User:Dereckson/Drake: Difference between revisions

From Nasqueron Agora
(→‎Link drake27 and drake26: 172.27.27.1/32 can actually directly be sent through the tunnel too)
 
(5 intermediate revisions by the same user not shown)
Line 28: Line 28:
| 172.27.26.5||[[Threyscend]]||threyscend.drake||FreeBSD 10||Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road.||Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend.
| 172.27.26.5||[[Threyscend]]||threyscend.drake||FreeBSD 10||Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road.||Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend.
|-
|-
| 172.27.26.6||Xyrogh||xyrogh.dereckson.drake||Chromium OS||Thin client||Feel free to borrow it, you can log in as guest or under a Google account.
| 172.27.26.6||Notium||-||Android
|colspan=2 align=center|Private use
|-
|-
| 172.27.26.7||Illium||illium.dereckson.drake||Android
| 172.27.26.7||Yggdrasil||yggdrasil.dereckson.drake||Android
|colspan=2 align=center|Private use
|colspan=2 align=center|Private use
|-
|-
| 172.27.26.8
| 172.27.26.8||Yakin||yakin.dereckson.drake||Windows 10
|colspan=5 align=center|Free for static assignment
|colspan=2 align=center|Private use
|-
|-
| 172.27.26.9||Axielec||axielec.dereckson.drake||FreeBSD 10.1||Ports testing infrastructure with GNOME||To test ports
| 172.27.26.9||Axielec||axielec.dereckson.drake||FreeBSD 10.1||Ports testing infrastructure with GNOME||To test ports
Line 124: Line 125:
! AUP
! AUP
|-
|-
| 172.27.26.100||Routeur EDPNet||-||?|||Fritzbox||Open to configure InterNet Access or NAT rules
| 172.27.26.100||Routeur Proximus||-||?||"bbox 4"||To be configured through Mobile Viking portal
|-
|-
| 172.27.26.101||Switch TP-Link||-||?|||Managed witch||Open to create vlan to make ethernet walls plugs private
| 172.27.26.101||Switch TP-Link||-||?|||Managed switch||Open to create vlan to make ethernet walls plugs private
|-
|-
| 172.27.26.102||Routeur guest suite||-||OpenWRT||To provide wi-fi in first floor||Ok to configure NAT rules
| 172.27.26.102||Routeur guest suite||-||OpenWRT||To provide wi-fi in first floor||Ok to configure NAT rules
|-
|-
| 172.27.26.103||Routeur "bbox" Proximus||-||? / will be OpenWRT||To bridge our ethernet cables with fiber||Ok to configure NAT rules
172.27.26.120||TribalCloud||hypership.drake||Fedora||Zed development area||Browse http://hypership.drake
|-
| 172.27.26.120||TribalCloud||hypership.drake||Fedora||Zed development area||Browse http://hypership.drake
|}
|}


Line 179: Line 178:
* 172.27.26.224/28
* 172.27.26.224/28
* 172.27.26.240/28
* 172.27.26.240/28
== Link drake27 and drake26 ==
An experiment to link Drake27 / Nasqueron and Drake26 / Lost Woods portions of the Drake network is ongoing in September 2024.
On router-001:
    INDEX=26
    DESCR=drake27_to_drake26
   
