radiu
s of a
transmitter can receive its packets. Wireless nodes ignore packets addressed to
other
devices, but require forwarding to reach nodes outside their reception radius.
At nodes where multiple outgoing links are available, the choice of which, all,
or
any to use for forwarding a given packet requires a decision making process that
, while
simple in concept, is of sometimes bewildering complexity. Since a forwarding de
cision
must be made for every packet handled by a node, the total time required for thi
s can
become a major limiting factor in overall network performance. Much of the desig
n effort
of high-speed routers and switches has been focused on making rapid forwarding
decisions for large numbers of packets.
The forwarding decision is generally made using one of two processes: routing,
which uses information encoded in a device's address to infer its location on th
e
31
Shell Name Developed by Where Remark
BASH ( Bourne-Again
Shell )
Brian Fox and Chet
Ramey
Free Software FoundationMost common shell in
Linux. It's FreewareCSH (C SHell) Bill Joy University of California
(For BSD)
The C shell's syntax
usage are very similar to
the C programming
language.
KSH (Korn SHell) David Korn AT & T Bell Labs -TCSH
See the man page. -TCSH
is an enhanced but
network, or bridging, which makes no assumptions about where addresses are locat
ed
and depends heavily on broadcasting to locate unknown addresses. The heavy
overhead of broadcasting has led to the dominance of routing in large networks,
particularly the Internet; bridging is largely relegated to small networks where
the
overhead of broadcasting is tolerable. However, since large networks are usually

composed of many smaller networks linked together, it would be inaccurate to sta
te that
bridging has no use on the Internet; rather, its use is localized.
6. What is Linux Shell ?
Computer understand the language of 0's and 1's called binary language. In early

days of computing, instruction are provided using binary language, which is diff
icult for
all of us, to read and write. So in Os there is special program called Shell. Sh
ell accepts
your instruction or commands in English (mostly) and if its a valid command, it
is pass to
kernel.
Shell is a user program or it's environment provided for user interaction. Shell
is
an command language interpreter that executes commands read from the standard
input device (keyboard) or from a file.
Shell is not part of system kernel, but uses the system kernel to execute
programs, create files etc.
Several shell available with Linux including:
shell.
and
32
Type $ man tcsh completely compatible
version of the Berkeley
UNIX C shell (CSH).
Tip: To find all available shells in your system type following command:
$ cat /etc/shells
Note that each shell does the same job, but each understand a different command
syntax and
provides different built-in functions.
In MS-DOS, Shell name is COMMAND.COM which is also used for same purpose, but
it's not as powerful as our Linux Shells are!
Any of the above shell reads command from user (via Keyboard or Mouse) and tells

Linux Os what users want. If we are giving commands from keyboard it is called c
ommand line
interface ( Usually in-front of $ prompt, This prompt is depend upon your shell
and Environment
that you set or by your System Administrator, therefore you may get different pr
ompt ).
Tip: To find your current shell type following command
$ echo $SHELL
What is Shell Script ?
Normally shells are interactive. It means shell accept command from you (via
keyboard) and execute them. But if you use command one by one (sequence of 'n'
number of commands) , the you can store this sequence of command to text file an
d tell
the shell to execute this text file instead of entering the commands. This is kn
ow as shell
script.
Shell script defined as:
"Shell Script is series of command written in plain text file. Shell script is j
ust like batch
file is MS-DOS but have more power than the MS-DOS batch file."
Why to Write Shell Script ?
Shell script can take input from user, file and output them on screen.
33
Useful to create our own commands.
Save lots of time.
To automate some task of day today life.
System Administration part can be also automated.
Here is where the fun begins
With the thousands of commands available for the command line user, how can
you remember them all? The answer is, you don't. The real power of the computer
is its
ability to do the work for you. To get it to do that, we use the power of the sh
ell to
automate things. We write scripts.
Scripts are collections of commands that are stored in a file. The shell can rea
d
this file and act on the commands as if they were typed at the keyboard. In addi
tion to
the things you have learned so far, the shell also provides a variety of useful
programming features to make your scripts truly powerful.
What are scripts good for? A wide range of tasks can be automated. Here are
some of the things I automate with scripts:
A script gathers up all the files (over 2200) in this site on my computer and
transmits them to my web server. Every Friday night, all my computers copy their
files to
a "backup server" on my network. This is performed by a script.
A script automatically gets the current updates from my Linux vendor and maintai
ns a
repository of vital updates. It sends me an email message with a report of tasks
that
need to be done. As you can see, scripts unlock the power of your Linux machine.
So
let's have some fun!
Writing your first script and getting it to work
34
To successfully write a shell script, you have to do three things:
1. Write a script
2. Give the shell permission to execute it
3. Put it somewhere the shell can find it
Writing a script
A shell script is a file that contains ASCII text. To create a shell script, you
use
a text editor. A text editor is a program, like a word processor, that reads and
writes
ASCII text files. There are many, many text editors available for your Linux sys
tem, both
for the command line environment and the GUI environment. Here is a list of some

