From: Mark Wooding Date: Sun, 10 Jul 2011 21:16:57 +0000 (+0100) Subject: Major network reorganization. X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/commitdiff_plain/92e992475fa9fae0b2b55f02142ee8df2e807a34 Major network reorganization. There is now a new globally routable /28, used as a DMZ, and the servers live on that as well as on the existing unsafe network (though they've been renumbered). This also means that all of the old NAT cruft must be swept away. Life is hard, unfortunately: guvnor is too stupid to have the same address on multiple network interfaces, so we must assign it two addresses in the DMZ. --- diff --git a/Makefile.m4 b/Makefile.m4 index eee0291..8ec905a 100644 --- a/Makefile.m4 +++ b/Makefile.m4 @@ -37,7 +37,7 @@ m4_divert(-1) DOMAIN([distorted], [inet, fretwank], [distorted.org.uk, io.distorted.org.uk, dhcp.distorted.org.uk, - 198.29.172.in-addr.arpa, + 204.49.62.in-addr.arpa, 198.29.172.in-addr.arpa, 199.29.172.in-addr.arpa, dhcp.199.29.172.in-addr.arpa]) DOMAIN([harlequin], [inet, fretwank], [harlequin.org.uk]) diff --git a/distorted.lisp b/distorted.lisp index c7fd629..416d98b 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -6,6 +6,8 @@ (load "hosts.lisp" :verbose nil) ;;; Network allocations ;;; (RFC1918 addresses are allocated from Cambridge G-RIN.) +(defnet inet 62.49.204.144/28) + (defnet distorted.org.uk 172.29.198.0/23 (untrusted 256 (wireless 128) @@ -22,16 +24,22 @@ (defnet distorted.org.uk 172.29.198.0/23 ;;; Host allocations ;; External addresses. -(defhost guvnor.demon 80.177.3.76) +(defhost guvnor.inet (inet 1)) +(defhost radius.inet (inet 2)) +(defhost roadstar.inet (inet 3)) +(defhost jem.inet (inet 4)) +(defhost artist.inet (inet 5)) +(defhost vampire.inet (inet 6)) +(defhost ibanez.inet (inet 9)) +(defhost gate.inet (inet 13)) +(defhost nat.inet (inet 14)) ;; Unsafe network. -(defhost guvnor (unsafe 1)) -(defhost metalzone (unsafe 2)) -(defhost radius (unsafe 3)) -(defhost vampire (unsafe 4)) -(defhost roadstar (unsafe 5)) -(defhost jem (unsafe 6)) -(defhost artist (unsafe 7)) +(defhost radius (unsafe 1)) +(defhost roadstar (unsafe 2)) +(defhost jem (unsafe 3)) +(defhost artist (unsafe 4)) +(defhost vampire (unsafe 5)) (defhost ibanez (unsafe 14)) ;; Safe network. @@ -39,9 +47,9 @@ (defhost tubescreamer (safe 1)) (defhost obsidian (safe 2)) ;; Wireless network. -(defhost vampire.untrusted (untrusted 1)) +(defhost radius.untrusted (untrusted 1)) (defhost evolution (untrusted 2)) -(defhost radius.untrusted (untrusted 3)) +(defhost vampire.untrusted (untrusted 3)) ;; Virtual private network. (defhost crybaby (virtual 1)) @@ -60,15 +68,14 @@ (defhost mz (its 2)) (setf *default-zone-admin* "hostmaster@distorted.org.uk") +(setf *default-zone-source* 'vampire.distorted.org.uk.) (preferred-subnet-case (fretwank - (setf *default-zone-source* 'vampire.distorted.org.uk.) - (defhost www-frontend metalzone) + (defhost www-frontend vampire) (defhost dns-frontend vampire)) (t - (setf *default-zone-source* 'guvnor.distorted.org.uk.) - (defhost www-frontend guvnor.demon) - (defhost dns-frontend guvnor.demon))) + (defhost www-frontend vampire.inet) + (defhost dns-frontend vampire.inet))) ;;;-------------------------------------------------------------------------- ;;; Main zone definition. @@ -76,12 +83,12 @@ (defhost dns-frontend guvnor.demon))) (defzone distorted.org.uk ;; ;; Nameservers. - :ns #+subnet/fretwank ((metalzone.ns :ip metalzone) - (vampire.ns :ip vampire)) + :ns #+subnet/fretwank ((vampire.ns :ip vampire)) #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1) (mythic-beasts-2.ns :ip mythic-ns2) (chiark.ns :ip chiark.greenend.org.uk) - (guvnor.ns :ip guvnor.demon)) + (radius.ns :ip radius.inet) + (vampire.ns :ip vampire.inet)) ;; ;; Mail servers. ((@ mail lists bugs cryptomail) @@ -92,11 +99,11 @@ (defzone distorted.org.uk :srv ((:http www) (:ftp ftp)) ;; - ;; Colocated services. - ;;((www ftp git) (inet :svc boyle.nsict.org) (fretwank :svc metalzone)) - ;; - ;; Entry is via little port-forwarding box. - (guvnor (inet :a guvnor.demon) (fretwank :a guvnor)) + ;; Entry is via little router box. + (inet :net