    TUNNEL_SRC=<IP configured on router-001>
    TUNNEL_DST=<IP configured on Ubald>
   
    LOCAL=172.27.27.251
    REMOTE=172.27.26.30
   
    REMOTE_RANGE=172.27.26.0/27
    ifconfig gre$INDEX create
    ifconfig gre$INDEX tunnel $TUNNEL_SRC $TUNNEL_DST
    ifconfig gre$INDEX inet $LOCAL $REMOTE netmask 0xffffffff
    ifconfig gre$INDEX descr $DESCR
    route add $REMOTE_RANGE $REMOTE
On Ubald, the OpenWRT router needs to be configured like this in /etc/config/network:
    config interface drake27
        option proto gre
        option zone drake
        option peeraddr <IP configured on router-001>
    config interface drake27_addr
        option proto static
        option ifname @drake27
        option ipaddr 172.27.26.30
        option netmask 255.255.0.0
        # Fixes IPv6 multicast (long-standing bug in kernel).
        # Useful if you run Babel or OSPFv3.
        option ip6addr fe80::42/64
The drake zone is configured in /etc/config/firewall:
    config zone
        option name 'drake'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
    config forwarding
        option src 'lan'
        option dest 'drake'
    config forwarding
        option src 'drake'
        option dest 'lan'
Routing needs to be done with "ip route" and note with "route", as that last command is handled by busybox. Busybox source code will raise an error if we try to add a route for 172.27.27.0/24 via 172.27.27.1 as the gateway .1 belongs to the routed range:
    route del -net 172.27.0.0 netmask 255.255.0.0
    route add 172.27.27.251/32 dev gre4-drake27
    route add 172.27.27.1/32 dev gre4-drake27
    ip route add 172.27.27.0/24 via 172.27.27.1
Devservers and only devservers allowed to connect to Drake26 need a specific route:
    route add 172.27.26.0/24 172.27.27.1
It's not recommended to replace default routing for 172.27.27.0/24 (Drake27) by 127.27.26.0/23 (Drake26 + Drake27) or by 172.26.0.1/15 (All drake), as long as 172.27. is "trusted", ie as long as no firewall rule blocks traffic from outside 172.27.27.0/24 on every server.


[[Category:Drake]]
[[Category:Drake]]
[[Category:Reference]]
[[Category:Reference]]

Latest revision as of 19:07, 15 September 2024

172.27.26/24

172.27.26.0/27 (Ubald, home network)

If you need to assign a static IP in this range, use the following information:

  • IP: an IP not in the list below, up to 172.27.26.14
  • Gateway: 172.27.26.1
  • Broadcast: 172.27.26.31
  • Netmask: 255.255.255.224

If not, you will receive by DHCP an address between 172.27.26.15 and 172.27.26.29, with a resolve in tree-<number>.lostwoods.drake.

IP Server Reverse DNS OS Purpose AUP
172.27.26.1 Ubald ubald.dereckson.drake OpenWRT r41824 Private use
172.27.26.3 Tigraki tigraki.dereckson.drake FreeBSD 10
172.27.26.4 Graywell graywell.dereckson.drake Debian Wheezy
172.27.26.5 Threyscend threyscend.drake FreeBSD 10 Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road. Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend.
172.27.26.6 Notium - Android Private use
172.27.26.7 Yggdrasil yggdrasil.dereckson.drake Android Private use
172.27.26.8 Yakin yakin.dereckson.drake Windows 10 Private use
172.27.26.9 Axielec axielec.dereckson.drake FreeBSD 10.1 Ports testing infrastructure with GNOME To test ports
172.27.26.10 Free for static assignment
172.27.26.11
172.27.26.12
172.27.26.13
172.27.26.14
172.27.26.15 Free for DHCP use
172.27.26.16
172.27.26.17
172.27.26.18
172.27.26.19
172.27.26.20
172.27.26.21
172.27.26.22
172.27.26.23
172.27.26.24
172.27.26.25
172.27.26.26
172.27.26.27
172.27.26.28
172.27.26.29
172.27.26.30 Ubald ubald.routers.lostwoods.drake See supra. Peering with Drake network Private use

172.27.26.32/28 (Ysul)

Netmask: 255.255.255.240

IP Server Reverse DNS OS Purpose Task AUP
172.27.26.33 Ysul ysul.nasqueron.drake FreeBSD 10 Nginx, php-fpm, Node, IRC web and application hosting - Access for any Nasqueron or Wolfplex project, access for general public seeking a development purpose shell account or a staging environment.
172.27.26.34 Tonderon tonderon.nasqueron.drake FreeBSD 10 Test jail environment in Drake (?) T181 Currently none, pending a goal for this jail is found
172.27.26.35 Uncle Slovius uncle-slovius.nasqueron.drake FreeBSD 10 Meteor application development and Rocket Chat evaluation T714 Ask amj on #wolfplex

172.27.26.48/28 (Dwellers)

IP Server Reverse DNS OS Purpose AUP
172.27.26.49 Dwellers dwellers.nasqueron.drake CentOS 7.0.1406 OpenShift and Docker hosting Open to everyone willing to tweak the dual Docker/OpenShift architecture.

