## Zone installation.
MASTER = localhost
+inside_MASTER = precision
+
+
ifeq ($(MASTER),localhost)
ZONEINST = userv zoneconf install
else
ZONESETS += distorted
distorted_VIEWS = inside outside
-distorted_outside_NETS = dmz
-distorted_inside_NETS = unsafe
+distorted_outside_NETS = dmz jump
+distorted_inside_NETS = unsafe colo
distorted_all_ZONES = distorted.org.uk io.distorted.org.uk
distorted_inside_ZONES = 199.29.172.in-addr.arpa
(tor :svc #+view/inside vampire.unsafe
#-view/inside anon.dmz)
+ ;; Colocated hosts.
+ (colo :net colo)
+ (jump :net jump)
+ (fender (colo :a fender.colo)
+ (jump :a fender.jump))
+ (precision (colo :a precision.colo)
+ (jump :a precision.jump))
+ (telecaster (colo :a telecaster.colo)
+ (jump :a telecaster.jump))
+ (telecaster :alias tele)
+ (stratocaster (colo :a stratocaster.colo)
+ (jump :a stratocaster.jump))
+ (stratocaster :alias strat)
+ (jazz (colo :a jazz.colo)
+ (jump :a jazz.jump))
+
;; Wired ethernet.
(wired :net wired)
(vampire (unsafe :a vampire.unsafe)
(vampire.ns :ip vampire))
:reverse dmz)
+(defrevzone jump
+ :ns ((radius.ns :ip radius)
+ (vampire.ns :ip vampire))
+ :reverse jump)
+
(defzone io.distorted.org.uk
:ns ((ns :ip vampire))
(about :txt "Fake zone used for IP-over-DNS tunnelling."))
;; Externally routable DMZ.
(defnet dmz 62.49.204.144/28)
+;; Externally routed colo range.
+(defnet jump 212.13.198.66/28)
+
;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
(defnet distorted.org.uk 172.29.198.0/23
(untrusted 256
(dhcp 32)
(safe 32))
(virtual 32)
- (its 4)))
+ (play 32
+ (its 4))
+ (colo 32)))
;;;--------------------------------------------------------------------------
;;; Host allocations
(defhost gate.dmz (dmz 13))
(defhost nat.dmz (dmz 14))
+;; Colocated addresses.
+(defhost fender.jump (jump 5))
+(defhost precision.jump (jump 6))
+(defhost telecaster.jump (jump 7))
+(defhost stratocaster.jump (jump 8))
+(defhost jazz.jump (jump 9))
+
;; Unsafe network.
(defhost radius.unsafe (unsafe 1))
(defhost roadstar.unsafe (unsafe 2))
(defhost gw.its (its 1))
(defhost mz.its (its 2))
+;; Internal (VPN) addresses for colocated services.
+(defhost fender.colo (colo 1))
+(defhost precision.colo (colo 2))
+(defhost telecaster.colo (colo 3))
+(defhost stratocaster.colo (colo 4))
+(defhost jazz.colo (colo 5))
+
;;;--------------------------------------------------------------------------
;;; Host switch.