https://wiki.skullspace.ca/api.php?action=feedcontributions&feedformat=atom&user=Sean SkullSpace Wiki - User contributions [en] 2026-05-05T15:35:26Z User contributions MediaWiki 1.32.2 https://wiki.skullspace.ca/index.php?title=Networking&diff=4927 Networking 2020-03-15T15:59:49Z <p>Sean: /* Network hardware */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2960g +-------+ |<br /> | | 172.30.6.2 (ge24)| | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).&lt;/strike&gt;<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] old graphical shell service on [[vmsrv]] (to be retired)<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Sean's pihole<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 tftp server for [[IPXE boot option]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) static LAN (no DHCP, reserve here)<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 available<br /> **172.30.8.3 available<br /> **172.30.8.4 [[whonix.skull.space]] ssh login portal for TCP forwarding (port 1887 on whonix.skull.space forwarded to 172.30.8.4:22)<br /> **172.30.8.5 [[outbound commercial vpn]]<br /> <br /> <br /> *10.2.0.0/24 [[whonix.skull.space]] gateway WAN side on [[vmsrv]]<br /> **10.2.0.1 [[vmsrv]]<br /> **10.2.0.15 [[whonix.skull.space]] gateway<br /> <br /> *10.152.152.0/24 [[whonix.skull.space]] LAN side behind Whonix gateway (isolated network virbr2 on [[vmsrv]]<br /> **10.152.152.10 Whonix gateway, a full KVM vm on [[vmsrv]], acts as gateway/default route and nameserver<br /> **10.152.152.51 Whonix ssh login portal for TCP port forwarding (also present as 172.30.8.4)<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | tmp.skullspace.ca<br /> | Temporary address<br /> | Open to anyone<br /> | <br /> | Check before use, use briefly. Example use, migration of skullspace.ca website on [[skullhost]] when [[vmsrv]] is being serviced.<br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | (domain name pending)<br /> | For handling migration of skullspace websites by way of DNS<br /> | Mark Jenkins &lt;mark@parit.ca&gt; <br /> | Ubuntu 18.04 vm hosted on [[sksp-virt3-1]]<br /> | Website hosting, on separate physical host from vmsrv.skullspace.ca<br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | lab.intarweb.ca<br /> | lab.intarweb.ca<br /> | sean AT tinfoilhat.ca <br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.249<br /> | lab.intarweb.ca <br /> | lab.intarweb.ca <br /> | sean AT tinfoilhat.ca <br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.250<br /> | lab.intarweb.ca<br /> | lab.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | tmp.intarweb.ca<br /> | tmp.intarweb.ca Temporary rsync issues test.<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Main_Page&diff=4920 Main Page 2020-02-26T05:33:50Z <p>Sean: /* What is SkullSpace? */</p> <hr /> <div>(Back to [http://skullspace.ca Skullspace.ca])<br /> <br /> '''''EDITING''''' - if you want to edit this wiki, you'll need an account to be created by the [[Wikigods]]<br /> <br /> ==What is [http://www.skullspace.ca SkullSpace]?==<br /> SkullSpace is a [http://hackerspaces.org hackerspace] in Winnipeg. It is a place for hackers, builders, programmers, artists and anybody interested in how stuff works to gather in a common place and help focus and share their knowledge and creativity. Whether members are interested in individual or group projects, and whether they're tackling hardware, software, mathematical, design or any other problems, it's our goal to provide the space, tools, freedom, and education to make it happen.<br /> <br /> Our physical presence is 2500 sq. ft. of space on the 2nd floor of 374 Donald Street, right across from the Burton Cummings Theatre in the heart of the Exchange District.<br /> <br /> Our legal entity is a non-profit corporation within the province of Manitoba. We have a member-elected Board of Directors who also act as Officers consisting of:<br /> <br /> * Chris Johnson<br /> * Kyle Martin<br /> * Mark Campbell<br /> * Michael Kozakewich<br /> * Nate Wild<br /> <br /> All Directors can be reached by email at firstname.lastname @ skullspace.ca.<br /> Actually, Thor can be reached without his last name, because his first is just that powerful.<br /> <br /> In practice our membership operates as a collective, with members being as involved as much as they want to be in the decision making process. See our [[Bylaws]] for more information.<br /> <br /> Also see our [[Press]] coverage.<br /> <br /> If you're still unsure what SkullSpace is about, KQED has published a great [http://www.youtube.com/watch?v=wamwklXWK4M short video] on what hackerspaces offer to the community.<br /> <br /> ==Visiting SkullSpace==<br /> <br /> We are located on the second floor of 374 Donald Street in Winnipeg. ([https://www.google.com/maps/place/374+Donald+St/@49.8960111,-97.144483,17z/data=!3m1!4b1!4m2!3m1!1s0x52ea715dcf0040b3:0x83cc84d524e1bcfb Google Maps link])<br /> <br /> Meetings, which are open to the public, happen every Tuesday at 6pm. You can browse our previous [[Meeting notes]] archive to stay updated on what we discuss. '''Non-members are welcome to drop in'''!<br /> <br /> We also have a variety of events during the week and weekends - see our [[Community_Events|Calendar]] for a complete listing!<br /> <br /> ==Contact us/Connect with SkullSpace==<br /> We have lots of ways to get in touch us!<br /> <br /> The best way to stay informed is by joining our [[Mailing List|mailing lists]]. We have two primary lists - announce@ and discuss@. All members and people interested should join announce@ - it's low traffic, with only a couple emails a week about our important events. If you're more interested in the community, join discuss@, which is high volume. Instructions are on the [[Mailing List]] wiki page.<br /> <br /> Our primary social media outlet is our [https://twitter.com/SkullSpaceWpg/ Twitter] page. You can also find SkullSpace on [https://www.facebook.com/SkullSpaceWpg Facebook].<br /> <br /> The other online place where you can find us is in our [irc://irc.freenode.net/#SkullSpace irc channel], #SkullSpace on irc.freenode.net. You'll find constant traffic/discussion there. Freenode also offers a webchat client [https://webchat.freenode.net/?channels=%23skullspace&amp;uio=d4 here].