HoerupNet

From HoerupWiki
Jump to navigation Jump to search

Description of my personal network

Network diagram

Hoerupnet.png

The ImageMap extension is not installed.

IP Address

The network uses the RFC1918 private IP range 192.168.10.0/24 All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address. The dynamic range is 192.168.10.30-100.

Host timon

Timon is the gateway and firewall for the network.

Timon runs the following services

  • Firewall
    • Homebuild iptables script with source / destination nat and forward filtering
    • DNAT
      • http->rafiki
      • smtp->rafiki
      • openvpn->rafiki
      • (mldonkey ports)->rafiki
      • 443->rafiki:22
      • VNC->pumba
    • outgoing traffic is SNAT'ed
  • Traffic shaping
  • Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
  • ISC DHCP Server
    • Serves IP addresses as described above
  • bind9 DNS server
    • Caching DNS server, uses ISP DNS OpenDNS for lookups
    • reverse lookup for 192.168.10.x and 192.168.20.x
    • local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
  • SSH server
    • For remote admininistration (only available from internal network)
  • TFTP
    • Used For PXE installations.
  • SNMP
  • cron
    • chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
  • nullmailer
    • forwarding local-generated mail to rafiki
    • /etc/mailname:timon.t-hoerup.dk
    • /etc/nullmailer/remotes:rafiki.t-hoerup.dk

Host Rafiki

Rafiki is the server

(VPN access is regarded as internal network access)

Unless specified otherwise the daemons listens on all network interfaces.

Rafiki runs

  • SSH server
  • Apache webserver
    • With mod_php5, mod_dav_svn, mod_python, mod_proxy
    • Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
      • Hosts subversion repository
      • Wiki
      • Pastebin
      • SQL webfrontends
      • Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
  • MySQL
  • PostgreSQL
  • Mldonkey for file download
    • bittorrent
    • donkey
    • overnet
    • basic HTTP
  • Squid http proxy
    • port 3128
    • Non caching
    • available to internal network only
  • Proftpd
    • File transfer - Only available to internal network (from outside scp/sftp should be used)
  • Postfix SMTP MTA
  • Dovecot IMAPd
  • OpenVPN
    • TUN / UDP based
    • Listens on port 1494
    • Uses subnet 192.168.20.0/24 for tunnels
    • Full access to 192.168.10.0/24 available via vpn
  • Smokeping
  • App server: Sun Glassfish 2.1
  • smsdaemon
  • MRTG
  • webalizer
  • cron
    • chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
    • torben's crontab
      • 05 */3 * * * /home/torben/bin/getmail-silent
      • 05 05 * * * cp /var/spool/mail/torben /home/torben/Mail/inbox-backup

Access Point

  • SSID: hoerup
  • Encryption: WPA2-PSK
  • Channel: 6
Retrieved from "https://wiki.t-hoerup.dk/index.php?title=HoerupNet&oldid=11788"