From: Mark Wooding Date: Wed, 26 Nov 2008 21:27:23 +0000 (+0000) Subject: distorted: Various changes. X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/commitdiff_plain/8ca446b52a0e12c103b26ffe87b158a50c8a78a8?hp=b1d5c6c26918b06284d9895eb50ef3c08133f840 distorted: Various changes. * Merge the untrusted wired and wireless networks. There's no longer any need for the wireless CIDR-delegation so delete it. * Assign vampire an address in the untrusted network. This way it can provide a VPN endpoint without messing up the routing completely. * Assign crybaby a VPN address. * Expunge tubescreamer and fuzzface. --- diff --git a/Makefile.m4 b/Makefile.m4 index a39acae..f221ac5 100644 --- a/Makefile.m4 +++ b/Makefile.m4 @@ -22,6 +22,7 @@ $1_ZONE_FILES = _dolist([_subnet], [($2)], ALL_SUBNETS += $($1_SUBNETS) ALL_ZONES += $($1_ZONES) ALL_ZONE_FILES += $($1_ZONE_FILES) +ALL_CLEAN_FILES += _dolist([_subnet], [($2)], [ _subnet/*]) m4_divert(30)m4_dnl $($1_ZONE_FILES): $1.lisp $(ZONEDEPS) mkdir -p $($1_SUBNETS)m4_dnl @@ -36,7 +37,7 @@ m4_divert(-1) DOMAIN([distorted], [inet, fretwank], [distorted.org.uk, dhcp.distorted.org.uk, - 198.29.172.in-addr.arpa, wireless.198.29.172.in-addr.arpa, + 198.29.172.in-addr.arpa, 199.29.172.in-addr.arpa, dhcp.199.29.172.in-addr.arpa]) DOMAIN([harlequin], [inet, fretwank], [harlequin.org.uk]) @@ -48,6 +49,7 @@ ZONE = zone ALL_ZONES = ALL_ZONE_FILES = +ALL_CLEAN_FILES = ALL_SUBNETS = PUBLISH = publish @@ -116,7 +118,8 @@ Makefile: Makefile.m4 mv $@.new $@ clean: - rm -f $(ALL_ZONE_FILES) *.toc *.lof *.lot *.log *.dvi *.ps *.aux + rm -f $(ALL_ZONE_FILES) $(ALL_CLEAN_FILES) \ + *.toc *.lof *.lot *.log *.dvi *.ps *.aux rmdir $(sort $(ALL_SUBNETS)) ###----- That's all, folks -------------------------------------------------- diff --git a/distorted.lisp b/distorted.lisp index 253c560..8ab90af 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -7,8 +7,7 @@ (load "hosts" :verbose nil) ;;; (RFC1918 addresses are allocated from Cambridge G-RIN.) (defnet distorted.org.uk 172.29.198.0/23 - (untrusted 256 - (wireless 64)) + (untrusted 256) (trusted 256 (fretwank 128 (unsafe 32) @@ -34,10 +33,11 @@ (defhost tubescreamer (safe 1)) (defhost obsidian (safe 2)) ;; Wireless network. -(defhost evolution.wireless (wireless 1)) +(defhost evolution.untrusted (untrusted 1)) +(defhost vampire.untrusted (untrusted 2)) ;; Virtual private network. -(defhost fuzzface (virtual 1)) +(defhost crybaby (virtual 1)) ;; Special network for ITS. ;; It doesn't understand point-to-point links, so we need a little net. @@ -85,8 +85,8 @@ (defzone distorted.org.uk (guvnor (inet :a guvnor.demon) (fretwank :a guvnor)) ;; ;; Wireless gateway - (wireless :net wireless) - (evolution (fretwank :a evolution) (wireless :a evolution.wireless)) + (untrusted :net untrusted) + (evolution (fretwank :a evolution) (untrusted :a evolution.untrusted)) ;; ;; Local services (@ :svc www-frontend) @@ -105,13 +105,12 @@ (defzone distorted.org.uk ;; Wired ethernet (fretwank :net fretwank) (metalzone (inet :a guvnor.demon) (fretwank :a metalzone)) - (vampire (fretwank :a vampire)) - (tubescreamer (fretwank :a tubescreamer)) + (vampire (fretwank :a vampire) (untrusted :a vampire.untrusted)) (obsidian (fretwank :a obsidian)) ;; ;; Virtual network (virtual :net virtual) - (fuzzface (virtual :a fuzzface)) + (crybaby (virtual :a crybaby)) ;; ;; ITS (its :net its) @@ -134,11 +133,7 @@ (defrevzone trusted (defrevzone untrusted :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) - #+subnet/fretwank (wireless :ns (metalzone.ns vampire.ns)) - #+subnet/fretwank (@ :cidr-delegation - (wireless - (wireless - 198.29.172.wireless.198.29.172.in-addr.arpa)))) + :reverse untrusted) (defzone dhcp.distorted.org.uk :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) @@ -147,8 +142,4 @@ (defzone dhcp.distorted.org.uk (defzone dhcp.199.29.172.in-addr.arpa :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))) -(defzone wireless.198.29.172.in-addr.arpa - :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) - :reverse ((wireless :bytes 4))) - ;;;----- That's all, folks --------------------------------------------------