<br /> <br /> SkullSpace also has a [http://www.meetup.com/Skullspace-Winnipegs-hackerspace/ Meetup] page and a [https://secure.flickr.com/photos/skullspace Flickr] page.<br /> <br /> ==How do I join?==<br /> Easy! First you should show some interest showing up either online or physically as discussed above. If you like what you see, browse the [[:Category:Required Reading]] category on the wiki, which is the information that every member should know.<br /> <br /> Once you've done that, you can apply to become a member! Our membership dues are pay-what-you-can, with a minimum cost of $40/month ($20/month if you're a student). This gets you 24/7 access to the space along with everything else listed on the [[Member Benefits]] page. To apply, fill out the [[Media:Membership Agreement.doc|membership agreement]] and, if you choose, [[Media:SkullSpace PAD.pdf|pre-authorized debit form]]. Bring those forms (and a void cheque if you'd like to use pre-authorized debit) to a Tuesday meeting, if you can; otherwise, email info at skullspace.ca to make other arrangements.<br /> <br /> Your name will be emailed to the announce@ mailing list, and if nobody objects to your membership after two weeks you'll be handed a key.<br /> <br /> ==Can I host events at your space?==<br /> The short answer: Absolutely!<br /> <br /> If you're hosting an event at the space, you'll need to coordinate with at least one SkullSpace member, for access. We generally don't give keys to non-members. Of course, becoming a member is easy, so you can simply become a member and have full access! See above for info!<br /> <br /> As early as possible, the event needs to be put in the [[Community Events|calendar]] and emailed to the discuss@ mailing list (discuss at skullspace.ca). If it's open to the public, you may also advertise it on the announce@ mailing list, both when it's planned and again shortly before the event as a reminder.<br /> <br /> We request that all events at the space be open to SkullSpace members, as the space belongs to us. We also request that you solicit donations for non-members who use our space. We currently don't charge to use our space, but if it becomes popular, and we don't make enough donations to be worth our while, we may start charging non-members.<br /> <br /> ==Important Links==<br /> ===Community===<br /> * [http://www.skullspace.ca/blog/ Blog]<br /> * [[Mailing List]]<br /> * [irc://irc.freenode.net/#SkullSpace #SkullSpace on irc.freenode.net] (or visit [http://webchat.freenode.net/?channels=SkullSpace Freenode Webchat])<br /> * [[Community_Events|Community events Calendar]]<br /> * [[Members]]<br /> <br /> ===Social networking===<br /> * [https://www.facebook.com/pages/SkullSpace/127670240630811 SkullSpace] (Facebook)<br /> * [https://twitter.com/SkullSpaceWpg/ @SkullSpaceWpg] (Twitter)<br /> * [http://vimeo.com/skullspace Videos] (Vimeo)<br /> * [http://www.skullspace.ca/wiki/index.php/Flickr Photos] (Flickr)<br /> * [https://github.com/skullspace Code] (GitHub)<br /> * [http://www.meetup.com/Skullspace-Winnipegs-hackerspace/ Events Calendar] (Meetup)<br /> * [http://www.strava.com/clubs/skullSpace Trip/Fitness Tracking] (Strava)<br /> * [http://plug.dj/skullspace/ Web Radio] (Plug.DJ)<br /> * [https://www.fundscrip.com/ Giftcard Fundraising] (Invitation code: SS5BMZ)<br /> * [https://trello.com/b/YhudmLje/eventstrikeforce Event Planning and Organization] (Trello; Invite required)<br /> * [http://steamcommunity.com/groups/skullspace Gaming] (Steam)<br /> <br /> ===Projects===<br /> * [[Wishlist]]<br /> * [[:category:Renovations|Renovations]] - (currently none are planned)<br /> * [[Parts Database]]<br /> * [[Game Collection]]<br /> * [[:Category:Projects|More...]]<br /> <br /> ===Miscellaneous Resources===<br /> * [[MemberAgreement|Member Agreement]]<br /> * [[Member Benefits]]<br /> * [[Cleaning]]<br /> * [[Equipment]]<br /> * [[:Category:Required Reading|Required Reading]]<br /> * [[Networking]]<br /> * [[Too cool for Skullspace]]<br /> * [[IPXE boot option]]<br /> * [[:Category:Archives|Archived Wiki Documents]]<br /> <br /> ===Pages for Members===<br /> * [[Meeting notes]]<br /> * [[Strikeforces]]<br /> * [[Wiki_Tips_and_Tricks]]<br /> <br /> == Recent Changes==<br /> <br /> {{Special:RecentChanges}}<br /> <br /> ==Sandbox==<br /> Want to play with wiki markup? Play in the [[sandbox]].<br /> <br /> [[Category: Required Reading]]<br /> [[Category: Wiki]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4918 Networking 2020-02-19T00:59:57Z <p>Sean: /* IP Usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2960g +-------+ |<br /> | | 172.30.6.2 (ge24)| | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] old graphical shell service on [[vmsrv]] (to be retired)<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Sean's pihole<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 tftp server for [[IPXE boot option]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) static LAN (no DHCP, reserve here)<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 available<br /> **172.30.8.3 available<br /> **172.30.8.4 [[whonix.skull.space]] ssh login portal for TCP forwarding (port 1887 on whonix.skull.space forwarded to 172.30.8.4:22)<br /> **172.30.8.5 [[outbound commercial vpn]]<br /> <br /> <br /> *10.2.0.0/24 [[whonix.skull.space]] gateway WAN side on [[vmsrv]]<br /> **10.2.0.1 [[vmsrv]]<br /> **10.2.0.15 [[whonix.skull.space]] gateway<br /> <br /> *10.152.152.0/24 [[whonix.skull.space]] LAN side behind Whonix gateway (isolated network virbr2 on [[vmsrv]]<br /> **10.152.152.10 Whonix gateway, a full KVM vm on [[vmsrv]], acts as gateway/default route and nameserver<br /> **10.152.152.51 Whonix ssh login portal for TCP port forwarding (also present as 172.30.8.4)<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | tmp.skullspace.ca<br /> | Temporary address<br /> | Open to anyone<br /> | <br /> | Check before use, use briefly. Example use, migration of skullspace.ca website on [[skullhost]] when [[vmsrv]] is being serviced.