common ones:
Now, fire up your text editor and type in your first script as follows:
#!/bin/bash
# My first script
echo "Hello World!"
The clever among you will have figured out how to copy and paste the text into y
our text
editor ;-)
If you have ever opened a book on programming, you would immediately
recognize this as the traditional "Hello World" program. Save your file with som
e
descriptive name. How about my_script?
The first line of the script is important. This is a special clue given to the s
hell
indicating what program is used to interpret the script. In this case, it is /bi
n/bash. Other
scripting languages such as perl, awk, tcl, Tk, and python can also use this mec
hanism.
The second line is a comment. Everything that appears after a "#" symbol is igno
red
by bash. As your scripts become bigger and more complicated, comments become
vital. They are used by programmers to explain what is going on so that others c
an
35
figure it out. The last line is the echo command. This command simply prints wha
t it is
given on the display.
Setting permissions
The next thing we have to do is give the shell permission to execute your script
.
This is done with the chmod command as follows:
[me@linuxbox me]$ chmod 755 my_script
The "755" will give you read, write, and execute permission. Everybody else will

get only read and execute permission. If you want your script to be private (i.e
., only you
can read and execute), use "700" instead.
Putting it in your path
At this point, your script will run. Try this:
[me@linuxbox me]$ ./my_script
You should see "Hello World!" displayed. If you do not, see what directory you
really saved your script in, go there and try again.
Before we go any further, I have to stop and talk a while about paths. When you
type in
the name of a command, the system does not search the entire computer to find wh
ere
the program is located. That would take a long time. You have noticed that you d
on't
usually have to specify a complete path name to the program you want to run, the
shell
just seems to know.
Well, you are right. The shell does know. Here's how: the shell maintains a list
of
directories where executable files (programs) are kept, and just searches the di
rectories
in that list. If it does not find the program after searching each directory in
the list, it will
issue the famous command not found error message.
36
This list of directories is called your path. You can view the list of directori
es with
the following command:
[me@linuxbox me]$ echo $PATH
This will return a colon separated list of directories that will be searched if
a
specific path name is not given when a command is attempted. In our first attemp
t to
execute your new script, we specified a pathname ("./") to the file.
You can add directories to your path with the following command, where directory
is the
name of the directory you want to add:
[me@linuxbox me]$ export PATH=$PATH:directory
A better way would be to edit your .bash_profile file to include the above
command. That way, it would be done automatically every time you log in.
Most modern Linux distributions encourage a practice in which each user has a sp
ecific
directory for the programs he/she personally uses. This directory is called bin
and is a
subdirectory of your home directory. If you do not already have one, create it w
ith the
following command:
[me@linuxbox me]$ mkdir bin
Move your script into your new bin directory and you're all set. Now you just ha
ve
to type:
[me@linuxbox me]$ my_script
and your script will run.
37
Variables in Shell
To process our data/information, data must be kept in computers RAM memory.
RAM memory is divided into small locations, and each location had unique number
called memory location/address, which is used to hold our data. Programmer can g
ive a
unique name to this memory location/address called memory variable or variable (
Its a
named storage location that may take different values, but only one at a time).
In Linux (Shell), there are two types of variable:
(1) System variables - Created and maintained by Linux itself. This type of vari
able
defined in CAPITAL LETTERS.
(2) User defined variables (UDV) - Created and maintained by user. This type of
variable defined in lower letters.
You can see system variables by giving command like $ set, some of the
important System variables are:
System Variable Meaning
BASH=/bin/bash Our shell name
BASH_VERSION=1.14.7(1) Our shell version name
COLUMNS=80 No. of columns for our screen
HOME=/home/vivek Our home directory
LINES=25 No. of columns for our screen
LOGNAME=students students Our logging name
OSTYPE=Linux Our Os type
PATH=/usr/bin:/sbin:/bin:/usr/sbin Our path settings
PS1=[\u@\h \W]\$ Our prompt settings
PWD=/home/students/Common Our current working directory
SHELL=/bin/bash Our shell name
USERNAME=vivek User name who is currently login to this PC
NOTE that Some of the above settings can be different in your PC/Linux environme
nt.
You can print any of the above variables contains as follows:
$ echo $USERNAME
$ echo $HOME
38
How to define User defined variables (UDV)
To define UDV use following syntax
Syntax:
variable name=value
'value' is assigned to given 'variable name' and Value must be on right side = s
ign.
Example:
$ no=10# this is ok
$ 10=no# Error, NOT Ok, Value must be on right side of = sign.
To define variable called 'vech' having value Bus
$ vech=Bus
To define variable called n having value 10
$ n=10
Rules for Naming variable name (Both UDV and System Variable)
(1) Variable name must begin with Alphanumeric character or underscore
character (_), followed by one or more Alphanumeric character. For e.g. Valid sh
ell
variable are as follows
HOME
SYSTEM_VERSION
vech
no
(2) Don't put spaces on either side of the equal sign when assigning value to va
riable.
For e.g. In following variable declaration there will be no error
$ no=10
But there will be problem for any of the following variable declaration:
$ no =10
$ no= 10
$ no = 10
39
(3) Variables are case-sensitive, just like filename in Linux. For e.g.
$ no=10
$ No=11
$ NO=20
$ nO=2
Above all are different variable name, so to print value 20 we have to use $ ech
o $NO
and not any of the following
$ echo $no # will print 10 but not 20
$ echo $No# will print 11 but not 20
$ echo $nO# will print 2 but not 20
(4) You can define NULL variable as follows (NULL variable is variable which has
no
value at the time of definition) For e.g.
$ vech=
$ vech=""
Try to print it's value by issuing following command
$ echo $vech
Nothing will be shown because variable has no value i.e. NULL variable.
(5) Do not use ?,* etc, to name your variable names.
How to print or access value of UDV (User defined variables)
To print or access UDV use following syntax
Syntax:
$variablename
Define variable vech and n as follows:
$ vech=Bus
$ n=10
To print contains of variable 'vech' type
$ echo $vech
It will print 'Bus',To print contains of variable 'n' type command as follows
$ echo $n
40
Caution: Do not try $ echo vech, as it will print vech instead its value 'Bus' a
nd $ echo n,
as it will print n instead its value '10', You must use $ followed by variable n
ame.
echo Command
Use echo command to display text or value of variable.
echo [options] [string, variables...]
Displays text or variables value on screen.
Options
-n Do not output the trailing new line.
-e Enable interpretation of the following backslash escaped characters in the st
rings:
\a alert (bell)
\b backspace
\c suppress trailing new line
\n new line
\r carriage return
\t horizontal tab
\\ backslash
For e.g. $ echo -e "An apple a day keeps away \a\t\tdoctor\n"
Shell Arithmetic
Use to perform arithmetic operations.
Syntax:
expr op1 math-operator op2
41
Examples:
$ expr 1 + 3
$ expr 2 - 1
$ expr 10 / 2
$ expr 20 % 3
$ expr 10 \* 3
$ echo `expr 6 + 3`
Note:
expr 20 %3 - Remainder read as 20 mod 3 and remainder is 2.
expr 10 \* 3 - Multiplication use \* and not * since its wild card.
For the last statement not the following points
(1) First, before expr keyword we used ` (back quote) sign not the (single quote
i.e. ')
sign. Back quote is generally found on the key under tilde (~) on PC keyboard OR
to the
above of TAB key.
(2) Second, expr is also end with ` i.e. back quote.
(3) Here expr 6 + 3 is evaluated to 9, then echo command prints 9 as sum
(4) Here if you use double quote or single quote, it will NOT work
For e.g.
$ echo "expr 6 + 3" # It will print expr 6 + 3
$ echo 'expr 6 + 3' # It will print expr 6 + 3
The read Statement
Use to get input (data from user) from keyboard and store (data) to variable.
Syntax:
read variable1, variable2,...variableN
Following script first ask user, name and then waits to enter name from the user

