unfix.org Network
This page describes the unfix.org network, which currently comprises:
All hosts have native IPv4 and IPv6 connectivity and are published in DNS.
Wireless and wired are bridged on sheol, this allows me to move limbo and
possibly other hosts between wireless and wired or between wired locations
letting them keep the same IP and thus also their connections when possible.
The ADSL is bridged from ethernet to ATM/DSL by the Speedtouch modem.
Connectivity is provided by
BIT BV.
dis, furnace and malebolge are guest/experimental IP's.
(As can be seen most of the hardware is somewhat older, but only gamers need new toys
And indeed, I don't use SixXS IPv6 connectivity unless I am somewhere where there is no, decent, IPv6 connectivity, remember that the goal of SixXS is that we can close it up because there is native IPv6 everywhere.)
| IPv4 address | hostname | Model | CPU Model | Speed | Type | Memory | Distro/OS | Function |
|---|
| 213.154.246.80 | network |
| | | | | | |
| 213.154.246.81 | sheol |
Linksys WRT54GS | Broadcom BCM947XX | 200 mhz | mips | 32 MiB | DD-WRT | Switch/Wireless |
| 213.154.246.82 | heaven |
Homemade | Intel Pentium MMX | 200 mhz | i586 | 256 MiB | Debian GNU/Linux | Old-Storage/Development |
| 213.154.246.83 | limbo |
Toshiba Satelite Pro 6000 | Intel Celeron | 1.066 ghz | i686 | 640 MiB | Windows XP Pro | Console |
| 213.154.246.84 | addiction |
Dell Dimension XPS T500 | Intel Pentium III | 600 mhz | i686 | 768 MiB | Windows XP Pro | Gamestation |
| 213.154.246.85 | thunderstick |
Fujitsu Siemens | Intel Pentium IV | 2.6 ghz | i686 | 512 MiB | Windows Vista Ultimate | Gamestation |
| 213.154.246.86 | hell |
Homemade | Dual Pentium III | 600 mhz | i686 | 1024 MiB | Windows XP Pro | Console/Development |
| 213.154.246.87 | magrathea |
Homemade | Dual Pentium II | 266 mhz | i686 | 512 MiB | NetBSD | Experimental |
| 213.154.246.88 | gehenna |
Linksys WRT54GS | Broadcom BCM947XX | 200 mhz | mips | 32 MiB | DD-WRT | Switch/Wireless |
| 213.154.246.89 | eden |
Linksys NSLU2 | XScale-IXP42x | 266 mhz | armeb | 32 MiB | Debian GNU/Linux | Storage/DNS |
| 213.154.246.90 | paradise |
Linksys NSLU2 | XScale-IXP42x | 266 mhz | armeb | 32 MiB | Debian GNU/Linux | Storage/Audio |
| 213.154.246.91 | dis |
| | | | | | guest |
| 213.154.246.92 | spaghetti |
IBM Thinkpad x60 | Intel Core Duo | 1.83 ghz | i686 | 2048 MiB | Windows XP Pro | Console |
| 213.154.246.93 | malebolge |
| | | | | | guest |
| 213.154.246.94 | purgatory |
HP Pavilion Slimline s7450.nl | AMD Turion 64 Mobile Technology MT-32 | 1.8 ghz | amd64 | 512 MiB | Debian GNU/Linux | Router/DNS/Mail/Jabber/BitlBee/Asterisk/DHCP/PVR |
| 213.154.246.95 | broadcast |
| | | | | | |
Network Services
E-mail, Jabber, BitlBee |
Firewalling & Bogon Filtering |
Slugs |
Storage Network for Archive & Backup |
Audio Setup |
VoIP |
Wireless Connectivity |
SSH - Secure Shell
E-mail, Jabber, BitlBee
E-mail for unfix.org comes in on one of 3 MX's in upgoing priority. This usually
means they end up on purgatory.unfix.org directly in postfix
which, during SMTP DATA passes all the mail through SpamAssassin and
ClamAV using spamass-milter and clamav-milter to weed out all the useless bits.
Viruses and spam will thus be rejected at SMTP time and the sender will get a message of Delivery Status Notification
from their mailer indicating what the reason was for non-delivery.
Dovecot is then used as IMAP-SSL daemon to
supply the email to the IMAP clients (Thunderbird).
Purgatory also runs a local BitlBee server for MSN/ICQ/Yahoo and a Jabber server for the unfix.org domain.
Firewalling & Bogon Filtering
Hostbased and routerbased firewalling is implemented on several places blocking and ratelimiting
several possible malicious ports. Bogon Filtering
is used to take care of packets to should not exist on the internet in the first place.
Several monitoring tools are used to make sure that no intrusions are made.
Slugs
Paradise and eden are two Linksys NSLU2's, of course running at 266mhz instead of the factory 133mhz, which boot using
OpenSlug from flash to kick into existence
the Debian armeb installation from the
attached LaCie 250Gb disks.
The setups are pretty identical except that eden has
a BlueTooth dongle for connecting my Logitech BlueTooth headset to and paradise
has 2 USB2.0 hubs acting as an extension cord. Attached to the hubs are an
Terratec Aureon 5.1 USB MKII and a USB Numpad Keypad, the other ports can be used
for attaching misc storage devices, eg a PIMP or memsticks, which get
automounted and made available over Samba.
Storage Network for Archive & Backup
For archiving the above Slugs are used. They provide 500Gb (2x250Gb) diskspace over
NFS and Samba to the network. Important things are cross-rsynced between the machines
allowing one box to break, though I don't hope that happens. If there would be more
cash to spend this would be a real RAID setup so that hardware could fail.
This storage pool is also used by a couple of remote hosts for backing them up.
Audio Setup
Paradise has the Aureon, which is optically connected to my
Yamaha DSP-A5 Amp.
Music Player Daemon is used to send 48khz audio to the
Aureon. The optical connection takes care of any quality issues, the audio source is the limit
in this case, unless one is a real audiophile of course. The numeric keypad attached
to paradise serves as a control by letting empcd control MPD.
Wireless Connectivity
Wireless connectivity is provided by the two WRT54GS's sheol and gehenna using SSID gouda.nl.unfix.org.
Of course the wireless is not open and you need to know the key to get in.
SSH - Secure Shell
SSHFP DNS RR's are available in DNS for all hosts that have SSH enabled. This allows one to verify the fingerprint additionally from DNS.
To generate SSHFP records convieniently, one can use SSHFP by Paul Wouters and Jakob Appelbaum.
There is no DNSSEC yet, but this will come as soon as .org supports this.
