Major network reorganization.

There is now a new globally routable /28, used as a DMZ, and the
servers live on that as well as on the existing unsafe network (though
they've been renumbered).  This also means that all of the old NAT
cruft must be swept away.

Life is hard, unfortunately: guvnor is too stupid to have the same
address on multiple network interfaces, so we must assign it two
addresses in the DMZ.

diff --git a/Makefile.m4 b/Makefile.m4
index eee0291..8ec905a 100644 (file)
--- a/Makefile.m4
+++ b/Makefile.m4
@@ -37,7 +37,7 @@ m4_divert(-1)
 
 DOMAIN([distorted], [inet, fretwank],
        [distorted.org.uk, io.distorted.org.uk, dhcp.distorted.org.uk,
-        198.29.172.in-addr.arpa,
+        204.49.62.in-addr.arpa, 198.29.172.in-addr.arpa,
         199.29.172.in-addr.arpa, dhcp.199.29.172.in-addr.arpa])
 DOMAIN([harlequin], [inet, fretwank], [harlequin.org.uk])
 

diff --git a/distorted.lisp b/distorted.lisp
index c7fd629..416d98b 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -6,6 +6,8 @@
 ;;; Network allocations
 ;;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
 
+(defnet inet 62.49.204.144/28)
+
 (defnet distorted.org.uk 172.29.198.0/23
   (untrusted 256
     (wireless 128)
@@ -22,16 +24,22 @@
 ;;; Host allocations
 
 ;; External addresses.
-(defhost guvnor.demon 80.177.3.76)
+(defhost guvnor.inet (inet 1))
+(defhost radius.inet (inet 2))
+(defhost roadstar.inet (inet 3))
+(defhost jem.inet (inet 4))
+(defhost artist.inet (inet 5))
+(defhost vampire.inet (inet 6))
+(defhost ibanez.inet (inet 9))
+(defhost gate.inet (inet 13))
+(defhost nat.inet (inet 14))
 
 ;; Unsafe network.
-(defhost guvnor (unsafe 1))
-(defhost metalzone (unsafe 2))
-(defhost radius (unsafe 3))
-(defhost vampire (unsafe 4))
-(defhost roadstar (unsafe 5))
-(defhost jem (unsafe 6))
-(defhost artist (unsafe 7))
+(defhost radius (unsafe 1))
+(defhost roadstar (unsafe 2))
+(defhost jem (unsafe 3))
+(defhost artist (unsafe 4))
+(defhost vampire (unsafe 5))
 (defhost ibanez (unsafe 14))
 
 ;; Safe network.
@@ -39,9 +47,9 @@
 (defhost obsidian (safe 2))
 
 ;; Wireless network.
-(defhost vampire.untrusted (untrusted 1))
+(defhost radius.untrusted (untrusted 1))
 (defhost evolution (untrusted 2))
-(defhost radius.untrusted (untrusted 3))
+(defhost vampire.untrusted (untrusted 3))
 
 ;; Virtual private network.
 (defhost crybaby (virtual 1))
@@ -60,15 +68,14 @@
 
 (setf *default-zone-admin* "hostmaster@distorted.org.uk")
 
+(setf *default-zone-source* 'vampire.distorted.org.uk.)
 (preferred-subnet-case
   (fretwank
-   (setf *default-zone-source* 'vampire.distorted.org.uk.)
-   (defhost www-frontend metalzone)
+   (defhost www-frontend vampire)
    (defhost dns-frontend vampire))
   (t
-   (setf *default-zone-source* 'guvnor.distorted.org.uk.)
-   (defhost www-frontend guvnor.demon)
-   (defhost dns-frontend guvnor.demon)))
+   (defhost www-frontend vampire.inet)
+   (defhost dns-frontend vampire.inet)))
 