<br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | tmpskspproxy.parit.ca<br /> | Temporary, proxies some traffic for https://parit.ca<br /> | Mark Jenkins &lt;mark@markjenkins.ca&gt; <br /> | Ubuntu 16.04 vm hosted on [[vmsrv]]<br /> | Will some TCP proxying on ports used by vmsrv host OS<br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | lab.intarweb.ca<br /> | lab.intarweb.ca<br /> | sean AT tinfoilhat.ca <br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.249<br /> | lab.intarweb.ca <br /> | lab.intarweb.ca <br /> | sean AT tinfoilhat.ca <br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.250<br /> | lab.intarweb.ca<br /> | lab.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | tmp.intarweb.ca<br /> | tmp.intarweb.ca Temporary rsync issues test.<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4866 Networking 2019-04-30T22:50:41Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2960g +-------+ |<br /> | | 172.30.6.2 (ge24)| | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 tftp server for [[IPXE boot option]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | tmp.skullspace.ca<br /> | Temporary address<br /> | Open to anyone<br /> | <br /> | Check before use, use briefly. Example use, migration of skullspace.ca website on [[skullhost]] when [[vmsrv]] is being serviced.<br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | tmpskspproxy.parit.ca<br /> | Temporary, proxies some traffic for https://parit.ca<br /> | Mark Jenkins &lt;mark@markjenkins.ca&gt; <br /> | Ubuntu 16.04 vm hosted on [[vmsrv]]<br /> | Will some TCP proxying on ports used by vmsrv host OS<br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | lab.intarweb.ca<br /> | lab.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | tmp.intarweb.ca<br /> | tmp.intarweb.ca Temporary rsync issues test.<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody<br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4820 Networking 2018-08-15T03:11:27Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2960g +-------+ |<br /> | | 172.30.6.2 (ge24)| | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | ips.intarweb.ca<br /> | ips.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4819 Networking 2018-08-15T03:10:46Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2950g +-------+ |<br /> | | 172.30.6.2 (ge24)| | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | ips.intarweb.ca<br /> | ips.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4818 Networking 2018-08-15T03:09:43Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> ge1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2950g +-------+ |<br /> | | 172.30.6.2 (ge24)| ge24 | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | Cisco 2960g +------+ Rest of Internal |<br /> | | | 172.30.6.3 | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31 [[sksp-virt3|sksp-virt3-mgr]]<br /> *172.30.6.32 [[sksp-virt3|sksp-virt3-1]]<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | irc.skull.space (not set up yet)<br /> | IRC server - /knock #admin<br /> | Abuse: alexwebr@gmail.com or mark@parit.ca (not owned by Alex/Mark though) <br /> | members &amp; the public<br /> | Running an ircd - not easy to proxy to a private address<br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | ips.intarweb.ca<br /> | ips.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4800 Networking 2018-04-14T16:00:13Z <p>Sean: /* IP Usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | fa20 +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> fa1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2850 +-------+ |<br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | | | | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | Temporarily in use by Mark, to host edit.solidarityeconomy.us<br /> | Mark Jenkins mark@markjenkins.ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | ips.intarweb.ca<br /> | ips.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | intarweb.ca<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Sean Cody<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4799 Networking 2018-04-14T15:58:30Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | fa20 +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> fa1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2850 +-------+ |<br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | | | | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | Temporarily in use by Mark, to host edit.solidarityeconomy.us<br /> | Mark Jenkins mark@markjenkins.ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | | TBD<br /> | ips.intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4798 Networking 2018-04-14T15:57:26Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | fa20 +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> fa1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2850 +-------+ |<br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | | | | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.14 (new, ask Alex W about this) UniFI AP Controller - VM on vmsrv.skullspace.ca<br /> *172.30.6.15 esx.intarweb.ca<br /> *172.30.6.16 ips.intarweb.ca<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | mail.skull.space<br /> | [[SkullMail]] email forwarding service<br /> | mark AT markjenkins DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | nessus.skullspace.ca<br /> | SkullSpace Nessus scanner <br /> | alexwebr at gmail dot com<br /> | <br /> | If it shared an IP with other infrastructure, tools like Fail2Ban could block more than intended<br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.237<br /> | broot.ca <br /> | Personal webserver, Git, DNS, mail<br /> | Alex Weber &lt;alexwebr@gmail.com&gt;<br /> | Nothing. Can be moved elsewhere if we need IP space back.<br /> | Makes life easier if it has its own IP. If Sksp infrastructure needs an IP, this can go.<br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | library.skullspace.ca<br /> | The Evergreen server for the (experimental) SkullSpace library<br /> | Alex (alexwebr@gmail.com)<br /> | SkullSpace<br /> | Uses Websockets, and Websockets need a legitimate SSL certificate? <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | Temporarily in use by Mark, to host edit.solidarityeconomy.us<br /> | Mark Jenkins mark@markjenkins.ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4367 Networking 2016-05-12T06:38:40Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+<br /> | |<br /> | The Tubes |<br /> | On The Roof |<br /> | |<br /> +-- ------+---------+<br /> |<br /> |<br /> +-- ------+-----------+<br /> | LES.net |<br /> | |<br /> | 208.81.6.224/27 |<br /> +----+----------------+<br /> |<br /> |<br /> | fa20 +---------------------+<br /> +-------------+---------+ | Skullspace+Router |<br /> fa1+19 | Skullspace+External | ether1| RB450G |<br /> +----------+ Cisco 2850 +-------+ |<br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 |<br /> | +----------------------++ | 172.30.6.1 |<br /> | | +---------------------+<br /> +---------+-----------+ | |ether2<br /> | | | |<br /> | Rest of External | | |<br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 208.81.6.224/27 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | | | | | INTERNAL/LAN |<br /> +---------------------+ +---+-------+-------+---+ | 172.30.6.0/24 |<br /> | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | |<br /> +------+------+ +------+------+ +------+------+<br /> | WAP+A | | WAP+B | | WAP+C |<br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |<br /> | | | | | |<br /> +-------------+ +-------------+ +-------------+<br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4366 Networking 2016-05-12T06:35:12Z <p>Sean: /* VOI IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> &lt;s&gt;B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;/s&gt;&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.38 Jarred's VM on [[vmsrv]]<br /> *172.30.6.39 Ben's VM on [[vmsrv]]<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | vmsrv.skullspace.ca<br /> | Virtual Machine Server [[vmsrv]]<br /> | mark AT markjenkins DOT ca<br /> | VM server open to all members.<br /> | Running an http proxy to allow this one IP address to host many web servers, and doing TCP port forwarding to allow many different virtual servers to share this one IP address<br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | shell.skull.space<br /> | [[shell.skull.space]]<br /> | mark AT markjenkins DOT ca<br /> | Shell accounts for all members.<br /> | Being able to bind to port 22 vs having some other port forwarded by vmsrv.skullspace.ca will make this much easier to get users for. Plus, Mak has brought with him a many users from his own system where he used to have his own users with shell accounts. They're already used to port 22 and a different hostname pointing here. Leaving that alone will help keep them. That old system was taking up it's own IP address anyway.<br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | loki.madcowlabs.com<br /> | [[loki.madcowlabs.com]]<br /> | cotto at ieee point org<br /> | Chris's Server <br /> | Experimental development project server<br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | amsler.ca<br /> | Production Appserver / Personal Webspace<br /> | edwinguy_gmail<br /> | Skullspace LAN<br /> | Edwin Amsler<br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> &lt;strike&gt;<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | <br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> &lt;/strike&gt;<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4317 Networking 2016-01-03T06:24:20Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> IPv4<br /> Allocation 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> IPv6<br /> Allocation 2605:e200:c212::/48<br /> 2605:e200:c201:2::4 Gateway<br /> DNS1: 2605:e200:53:2::<br /> <br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4316 Networking 2016-01-03T06:20:36Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | porting AT les DOT net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4308 Networking 2015-12-30T00:15:25Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | ripe.skullspace.ca<br /> | RIPE Probe <br /> | colin AT insecure DASH complexity DOT ca<br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4307 Networking 2015-11-15T04:35:51Z <p>Sean: /* VOI IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> |<br /> | <br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4291 Networking 2015-10-26T04:58:22Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.81.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4290 Networking 2015-10-26T04:05:50Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.2 (fa23)| fa21 | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> *172.30.6.41 Mark's test router<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | Mark's test router <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4285 Networking 2015-09-15T22:51:19Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.3 (fa23)| fa21 | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> &lt;pre&gt;<br /> LES allocated 208.81.6.224/27 (255.255.255.224).<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> &lt;/pre&gt;<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4284 Networking 2015-09-15T22:44:40Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | port1 <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | port2 | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | port3(SKSP) <br /> | | | ether3 <br /> | fa20 | fa24 +-----+---------------+ <br /> +---------+-------+-----+ | Skullspace+Router | <br /> fa1-19 | Skullspace+External | ether1| RB450G | <br /> +----------+ Cisco 2850 +-------+ 206.220.196.50 | <br /> | | 172.30.6.3 (fa23)| fa21 | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +---------+-----------+ <br /> +---------+-----------+ | |ether2 <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +---------+-------------+ +------------------+<br /> | | +--------+ Skullspace+Internal | | |<br /> | 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4283 Networking 2015-09-15T22:25:29Z <p>Sean: /* Internet feeds */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2850 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)&lt;br&gt;<br /> B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4282 Networking 2015-09-15T18:33:17Z <p>Sean: /* Internet feeds */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2850 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).