- Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
- Also see IT Policies
- We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
- this page is finally being updated for Sksp2, old page is at Networking/Old
High-level description
The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.
Stupid-High Level Diagram
+-------------------+
| |
| The Tubes |
| On The Roof |
| |
+--+--------------+-+
| |
| | port1
+-------------------+-+ +-+-------------------+
| LES.net | port2 | VOI |
| | +------+ CPE/Router |
| 208.81.6.224/27 | | | 206.220.196.49 |
+-----------------+---+ | +------------+--------+
| | | port3(SKSP)
| | | ether3
| fa20 | fa24 +-----+---------------+
+---------+-------+-----+ | Skullspace+Router |
fa1-19 | Skullspace+External | ether1| RB450G |
+----------+ Cisco 2850 +-------+ 206.220.196.50 |
| | 172.30.6.3 (fa23)| fa21 | 208.61.6.228 |
| +----------------------++ | 172.30.6.1 |
| | +---------+-----------+
+---------+-----------+ | |ether2
| | | |
| Rest of External | | |
| PUBLIC/LAN | | +---------+-------------+ +------------------+
| | +--------+ Skullspace+Internal | | |
| 206.220.196.48/28 | | 3+Com L2 Old Junk +------+ Rest of Internal |
| 206.220.193.64/29 | | | | INTERNAL/LAN |
| 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |
+---------------------+ | | | | |
+--------+ | +--------+ +------------------+
| | |
+------+------+ +------+------+ +------+------+
| WAP+A | | WAP+B | | WAP+C |
| 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |
| | | | | |
+-------------+ +-------------+ +-------------+
Built using ASCIIFlow - http://asciiflow.com/
Internet feeds
B: Internet from LES.net (wifi-based Ubiquity, tested 94.83mbit down, 96.22mbit up to Speedtest.net Winnipeg)
B: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).
Network hardware
- Mikrotik Routerboard 450G as main router
Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
A 3Com 4924 (:A0) as the main switch, by default everything connects here.
A 3Com 4924 (:??) a spare switch.
2 D-Link DWL-810+ bridges.
- Netgear GS108T as the lounge switch.
D-Link DWL-7100AP AP.
D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").
A Belkin F5D8236 wireless-N router as spare
3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.
Belkin F5D5141-5 switch.
- Cisco 2950 switches #1 and #2.
- Mikrotik RB750 (small white box) VOI's router
Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.
Wiring
Runs
A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.
C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.
E+F+G: from rack to area behind rear black desk.
Tasks
- terminate ethernet lines correctly in a panel once we're sure server room is stable
- label networking equipment (IPs etc) and servers, update this page for the latter
- put read-only and full-access passwords on devices
Wireless Networks
skullspace = main SSID, usual password
skullspace_rear: linksys G router in the server rack, as a backup.
New IP Ranges
- 172.30.4.x = testing/reserved for later use
- 172.30.5.x = half Security/Management network half VPNs
- 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
- 172.30.7.x = CTF Network DHCP ??? router .1
Internal IP usage
Check these
Legacy IPs
- 192.168.1.1 Micro-tik Router
192.168.1.9 noel, alex's linux container on vmsrv
192.168.1.10 kyle, a linux container on vmsrv
192.168.1.11 stefen, a linux container on vmsrv
- 192.168.1.12 Samsung CLP-310N printer
192.168.1.15 Cisco 2950 switch
192.168.1.16 Netgear GS108T workshop switch
192.168.1.17 Cisco 4924 Switch-1 (main)
192.168.1.18 Cisco 4924 Switch-2
192.168.1.22 DES-3224
- 192.168.1.26 vmsrv
192.168.1.27 Who took this and didn't document?
192.168.1.31 not in use, but don't use
- 192.168.1.32 Skullhost on vmsrv
192.168.1.33 iscsi server on vmsrv
192.168.1.34-35 Kenny servers
192.168.1.36 VPN server on vmsrv - contact Jay or Alex
- 192.168.1.37 Ben's server
192.168.1.38 Driftnet laptop
192.168.1.39 open for use
192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.