172.27.26.64/26 (Arcane Grove)

172.27.26.120||TribalCloud||hypership.drake||Fedora||Zed development area||Browse http://hypership.drake
IP Server Reverse DNS OS Purpose AUP
172.27.26.100 Routeur Proximus - ? "bbox 4" To be configured through Mobile Viking portal
172.27.26.101 Switch TP-Link - ? Managed switch Open to create vlan to make ethernet walls plugs private
172.27.26.102 Routeur guest suite - OpenWRT To provide wi-fi in first floor Ok to configure NAT rules

DHCP from Fritzbox will assign 70-99. 100+ is for static assignment (network devices and computer with dynamic IP).

172.27.26.128/27 (Threyscend)

IP Server Reverse DNS OS Purpose AUP
172.27.26.129 Threyscend routing.threyscend.drake See threyscend.drake entry @ 172.27.26.5

DHCP configuration

Offers DHCP from 172.27.26.130 to 172.27.26.158. 29 slots are so available.

Static configuration

If you configure a static IP on this range:

  • Pick a free IP between 172.27.26.130 and 172.27.26.158
  • Gateway is 172.27.26.129
  • Broadcast is 172.27.26.159

Larger events

For larger events, the IP range is reserved to Drake peers, which then provide more broad access on their own block.

Free blocks

  • 172.27.26.64/28
  • 172.27.26.80/28
  • 172.27.26.96/28


  • 172.27.26.160/28
  • 172.27.26.176/28
  • 172.27.26.192/28
  • 172.27.26.208/28
  • 172.27.26.224/28
  • 172.27.26.240/28

Link drake27 and drake26

An experiment to link Drake27 / Nasqueron and Drake26 / Lost Woods portions of the Drake network is ongoing in September 2024.

On router-001: 

   INDEX=26
   DESCR=drake27_to_drake26
   
   TUNNEL_SRC=<IP configured on router-001>
   TUNNEL_DST=<IP configured on Ubald>
   
   LOCAL=172.27.27.251
   REMOTE=172.27.26.30
   
   REMOTE_RANGE=172.27.26.0/27

   ifconfig gre$INDEX create
   ifconfig gre$INDEX tunnel $TUNNEL_SRC $TUNNEL_DST
   ifconfig gre$INDEX inet $LOCAL $REMOTE netmask 0xffffffff
   ifconfig gre$INDEX descr $DESCR

   route add $REMOTE_RANGE $REMOTE

On Ubald, the OpenWRT router needs to be configured like this in /etc/config/network: 

   config interface drake27
       option proto gre
       option zone drake
       option peeraddr <IP configured on router-001>

   config interface drake27_addr
       option proto static
       option ifname @drake27
       option ipaddr 172.27.26.30
       option netmask 255.255.0.0
       # Fixes IPv6 multicast (long-standing bug in kernel).
       # Useful if you run Babel or OSPFv3.
       option ip6addr fe80::42/64

The drake zone is configured in /etc/config/firewall: 

   config zone
       option name 'drake'
       option input 'REJECT'
       option output 'ACCEPT'
       option forward 'REJECT'

   config forwarding
       option src 'lan'
       option dest 'drake'

   config forwarding
       option src 'drake'
       option dest 'lan'

Routing needs to be done with "ip route" and note with "route", as that last command is handled by busybox. Busybox source code will raise an error if we try to add a route for 172.27.27.0/24 via 172.27.27.1 as the gateway .1 belongs to the routed range: 

   route del -net 172.27.0.0 netmask 255.255.0.0
   route add 172.27.27.251/32 dev gre4-drake27
   route add 172.27.27.1/32 dev gre4-drake27
   ip route add 172.27.27.0/24 via 172.27.27.1

Devservers and only devservers allowed to connect to Drake26 need a specific route: 

   route add 172.27.26.0/24 172.27.27.1

It's not recommended to replace default routing for 172.27.27.0/24 (Drake27) by 127.27.26.0/23 (Drake26 + Drake27) or by 172.26.0.1/15 (All drake), as long as 172.27. is "trusted", ie as long as no firewall rule blocks traffic from outside 172.27.27.0/24 on every server.

Retrieved from "https://agora.nasqueron.org/index.php?title=User:Dereckson/Drake&oldid=1602"