&lt;BR&gt;<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4281 Networking 2015-09-15T18:32:17Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | | +------+ CPE/Router | <br /> | 208.81.6.224/27 | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2850 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4280 Networking 2015-09-15T18:28:14Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2850 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4279 Networking 2015-09-15T18:17:47Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | ns1.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4278 Networking 2015-09-15T18:14:23Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.224<br /> | TBD<br /> | LES.net Network<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | dns.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4277 Networking 2015-09-15T18:13:42Z <p>Sean: /* LES IP Delegation */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | dns.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.230<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.231<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.232<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.233<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.234<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.235<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.236<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.237<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.238<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.239<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.240<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.241<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.242<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.243<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.244<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.245<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.246<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.247<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.248<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.249<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.250<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.251<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.252<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |-<br /> | 208.81.6.254<br /> | <br /> | <br /> | <br /> | <br /> | <br /> |-<br /> |-<br /> | 208.81.6.255<br /> | TBD<br /> | LES.net Broadcast<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |}<br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4276 Networking 2015-09-15T18:09:39Z <p>Sean: </p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> == IP Usage ==<br /> <br /> === LES IP Delegation ===<br /> LES allocated 208.81.6.224/27.<br /> 208.81.6.225 Gateway<br /> 208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.<br /> DNS1: 208.81.7.10<br /> DNS2: 208.81.7.14<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 208.81.6.225<br /> | TBD<br /> | LES.net Gateway<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.226<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.227<br /> | TBD<br /> | LES.net RESERVED<br /> | LES.net<br /> | all machines<br /> | required by network design<br /> |-<br /> |-<br /> | 208.81.6.228<br /> | TBD<br /> | Skullspace Router<br /> | it AT skullspace.ca<br /> | Skullspace LAN<br /> | <br /> |-<br /> |-<br /> | 208.81.6.229<br /> | TBD<br /> | dns.skullspace.ca<br /> | it AT skullspace.ca<br /> | Skullspace DNS<br /> | <br /> |-<br /> |-<br /> | 208.81.6.253<br /> | TBD<br /> | intarweb.ca<br /> | sean AT tinfoilhat.ca<br /> | Skullspace LAN<br /> | Sean Cody <br /> |-<br /> |}<br /> <br /> <br /> === VOI IP Delegation ===<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | it@skullspace.ca<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4275 Networking 2015-09-15T18:00:21Z <p>Sean: /* Internet feeds */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> A: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> B: Internet from LES.net (wifi-based Ubiquity)<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4274 Networking 2015-09-15T17:59:39Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +-------------------+ <br /> | | <br /> | The Tubes | <br /> | On The Roof | <br /> | | <br /> +--+--------------+-+ <br /> | | <br /> | | <br /> +-------------------+-+ +-+-------------------+ <br /> | LES.net | | VOI | <br /> | 208.81.6.224/27 | +------+ CPE/Router | <br /> | | | | 206.220.196.49 | <br /> +-----------------+---+ | +------------+--------+ <br /> | | | <br /> | | | <br /> | | +--------+------------+ <br /> +---------+-------+-----+ | Skullspace-Router | <br /> | Skullspace-External | | RB450G | <br /> +----------+ Cisco 2950 +----+ 206.220.196.50 | <br /> | | 172.30.6.3 | | 208.61.6.228 | <br /> | +----------------------++ | 172.30.6.1 | <br /> | | +--------+------------+ <br /> +---------+-----------+ | | <br /> | | | | <br /> | Rest of External | | | <br /> | PUBLIC/LAN | | +--------+--------------+ +------------------+<br /> | | +-----+ Skullspace-Internal | | |<br /> | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |<br /> | 206.220.193.64/29 | | | | INTERNAL/LAN |<br /> | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |<br /> +---------------------+ | | | | |<br /> +--------+ | +--------+ +------------------+<br /> | | | <br /> +------+------+ +------+------+ +------+------+ <br /> | WAP-A | | WAP-B | | WAP-C | <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | | | | | | <br /> +-------------+ +-------------+ +-------------+ <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4272 Networking 2015-08-10T15:37:54Z <p>Sean: /* VOI IP usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4271 Networking 2015-08-10T15:37:14Z <p>Sean: /* VOI IP usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4270 Networking 2015-08-10T15:36:34Z <p>Sean: </p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> -<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4269 Networking 2015-08-10T15:35:30Z <p>Sean: /* VOI IP usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> [http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4268 Networking 2015-08-10T15:33:07Z <p>Sean: /* VOI IP usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.34 Jay Bots (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> *172.30.8.0/24 Virtual Machine Server ([[vmsrv]]) LAN<br /> **172.30.8.1 [[vmsrv]]<br /> **172.30.8.2 Mark private ubuntu vpn<br /> **172.30.8.3 Mark private project ubuntu (Container on [[vmsrv]])<br /> <br /> *10.50.31.0/24 TheLEDSign LAN<br /> **10.50.31.16 The Sign<br /> **10.50.31.17 The controlling container ([[vmsrv]])<br /> *10.50.32.0/30 Mark project private Point to Point link LAN<br /> <br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | Mark<br /> | temporary use<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)<br /> | 2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4167 Networking 2015-03-26T03:58:55Z <p>Sean: /* Stupid-High Level Diagram */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4166 Networking 2015-03-26T03:29:49Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> **172.30.6.245 - sean VPN IP (sean cody)<br /> **172.30.6.247 - cchilds VPN IP<br /> **172.30.6.248 - jordansamulaitis VPN IP<br /> **172.30.6.249 - gygar VPN IP<br /> **172.30.6.250 - nwild VPN IP<br /> **172.30.6.251 - cstanners-router VPN IP<br /> **172.30.6.252 - odin VPN IP<br /> **172.30.6.254 - cstanners VPN IP<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4165 Networking 2015-03-26T02:38:56Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4164 Networking 2015-03-26T02:38:47Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC =0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4163 Networking 2015-03-26T02:38:36Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC -=0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 UniFI AP Controller (Container on [[vmsrv]])<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4162 Networking 2015-03-26T02:21:07Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE<br /> *172.30.6.11 WAP-B (UniFI AP Management IP) - MAC -=0418D64E8AED<br /> *172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4158 Networking 2015-03-26T00:56:12Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.13 intarweb.ca (Sean's server, inside interface)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4157 Networking 2015-03-26T00:55:29Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 Micro-tik Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4156 Networking 2015-03-26T00:55:11Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 SkullSpace-Router<br /> *&lt;strike&gt;192.168.1.9 noel, alex's linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.10 kyle, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.11 stefen, a linux container on [[vmsrv]]&lt;/strike&gt;<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4155 Networking 2015-03-26T00:54:41Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 SkullSpace-Router<br /> *&lt;strike&gt;192.168.1.9&lt;/strike&gt; noel, alex's linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.10&lt;/strike&gt; kyle, a linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.11&lt;/strike&gt; stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *&lt;strike&gt;192.168.1.15 Cisco 2950 switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4154 Networking 2015-03-26T00:54:13Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 SkullSpace-Router<br /> *&lt;strike&gt;192.168.1.9&lt;/strike&gt; noel, alex's linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.10&lt;/strike&gt; kyle, a linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.11&lt;/strike&gt; stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *192.168.1.15 Cisco 2950 switch<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4153 Networking 2015-03-26T00:53:44Z <p>Sean: /* Internal IP usage */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *&lt;strike&gt;192.168.1.1&lt;/strike&gt; main Linksys/Netgear router<br /> *&lt;strike&gt;192.168.1.9&lt;/strike&gt; noel, alex's linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.10&lt;/strike&gt; kyle, a linux container on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.11&lt;/strike&gt; stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *192.168.1.15 Cisco 2950 switch<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.17 Cisco 4924 Switch-1 (main)&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.18 Cisco 4924 Switch-2&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.22 DES-3224&lt;/strike&gt;<br /> *192.168.1.26 [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.27 Who took this and didn't document?&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.31 not in use, but don't use&lt;/strike&gt;<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *&lt;strike&gt;192.168.1.33 iscsi server on [[vmsrv]]&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.34-35 Kenny servers&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex&lt;/strike&gt;<br /> *192.168.1.37 Ben's server<br /> *&lt;strike&gt;192.168.1.38 [[Driftnet]] laptop&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.39 open for use&lt;/strike&gt;<br /> *&lt;strike&gt;192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.&lt;/strike&gt;<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4152 Networking 2015-03-26T00:39:58Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 main Linksys/Netgear router<br /> *192.168.1.9 noel, alex's linux container on [[vmsrv]]<br /> *192.168.1.10 kyle, a linux container on [[vmsrv]]<br /> *192.168.1.11 stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *192.168.1.15 Cisco 2950 switch<br /> *&lt;strike&gt;192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *192.168.1.17 Cisco 4924 Switch-1 (main)<br /> *192.168.1.18 Cisco 4924 Switch-2<br /> *192.168.1.22 DES-3224<br /> *192.168.1.26 [[vmsrv]]<br /> *192.168.1.27 Who took this and didn't document?