X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/blobdiff_plain/bda4d30e98bbdd8a499c9d2faa31e7e61de6c00f..HEAD:/hosts.lisp

diff --git a/hosts.lisp b/hosts.lisp
index 79c07e5..b77cd67 100644
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -6,8 +6,8 @@
 ;;; External hosts.
 
 (defhost boyle.nsict.org ((:ipv4 "85.158.42.162")))
-(defhost chiark.greenend.org.uk ((:ipv4 "212.13.197.229")
-				 #+chiark-dns-ipv6 (:ipv6 "2001:ba8:1e3::")))
+(defhost chiark.greenend.org.uk ((:ipv4 "93.93.131.173")
+				 (:ipv6 "2a00:1098:86:130::1")))
 (defhost mccoy.flatline.org.uk "80.74.241.31")
 (defhost mythic-ns1 ((:ipv4 "45.33.127.156")
 		     (:ipv6 "2600:3c00:e000:19::1")))
@@ -28,13 +28,17 @@ (defnet distorted.org.uk "172.29.198/23"
     (hippo "144/28")
     (upn "160/27"))
   (trusted "199.0/24"
-    (wired "0/25"
-      (unsafe "0/27")
-      (dhcp "32/27"))
+    (unsafe "0/25"
+      (unsafe-static00 "0/27")
+      (unsafe-dhcp01 "32/27")
+      (unsafe-dhcp1x "64/26"))
     (vpn "128/27")
     (its "160/30")
-    (colo "176/28")
-    (safe "192/27")
+    (safe "192/27"
+      (safe-static00x "192/29")
+      (safe-static010 "200/30")
+      (safe-dhcp011 "204/30")
+      (safe-dhcp1xx "208/28"))
     (any "224/27")))
 
 ;; Externally routable DMZ from Andrews and Arnold.
@@ -43,28 +47,22 @@ (defnet dmz "81.187.238.128/28")
 (defnet dmz1 "217.169.12.64/28")
 (defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
   (unsafe "1/64"
-    (dhcp "6468:6370/96"))
-  (nany "0/64")
-  (dmz "fff/64")
-  (safe "4001/64")
-  (nvpn "6000/64")
-  (untrusted "8001/64")
-  (nupn "a000/64"))
-
-;; Externally routed colo range.
-(defnet jump "212.13.198.66/28")
-(defnet jump "2001:ba8:0:1d9/64")
-(defnet distorted.org.uk-jump "2001:ba8:1d9/48"
-  (colo "2/64")
+    (unsafe-dhcp "6468:6370/96"))
   (any "0/64")
+  (dmz "fff/64")
+  (safe "4001/64"
+    (safe-dhcp "6468:6370/96"))
   (vpn "6000/64")
+  (untrusted "8001/64")
   (upn "a000/64"))
 
+(defnet jump-ipv6 "2001:ba8:1d9/48")
+
 ;;;--------------------------------------------------------------------------
 ;;; Host allocations
 
 ;; External addresses.
-(defhost guvnor.dmz ((:ipv4 gw 0) (:ipv6 dmz "::1:1")))
+(defhost guvnor.dmz (gw 0))
 (defhost radius.dmz (dmz 1))
 (defhost roadstar.dmz (dmz 2))
 (defhost jem.dmz (dmz 3))
@@ -75,18 +73,6 @@ (defhost ibanez.dmz (dmz 9))
 (defhost anon.dmz (dmz 12))
 (defhost nat.dmz ((:ipv4 dmz 14)))
 
-;; Colocated addresses.
-(defhost gate.jump ((:ipv6 jump 2)))
-(defhost fender.jump (jump 5))
-(defhost precision.jump (jump 6))
-(defhost telecaster.jump (jump 7))
-(defhost stratocaster.jump (jump 8))
-(defhost jazz.jump (jump 9))
-(defhost marshall.jump ((:ipv4 jump 11) (:ipv6 jump "::2:1")))
-(defhost richmond.jump ((:ipv4 jump 12) (:ipv6 jump "::1:1")))
-(defhost anon.jump (jump 13))
-(defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff")))
-
 ;; Formerly colocated addresses.
 (defhost precision.dmz ((:ipv4 dmz1 1) (:ipv6 dmz 33)))
 (defhost telecaster.dmz ((:ipv4 dmz1 2) (:ipv6 dmz 34)))
@@ -97,6 +83,10 @@ (defhost marshall.dmz ((:ipv4 dmz1 11) (:ipv6 dmz "::2:1")))
 (defhost richmond.dmz ((:ipv4 dmz1 12) (:ipv6 dmz "::1:1")))
 (defhost blackhole.dmz ((:ipv4 dmz1 14) (:ipv6 dmz "::ffff")))
 
+;; Jump virtual hosts.
+(defhost eggle.jump ((:ipv4 "185.73.44.143")
+		     (:ipv6 jump-ipv6 "8002::1")))
+
 ;; Linode virtual hosts.
 (defhost national.linode ((:ipv4 "45.33.118.239")
 			  (:ipv6 "2600:3c00::f03c:91ff:fe3b:d7c1")))
@@ -122,9 +112,10 @@ (defhost crybaby.unsafe ((:ipv6 unsafe "216:eaff:fec2:4cb8")))
 (defhost lespaul.unsafe ((:ipv6 unsafe "a00:27ff:fef5:aaef")))
 (defhost haze.unsafe ((:ipv6 unsafe "5056:a8ff:fe01:5654")))
 (defhost gretsch.unsafe ((:ipv6 unsafe "3a2c:4aff:fe6d:e768")))
+(defhost spirit.unsafe ((:ipv6 unsafe "568d:5aff:fed9:18b8")))
 (defhost invader.safe ((:ipv6 safe "a00:27ff:fe94:a5d7")))
 (defhost marauder.safe ((:ipv6 safe "a00:27ff:fe6a:7846")))
-(defhost spirit.unsafe ((:ipv6 unsafe "568d:5aff:fed9:18b8")))
+(defhost unicorn.safe ((:ipv6 safe "20e:c6ff:fe90:a926")))
 
