|
|
| Line 27: |
Line 27: |
|
| |
|
| </graphviz> | | </graphviz> |
|
| |
| =IP Address=
| |
| The network uses the RFC1918 private IP range 192.168.10.0/24
| |
| All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address.
| |
| The dynamic range is 192.168.10.30-100.
| |
|
| |
| =Host timon=
| |
| Timon is the gateway and firewall for the network.
| |
|
| |
| Timon runs the following services
| |
| * Firewall
| |
| **Homebuild iptables script with source / destination nat and forward filtering
| |
| **DNAT
| |
| ***http->rafiki
| |
| ***smtp->rafiki
| |
| ***openvpn->rafiki
| |
| ***(mldonkey ports)->rafiki
| |
| ***443->rafiki:22
| |
| ***<strike>VNC->pumba</strike>
| |
| **outgoing traffic is SNAT'ed
| |
| *Traffic shaping
| |
| *Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
| |
| *ISC DHCP Server
| |
| **Serves IP addresses as described above
| |
| *bind9 DNS server
| |
| **Caching DNS server, uses <strike>ISP DNS</strike> OpenDNS for lookups
| |
| **reverse lookup for 192.168.10.x and 192.168.20.x
| |
| **local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
| |
| *SSH server
| |
| **For remote admininistration (only available from internal network)
| |
| *TFTP
| |
| **Used For PXE installations.
| |
| *SNMP
| |
| *cron
| |
| **chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
| |
| *nullmailer
| |
| **forwarding local-generated mail to rafiki
| |
| **/etc/mailname:timon.t-hoerup.dk
| |
| **/etc/nullmailer/remotes:rafiki.t-hoerup.dk
| |
|
| |
| =Host Rafiki=
| |
| Rafiki is the server
| |
|
| |
| (VPN access is regarded as internal network access)
| |
|
| |
| Unless specified otherwise the daemons listens on all network interfaces.
| |
|
| |
| Rafiki runs
| |
| *SSH server
| |
| * Apache webserver
| |
| ** With mod_php5, mod_dav_svn, mod_python, mod_proxy
| |
| ** Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
| |
| *** Hosts subversion repository
| |
| ***Wiki
| |
| ***Pastebin
| |
| ***SQL webfrontends
| |
| ***Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
| |
| *MySQL
| |
| *PostgreSQL
| |
| *Mldonkey for file download
| |
| **bittorrent
| |
| **donkey
| |
| **overnet
| |
| **basic HTTP
| |
| *Squid http proxy
| |
| **port 3128
| |
| **Non caching
| |
| **available to internal network only
| |
| *Proftpd
| |
| **File transfer - Only available to internal network (from outside scp/sftp should be used)
| |
| *Postfix SMTP MTA
| |
| *Dovecot IMAPd
| |
| *OpenVPN
| |
| ** TUN / UDP based
| |
| **Listens on port 1494
| |
| **Uses subnet 192.168.20.0/24 for tunnels
| |
| **Full access to 192.168.10.0/24 available via vpn
| |
| *Smokeping
| |
| *App server: Sun Glassfish 2.1
| |
| *smsdaemon
| |
| *MRTG
| |
| *webalizer
| |
| *cron
| |
| **chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
| |
| **torben's crontab
| |
| ***05 */3 * * * /home/torben/bin/getmail-silent
| |
| ***05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
| |
|
| |
| =Access Point=
| |
| *SSID: hoerup
| |
| *Encryption: WPA2-PSK
| |
| *Channel: 6
| |
Description of my personal network
Network diagram
The ImageMap extension is not installed.