via keyboard. Then user enters name from keyboard (after giving name you have to

42
press ENTER key) and entered name through keyboard is stored (assigned) to varia
ble
fname.
$ vi sayH
#
#Script to read your name from key-board
#
echo "Your first name please:"
read fname
echo "Hello $fname, Lets be friend!"
Run it as follows:
$ chmod 755 sayH
$ ./sayH
Your first name please: vivek
Hello vivek, Lets be friend!
7. WORKING OF DHCP:
7.1 WHAT IS DHCP?
Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked
devices (clients) to obtain various parameters necessary for the clients to oper
ate in an
Internet Protocol (IP) network. By using this protocol, system administration wo
rkload
greatly decreases, and devices can be added to the network with minimal or no ma
nual
configurations. DHCP is also useful for directly assigning addresses to servers
and
desktop machines, and, through a Point-to-Point Protocol (PPP) proxy, for dialup
and
broadband on-demand hosts, as well as for residential Network address translatio
n
(NAT) gateways and routers. DHCP is usually not appropriate for infrastructure s
uch as
non-edge routers and DNS servers. The dynamic host configuration protocol (DHCP)

provides automatic configuration like IP address DNS server, NIS server, gateway
etc.
on client machine.
43
7.2 ROLE IN THIS PROJECT:
When a DHCP-configured client (be it a computer or any other network aware
device) connects to a network, the DHCP client sends a broadcast query requestin
g
necessary information from a DHCP server. The DHCP server manages a pool of IP
addresses and information about client configuration parameters such as the defa
ult
gateway, the domain name, the DNS servers, other servers such as timeservers, an
d so
forth. Upon receipt of a valid request the server will assign the computer an IP
address,
a lease (the length of time for which the allocation is valid), and other IP con
figuration
parameters, such as the subnet mask and the default gateway. The query is typica
lly
initiated immediately after booting and must be completed before the client can
initiate
IP-based communication with other hosts. It is providing automatic gateway and I
P
addresses to the client machines here according to their requests.
7.4 Screenshots and working of DHCP:
44
As the above dialog box is showing the 3 menu boxes for configure, add and delet
e the
dhcp server.
If the user presses configure then the dhcp wizard will be opened that will ask
for the configuration information for dhcp as below:
45
If the user presses add or delete, then a dialog box will open that will ask for the
mac
address of the client machine as below:
46
8. WORKING OF SQUID:
The SQUID server is use for filtering. Its main job is to allow or deny any host
or
destination. It automatically works on port no. 3128. We can also filter the con
tents of
the packets. Squid has one primary configuration file, squid.conf. This file is
generally
located in /etc/squid/, or if you compiled Squid from source, the default locati
on is
/usr/local/squid/etc/.
47
8.1 Access control lists
The primary use of ACLs is to control access, but they can also be used to route

requests through a hierarchy, control request rewriting, and manage quality of s
ervice.
Access controls divides into two parts: elements and rules. ACL elements are
things such as IP addresses, port numbers, hostnames, and URL patterns. Each ACL

element has a name, which you refer to when writing the access list rules. The b
asic
syntax of an ACL element is:
ACLname type value1 value2
Squid has more than 20 ACL types, including types for source and destination IP
addresses, time, URLs, port numbers, and transfer protocols. After defining the
ACL
elements, the next step is to combine them with Access list rules. Rules combine

elements to allow or deny certain actions. The syntax for an access control rule
is:
access_list allow/deny [!]ACLname
For example, the rule:
http_access allow MyClients
8.2 ROLE IN THIS PROJECT:
The squid here is working as the transparent proxy server.
In transparent proxy, no work, procedure, or configuration works on the client e
nd;
rather everything is perform on the server side.
In the project, by using IP tables dnating rules, transparent proxy is use.
We use rule of dnating in the IP tables on every packet for port no. 80 that it
automatically transfer to the proxy server on port no. 3128.
48
Rule is-.
iptables t nat A PREROUTING -p tcp -- dport 80 -j DNAT --to-dest proxyIP:
3128
Now we add the rules in /etc/squid/squid.conf that is the configuration file of
proxy server; for different host name and IP.
8.3 Screen shots and working:
The following screen shot represents the dialog box where it asks to the user
whether to configure the server or to add a new rule.
If it is pressed configure then a new squid server be configured; else if it is ch
osen to
add a new rule it will be done asked for the host name and IP as shown below:
49
When all the entries are being done, then automatically rules are added in
/etc/squid/squid.conf on the top and services are restarted automatically.
When it is preesed OK ,then it is beng asked for adding another rule as below:
When the user presses OK, then again it asks for entry otherwise it closes the d
ialog
box.
9. WORKING OF GATEWAY:
If a client receives another networks requests then it passes it to the gateway.
And the gateway works as a router here and forwards the packets in another netwo
rk.
51
9.1 Configure Linux for packet forwarding
First, we need to enable packet forwarding on the kernel level (more on what the

hell this means later). Edit your /etc/sysctl.conf so it contains the following:

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
Since most people have dynamic IP's, you will probably also want:
# Enable dynamic-ip address hacking
net.ipv4.ip_dynaddr = 1
For other potentially worthwhile settings, you can check out my whole sysctl.con
f file.
Now set the eth01 interface up, which we will manually assign as 192.168.3.1 on
our internal network. This is done by editing /etc/sysconfig/network-scripts/ifc
fg-eth1 like
so:
DEVICE= eth1
ONBOOT= yes
BOOTPROTO= none
# (put your correct value below)
HWADDR= XX:XX:XX:XX:XX:XX
IPADDR=192.168.3.1
9.2 ROLE IN THIS PROJECT:
Packets that are routed through the router are governed by rules in the
FORWARD chain. Connections from and to the router itself are managed by the INPU
T
and OUTPUT chains. Rules should be written as if no NAT occurs, using the 'real'

