Difference between revisions of "HoerupNet"
(→Network diagram) |
(→Network diagram) |
||
Line 7: | Line 7: | ||
graph network { | graph network { | ||
hoerup [label="hoerup \n192.168.12.0/24"] | hoerup [label="hoerup \n192.168.12.0/24"] | ||
− | amstrup [ | + | amstrup [label="amstrup \n192.168.2.0/24"] |
− | HSH [ | + | HSH [label="HSH \n192.168.8.0/24"] |
− | hoerup_microtik [ | + | hoerup_microtik [label="hoerup/microtik\n192.168.12.16"] |
− | hoerup -- amstrup | + | hoerup -- amstrup [label="openvpn"] |
− | hoerup -- HSH | + | hoerup -- HSH [label="openvpn"] |
− | amstrup -- HSH | + | amstrup -- HSH [label="openvpn"] |
hoerup -- hoerup_microtik | hoerup -- hoerup_microtik | ||
} | } |
Revision as of 11:20, 31 May 2017
Description of my personal network
Network diagram
Graph image creation requires permission to upload.
IP Address
The network uses the RFC1918 private IP range 192.168.10.0/24 All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address. The dynamic range is 192.168.10.30-100.
Host timon
Timon is the gateway and firewall for the network.
Timon runs the following services
- Firewall
- Homebuild iptables script with source / destination nat and forward filtering
- DNAT
- http->rafiki
- smtp->rafiki
- openvpn->rafiki
- (mldonkey ports)->rafiki
- 443->rafiki:22
VNC->pumba
- outgoing traffic is SNAT'ed
- Traffic shaping
- Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
- ISC DHCP Server
- Serves IP addresses as described above
- bind9 DNS server
- Caching DNS server, uses
ISP DNSOpenDNS for lookups - reverse lookup for 192.168.10.x and 192.168.20.x
- local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
- Caching DNS server, uses
- SSH server
- For remote admininistration (only available from internal network)
- TFTP
- Used For PXE installations.
- SNMP
- cron
- chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
- nullmailer
- forwarding local-generated mail to rafiki
- /etc/mailname:timon.t-hoerup.dk
- /etc/nullmailer/remotes:rafiki.t-hoerup.dk
Host Rafiki
Rafiki is the server
(VPN access is regarded as internal network access)
Unless specified otherwise the daemons listens on all network interfaces.
Rafiki runs
- SSH server
- Apache webserver
- With mod_php5, mod_dav_svn, mod_python, mod_proxy
- Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
- Hosts subversion repository
- Wiki
- Pastebin
- SQL webfrontends
- Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
- MySQL
- PostgreSQL
- Mldonkey for file download
- bittorrent
- donkey
- overnet
- basic HTTP
- Squid http proxy
- port 3128
- Non caching
- available to internal network only
- Proftpd
- File transfer - Only available to internal network (from outside scp/sftp should be used)
- Postfix SMTP MTA
- Dovecot IMAPd
- OpenVPN
- TUN / UDP based
- Listens on port 1494
- Uses subnet 192.168.20.0/24 for tunnels
- Full access to 192.168.10.0/24 available via vpn
- Smokeping
- App server: Sun Glassfish 2.1
- smsdaemon
- MRTG
- webalizer
- cron
- chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
- torben's crontab
- 05 */3 * * * /home/torben/bin/getmail-silent
- 05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
Access Point
- SSID: hoerup
- Encryption: WPA2-PSK
- Channel: 6