Difference between revisions of "HoerupNet"

From HoerupWiki
Jump to navigation Jump to search
Line 23: Line 23:
 
***443->rafiki:22
 
***443->rafiki:22
 
***VNC->pumba
 
***VNC->pumba
**internal network is SNAT'ed
+
**outgoing traffic is SNAT'ed
 
* DHCP Server
 
* DHCP Server
 
**Serves IP addresses as described above
 
**Serves IP addresses as described above

Revision as of 14:37, 3 November 2008

Description documentation of my personal network

Network diagram

Hoerupnet.png

IP Address

The network uses the RFC1918 private IP range 192.168.10.0/24 Theres no local DNS server, all hosts uses upstream ISP dns servers. All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address. The dynamic range is 192.168.10.30-100.

Host timon

Timon is the gateway and firewall for the network.

Timon runs the following services

  • Firewall
    • Homebuild iptables script with source / destination nat and forward filtering
    • DNAT
      • http->rafiki
      • smtp->rafiki
      • openvpn->rafiki
      • (mldonkey ports)->rafiki
      • 443->rafiki:22
      • VNC->pumba
    • outgoing traffic is SNAT'ed
  • DHCP Server
    • Serves IP addresses as described above
  • SSH server
    • For remote admininistration (only available from internal network)
  • TFTP
    • Used For PXE installations.
  • SNMP
    • (not configured yet)
  • cron
    • chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
  • postfix MTA
    • only for sending local-generated mail
    • listens on 127.0.0.1:25
    • Uses 'relayhost rafiki.t-hoerup.dk'

Host Rafiki

Rafiki is the server

(VPN access is regarded as internal network access)

Rafiki runs

  • SSH server
  • Apache webserver
    • With mod_php5, mod_dav_svn, mod_python, mod_proxy
    • Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
    • Hosts subversion repository
    • Is reverse proxy for those webservices that has their own http engine (such as mldonkey)
  • MySQL
  • PostgreSQL
  • Mldonkey for file download
    • bittorrent
    • donkey
    • overnet
    • basic HTTP
  • Squid http proxy
    • port 3128
    • Non caching
    • available to internal network only
  • Proftpd
    • File transfer - Only available to internal network (from outside scp/sftp should be used)
  • Postfix SMTP MTA
  • Dovecot IMAPd
  • OpenVPN
    • TUN / UDP based
    • Listens on port 1494
    • Uses subnet 192.168.20.0/24 for tunnels
    • Full access to 192.168.10.0/24 available via vpn
  • Smokeping (not reconfigured)
  • Apache Tomcat
  • smsdaemon
  • MRTG(not configured yet)
  • cron
    • torben's crontab (not configured yet)
      • 05 */3 * * * /home/torben/bin/getmail-silent
      • 05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
Retrieved from "https://wiki.t-hoerup.dk/index.php?title=HoerupNet&oldid=4305"