<br /> *192.168.1.31 not in use, but don't use<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *192.168.1.33 iscsi server on [[vmsrv]]<br /> *192.168.1.34-35 Kenny servers<br /> *192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex<br /> *192.168.1.37 Ben's server<br /> *192.168.1.38 [[Driftnet]] laptop<br /> *192.168.1.39 open for use<br /> *192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4151 Networking 2015-03-26T00:39:34Z <p>Sean: /* Legacy IPs */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 main Linksys/Netgear router<br /> *192.168.1.9 noel, alex's linux container on [[vmsrv]]<br /> *192.168.1.10 kyle, a linux container on [[vmsrv]]<br /> *192.168.1.11 stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *192.168.1.15 Cisco 2950 switch<br /> &lt;strike&gt;*192.168.1.16 Netgear GS108T workshop switch&lt;/strike&gt;<br /> *192.168.1.17 Cisco 4924 Switch-1 (main)<br /> *192.168.1.18 Cisco 4924 Switch-2<br /> *192.168.1.22 DES-3224<br /> *192.168.1.26 [[vmsrv]]<br /> *192.168.1.27 Who took this and didn't document?<br /> *192.168.1.31 not in use, but don't use<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *192.168.1.33 iscsi server on [[vmsrv]]<br /> *192.168.1.34-35 Kenny servers<br /> *192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex<br /> *192.168.1.37 Ben's server<br /> *192.168.1.38 [[Driftnet]] laptop<br /> *192.168.1.39 open for use<br /> *192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean https://wiki.skullspace.ca/index.php?title=Networking&diff=4150 Networking 2015-03-26T00:38:58Z <p>Sean: /* Current 172.30/16 */</p> <hr /> <div>*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down<br /> *Also see [[IT Policies]]<br /> *We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.<br /> *this page is finally being updated for Sksp2, old page is at [[Networking/Old]]<br /> <br /> <br /> <br /> == High-level description ==<br /> &lt;strike&gt;The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.&lt;/strike&gt;<br /> <br /> == Stupid-High Level Diagram ==<br /> &lt;pre&gt;<br /> +---------------------+ <br /> | The Internet | <br /> | External CPE/Router | <br /> | 206.220.196.49 | +--------------------+<br /> +---------^-----------+ | |<br /> | | dns.skullspace.ca |<br /> +-----------v-----------+ | 206.220.196.53 |<br /> | 206.220.194.90/30 | +--^-----------------+<br /> | Skullspace+Router &lt;---------------+ | <br /> | 172.30.6.1 172.30.7.1 | | | <br /> +-----------^-----------+ | | <br /> Trunk Port | | | <br /> +--------------------+ +----------v----------+ +----------v-----v----+ <br /> | | | | | | <br /> | Rest of the &lt;----------&gt; Skullspace+Internal &lt;-----&gt; Skullspace+External | <br /> | Internal LAN | | 172.30.6.2 | | 172.30.6.3 | <br /> | | +------^----^----^----+ +----------^----------+ <br /> +--------------------+ | | | | <br /> Trunk Ports | | | +-----v--------------+ <br /> | | | | | <br /> | | | | Rest of the | <br /> +-----------+ | +-----------+ | External/PUBLIC | <br /> | | | | LAN | <br /> | | | | | <br /> | | | +--------------------+ <br /> | | | <br /> +-------v-----+ +------v------+ +------v------+ <br /> | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | <br /> | WAP+A | | WAP+B | | WAP+C | <br /> | 172.30.7.10 | | 172.30.7.11 | | 172.30.7.12 | <br /> +------+------+ +-------------+ +------+------+ <br /> | | <br /> +------+------+ +------+-----+ <br /> | 172.30.7.X | | 172.30.7.Y | <br /> | client+X | | client+Y | <br /> | | | | <br /> +-------------+ +------------+ <br /> <br /> &lt;/pre&gt;<br /> Built using ASCIIFlow - http://http://asciiflow.com/<br /> <br /> == Internet feeds ==<br /> Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).<br /> <br /> == Network hardware ==<br /> *Mikrotik Routerboard 450G as main router<br /> *&lt;strike&gt;Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.&lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:A0) as the main switch, by default everything connects here. &lt;/strike&gt;<br /> *&lt;strike&gt;A 3Com 4924 (:??) a spare switch. &lt;/strike&gt;<br /> *&lt;strike&gt;2 D-Link DWL-810+ bridges. &lt;/strike&gt;<br /> *Netgear GS108T as the lounge switch.<br /> *&lt;strike&gt;D-Link DWL-7100AP AP. &lt;/strike&gt;<br /> *&lt;strike&gt;D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username &quot;D-Link&quot;).<br /> *&lt;strike&gt;A Belkin F5D8236 wireless-N router as spare &lt;/strike&gt;<br /> *&lt;strike&gt;3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. &lt;/strike&gt;<br /> *&lt;strike&gt;Belkin F5D5141-5 switch. &lt;/strike&gt;<br /> *Cisco 2950 switches #1 and #2.<br /> *Mikrotik RB750 (small white box) VOI's router<br /> *&lt;strike&gt;Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. &lt;/strike&gt;<br /> <br /> == Wiring ==<br /> Runs<br /> A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.<br /> C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.<br /> E+F+G: from rack to area behind rear black desk.<br /> <br /> <br /> == Tasks ==<br /> *terminate ethernet lines correctly in a panel once we're sure server room is stable<br /> *label networking equipment (IPs etc) and servers, update this page for the latter<br /> *put read-only and full-access passwords on devices<br /> <br /> == Wireless Networks ==<br /> skullspace = main SSID, usual password<br /> &lt;strike&gt;skullspace_rear: linksys G router in the server rack, as a backup.&lt;/strike&gt;<br /> <br /> <br /> New IP Ranges<br /> *172.30.4.x = testing/reserved for later use<br /> *172.30.5.x = half Security/Management network half VPNs<br /> *172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254<br /> *172.30.7.x = CTF Network DHCP ??? router .1<br /> <br /> == Internal IP usage ==<br /> Check these<br /> === Legacy IPs ===<br /> *192.168.1.1 main Linksys/Netgear router<br /> *192.168.1.9 noel, alex's linux container on [[vmsrv]]<br /> *192.168.1.10 kyle, a linux container on [[vmsrv]]<br /> *192.168.1.11 stefen, a linux container on [[vmsrv]]<br /> *192.168.1.12 Samsung CLP-310N printer<br /> *192.168.1.15 Cisco 2950 switch<br /> *192.168.1.16 Netgear GS108T workshop switch<br /> *192.168.1.17 Cisco 4924 Switch-1 (main)<br /> *192.168.1.18 Cisco 4924 Switch-2<br /> *192.168.1.22 DES-3224<br /> *192.168.1.26 [[vmsrv]]<br /> *192.168.1.27 Who took this and didn't document?