|
|
(68 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
− | Description documentation of my personal network
| |
| | | |
− | =Network diagram=
| + | {{#tag:graphviz| |
− | [[Image:hoerupnet.png]]
| |
| | | |
− | =IP Address=
| + | graph network { |
− | The network uses the RFC1918 private IP range 192.168.10.0/24
| + | node [fontsize=12] |
− | Theres no local DNS server, all hosts uses upstream ISP dns servers.
| + | edge [fontsize = 12] |
− | All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address.
| |
− | The dynamic range is 192.168.10.30-100.
| |
| | | |
− | =Host timon= | + | hoerup [label="hoerup \n192.168.12.0/24"] |
− | Timon is the gateway and firewall for the network.
| + | hoerup_clients [label="hoerup clients \n192.168.20.0/24"] |
| + | amstrup [label="amstrup \n192.168.2.0/24"] |
| + | HSH [label="HSH \n192.168.8.0/24"] |
| + | hoerup_microtik [label="hoerup/microtik\nlan=192.168.13.16\nsstp=dynamic" shape=box] |
| + | hoerupit [label="hoerupit \n 192.168.23.0/24" ] |
| + | it_microtik [label="it/microtik \n sstp=192.168.195.1\nlan=?" shape=box] |
| + | it_mgmt [label="it/mgmt \n192.168.211.0/24"] |
| | | |
− | Timon runs the following services
| |
− | * Firewall
| |
− | **Homebuild iptables script with source / destination nat and forward filtering
| |
− | **DNAT
| |
− | ***http->rafiki
| |
− | ***smtp->rafiki
| |
− | ***openvpn->rafiki
| |
− | ***(mldonkey ports)->rafiki
| |
− | ***443->rafiki:22
| |
− | ***VNC->pumba
| |
− | **outgoing traffic is SNAT'ed
| |
− | * DHCP Server
| |
− | **Serves IP addresses as described above
| |
− | *SSH server
| |
− | **For remote admininistration (only available from internal network)
| |
− | *TFTP
| |
− | **Used For PXE installations.
| |
− | *SNMP
| |
− | *cron
| |
− | **chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
| |
− | *nullmailer
| |
− | **for sending local-generated mail to rafiki
| |
| | | |
− | =Host Rafiki=
| |
− | Rafiki is the server
| |
| | | |
− | (VPN access is regarded as internal network access)
| |
| | | |
− | Unless specified otherwise the daemons listens on all network interfaces.
| + | hoerup -- amstrup [label="openvpn"] |
| + | hoerup -- hoerup_clients [label="openvpn"] |
| + | hoerup -- HSH [label="openvpn"] |
| + | hoerup -- hoerupit [label="openvpn"] |
| | | |
− | Rafiki runs
| + | amstrup -- HSH [label="openvpn"] |
− | *SSH server
| + | hoerup -- hoerup_microtik [label="lan/192.168.13 alias"] |
− | * Apache webserver
| + | hoerup_microtik -- it_microtik [label="sstp (masqeraded srcnat)"] |
− | ** With mod_php5, mod_dav_svn, mod_python, mod_proxy
| + | it_microtik -- it_mgmt [label="lan"] |
− | ** Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
| + | |
− | ** Hosts subversion repository
| + | |
− | ** Is reverse proxy for those webservices that has their own http engine (such as mldonkey, and tomcat)
| + | |
− | *MySQL
| + | |
− | *PostgreSQL
| + | |
− | *Mldonkey for file download
| + | |
− | **bittorrent
| + | |
− | **donkey
| + | |
− | **overnet
| + | }|format="png"}} |
− | **basic HTTP
| |
− | *Squid http proxy
| |
− | **port 3128
| |
− | **Non caching
| |
− | **available to internal network only
| |
− | *Proftpd
| |
− | **File transfer - Only available to internal network (from outside scp/sftp should be used)
| |
− | *Postfix SMTP MTA
| |
− | *Dovecot IMAPd
| |
− | *OpenVPN
| |
− | ** TUN / UDP based
| |
− | **Listens on port 1494
| |
− | **Uses subnet 192.168.20.0/24 for tunnels
| |
− | **Full access to 192.168.10.0/24 available via vpn
| |
− | *Smokeping
| |
− | *Apache Tomcat
| |
− | *smsdaemon
| |
− | *MRTG
| |
− | *webalizer
| |
− | *cron
| |
− | **torben's crontab (not configured yet)
| |
− | ***05 */3 * * * /home/torben/bin/getmail-silent
| |
− | ***05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
| |