User:Dereckson/Drake: Difference between revisions
(→172.27.26.32/28 (Ysul): Netmask matching a /28 subnet is 255.255.255.240) |
(→Link drake27 and drake26: 172.27.27.1/32 can actually directly be sent through the tunnel too) |
||
(16 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== | == 172.27.26/24 == | ||
=== 172.27.26.0/27 (Ubald, home network) === | === 172.27.26.0/27 (Ubald, home network) === | ||
Line 28: | Line 28: | ||
| 172.27.26.5||[[Threyscend]]||threyscend.drake||FreeBSD 10||Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road.||Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend. | | 172.27.26.5||[[Threyscend]]||threyscend.drake||FreeBSD 10||Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road.||Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend. | ||
|- | |- | ||
| 172.27.26.6|| | | 172.27.26.6||Notium||-||Android | ||
|colspan=2 align=center|Private use | |||
|- | |- | ||
| 172.27.26.7|| | | 172.27.26.7||Yggdrasil||yggdrasil.dereckson.drake||Android | ||
|colspan=2 align=center|Private use | |colspan=2 align=center|Private use | ||
|- | |- | ||
| 172.27.26.8 | | 172.27.26.8||Yakin||yakin.dereckson.drake||Windows 10 | ||
|colspan= | |colspan=2 align=center|Private use | ||
|- | |- | ||
| 172.27.26.9||Axielec||axielec.dereckson.drake||FreeBSD 10.1||Ports testing infrastructure with GNOME||To test ports | | 172.27.26.9||Axielec||axielec.dereckson.drake||FreeBSD 10.1||Ports testing infrastructure with GNOME||To test ports | ||
Line 91: | Line 92: | ||
! OS | ! OS | ||
! Purpose | ! Purpose | ||
! Task | |||
! AUP | ! AUP | ||
|- | |- | ||
| 172.27.26.33||[[Ysul]]||ysul.nasqueron.drake||FreeBSD 10||Nginx, php-fpm, Node, IRC web and application hosting||Access for any Nasqueron or Wolfplex project, access for general public seeking a development purpose shell account or a staging environment. | | 172.27.26.33||[[Ysul]]||ysul.nasqueron.drake||FreeBSD 10||Nginx, php-fpm, Node, IRC web and application hosting||-||Access for any Nasqueron or Wolfplex project, access for general public seeking a development purpose shell account or a staging environment. | ||
|- | |- | ||
| 172.27.26.34||[[Tonderon]]||tonderon.nasqueron.drake||FreeBSD 10||Test jail environment in Drake (?)||[https://devcentral.nasqueron.org/T181 T181]||Currently none, pending a goal for this jail is found | |||
|- | |||
| 172.27.26.35||[[Uncle Slovius]]||uncle-slovius.nasqueron.drake||FreeBSD 10||Meteor application development and [https://rocket.chat/ Rocket Chat] evaluation||[https://devcentral.nasqueron.org/T714 T714]||Ask amj on #wolfplex | |||
|} | |} | ||
Line 109: | Line 115: | ||
|- | |- | ||
|} | |} | ||
=== 172.27.26.64/26 (Arcane Grove) === | |||
{| class="wikitable" | |||
! IP | |||
! Server | |||
! Reverse DNS | |||
! OS | |||
! Purpose | |||
! AUP | |||
|- | |||
| 172.27.26.100||Routeur Proximus||-||?||"bbox 4"||To be configured through Mobile Viking portal | |||
|- | |||
| 172.27.26.101||Switch TP-Link||-||?|||Managed switch||Open to create vlan to make ethernet walls plugs private | |||
|- | |||
| 172.27.26.102||Routeur guest suite||-||OpenWRT||To provide wi-fi in first floor||Ok to configure NAT rules | |||
|- | |||
172.27.26.120||TribalCloud||hypership.drake||Fedora||Zed development area||Browse http://hypership.drake | |||
|} | |||
DHCP from Fritzbox will assign 70-99. 100+ is for static assignment (network devices and computer with dynamic IP). | |||
=== 172.27.26.128/27 (Threyscend) === | === 172.27.26.128/27 (Threyscend) === | ||
Line 152: | Line 178: | ||
* 172.27.26.224/28 | * 172.27.26.224/28 | ||
* 172.27.26.240/28 | * 172.27.26.240/28 | ||
== Link drake27 and drake26 == | |||
An experiment to link Drake27 / Nasqueron and Drake26 / Lost Woods portions of the Drake network is ongoing in September 2024. | |||
On router-001: | |||
INDEX=26 | |||
DESCR=drake27_to_drake26 | |||
TUNNEL_SRC=<IP configured on router-001> | |||
TUNNEL_DST=<IP configured on Ubald> | |||
LOCAL=172.27.27.251 | |||
REMOTE=172.27.26.30 | |||
REMOTE_RANGE=172.27.26.0/27 | |||
ifconfig gre$INDEX create | |||
ifconfig gre$INDEX tunnel $TUNNEL_SRC $TUNNEL_DST | |||