 ;; Safe network.
 (defhost radius.safe (safe 1))
@@ -136,6 +127,7 @@ (defhost tritan.safe (safe 6))
 (defhost kitkat.safe (safe 7))
 (defhost lunch.safe (safe 8))
 (defhost burntaxe.safe (safe 9))
+(defhost unicorn.safe ((:ipv4 safe 10)))
 
 ;; Wireless network.
 (defhost radius.untrusted (untrusted 1))
@@ -155,22 +147,10 @@ (defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
 (defhost spirit.vpn ((:ipv4 vpn 9) (:ipv6 vpn "::9:1")))
 (defhost groove.vpn ((:ipv4 vpn 10) (:ipv6 vpn "::10:1")))
 
-(defhost crybaby.nvpn ((:ipv6 nvpn "::1:1")))
-(defhost orange.nvpn ((:ipv6 nvpn "::3:1")))
-(defhost haze.nvpn ((:ipv6 nvpn "::4:1")))
-(defhost radius.nvpn ((:ipv6 nvpn "::5:1")))
-(defhost precision.nvpn ((:ipv6 nvpn "::6:1")))
-(defhost jazz.nvpn ((:ipv6 nvpn "::7:1")))
-(defhost vampire.nvpn ((:ipv6 nvpn "::8:1")))
-(defhost spirit.nvpn ((:ipv6 nvpn "::9:1")))
-(defhost groove.nvpn ((:ipv6 nvpn "::10:1")))
-
 ;; Untrusted private network.
 (defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))
 (defhost mdwdev.upn ((:ipv4 upn 2) (:ipv6 upn "::2:1")))
-
-(defhost national.nupn ((:ipv6 nupn "::1:1")))
-(defhost mdwdev.nupn ((:ipv6 nupn "::2:1")))
+(defhost eggle.upn ((:ipv4 upn 3) (:ipv6 upn "::3:1")))
 
 ;; Iodine network.
 (defhost jazz.iodine (iodine 1))
@@ -185,13 +165,6 @@ (defhost spirit.hippo (hippo 3))
 (defhost gw.its (its 1))
 (defhost mz.its (its 2))
 
-;; Internal (VPN) addresses for colocated services.
-(defhost fender.colo (colo 1))
-(defhost precision.colo (colo 2))
-(defhost telecaster.colo (colo 3))
-(defhost stratocaster.colo (colo 4))
-(defhost jazz.colo (colo 5))
-
 ;; Anycast addresses for services.
 (defhost dns0.any ((:ipv4 any 0) (:ipv6 any "::0:1")))
 (defhost dns1.any ((:ipv4 any 1) (:ipv6 any "::1:1")))
@@ -201,34 +174,25 @@ (defhost www-cache.any ((:ipv4 any 4) (:ipv6 any "::4:1")))
 (defhost krb0.any ((:ipv4 any 5) (:ipv6 any "::5:1")))
 (defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1")))
 
-(defhost dns0.nany ((:ipv6 nany "::0:1")))
-(defhost dns1.nany ((:ipv6 nany "::1:1")))
-(defhost ntp0.nany ((:ipv6 nany "::2:1")))
-(defhost ntp1.nany ((:ipv6 nany "::3:1")))
-(defhost www-cache.nany ((:ipv6 nany "::4:1")))
-(defhost krb0.nany ((:ipv6 nany "::5:1")))
-(defhost krb1.nany ((:ipv6 nany "::6:1")))
-
 ;;;--------------------------------------------------------------------------
 ;;; Host switch.
 
 (preferred-subnet-case
-  ((unsafe colo)
+  (unsafe
    (defhost radius radius.unsafe)
    (defhost vampire vampire.unsafe)
-   (defhost precision precision.colo)
-   (defhost telecaster telecaster.colo)
-   (defhost stratocaster stratocaster.colo)
-   (defhost national national.upn))
+   (defhost precision precision.unsafe)
+   (defhost telecaster telecaster.unsafe)
+   (defhost stratocaster stratocaster.unsafe)
+   (defhost national national.upn)
+   (defhost eggle eggle.upn))
   (t
    (defhost radius radius.dmz)
    (defhost vampire vampire.dmz)
-   (defhost precision precision.jump)
-   (defhost telecaster telecaster.jump)
-   (defhost stratocaster stratocaster.jump)
-   (defhost national national.linode)))
-
-(defhost marshall marshall.jump)
-(defhost mdwdev mdwdev.upn)
+   (defhost precision precision.dmz)
+   (defhost telecaster telecaster.dmz)
+   (defhost stratocaster stratocaster.dmz)
+   (defhost national national.linode)
+   (defhost eggle eggle.jump)))
 
 ;;;----- That's all, folks --------------------------------------------------