addresses.
Here if a client wants to connect to the internet, then it requests to the gatew
ay.
The gateway transfers the requests on the proxy server. It filters the packets a
nd again
52
transfers it to the gateway; because proxy also has the entry of gateway. The ga
teway
gives the response to the proxy and proxy sends it to the destination client.
9.3 CONFIGURATION OF THE GATEWAY:
53
10. WORKING OF IP TABLES:
Iptables is used to set up, maintain, and inspect the tables of IP packet filter
rules
in the Linux kernel. Several different tables may be defined. Each table contain
s a
number of built-in chains and may also contain user-defined chains.
Each chain is a list of rules which can match a set of packets. Each rule specif
ies what
to do with a packet that matches. This is called a 'target', which may be a jump
to a
user-defined chain in the same table.
10.1 Targets
A firewall rule specifies criteria for a packet, and a target. If the packet doe
s not
match, the next rule in the chain is the examined; if it does match, then the ne
xt rule is
specified by the value of the target, which can be the name of a user-defined ch
ain or
one of the special values ACCEPT, DROP, QUEUE, or RETURN.
ACCEPT means to let the packet through. DROP means to drop the packet on
the floor. QUEUE means to pass the packet to userspace. (How the packet can be
received by a userspace process differs by the particular queue handler. 2.4.x a
nd 2.6.x
kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and late
r
additionally include the nfnetlink_queue queue handler. Packets with a target of
QUEUE
will be sent to queue number '0' in this case. Please also see the NFQUEUE targe
t as
described later in this man page.) RETURN means stop traversing this chain and
resume at the next rule in the previous (calling) chain. If the end of a built-i
n chain is
reached or a rule in a built-in chain with target RETURN is matched, the target
specified
by the chain policy determines the fate of the packet.
10.2 Tables
There are currently three independent tables (which tables are present at any
time depends on the kernel configuration options and which modules are present).

54
-t, --table table
This option specifies the packet matching table which the command should
operate on. If the kernel is configured with automatic module loading, an attemp
t will be
made to load the appropriate module for that table if it is not already there.
The tables are as follows:
10.2.1 Filter:
This is the default table (if no -t option is passed). It contains the built-in
chains
INPUT (for packets destined to local sockets), FORWARD (for packets being routed

through the box), and OUTPUT (for locally-generated packets).
10.2.2 nat:
This table is consulted when a packet that creates a new connection is
encountered. It consists of three built-ins: PREROUTING (for altering packets as
soon
as they come in), OUTPUT (for altering locally-generated packets before routing)
, and
POSTROUTING (for altering packets as they are about to go out).
10.2.3 Mangle:
This table is used for specialized packet alteration. Until kernel 2.4.17 it had
two
built-in chains: PREROUTING (for altering incoming packets before routing) and
OUTPUT (for altering locally-generated packets before routing). Since kernel 2.4
.18,
three other built-in chains are also supported: INPUT (for packets coming into t
he box
itself), FORWARD (for altering packets being routed through the box), and
POSTROUTING (for altering packets as they are about to go out).
55
10.2.4 Raw:
This table is used mainly for configuring exemptions from connection tracking in

combination with the NOTRACK target. It registers at the netfilter hooks with hi
gher
priority and is thus called before ip_conntrack, or any other IP tables. It prov
ides the
following built-in chains: PREROUTING (for packets arriving via any network inte
rface)
OUTPUT (for packets generated by local processes)
10.3 ROLE IN THIS PROJECT:
10.3.1 Packet Filtering
Traffic moves through a network in packets. A network packet is collection of da
ta
in a specific size and format. In order to transmit a file over a network, the s
ending
computer must first break the file into packets using the rules of the network p
rotocol.
Each of these packets holds a small part of the file data. Upon receiving the
transmission, the target computer reassembles the packets into the file.
Every packet contains information which helps it navigate the network and move
toward its destination. The packet can tell computers along the way, as well as
the
destination machine, where it came from, where it is going, and what type of pac
ket it is,
among other things. Most packets are designed to carry data, although some proto
cols
use packets in special ways. For example, the Transmission Control Protocol (TCP
)
uses a SYN packet, which contains no data, to initiate communication between two

systems.
The Linux kernel contains the built-in ability to filter packets, allowing some
of
them into the system while stopping others. The 2.4 kernel's netfilter has three
built-in
tables or rules lists. They are as follows:
Filter this is the default table for handling network packets.
56
Nat this table used to alter packets that create a new connection.
Mangle this table is used for specific types of packet alteration.
Each of these tables in turn have a group of built-in chains which correspond to

the actions performed on the packet by the netfilter.
The built-in chains for the filter table are as follows:
INPUT This chain applies to packets received via a network interface.
OUTPUT This chain applies to packets sent out via the same network interface whi
ch
received the packets.
FORWARD This chain applies to packets received on one network interface and sent

