Network: Difference between revisions

From Nottinghack Wiki
Jump to navigation Jump to search
Line 45: Line 45:
* general usage account is 'nottinghack'
* general usage account is 'nottinghack'
* members can have personal accounts on request (512meg soft limit?)
* members can have personal accounts on request (512meg soft limit?)
[[User:Msemtd|Michael Erskine]] 13:11, 10 February 2011 (GMT)
[[User:Lwk|Lwk]] 21:34, 20 February 2011 (GMT)


== Equipment ==
== Equipment ==
See [[Network/Equipment|here]] for a list of our network gear
See [[Network/Equipment|here]] for a list of our network gear

Revision as of 22:35, 20 February 2011

Network

This page will be used for discussion of the proposed network topology & for suggestions for network design / modification.

A
Proposed Layout


IP address ranges can be decided on implementation & set to sensible ranges, with reserved IP's outside of DHCP, unless there are any specific requirements.

The above config sets anything connected directly to the switch as a 1st level DMZ, aimed for services / clients that need to be outwardly facing with little / no restrictions.


All machines / services connected via the router are designed to allow access to the internet, and to services or resources, but not remote access from the internet (unless via the VPN - not enabled initially).

The router would offer 2 WiFi access points - 1 for Nottinghack permanent members & 1 for potential clients (Anthem films etc).


These would be on seperate VLANS - the Nottinghack VLAN would have access to local resources - e.g. a future NAS file-share, a local dropbox server for projects & collaborations, a backup of all Web / Wiki files (to allow a remote restore in the event of moving hosts / outage of services) and anything else we don't want to be web facing.


The VPN (when enabled) would allow remote management of the VLANS, which could come in handy in the event of issues with the client WiFi access point.


  • Note: the Admin PC would not be a static machine, rather the switch would be configured to only allow admin access to designated machines, via MAC binding, as well as knowledge of the required login's etc. This would help prevent any user with physical access to the switch to alter the permissions / settings unless they were an "Authorised user". As far as "Authorised users" go, I'd suggest that anyone who is a permanent member, with access to all of the key-codes & building key should be eligible. Usual rules apply, as to any tool - if you don't know how to use it / don't do anything :)


I'm undecided about remote management of the gigabit switch, as I've yet to check out it's functionality / certificate management.

Suggestions / comments?


Holly

Holly prides himself on the fact he had an IQ of 6,000 (apparently the same IQ as 6,000 PE teachers or 12,000 car park attendants), but after three million years by himself, he had become computer senile, or as Holly put it, "a bit peculiar".

Our first server is past the days of being called fast or prim hardware, it can take a while to boot/respond. However its likely to be our only workhorse for a little while so please don't ridicule Holly on his senility!

Fanless Via Epia Mini-ITX 533MHz

  • 512mb RAM
  • 1 20GB HDD (/, /var, /var/log, /tmp, swap, /usr)
  • 1 13GB HDD (/home)
  • ubuntu 10.04LTS
  • Low power so fine for always-on.
  • Has parallel port!
  • Has serial port!
  • Ripe for HackSpace Instrumentation
  • general usage account is 'nottinghack'
  • members can have personal accounts on request (512meg soft limit?)

Equipment

See here for a list of our network gear