Current 172.30/16
- 172.30.6.1 Micro-tik Router
- 172.30.6.2 SkullSpace-External (Cisco 2850 Switch)
- 172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)
- 172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE
- 172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED
- 172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4
- 172.30.6.13 intarweb.ca (Sean's server, inside interface)
- 172.30.6.16 Netgear GS108T
- 172.30.6.30 latest Ubuntu graphical shell service on vmsrv
- 172.30.6.31-32 Mark's temporary project ips
- 172.30.6.33 UniFI AP Controller (Container on vmsrv)
- 172.30.6.34 Jay Bots (Container on vmsrv)
- 172.30.6.40 vmsrv
- 172.30.6.50-53 Chris Otto Servers
- 172.30.6.100-240 Main router DHCP space
- 172.30.6.241-254 VPN IPs
- 172.30.6.245 - sean VPN IP (sean cody)
- 172.30.6.247 - cchilds VPN IP
- 172.30.6.248 - jordansamulaitis VPN IP
- 172.30.6.249 - gygar VPN IP
- 172.30.6.250 - nwild VPN IP
- 172.30.6.251 - cstanners-router VPN IP
- 172.30.6.252 - odin VPN IP
- 172.30.6.254 - cstanners VPN IP
- 172.30.7.1 Micro-tik Router (WIFI VLAN)
- 172.30.8.0/24 Virtual Machine Server (vmsrv) LAN
- 172.30.8.1 vmsrv
- 172.30.8.2 Mark private ubuntu vpn
- 172.30.8.3 Mark private project ubuntu (Container on vmsrv)
- 10.50.31.0/24 TheLEDSign LAN
- 10.50.31.16 The Sign
- 10.50.31.17 The controlling container (vmsrv)
- 10.50.32.0/30 Mark project private Point to Point link LAN
IP Usage
LES IP Delegation
LES allocated 208.81.6.224/27.
208.81.6.225 Gateway
208.81.6.226, 208.81.6.227 RESERVED for LES.net usage.
DNS1: 208.81.7.10
DNS2: 208.81.7.14
IP
|
DNS
|
Use
|
Contact
|
used by?
|
reason for public IP and notes
|
208.81.6.224
|
TBD
|
LES.net Network
|
LES.net
|
all machines
|
required by network design
|
208.81.6.225
|
TBD
|
LES.net Gateway
|
LES.net
|
all machines
|
required by network design
|
208.81.6.226
|
TBD
|
LES.net RESERVED
|
LES.net
|
all machines
|
required by network design
|
208.81.6.227
|
TBD
|
LES.net RESERVED
|
LES.net
|
all machines
|
required by network design
|
208.81.6.228
|
TBD
|
Skullspace Router
|
it AT skullspace.ca
|
Skullspace LAN
|
|
208.81.6.229
|
TBD
|
ns1.skullspace.ca
|
it AT skullspace.ca
|
Skullspace DNS
|
|
208.81.6.230
|
|
|
|
|
|
208.81.6.231
|
|
|
|
|
|
208.81.6.232
|
|
|
|
|
|
208.81.6.233
|
|
|
|
|
|
208.81.6.234
|
|
|
|
|
|
208.81.6.235
|
|
|
|
|
|
208.81.6.236
|
|
|
|
|
|
208.81.6.237
|
|
|
|
|
|
208.81.6.238
|
|
|
|
|
|
208.81.6.239
|
|
|
|
|
|
208.81.6.240
|
|
|
|
|
|
208.81.6.241
|
|
|
|
|
|
208.81.6.242
|
|
|
|
|
|
208.81.6.243
|
|
|
|
|
|
208.81.6.244
|
|
|
|
|
|
208.81.6.245
|
|
|
|
|
|
208.81.6.246
|
|
|
|
|
|
208.81.6.247
|
|
|
|
|
|
208.81.6.248
|
|
|
|
|
|
208.81.6.249
|
|
|
|
|
|
208.81.6.250
|
|
|
|
|
|
208.81.6.251
|
|
|
|
|
|
208.81.6.252
|
|
|
|
|
|
208.81.6.253
|
TBD
|
intarweb.ca
|
sean AT tinfoilhat.ca
|
Skullspace LAN
|
Sean Cody
|
208.81.6.254
|
|
|
|
|
|
208.81.6.255
|
TBD
|
LES.net Broadcast
|
LES.net
|
all machines
|
required by network design
|
VOI IP Delegation
VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.