out on another.
The built-in chains for the nat table are as follows:
PREROUTING This chain alters packets received via a network interface when they
arrive.
OUTPUT This chain alters locally-generated packets before they are routed via a
network interface.
POSTROUTING This chain alters packets before they are sent out via a network
interface.
The built-in chains for the mangle table are as follows:
57
PREROUTING This chain alters packets received via a network interface before the
y
are routed.
OUTPUT this chain alters locally-generated packets before they are routed via a
network interface.
11. CODING:
AUTO IP:
dialog --title "" --backtitle "by varun and omveer" --pause "Loading AUTO-IP
CONFIGURATOR TUI..." 10 60 2
sh /grras/wel
DHCP CONF:
dialog --colors --title "DHCP CONFIGURATION" --backtitle "varun n omveer" --form
"\Z7
enter valid IP values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask"
3 4
"255.255.255.0" 3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end
" 7
4 "192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp
$
tmp=$?
subnet=`head -1 /tmp/dhcp$$`
netmask=`head -2 /tmp/dhcp$$ | tail -1`
s_range=`head -3 /tmp/dhcp$$ | tail -1`
e_range=`head -4 /tmp/dhcp$$ | tail -1`
g_way=`head -5 /tmp/dhcp$$ | tail -1`
case $tmp in
0)
echo "ddns-update-style interim;
ignore client-updates;
subnet $subnet netmask $netmask {
58
# --- default gateway
option routers $g_way;
option subnet-mask $netmask;
# option nis-domain "domain.org";
# option domain-name "domain.org";
# option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp $s_range $e_range;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
}" > /etc/dhcpd.conf
ser=$?
if [ $ser = "0" ]
then
service dhcpd restart
chkconfig dhcpd on
sh /grras/menu;
else
dialog --pause "Error Occured TRY AGAIN" 20 20 3
sh /grras/menu;
fi
;;
1)
sh /grras/dhcpmenu
;;
*)
clear
esac
DHCP EDIT:
dialog --colors --title "DHCP EDIT" --backtitle "varun n omveer" --form "\Z7 ent
er valid IP
values" 18 40 10 "Subnet" 1 4 "192.168.1.0" 1 12 20 16 "Netmask" 3 4 "255.255.25
5.0"
3 12 20 16 "Range_start" 5 4 "198.168.1.2" 5 16 16 16 "Range_end" 7 4
"192.168.1.254" 7 16 16 16 "Gateway" 9 4 "192.168.1.1" 9 16 16 16 2> /tmp/dhcp$$

