Difference between revisions of "Networking"

From SkullSpace Wiki
Jump to navigation Jump to search
C (talk)
Line 50: Line 50:
 
*172.30.4.x = testing/reserved for later use
 
*172.30.4.x = testing/reserved for later use
 
*172.30.5.x = half Security/Management network  half VPNs
 
*172.30.5.x = half Security/Management network  half VPNs
*172.30.6.x = Main network  DHCP  .100-.250 router .1  network gear .10-.39  printers .40-.49  VMs, servers .50-.89
+
*172.30.6.x = Main network  DHCP  .100-.240 router .1  network gear .10-.39  printers .40-.49  VMs, servers .50-.89 VPNs .241-254
 
*172.30.7.x = CTF Network  DHCP ???  router .1
 
*172.30.7.x = CTF Network  DHCP ???  router .1
  

Revision as of 18:34, 7 December 2013

  • Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
  • Also see IT Policies
  • We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
  • this page is finally being updated for Sksp2, old page is at Networking/Old

Network status

Pretty sweet right now

High-level description

Do this

Internet feeds

Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).

Network hardware

  • Mikrotik Routerboard 450G as main router
  • Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
  • Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
  • Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
  • Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
  • A 3Com 4924 (:A0) as the main switch, by default everything connects here.
  • A 3Com 4924 (:??) a spare switch.
  • 2 D-Link DWL-810+ bridges.
  • Netgear GS108T as the lounge switch.
  • D-Link DWL-7100AP AP.
  • D-Link DES-3224 as a static IP switch, set to management only on port 7 (Telnet, username "D-Link").
  • A Belkin F5D8236 wireless-N router as spare
  • 3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.
  • Belkin F5D5141-5 switch.
  • Cisco 2950 switches #1 and #2 - currently unused, will setup as internet-side switches
  • Mikrotik RB750 (small white box) VOI's router
  • Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.

Wiring

Todo

Tasks

  • finish mapping and labeling ethernet lines
  • terminate lines correctly in a panel once we're sure server room is stable
  • label networking equipment (IPs etc) and servers, update this page for the latter
  • put read-only and full-access passwords on devices

Wireless Networks

Todo

Main router Port Forwarding entries

If ever we need to reset the main router, these will be put back in, so keep them updated.

New IP Ranges

  • 172.30.4.x = testing/reserved for later use
  • 172.30.5.x = half Security/Management network half VPNs
  • 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.39 printers .40-.49 VMs, servers .50-.89 VPNs .241-254
  • 172.30.7.x = CTF Network DHCP ??? router .1


Internal IP usage

Check these

  • 192.168.1.1 main Linksys/Netgear router
  • 192.168.1.9 noel, alex's linux container on vmsrv
  • 192.168.1.10 kyle, a linux container on vmsrv
  • 192.168.1.11 stefen, a linux container on vmsrv
  • 192.168.1.12 Samsung CLP-310N printer
  • 192.168.1.13 MUMD Arch Linux
  • 192.168.1.15 Cisco 2950 switch
  • 192.168.1.16 Netgear GS108T workshop switch
  • 192.168.1.17 Cisco 4924 Switch-1 (main)
  • 192.168.1.18 Cisco 4924 Switch-2
  • 192.168.1.22 DES-3224
  • 192.168.1.26 vmsrv
  • 192.168.1.27 Who took this and didn't document?
  • 192.168.1.28 central services for MUMD
  • 192.168.1.29 MUMD latest Ubuntu
  • 192.168.1.31 Wyse Winterm thin client (computer lab)
  • 192.168.1.32 Skullhost on vmsrv
  • 192.168.1.33 iscsi server on vmsrv
  • 192.168.1.34-35 Kenny servers
  • 192.168.1.36 VPN server on vmsrv - contact Jay or Alex
  • 192.168.1.37 Ben's server
  • 192.168.1.38 Driftnet laptop
  • 192.168.1.39 open for use
  • 192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.
  • 192.168.1.100-199 Main router DHCP space
  • 192.168.1.200-220 Network lab address space
  • 192.168.1.245-249 : IPs for temporary wireless links

VOI IP usage

VOI gave us 206.220.196.48/28 (mask 255.255.255.240) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently DES-3224 in the rack.

IP DNS Use Contact used by? reason for public IP and notes
206.220.196.49
Fwd: h49-skullspace.winnipeg.voinetworks.net.
Rev: h49-skullspace.winnipeg.voinetworks.net.
VOI Mikrotik RB750? router VOI Networks now required by network design
206.220.196.50
Fwd:
Rev:
Sksp Main Router CStanners a gmail.com or Sksp admins
206.220.196.51
Fwd:
Rev:
Given to Ian
206.220.196.52
Fwd: <several>
Rev: mail.nepharia.org
Vobster Nepharia Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
206.220.196.53
Fwd: <several>
Rev: mail.skullspace.ca
Vobster SkullSpace Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
206.220.196.54
Fwd:
Rev:
Andrew's Server andrew at andreworr dot ca 2012-02-17 http/ssh/vpn/IPv6
206.220.196.55
Fwd:
Rev:
Ayecee's Server ayecee@gmail.com 2012-07-07 Static address for freenet node
206.220.196.56
Fwd:
Rev:
Colin / Jeremy FreeBSD server phoul@insecure-complexity.com 2013-10-01
206.220.196.57
Fwd:
Rev:
vmsrv mark@parit.ca 2012-08-27 VM server open to all members, will run an http proxy to allow this one ip to host many web servers
206.220.196.58
Fwd: intarweb.ca
Rev:
Sean's server. sean _at_ tinfoilhat _dot_ ca 2013-09-27 L2TP etc.
206.220.196.59
Fwd:
Rev:
Ron's server ron @ skullsecurity.net Now Websites and stuff
206.220.196.60
Fwd:
Rev:
Colin's project server CStanners @ gmail Occasional IPv6, VPN services and testing
206.220.196.61
Fwd:
Rev:
Ben's server ben@benbergman.ca 2012-12-18 http/ssh/vpn/other
206.220.196.62
Fwd: dangerzone.skullspace.ca
Rev: dangerzone.skullspace.ca
The Danger Zone ctfadmin@ 2012-06-01 The home of the SkullSpace Teaching CTF.

Servers & Internet-connected devices

Do we still need this section?

Access

Todo