IP
|
DNS
|
Use
|
Contact
|
used by?
|
reason for public IP and notes
|
206.220.193.65
|
TBD
|
VOI router
|
VOI
|
all machines
|
required by network design
|
206.220.193.66
|
|
|
|
Mark
|
temporary use
|
206.220.193.67
|
|
|
|
|
|
206.220.193.68
|
|
|
|
|
|
206.220.193.69
|
|
Richard's Server
|
rjr point work at gmail
|
|
development server, potentially Starbound server
|
206.220.193.70
|
|
Chris's Server
|
cotto at ieee point org
|
|
development server, occasionally Terraria server
|
206.220.196.49
|
Fwd: h49-skullspace.winnipeg.voinetworks.net.
|
Rev: h49-skullspace.winnipeg.voinetworks.net.
|
|
VOI Mikrotik RB750? router
|
VOI Networks
|
now
|
required by network design
|
206.220.196.50
|
|
Sksp Main Router
|
it@skullspace.ca
|
|
|
206.220.196.51
|
2604:4280:1:c0de::53
Fwd: ns1.skullspace.ca (Pending)
|
Rev: ns1.skullspace.ca (Pending)
|
2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)
|
2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)
|
|
SKSP DNS
|
it@skullspace.ca
|
2014-10-08
|
Skullspace Primary DNS Server
|
206.220.196.52
|
Fwd: <several>
|
Rev: mail.nepharia.org
|
|
Vobster Nepharia Services
|
mak@kolybabi.com and dave@ysarro.com
|
2012-02-17
|
Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
|
206.220.196.53
|
Fwd: <several>
|
Rev: mail.skullspace.ca
|
|
Vobster SkullSpace Services
|
mak@kolybabi.com and dave@ysarro.com
|
2012-02-17
|
Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
|
206.220.196.54
|
Fwd: ctf.skullspace.ca
|
Rev: ctf.skullspace.ca
|
|
Vobster CTF Services
|
mak@kolybabi.com and dave@ysarro.com
|
2013-04-09
|
|
206.220.196.55
|
|
Edwin Amsler
|
edwinguy at gmail dot calm
|
2015-02-23
|
|
206.220.196.56
|
|
Colin / Jeremy FreeBSD server
|
phoul@insecure-complexity.com
|
2013-10-01
|
|
206.220.196.57
|
|
vmsrv
|
mark@parit.ca
|
2012-08-27
|
VM server open to all members, will run an http proxy to allow this one ip to host many web servers
|
206.220.196.58
|
2604:4280:1:c0de::314
|
Sean's server.
|
sean _at_ tinfoilhat _dot_ ca
|
2013-09-27
|
L2TP etc.
|
206.220.196.59
|
|
Ron's server
|
ron @ skullsecurity.net
|
Now
|
Websites and stuff
|
206.220.196.60
|
|
Colin's project server
|
CStanners @ gmail
|
Occasional
|
IPv6, VPN services and testing
|
206.220.196.61
|
|
Ben's server
|
ben@benbergman.ca
|
2012-12-18
|
http/ssh/vpn/other
|
206.220.196.62
|
Fwd: dangerzone.skullspace.ca
|
Rev: dangerzone.skullspace.ca
|
|
The Danger Zone
|
ctfadmin@
|
2012-06-01
|
The home of the SkullSpace Teaching CTF.
|
Access
All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.