tmp=$?
subnet=`head -1 /tmp/dhcp$$`
netmask=`head -2 /tmp/dhcp$$ | tail -1`
s_range=`head -3 /tmp/dhcp$$ | tail -1`
e_range=`head -4 /tmp/dhcp$$ | tail -1`
g_way=`head -5 /tmp/dhcp$$ | tail -1`
case $tmp in
0)
echo "ddns-update-style interim;
ignore client-updates;
subnet $subnet netmask $netmask {
# --- default gateway
option routers $g_way;
option subnet-mask $netmask;
# option nis-domain "domain.org";
60
#
option domain-name "domain.org";
#
option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
#
option ntp-servers 192.168.1.1;
#
option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#
option netbios-node-type 2;
range dynamic-bootp $s_range $e_range;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
}" > /etc/dhcpd.conf
ser=$?
if [ $ser = "0" ]
then
service dhcpd restart
chkconfig dhcpd on
sh /grras/menu
else
dialog --pause "Error Occured TRY AGAIN" 20 20 3
fi
;;
1)
sh /grras/dhcpmenu
;;
*)
clear
echo "error $?"
;;
esac
DHCP MENU:
dialog --colors --title "DHCP" --backtitle "\Z7Do you want to make new configura
tion or
edit old configuration" --menu "select" 10 50 5 CONFIGURE "make new dhcp setting
"
EDIT "edit old dhcp setting" 2> /tmp/dhcpmenu$$.tmp
tmp=$?
opt=`cat /tmp/dhcpmenu$$.tmp`
case $tmp in
0)
if [ "$opt" = "CONFIGURE" ]
then
sh /grras/dhcpconf;
elif [ "$opt" = "EDIT" ]
then
sh /grras/dhcpedit;
fi
;;
*)
sh /grras/menu;
;;
esac
rm /tmp/dhcpmenu$$.tmp
INSTALL.sh:
rpm -ivh ./dhcp-3.0.5-7.el5.i386.rpm
rpm -ivh ./squid-2.6.STABLE6-4.el5.i386.rpm
rpm -ivh ./dialog-1.0.20051107-1.2.2.i386.rpm
62
rm -rf /grras
mkdir /grras
cp -rf ./* /grras
echo "PATH=$PATH:/grras" >> /root/.bashrc
echo "please re login"
LOGS :
cat /var/log/squid/access.log
MENU:
dialog --colors --title "SERVICES" --backtitle "\Z7 select a service you want to
configure"
--menu "Service List" 20 50 10 DHCP "configure and edit dhcp" PROXY "allow and
deny websites" MANAGE_USER "add or remove users" ROUTER "configure router"
LOGS "view logs" 2> /tmp/menu$$.tmp
run=$?
opt=`cat /tmp/menu$$.tmp`
case $run in
0)
if [ "$opt" = "DHCP" ]
then
sh /grras/dhcpmenu;
elif [ "$opt" = "PROXY" ]
then
sh /grras/proxymenu;
elif [ "$opt" = "ROUTER" ]
then
sh /grras/routermenu;
elif [ "$opt" = "MANAGE_USER" ]
then
63
sh /grras/usermenu;
elif [ "$opt" = "LOGS" ]
then
sh logs;
fi
;;
*)
clear
echo "
thankyou
";
;;
esac
rm -rf /tmp/menu$$.tmp
PASSWORD:
dialog --passwordbox "enter password" 10 30 2> /tmp/pas$$.tmp
tmp=$?
var=`cat /tmp/pas$$.tmp`
case $tmp in
0)
if [ "$var" = "redhat" ]
then
sh /grras/menu
else
dialog --pause "ACCESS DENIED" 10 50 1
sh /grras/passwrd
fi
;;
*)
clear
;;
esac
PLAN:
iptables -D INPUT -m mac --mac 88:88 -j ACCEPT; service iptable save; chconfig
iptables on
PROXY ADD:
dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name o
r ip" -inputbox
"Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp
tmp=$?
head=`cat /grras/count`
head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp
tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp
let hi=$head+2
var=`cat /tmp/file$$.tmp`
echo $hi > /grras/count
case $tmp in
0)
cat /tmp/head$$.tmp > /etc/squid/squid.conf
echo "acl grras$$ dst $var
http_access allow grras$$" >> /etc/squid/squid.conf
