Difference between revisions of "HoerupNet"

From HoerupWiki
Jump to: navigation, search
(Network diagram)
(Network diagram)
Line 7: Line 7:
 
graph network {
 
graph network {
 
hoerup [label="hoerup \n192.168.12.0/24"]
 
hoerup [label="hoerup \n192.168.12.0/24"]
amstrup [192.168.2.0/24]
+
amstrup [label="amstrup \n192.168.2.0/24"]
HSH [192.168.8.0/24]
+
HSH [label="HSH \n192.168.8.0/24"]
hoerup_microtik [192.168.12.16]
+
hoerup_microtik [label="hoerup/microtik\n192.168.12.16"]
  
hoerup -- amstrup
+
hoerup -- amstrup [label="openvpn"]
hoerup -- HSH
+
hoerup -- HSH [label="openvpn"]
amstrup -- HSH
+
amstrup -- HSH [label="openvpn"]
 
hoerup -- hoerup_microtik
 
hoerup -- hoerup_microtik
 
}
 
}

Revision as of 11:20, 31 May 2017

Description of my personal network

Network diagram

Graph image creation requires permission to upload.

IP Address

The network uses the RFC1918 private IP range 192.168.10.0/24 All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address. The dynamic range is 192.168.10.30-100.

Host timon

Timon is the gateway and firewall for the network.

Timon runs the following services

  • Firewall
    • Homebuild iptables script with source / destination nat and forward filtering
    • DNAT
      • http->rafiki
      • smtp->rafiki
      • openvpn->rafiki
      • (mldonkey ports)->rafiki
      • 443->rafiki:22
      • VNC->pumba
    • outgoing traffic is SNAT'ed
  • Traffic shaping
  • Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
  • ISC DHCP Server
    • Serves IP addresses as described above
  • bind9 DNS server
    • Caching DNS server, uses ISP DNS OpenDNS for lookups
    • reverse lookup for 192.168.10.x and 192.168.20.x
    • local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
  • SSH server
    • For remote admininistration (only available from internal network)
  • TFTP
    • Used For PXE installations.
  • SNMP
  • cron
    • chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
  • nullmailer
    • forwarding local-generated mail to rafiki
    • /etc/mailname:timon.t-hoerup.dk
    • /etc/nullmailer/remotes:rafiki.t-hoerup.dk

Host Rafiki

Rafiki is the server

(VPN access is regarded as internal network access)

Unless specified otherwise the daemons listens on all network interfaces.

Rafiki runs

  • SSH server
  • Apache webserver
    • With mod_php5, mod_dav_svn, mod_python, mod_proxy
    • Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
      • Hosts subversion repository
      • Wiki
      • Pastebin
      • SQL webfrontends
      • Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
  • MySQL
  • PostgreSQL
  • Mldonkey for file download
    • bittorrent
    • donkey
    • overnet
    • basic HTTP
  • Squid http proxy
    • port 3128
    • Non caching
    • available to internal network only
  • Proftpd
    • File transfer - Only available to internal network (from outside scp/sftp should be used)
  • Postfix SMTP MTA
  • Dovecot IMAPd
  • OpenVPN
    • TUN / UDP based
    • Listens on port 1494
    • Uses subnet 192.168.20.0/24 for tunnels
    • Full access to 192.168.10.0/24 available via vpn
  • Smokeping
  • App server: Sun Glassfish 2.1
  • smsdaemon
  • MRTG
  • webalizer
  • cron
    • chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
    • torben's crontab
      • 05 */3 * * * /home/torben/bin/getmail-silent
      • 05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup

Access Point

  • SSID: hoerup
  • Encryption: WPA2-PSK
  • Channel: 6