Difference between revisions of "HoerupNet"

From HoerupWiki
Jump to: navigation, search
(Host Rafiki)
 
(68 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Description documentation of my personal network
 
  
=Network diagram=
+
{{#tag:graphviz|
[[Image:hoerupnet.png]]
 
  
=IP Address=
+
graph network {
The network uses the RFC1918 private IP range 192.168.10.0/24
+
node [fontsize=12]
Theres no local DNS server, all hosts uses upstream ISP dns servers.
+
edge [fontsize = 12]
All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address.
 
The dynamic range is 192.168.10.30-100.
 
  
=Host timon=
+
hoerup [label="hoerup \n192.168.12.0/24"]
Timon is the gateway and firewall for the network.
+
hoerup_clients [label="hoerup clients \n192.168.20.0/24"]
 +
amstrup [label="amstrup \n192.168.2.0/24"]
 +
HSH [label="HSH \n192.168.8.0/24"]
 +
hoerup_microtik [label="hoerup/microtik\nlan=192.168.13.16\nsstp=dynamic" shape=box]
 +
hoerupit [label="hoerupit \n 192.168.23.0/24" ]
 +
it_microtik [label="it/microtik \n sstp=192.168.195.1\nlan=?" shape=box]
 +
it_mgmt [label="it/mgmt \n192.168.211.0/24"]
  
Timon runs the following services
 
* Firewall
 
**Homebuild iptables script with source / destination nat and forward filtering
 
**DNAT
 
***http->rafiki
 
***smtp->rafiki
 
***openvpn->rafiki
 
***(mldonkey ports)->rafiki
 
***443->rafiki:22
 
***VNC->pumba
 
**outgoing traffic is SNAT'ed
 
* DHCP Server
 
**Serves IP addresses as described above
 
*SSH server
 
**For remote admininistration (only available from internal network)
 
*TFTP
 
**Used For PXE installations.
 
*SNMP
 
*cron
 
**chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
 
*nullmailer
 
**for sending local-generated mail to rafiki
 
  
=Host Rafiki=
 
Rafiki is the server
 
  
(VPN access is regarded as internal network access)
 
  
Unless specified otherwise the daemons listens on all network interfaces.
+
hoerup -- amstrup [label="openvpn"]
 +
hoerup -- hoerup_clients [label="openvpn"]
 +
hoerup -- HSH [label="openvpn"]
 +
hoerup -- hoerupit [label="openvpn"]
  
Rafiki runs
+
amstrup -- HSH [label="openvpn"]
*SSH server
+
hoerup -- hoerup_microtik [label="lan/192.168.13 alias"]
* Apache webserver
+
hoerup_microtik -- it_microtik [label="sstp (masqeraded srcnat)"]
** With mod_php5, mod_dav_svn, mod_python, mod_proxy
+
it_microtik -- it_mgmt [label="lan"]
** Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
+
 
** Hosts subversion repository
+
 
** Is reverse proxy for those webservices that has their own http engine (such as mldonkey, and tomcat)
+
 
*MySQL
+
 
*PostgreSQL
+
 
*Mldonkey for file download
+
 
**bittorrent
+
 
**donkey
+
 
**overnet
+
  }|format="png"}}
**basic HTTP
 
*Squid http proxy
 
**port 3128
 
**Non caching
 
**available to internal network only
 
*Proftpd
 
**File transfer - Only available to internal network (from outside scp/sftp should be used)
 
*Postfix SMTP MTA
 
*Dovecot IMAPd
 
*OpenVPN
 
** TUN / UDP based
 
**Listens on port 1494
 
**Uses subnet 192.168.20.0/24 for tunnels
 
**Full access to 192.168.10.0/24 available via vpn
 
*Smokeping
 
*Apache Tomcat
 
*smsdaemon
 
*MRTG
 
*webalizer
 
*cron
 
**torben's crontab (not configured yet)
 
***05  */3    *  *  *  /home/torben/bin/getmail-silent
 
***05  05    *  *  * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
 

Latest revision as of 21:19, 9 August 2018

This is a graph with borders and nodes that may contain hyperlinks.