<br /> *192.168.1.31 not in use, but don't use<br /> *192.168.1.32 [[Skullhost]] on [[vmsrv]]<br /> *192.168.1.33 iscsi server on [[vmsrv]]<br /> *192.168.1.34-35 Kenny servers<br /> *192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex<br /> *192.168.1.37 Ben's server<br /> *192.168.1.38 [[Driftnet]] laptop<br /> *192.168.1.39 open for use<br /> *192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.<br /> <br /> === Current 172.30/16 ===<br /> *172.30.6.1 Micro-tik Router<br /> *172.30.6.2 SkullSpace-External (Cisco 2850 Switch)<br /> *172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)<br /> *172.30.6.10 WAP-A (UniFI AP Management IP)<br /> *172.30.6.11 WAP-B (UniFI AP Management IP)<br /> *172.30.6.12 WAP-C (UniFI AP Management IP)<br /> *172.30.6.16 Netgear GS108T<br /> <br /> *172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]<br /> *172.30.6.31-32 Mark's temporary project ips<br /> *172.30.6.33 Wifi config app host<br /> *172.30.6.40 [[vmsrv]]<br /> <br /> *172.30.6.50-53 Chris Otto Servers<br /> *172.30.6.100-240 Main router DHCP space<br /> *172.30.6.241-254 VPN IPs<br /> <br /> *172.30.7.1 Micro-tik Router (WIFI VLAN)<br /> <br /> == VOI IP usage ==<br /> VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.<br /> <br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! IP<br /> ! DNS<br /> ! Use<br /> ! Contact<br /> ! used by?<br /> ! reason for public IP and notes<br /> |-<br /> | 206.220.193.65<br /> | TBD<br /> | VOI router<br /> | VOI<br /> | all machines<br /> | required by network design<br /> |-<br /> | 206.220.193.66<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Mark temporary<br /> | mark@markjenkins.ca<br /> | Mark<br /> | temporary ipsec test<br /> |-<br /> | 206.220.193.67<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.68<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | <br /> | <br /> | <br /> | <br /> |-<br /> | 206.220.193.69<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Richard's Server<br /> | rjr point work at gmail<br /> | <br /> | development server, potentially Starbound server<br /> |-<br /> | 206.220.193.70<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Chris's Server<br /> | cotto at ieee point org<br /> | <br /> | development server, occasionally Terraria server<br /> |-<br /> | 206.220.196.49<br /> |<br /> {|<br /> |-<br /> | Fwd: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> | Rev: h49-skullspace.winnipeg.voinetworks.net.<br /> |-<br /> |}<br /> | VOI Mikrotik RB750? router<br /> | VOI Networks<br /> | now<br /> | required by network design<br /> |-<br /> | 206.220.196.50<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sksp Main Router<br /> | CStanners a gmail.com or Sksp admins<br /> | <br /> | <br /> |-<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 206.220.196.51]<br /> |[http://wiki.skullspace.ca/index.php?title=SKSP_DNS 2604:4280:1:c0de::53]<br /> {|<br /> |-<br /> | Fwd: ns1.skullspace.ca (Pending)<br /> |-<br /> | Rev: ns1.skullspace.ca (Pending)<br /> |-<br /> |}<br /> | [[SKSP DNS]]<br /> | it@skullspace.ca<br /> | 2014-10-08<br /> | Skullspace Primary DNS Server<br /> |-<br /> | 206.220.196.52<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.nepharia.org<br /> |-<br /> |}<br /> | Vobster Nepharia Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH &amp; IRC, and HTTP for Nepharia and its associated domains.<br /> |-<br /> | 206.220.196.53<br /> |<br /> {|<br /> |-<br /> | Fwd: &lt;several&gt;<br /> |-<br /> | Rev: mail.skullspace.ca<br /> |-<br /> |}<br /> | Vobster SkullSpace Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2012-02-17<br /> | Runs DNS, SMTP/IMAP, SSH &amp; IRC, and HTTP for SkullSpace.<br /> |-<br /> | 206.220.196.54<br /> |<br /> {|<br /> |-<br /> | Fwd: ctf.skullspace.ca<br /> |-<br /> | Rev: ctf.skullspace.ca<br /> |-<br /> |}<br /> | Vobster CTF Services<br /> | mak@kolybabi.com and dave@ysarro.com<br /> | 2013-04-09<br /> | Runs SSH-related services, for now.|<br /> |-<br /> | 206.220.196.55<br /> || <br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Edwin Amsler<br /> | edwinguy at gmail dot calm<br /> | 2015-02-23<br /> | <br /> |-<br /> | 206.220.196.56<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin / Jeremy FreeBSD server<br /> | phoul@insecure-complexity.com<br /> | 2013-10-01<br /> | <br /> |-<br /> | 206.220.196.57<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | [[vmsrv]]<br /> | mark@parit.ca<br /> | 2012-08-27<br /> | VM server open to all members, will run an http proxy to allow this one ip to host many web servers<br /> |-<br /> | 206.220.196.58<br /> | 2604:4280:1:c0de::314<br /> {|<br /> |-<br /> | Fwd: intarweb.ca<br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Sean's server.<br /> | sean _at_ tinfoilhat _dot_ ca<br /> | 2013-09-27<br /> | L2TP etc.<br /> |-<br /> | 206.220.196.59<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ron's server<br /> | ron @ skullsecurity.net<br /> | Now<br /> | Websites and stuff<br /> |-<br /> | 206.220.196.60<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Colin's project server<br /> | CStanners @ gmail<br /> | Occasional<br /> | IPv6, VPN services and testing<br /> |-<br /> | 206.220.196.61<br /> |<br /> {|<br /> |-<br /> | Fwd: <br /> |-<br /> | Rev: <br /> |-<br /> |}<br /> | Ben's server<br /> | ben@benbergman.ca<br /> | 2012-12-18<br /> | http/ssh/vpn/other<br /> |-<br /> | 206.220.196.62<br /> |<br /> {|<br /> |-<br /> | Fwd: dangerzone.skullspace.ca<br /> |-<br /> | Rev: dangerzone.skullspace.ca<br /> |-<br /> |}<br /> | The Danger Zone<br /> | ctfadmin@<br /> | 2012-06-01<br /> | The home of the SkullSpace Teaching CTF.<br /> |-<br /> |}<br /> <br /> == Access ==<br /> All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.<br /> <br /> [[Category:Space]]<br /> [[Category:Networking]]<br /> [[Category:Required Reading]]</div> Sean