ifconfig gre$INDEX inet $LOCAL $REMOTE netmask 0xffffffff | |||
ifconfig gre$INDEX descr $DESCR | |||
route add $REMOTE_RANGE $REMOTE | |||
On Ubald, the OpenWRT router needs to be configured like this in /etc/config/network: | |||
config interface drake27 | |||
option proto gre | |||
option zone drake | |||
option peeraddr <IP configured on router-001> | |||
config interface drake27_addr | |||
option proto static | |||
option ifname @drake27 | |||
option ipaddr 172.27.26.30 | |||
option netmask 255.255.0.0 | |||
# Fixes IPv6 multicast (long-standing bug in kernel). | |||
# Useful if you run Babel or OSPFv3. | |||
option ip6addr fe80::42/64 | |||
The drake zone is configured in /etc/config/firewall: | |||
config zone | |||
option name 'drake' | |||
option input 'REJECT' | |||
option output 'ACCEPT' | |||
option forward 'REJECT' | |||
config forwarding | |||
option src 'lan' | |||
option dest 'drake' | |||
config forwarding | |||
option src 'drake' | |||
option dest 'lan' | |||
Routing needs to be done with "ip route" and note with "route", as that last command is handled by busybox. Busybox source code will raise an error if we try to add a route for 172.27.27.0/24 via 172.27.27.1 as the gateway .1 belongs to the routed range: | |||
route del -net 172.27.0.0 netmask 255.255.0.0 | |||
route add 172.27.27.251/32 dev gre4-drake27 | |||
route add 172.27.27.1/32 dev gre4-drake27 | |||
ip route add 172.27.27.0/24 via 172.27.27.1 | |||
Devservers and only devservers allowed to connect to Drake26 need a specific route: | |||
route add 172.27.26.0/24 172.27.27.1 | |||
It's not recommended to replace default routing for 172.27.27.0/24 (Drake27) by 127.27.26.0/23 (Drake26 + Drake27) or by 172.26.0.1/15 (All drake), as long as 172.27. is "trusted", ie as long as no firewall rule blocks traffic from outside 172.27.27.0/24 on every server. | |||
[[Category:Drake]] | |||
[[Category:Reference]] |
Latest revision as of 19:07, 15 September 2024
172.27.26/24
172.27.26.0/27 (Ubald, home network)
If you need to assign a static IP in this range, use the following information:
- IP: an IP not in the list below, up to 172.27.26.14
- Gateway: 172.27.26.1
- Broadcast: 172.27.26.31
- Netmask: 255.255.255.224
If not, you will receive by DHCP an address between 172.27.26.15 and 172.27.26.29, with a resolve in tree-<number>.lostwoods.drake.
IP | Server | Reverse DNS | OS | Purpose | AUP |
---|---|---|---|---|---|
172.27.26.1 | Ubald | ubald.dereckson.drake | OpenWRT r41824 | Private use | |
172.27.26.3 | Tigraki | tigraki.dereckson.drake | FreeBSD 10 | ||
172.27.26.4 | Graywell | graywell.dereckson.drake | Debian Wheezy | ||
172.27.26.5 | Threyscend | threyscend.drake | FreeBSD 10 | Nomad laptop server to provide Drake connectivity and FreeBSD shell accounts on the road. | Accounts can be requested when you're on the same physical site than Threyscend or need to interact with a project on Threyscend. |
172.27.26.6 | Notium | - | Android | Private use | |
172.27.26.7 | Yggdrasil | yggdrasil.dereckson.drake | Android | Private use | |
172.27.26.8 | Yakin | yakin.dereckson.drake | Windows 10 | Private use | |
172.27.26.9 | Axielec | axielec.dereckson.drake | FreeBSD 10.1 | Ports testing infrastructure with GNOME | To test ports |
172.27.26.10 | Free for static assignment | ||||
172.27.26.11 | |||||
172.27.26.12 | |||||
172.27.26.13 | |||||
172.27.26.14 | |||||
172.27.26.15 | Free for DHCP use | ||||
172.27.26.16 | |||||
172.27.26.17 | |||||
172.27.26.18 | |||||
172.27.26.19 | |||||
172.27.26.20 | |||||
172.27.26.21 | |||||
172.27.26.22 | |||||
172.27.26.23 | |||||
172.27.26.24 | |||||
172.27.26.25 | |||||
172.27.26.26 | |||||
172.27.26.27 | |||||
172.27.26.28 | |||||
172.27.26.29 | |||||
172.27.26.30 | Ubald | ubald.routers.lostwoods.drake | See supra. | Peering with Drake network | Private use |
172.27.26.32/28 (Ysul)
Netmask: 255.255.255.240
IP | Server | Reverse DNS | OS | Purpose | Task | AUP |
---|---|---|---|---|---|---|
172.27.26.33 | Ysul | ysul.nasqueron.drake | FreeBSD 10 | Nginx, php-fpm, Node, IRC web and application hosting | - | Access for any Nasqueron or Wolfplex project, access for general public seeking a development purpose shell account or a staging environment. |
