A Simple Network Project
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
The DHCP Server for Ubuntu with PFsense Firewall is a project designed to provide efficient and reliable dynamic IP address allocation within your network infrastructure. This system combines the power and flexibility of Ubuntu Server, a widely used Linux distribution, with the robust security features of PFsense, a popular open-source firewall.
The primary purpose of this project is to simplify the management and distribution of IP addresses within your network. The Dynamic Host Configuration Protocol (DHCP) server automates the process of assigning IP addresses, subnet masks, default gateways, and other network configuration parameters to devices connected to your network. By automating this process, it eliminates the need for manual configuration on each individual device, saving time and reducing the potential for human error.
This project was built using the following components:
The DHCP server setup in this project includes the configuration of three separate LANs. Within one of these LANs, an IP block of 30.30.30.2 is allocated, the Ubuntu Server acts as the DHCP server, and a static IP address of 30.30.30.3 is assigned. PFsense firewall runs on IP address 10.10.10.2.
The purpose of this setup is to enable Ubuntu Server to distribute IP addresses from 30.30.30.3 range to devices connected to other LANs. With the implementation of this DHCP server solution, IP address allocation becomes automatic, eliminating the need for manual configuration on each device.
It is important to note that with this DHCP server setup, broadcasting from one LAN to another is not directly possible. A DHCP relay agent is used to facilitate the distribution of IP addresses over multiple LANs.
A DHCP relay agent, also known as a DHCP helper, is configured on routers or layer 3 switches that connect LANs. This agent receives DHCP broadcast messages from devices on a LAN and forwards them to the DHCP server located on Ubuntu Server's LAN (30.30.30.3). The DHCP server then responds with the appropriate IP address assignments, and the relay agent forwards these responses back to the requesting devices on their LANs.
To install the required files for the DHCP server and FTP, please enter the following commands into your terminal in Ubuntu-server:
- pip
sudo apt-get install isc-dhcp-server
sudo apt-get install vsftpd
Setting up the DHCP Server and FTP on Ubuntu Server requires downloads and installations.
-
Download VirtualBox
-
Download Ubuntu Server from the link below
https://ubuntu.com/server
-
Download Windows10 for VirtualBox
https://drive.google.com/file/d/1YKnn1bzbC_34oEX91Vxj5BB1GdmWW3tP
Note: Windows10 image is not provided anymore by Microsoft, you can download it from the link above.
-
Download PFSense for VirtualBox
https://www.pfsense.org/download/
-
Download Metasploitable for VirtualBox
https://sourceforge.net/projects/metasploitable/
-
Configure the RAM and GPU for the virtual machines.
That's it! You're now ready to start setting up your DHCP server.
Note: For Windows, you must give at least 2 GB of RAM for it to work properly.
Before we begin the setup of our DHCP and FTP server, we need to understand some terms.
A network consists of two or more computers connected together to share resources (such as printers and CDs), exchange files, or allow electronic communication. Computers in a network can be connected via cables, telephone lines, radio waves, satellites, or infrared light beams.
LAN (Local Area Network) refers to a group of devices connected within a specific physical location or network segment. It usually represents a single network infrastructure that allows devices to communicate directly with each other.
A subnet (subnet), on the other hand, is the division of a larger network into smaller logical networks. It enables better organization and management of IP addresses by grouping devices based on network requirements, security policies, or other factors.
Without proper routing between subnets, devices on one subnet cannot communicate directly with devices on the other subnet.
In our project 10.10.10.0/24 , 20.20.20.0/24 and 30.30.30.0/24 are the subnets of our LAN.
A Domain Name System (DNS) turns domain names into IP addresses that allow browsers to access websites and other internet resources. Every device on the Internet has an IP address that other devices can use to locate the device. Rather than memorizing a long list of IP addresses, people can simply enter the website name and DNS will get the IP address for them.
Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack. A typical flow over HTTP involves a client machine making a request to a server and the server then sending a response message.
IP address means internet protocol address; An identifying number associated with a particular computer or computer network. When connected to the Internet, the IP address allows computers to send and receive information. Every device has its own unique IP address. In this project we will use IPv4 which is the 32 bit IP address.
There are four different types of IP addresses: public, private, static, and dynamic. Public and private indicates the location of the network while static and dynamic indicates the permanency of the IP Address.
A static IP address is the one that is created manually and does not change over time. But, when establishing a network suppose you have 200 computers. You'd have to configure all the IP addresses, subnet-masks, and default gateway. And also these configurations differs from one operating system to another. Below you can see how static IP configurations are made on different operating systems.
Control Panel -> Network and Internet -> Network and Sharing Center
Note that default gateway should be PFSense in our case since we are using firewall (in our case 10.10.10.2)
/etc/netplan/00-installer-config.yaml
Broadcasting is a type of group communication in which a sender provides data to multiple receivers at the same time. This is a communication model where each sending device sends data to all other devices in the network area.
When your computer first connects to a Local Area Network (LAN), it does not have an IP address. It must connect to a Dynamic Host Configuration Protocol (DHCP) server to obtain an IP address. To do this, your computer must perform a broadcast to a private Broadcast IP address of 255.255.255.255; this essentially means that every machine on the LAN will receive your request for an IP address. The DHCP server will respond with an IP address to be assigned to your machine.
In our case we will specify the broadcast address of LAN's as 10.10.10.255, 20.20.20.255, 30.30.30.255 meaning that the machines on these subnets will broadcast for IP address
Metasploitable machine Broadcasting for getting IP
Refreshing networking service to get IP
/etc/init.d/networking restart
Metasploitable machine after getting its IP from DHCP Server
Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automate the process of configuring devices on IP networks. In this project, we will use DHCP relay on PFSense Firewall since broadcasting is done only within the subnet, we have to indicate the server machine as distributor so that the other machines can get their IP's.