cat /tmp/tail$$.tmp >> /etc/squid/squid.conf
service squid restart &> /dev/null
sh /grras/proxymenu
;;
1)
sh proxymenu
;;
*)
clear
;;
esac
PROXY CONF:
cp -rf /grras/squid /etc/squid/squid.conf
chkconfig squid on
service squid restart &> /dev/null
ser=$?
if [ "$ser" = "0" ]
then
dialog --pause "PROXY CONFIGURED,THANKYOU" 10 30 2
echo "1805" > /grras/count;
sh /grras/proxymenu
else
dialog --pause "Sorry, Again configure" 10 30 2
sh /grras/proxymenu
fi
PROXY MENU:
dialog --colors --title "\Z1PROXY" --backtitle "varun n omveer" --menu "To add/r
emove
sites" 20 40 5 CONF "to configure proxy" ADD "add site to proxy" REMOVE "remove
site from proxy" 2> /tmp/pxm$$.tmp
66
tmp=$?
opt=`cat /tmp/pxm$$.tmp`
case $tmp in
0)
if [ "$opt" = "ADD" ]
then
sh /grras/proxyadd;
elif [ "$opt" = "REMOVE" ]
then
sh /grras/proxyremove;
elif [ "$opt" = "CONF" ]
then
sh /grras/proxyconf;
fi
;;
*)
sh /grras/menu;
;;
esac
PROXY REMOVE:
dialog --colors --title "\Z1ADD PROXY" --backtitle "\Z7enter a valid site name o
r ip" -inputbox
"Enter the sites name or IP address" 10 110 2> /tmp/file$$.tmp
tmp=$?
head=`cat /grras/count`
head -2520 /etc/squid/squid.conf > /tmp/head$$.tmp
tail -$head /etc/squid/squid.conf> /tmp/tail$$.tmp
let hi=$head+2
var=`cat /tmp/file$$.tmp`
echo $hi > /grras/count
case $tmp in
0)
cat /tmp/head$$.tmp > /etc/squid/squid.conf
echo "acl grras$$ dst $var
http_access deny grras$$" >> /etc/squid/squid.conf
cat /tmp/tail$$.tmp >> /etc/squid/squid.conf
service squid restart &> /dev/null
sh /grras/proxymenu
;;
1)
sh proxymenu
;;
*)
clear
;;
esac
ROUTER MENU:
dialog --colors --title "ROUTER SETTING" --backtitle "VARUN" --menu "" 30 50 10
ROUTE "route IP packets to proxy" TRANSPARENT "enable transparent proxy" 2>
/tmp/r$$.tmp
opt=`cat /tmp/r$$.tmp`
tmp=$?
cp -f sysctl.conf /etc/sysctl.conf
sysctl -p
case $tmp in
0)
if [ "$opt" = "ROUTE" ]
then
dialog --title "ENTER YOUR IP" --backtitle "varun n omveer" --inputbox "" 30 50
2>
/tmp/ip$$.tmp
tmp=$?
ip=`cat /tmp/ip$$.tmp`
ifconfig eth0 $ip
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest $ip:3128
service iptable save
chkconfig iptables on
sh /grras/routermenu;
else
sh /grras/transmenu;
fi
;;
1)
sh /grras/menu
;;
esac
rm /tmp/r$$.tmp
rm /tmp/ip$$.tmp
TRANSPARENCY OFF:
head -72 /etc/squid/squid.conf > /tmp/sq$$
let rajat=`wc -l /etc/squid/squid.conf | cut --delimiter=" " -f1`-73
tail -$rajat /etc/squid/squid.conf > /tmp/sqd$$
cat /tmp/sq$$ > /etc/squid/squid.conf
echo "http_port 3128" >> /etc/squid/squid.conf
cat /tmp/sqd$$ >> /etc/squid/squid.conf
TRANSPARENCY ON:
head -72 /etc/squid/squid.conf > /tmp/sq$$
let rajat=`wc -l /etc/squid/squid.conf | cut --delimiter=" " -f1`-73
tail -$rajat /etc/squid/squid.conf > /tmp/sqd$$
cat /tmp/sq$$ > /etc/squid/squid.conf
echo "http_port 3128 transparent" >> /etc/squid/squid.conf
cat /tmp/sqd$$ >> /etc/squid/squid.conf
service squid restart
TRANSPARENCY MENU:
dialog --title "TRANSPARENT" --backtitle "varun n omi" --menu "Select" 20 70 10
ON "to
on proxy for clients (remotely)" OFF "to off proxy for client" 2> /tmp/trans$$
tmp=$?
opt=`cat /tmp/trans$$`
case $tmp in
0)
if [ "$opt" = "ON" ]
then
sh /grras/tranon
dialog --pause "TRANSPARENCY IS ON" 20 20 1
sh /grras/transmenu;
else