172.27.26.34 | Tonderon | tonderon.nasqueron.drake | FreeBSD 10 | Test jail environment in Drake (?) | T181 | Currently none, pending a goal for this jail is found |
172.27.26.35 | Uncle Slovius | uncle-slovius.nasqueron.drake | FreeBSD 10 | Meteor application development and Rocket Chat evaluation | T714 | Ask amj on #wolfplex |
172.27.26.48/28 (Dwellers)
IP | Server | Reverse DNS | OS | Purpose | AUP |
---|---|---|---|---|---|
172.27.26.49 | Dwellers | dwellers.nasqueron.drake | CentOS 7.0.1406 | OpenShift and Docker hosting | Open to everyone willing to tweak the dual Docker/OpenShift architecture. |
172.27.26.64/26 (Arcane Grove)
172.27.26.120||TribalCloud||hypership.drake||Fedora||Zed development area||Browse http://hypership.drakeIP | Server | Reverse DNS | OS | Purpose | AUP |
---|---|---|---|---|---|
172.27.26.100 | Routeur Proximus | - | ? | "bbox 4" | To be configured through Mobile Viking portal |
172.27.26.101 | Switch TP-Link | - | ? | Managed switch | Open to create vlan to make ethernet walls plugs private |
172.27.26.102 | Routeur guest suite | - | OpenWRT | To provide wi-fi in first floor | Ok to configure NAT rules |
DHCP from Fritzbox will assign 70-99. 100+ is for static assignment (network devices and computer with dynamic IP).
172.27.26.128/27 (Threyscend)
IP | Server | Reverse DNS | OS | Purpose | AUP |
---|---|---|---|---|---|
172.27.26.129 | Threyscend | routing.threyscend.drake | See threyscend.drake entry @ 172.27.26.5 |
DHCP configuration
Offers DHCP from 172.27.26.130 to 172.27.26.158. 29 slots are so available.
Static configuration
If you configure a static IP on this range:
- Pick a free IP between 172.27.26.130 and 172.27.26.158
- Gateway is 172.27.26.129
- Broadcast is 172.27.26.159
Larger events
For larger events, the IP range is reserved to Drake peers, which then provide more broad access on their own block.
Free blocks
- 172.27.26.64/28
- 172.27.26.80/28
- 172.27.26.96/28
- 172.27.26.160/28
- 172.27.26.176/28
- 172.27.26.192/28
- 172.27.26.208/28
- 172.27.26.224/28
- 172.27.26.240/28
Link drake27 and drake26
An experiment to link Drake27 / Nasqueron and Drake26 / Lost Woods portions of the Drake network is ongoing in September 2024.
On router-001:
INDEX=26 DESCR=drake27_to_drake26 TUNNEL_SRC=<IP configured on router-001> TUNNEL_DST=<IP configured on Ubald> LOCAL=172.27.27.251 REMOTE=172.27.26.30 REMOTE_RANGE=172.27.26.0/27
ifconfig gre$INDEX create ifconfig gre$INDEX tunnel $TUNNEL_SRC $TUNNEL_DST ifconfig gre$INDEX inet $LOCAL $REMOTE netmask 0xffffffff ifconfig gre$INDEX descr $DESCR
route add $REMOTE_RANGE $REMOTE
On Ubald, the OpenWRT router needs to be configured like this in /etc/config/network:
config interface drake27 option proto gre option zone drake option peeraddr <IP configured on router-001>
config interface drake27_addr option proto static option ifname @drake27 option ipaddr 172.27.26.30 option netmask 255.255.0.0 # Fixes IPv6 multicast (long-standing bug in kernel). # Useful if you run Babel or OSPFv3. option ip6addr fe80::42/64
The drake zone is configured in /etc/config/firewall:
config zone option name 'drake' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT'
config forwarding option src 'lan' option dest 'drake'
config forwarding option src 'drake' option dest 'lan'
Routing needs to be done with "ip route" and note with "route", as that last command is handled by busybox. Busybox source code will raise an error if we try to add a route for 172.27.27.0/24 via 172.27.27.1 as the gateway .1 belongs to the routed range:
route del -net 172.27.0.0 netmask 255.255.0.0 route add 172.27.27.251/32 dev gre4-drake27 route add 172.27.27.1/32 dev gre4-drake27 ip route add 172.27.27.0/24 via 172.27.27.1
Devservers and only devservers allowed to connect to Drake26 need a specific route:
route add 172.27.26.0/24 172.27.27.1
It's not recommended to replace default routing for 172.27.27.0/24 (Drake27) by 127.27.26.0/23 (Drake26 + Drake27) or by 172.26.0.1/15 (All drake), as long as 172.27. is "trusted", ie as long as no firewall rule blocks traffic from outside 172.27.27.0/24 on every server.