A router is a device that connects two or more packet switched networks or subnets. Layer 3 switch's can also act as routers.
One of the primary jobs of a router is to assign IP addresses to the computers on a home network. The router has a “pool” of IP addresses that it keeps track of. When a computer connects to it and asks for an IP address, the router picks an IP address from the pool and assigns it to the computer. The router makes sure that two computers are not assigned the same IP address. This process of computers asking for an IP address from the router is called “dynamic” IP address assignment. It uses a network protocol called DHCP (Dynamic Host Configuration Protocol).
A network switch is a physical device that operates at the Data Link layer -- Layer 2 of the Open Systems Interconnect (OSI) model. It receives packets sent by devices connected to physical ports and forwards them to devices. intended to reach the packets. Switches can also operate at the Network Layer (Layer 3) where routing occurs. In summary, the switch forwards packets to the devices that the packets are intended to send and connects the local devices with the router.
Difference between switch and router.
A gateway is a node in a computer network that provides an important stopping point for data to or from other networks. In this project, gateways are 10.10.10.2, 20.20.20.2, and 30.30.30.2 which are the IP's of the LAN networks.
If we compare the router and the gateway in simple terms, a router is a type of gateway that focuses specifically on routing network traffic. However, the Gateway can also refer to other types of devices that act as entry points between networks, such as firewall gateways or proxy servers.
The term file transfer protocol (FTP) refers to a process that involves transferring files between devices over a network. The process works when one party allows the other to send or receive files over the Internet. In our project, Ubuntu Server (30.30.30.3) will be our FTP server where we upload or download files
Connecting via FTP to Ubuntu Server
Sending file through FTP
The Three-Way Handshake or TCP 3-way handshake is a process used to establish a connection between a server and a client in a TCP/IP network. It is a three-step process that requires both the client and server to exchange synchronization and acknowledgment packets before the actual data communication process begins.
TCP Handshake Scheme
After downloading all our virtual machines, we can now start setting up your DHCP server. The first thing we can do is connect the adapters. we will connect 3 Host-only adapters and one NAT network.
Virtual Adapters IP's 10.10.10.1, 20.20.20.1, 30.30.30.1
Adapters that are connected to PFSense Virtual Machine
Adapter 2 is connected to windows which has the IP of 10.10.10.1
Adapter 3 is connected to Metasploitable Machine which has the IP of 20.20.20.1
Adapter 4 is connected to Ubuntu Server Machine which has the IP of 30.30.30.1 , this will be our DHCP server
Now we need to configure the LAN interface on our PFSense machine, we have to set it to 10.10.10.2 because the adapter has 10.10.10.1
You can see the LAN interface as 10.10.10.2 the other LAN1 and SERVER is not configured yet
In order to access to PFSense interface on Web browser, now we can assign windows IP as 10.10.10.5 (5 can be different) and give default gateway as 10.10.10.2 to connect firewall. Note that subnet-mask must be 255.255.255.0 since the first 24 bits will remain constant
After opening 10.10.10.2 and connecting to our PFSense, (assuming you have completed the sign up operations) now we will add new interfaces for our other LAN's which are going to be 20.20.20.2 and 30.30.30.2 (LAN1 -> 20.20.20.2 , SERVER -> 30.30.30.2)
After setting up these LAN's you should see them running
After that you can write Rules to determine which packages will be allowed between these subnets.
For every LAN you will specify the source and destination if you want to allow every package just make the source as the interface name and destination any -> source: LAN1 net, destination: any
After writing policy check whether you can ping other LAN's or not since on default options you cannot ping another subnet, in this example 30.30.30.3, from 20.20.20.0/24 subnet
Configure Ubuntu Server's IP as static and give it 30.30.30.3 since 30.30.30.1 is adapter and 30.30.30.2 is the SERVER. To configure it's static ip refer to:
Ubuntu Server Static IP Configuration
After setting it's static IP check whether it'is set correctly, above is set correctly
At this point we can start configurating our DHCP server at Ubuntu Server. Refer to Prerequisites to download DHCP server and FTP server at the same time. FTP won't be explained detailed since it's not that hard to set it up
Now with your text editor open /etc/dhcp/dhcpd.conf (I am using nano)
Here you will indicate the DHCP configurations for each subnet. you can determine range, subnet-mask, routers, broadcast-address.
You should also write the name of the interface in /etc/default/isc-dhcp-server (enp0s3 in this case)
After these steps you should see your DHCP server as active and running after restarting it. You can see it with typing these commands into terminal
systemctl restart isc-dhcp-server systemctl status isc-dhcp-server
If not working it will seem as this:
If there's a syntax error etc. in your dhcpd.conf file you can use this command and debug it:
journalctl -xeLastly you have to ensure that you are using DHCP Relay since broadcasting is done within a subnet, you can not directly use DHCP to do that, from your windows open Firewall interface and configure it as below. Make sure you've checked the enable box
With this configurations, your DHCP server is set up now check whether a machine gets its IP dynamically while both Ubuntu Server and PFSense is running
Before getting IP
Restarting network to get the IP
After getting IP
And also now you can use your Ubuntu Server as Cloud and you can upload and download files via FTP and determine which LAN's will have access to this FTP server via Firewall
Distributed under the MIT License. See LICENSE.txt for more information.
Bayram Alper KILIÇ - @alperrkilic - [email protected]
Project Link: https://github.com/alperrkilic/DHCP-FTP-Server-with-PFSense
Here are some references I used to gather information and set up my DHCP server.