inet) + (guvnor (inet :a guvnor.inet) (fretwank :svc gate.inet)) + (gate (inet :a gate.inet)) + (nat (inet :a nat.inet)) ;; ;; Wireless gateway. (untrusted :net untrusted) @@ -105,7 +112,7 @@ (defzone distorted.org.uk ;; Local services. (@ :svc www-frontend) ((www ftp wiki git bugs mail db tor i2p rawk vox www-cache) - (inet :svc guvnor.demon) + (inet :svc vampire.inet) (fretwank :svc vampire)) ;; ;; Internal services. @@ -114,19 +121,22 @@ (defzone distorted.org.uk ;; ;; Wired ethernet. (fretwank :net fretwank) - (metalzone (inet :a guvnor.demon) - (fretwank :a metalzone)) (vampire (fretwank :a vampire) - (inet :a guvnor.demon) + (inet :a vampire.inet) (untrusted :a vampire.untrusted) (iodine :a vampire.iodine)) (obsidian (fretwank :a obsidian)) - (ibanez (fretwank :a ibanez)) + (ibanez (fretwank :a ibanez) + (inet :a ibanez.inet)) (radius (fretwank :a radius) + (inet :a radius.inet) (untrusted :a radius.untrusted)) - (roadstar (fretwank :a roadstar)) - (jem (fretwank :a jem)) - (artist (fretwank :a artist)) + (roadstar (fretwank :a roadstar) + (inet :a roadstar.inet)) + (jem (fretwank :a jem) + (inet :a jem.inet)) + (artist (fretwank :a artist) + (inet :a artist.inet)) (gibson :cname gibson.dhcp) (lespaul :cname lespaul.dhcp) (firebird :cname firebird.dhcp) @@ -145,14 +155,14 @@ (defzone distorted.org.uk (mz (its :a mz)) ;; ;; Delegations. - #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns)) + #+subnet/fretwank (dhcp :ns (vampire.ns)) (io :ns ((ns.io :ip dns-frontend)))) ;;;-------------------------------------------------------------------------- ;;; Other subsidiary zones. (defrevzone trusted - :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) + :ns ((vampire.ns :ip vampire)) :reverse trusted #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns)) #+subnet/fretwank (@ :cidr-delegation @@ -160,11 +170,14 @@ (defrevzone trusted (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa)))) (defrevzone untrusted - :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) + :ns ((vampire.ns :ip vampire)) :reverse untrusted) +(defrevzone inet + :reverse inet) + (defzone dhcp.distorted.org.uk - :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)) + :ns ((vampire.ns :ip vampire)) :net dhcp) (defzone io.distorted.org.uk @@ -172,6 +185,6 @@ (defzone io.distorted.org.uk (about :txt "Fake zone used for IP-over-DNS tunnelling.")) (defzone dhcp.199.29.172.in-addr.arpa - :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))) + :ns ((vampire.ns :ip vampire))) ;;;----- That's all, folks -------------------------------------------------- diff --git a/harlequin.lisp b/harlequin.lisp index 1133965..3090579 100644 --- a/harlequin.lisp +++ b/harlequin.lisp @@ -4,22 +4,23 @@ (load "hosts.lisp" :verbose nil) (setf *default-zone-admin* "hostmaster@distorted.org.uk") +(setf *default-zone-source* 'vampire.distorted.org.uk.) (preferred-subnet-case (fretwank - (setf *default-zone-source* 'vampire.distorted.org.uk.) - (defhost mail metalzone) - (defhost bloghost vampire)) + (defhost mail vampire.fretwank) + (defhost bloghost vampire.fretwank)) (t - (setf *default-zone-source* 'guvnor.distorted.org.uk.) - (defhost mail guvnor.distorted.org.uk) - (defhost bloghost guvnor.distorted.org.uk))) + (defhost mail vampire.demon) + (defhost bloghost vampire.demon))) (defzone harlequin.org.uk ;; ;; Nameservers - :ns ((mythic-beasts-1.ns :ip mythic-ns1) - (mythic-beasts-2.ns :ip mythic-ns2) - (guvnor.ns :ip guvnor.demon)) + :ns #+subnet/fretwank ((vampire.ns :ip vampire)) + #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1) + (mythic-beasts-2.ns :ip mythic-ns2) + (radius.ns :ip radius.demon) + (vampire.ns :ip vampire.demon)) ;; ;; Mail servers :mx ((mail :ip mail)) diff --git a/hosts.lisp b/hosts.lisp index e8b8765..ffd5f21 100644 --- a/hosts.lisp +++ b/hosts.lisp @@ -1,6 +1,7 @@ ;; Static IP addresses for various useful hosts -(defhost guvnor.distorted.org.uk 80.177.3.76) +(defhost radius.demon 62.49.204.146) +(defhost vampire.demon 62.49.204.150) (defhost boyle.nsict.org 85.158.42.162) (defhost chiark.greenend.org.uk 212.13.197.229) (defhost mccoy.flatline.org.uk 80.74.241.31)