sh /grras/tranoff
dialog --pause "TRANSPARENCY IS OFF" 20 20 1
sh /grras/transmenu;
fi
;;
1)
sh /grras/menu;
;;
esac
70
USER ADD:
dialog --title "ADD USER" --backtitle "varun omveer" --form "user information" 2
0 50 5
"mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$
tmp=$?
opt=`cat /tmp/add$$`
mac=$opt
case $tmp in
0)
iptables -I INPUT -m mac --mac $mac -j ACCEPT
error=$?
if [ "$error" != "0" ]
then
dialog --pause " SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3
sh /grras/useradd
fi
service iptable save
chconfig iptables on
dialog --colors --no-shadow --title "\Z1PLANS" --backtitle "\Z2SECURE INTERNET"
-radiolist
"PERIODS" 10 110 5 1month "for one month" "" 2month "for two months" ""
3month "for three months" "" 4month "for four months" "" 6month " for six months
" ""
1year "for one year" "" 2> /tmp/file$$.tmp
var=`cat /tmp/file$$.tmp`
echo "iptables -D INPUT -m mac --mac $mac -j ACCEPT; service iptable save; chcon
fig
iptables on" > plan
at now+$var < plan
sh /grras/useradd
;;
1)
sh /grras/menu
;;
*)
71
clear
;;
esac
USER MENU:
dialog --title "MANAGE USERS" --backtitle "varun" --menu "Add or Remove a USER"
20
30 10 ADD "add a user" REMOVE "remove a user" 2> /tmp/user$$.tmp
tmp=$?
opt=`cat /tmp/user$$.tmp`
case $tmp in
0)
if [ "$opt" = "ADD" ]
then
sh /grras/useradd;
elif [ "$opt" = "REMOVE" ]
then
sh /grras/userrem;
fi
;;
*)
sh /grras/menu;
;;
esac
rm /tmp/user$$.tmp
USER REMOVE:
dialog --title " REMOVE USER" --backtitle "varun omveer" --form "user informatio
n" 20
50 5 "mac_add" 1 4 "" 1 12 30 30 2> /tmp/add$$
72
tmp=$?
opt=`cat /tmp/add$$`
mac=$opt
case $tmp in
0)
iptables -D INPUT -m mac --mac $mac -j ACCEPT
error=$?
if [ "$error" != "0" ]
then
dialog --pause " SORRY PLEASE ENTER RIGHT MAC ADDRESS" 10 60 3
sh /grras/useradd
fi
service iptable save
chconfig iptables on
;;
1)
sh /grras/menu
;;
*)
clear
;;
esac
WELCOME:
dialog --colors --title "\Z2 AUTO IP CONFIGURATOR" --backtitle "\Z7
WELCOME" --yesno "\Z5 Configure network" 10 100
tmp=$?
case $tmp in
0)
sh /grras/passwrd
;;
1)
dialog --pause " THANK YOU
....logging out TUI" 10 60 3
clear
;;
Esac
12. CONCLUSION
The conclusion can be made like this, the project AUTO-IP MANAGER
is useful on the administrator end .The project automatic configures the whole
procedure of assigning and implementation according to the requirement of users.

The project is using the dialog box utilities that makes it quite user friendly
and
easy to configure. Moreover the project plays a role of a highly secure mechanis
m in the
IP configuration and accessing the web, manually.
All the processes will be made on the server side thus the administrator has to
do
fewer efforts and the clients are having a much easier approach to gain the IP a
ddress
automatically and connect to the internet.
Thus this project, due to its easy and secure approach, can be used in any of th
e
lab. And live condition according to the load of work and requirements.
75
13. REFERENCES
WEBSITES:
www.linux.org
www.squid cache.org
www.google.com/linux/dhcp
www.linux-live.org/
www.amazon.com/Linux-Shell-Script-Programming-Meadors
BOOKS:
Fedora-Bible 2006(TMH).
Red hat Linux essentials.
Red hat Linux security specialists333.
77