Difference between revisions of "HoerupNet"

From HoerupWiki
Jump to navigation Jump to search
Line 27: Line 27:
  
 
</graphviz>
 
</graphviz>
 
=IP Address=
 
The network uses the RFC1918 private IP range 192.168.10.0/24
 
All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address.
 
The dynamic range is 192.168.10.30-100.
 
 
=Host timon=
 
Timon is the gateway and firewall for the network.
 
 
Timon runs the following services
 
* Firewall
 
**Homebuild iptables script with source / destination nat and forward filtering
 
**DNAT
 
***http->rafiki
 
***smtp->rafiki
 
***openvpn->rafiki
 
***(mldonkey ports)->rafiki
 
***443->rafiki:22
 
***<strike>VNC->pumba</strike>
 
**outgoing traffic is SNAT'ed
 
*Traffic shaping
 
*Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
 
*ISC DHCP Server
 
**Serves IP addresses as described above
 
*bind9 DNS server
 
**Caching DNS server, uses <strike>ISP DNS</strike> OpenDNS for lookups
 
**reverse lookup for 192.168.10.x and 192.168.20.x
 
**local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
 
*SSH server
 
**For remote admininistration (only available from internal network)
 
*TFTP
 
**Used For PXE installations.
 
*SNMP
 
*cron
 
**chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
 
*nullmailer
 
**forwarding local-generated mail to rafiki
 
**/etc/mailname:timon.t-hoerup.dk
 
**/etc/nullmailer/remotes:rafiki.t-hoerup.dk
 
 
=Host Rafiki=
 
Rafiki is the server
 
 
(VPN access is regarded as internal network access)
 
 
Unless specified otherwise the daemons listens on all network interfaces.
 
 
Rafiki runs
 
*SSH server
 
* Apache webserver
 
** With mod_php5, mod_dav_svn, mod_python, mod_proxy
 
** Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
 
*** Hosts subversion repository
 
***Wiki
 
***Pastebin
 
***SQL webfrontends
 
***Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
 
*MySQL
 
*PostgreSQL
 
*Mldonkey for file download
 
**bittorrent
 
**donkey
 
**overnet
 
**basic HTTP
 
*Squid http proxy
 
**port 3128
 
**Non caching
 
**available to internal network only
 
*Proftpd
 
**File transfer - Only available to internal network (from outside scp/sftp should be used)
 
*Postfix SMTP MTA
 
*Dovecot IMAPd
 
*OpenVPN
 
** TUN / UDP based
 
**Listens on port 1494
 
**Uses subnet 192.168.20.0/24 for tunnels
 
**Full access to 192.168.10.0/24 available via vpn
 
*Smokeping
 
*App server: Sun Glassfish 2.1
 
*smsdaemon
 
*MRTG
 
*webalizer
 
*cron
 
**chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
 
**torben's crontab
 
***05  */3    *  *  *  /home/torben/bin/getmail-silent
 
***05  05    *  *  *  cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
 
 
=Access Point=
 
*SSID: hoerup
 
*Encryption: WPA2-PSK
 
*Channel: 6
 

Revision as of 11:26, 31 May 2017

Description of my personal network

Network diagram

The ImageMap extension is not installed.

Retrieved from "https://wiki.t-hoerup.dk/index.php?title=HoerupNet&oldid=11799"