 ;;;--------------------------------------------------------------------------
 ;;; Main zone definition.
@@ -76,12 +83,12 @@
 (defzone distorted.org.uk
   ;;
   ;; Nameservers.
-  :ns #+subnet/fretwank ((metalzone.ns :ip metalzone)
-                        (vampire.ns :ip vampire))
+  :ns #+subnet/fretwank ((vampire.ns :ip vampire))
       #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
                         (mythic-beasts-2.ns :ip mythic-ns2)
                         (chiark.ns :ip chiark.greenend.org.uk)
-                        (guvnor.ns :ip guvnor.demon))
+                        (radius.ns :ip radius.inet)
+                        (vampire.ns :ip vampire.inet))
   ;;
   ;; Mail servers.
   ((@ mail lists bugs cryptomail)
@@ -92,11 +99,11 @@
   :srv ((:http www)
        (:ftp ftp))
   ;;
-  ;; Colocated services.
-  ;;((www ftp git) (inet :svc boyle.nsict.org) (fretwank :svc metalzone))
-  ;;
-  ;; Entry is via little port-forwarding box.
-  (guvnor (inet :a guvnor.demon) (fretwank :a guvnor))
+  ;; Entry is via little router box.
+  (inet :net inet)
+  (guvnor (inet :a guvnor.inet) (fretwank :svc gate.inet))
+  (gate (inet :a gate.inet))
+  (nat (inet :a nat.inet))
   ;;
   ;; Wireless gateway.
   (untrusted :net untrusted)
@@ -105,7 +112,7 @@
   ;; Local services.
   (@ :svc www-frontend)
   ((www ftp wiki git bugs mail db tor i2p rawk vox www-cache)
-   (inet :svc guvnor.demon)
+   (inet :svc vampire.inet)
    (fretwank :svc vampire))
   ;;
   ;; Internal services.
@@ -114,19 +121,22 @@
   ;;
   ;; Wired ethernet.
   (fretwank :net fretwank)
-  (metalzone (inet :a guvnor.demon)
-            (fretwank :a metalzone))
   (vampire (fretwank :a vampire)
-          (inet :a guvnor.demon)
+          (inet :a vampire.inet)
           (untrusted :a vampire.untrusted)
           (iodine :a vampire.iodine))
   (obsidian (fretwank :a obsidian))
-  (ibanez (fretwank :a ibanez))
+  (ibanez (fretwank :a ibanez)
+         (inet :a ibanez.inet))
   (radius (fretwank :a radius)
+         (inet :a radius.inet)
          (untrusted :a radius.untrusted))
-  (roadstar (fretwank :a roadstar))
-  (jem (fretwank :a jem))
-  (artist (fretwank :a artist))
+  (roadstar (fretwank :a roadstar)
+           (inet :a roadstar.inet))
+  (jem (fretwank :a jem)
+       (inet :a jem.inet))
+  (artist (fretwank :a artist)
+         (inet :a artist.inet))
   (gibson :cname gibson.dhcp)
   (lespaul :cname lespaul.dhcp)
   (firebird :cname firebird.dhcp)
@@ -145,14 +155,14 @@
   (mz (its :a mz))
   ;;
   ;; Delegations.
-  #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
+  #+subnet/fretwank (dhcp :ns (vampire.ns))
   (io :ns ((ns.io :ip dns-frontend))))
 
 ;;;--------------------------------------------------------------------------
 ;;; Other subsidiary zones.
 
 (defrevzone trusted
-  :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+  :ns ((vampire.ns :ip vampire))
   :reverse trusted
   #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
   #+subnet/fretwank (@ :cidr-delegation
@@ -160,11 +170,14 @@
                        (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))
 
 (defrevzone untrusted
-  :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+  :ns ((vampire.ns :ip vampire))
   :reverse untrusted)
 
+(defrevzone inet
+  :reverse inet)
+
 (defzone dhcp.distorted.org.uk
-  :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+  :ns ((vampire.ns :ip vampire))
   :net dhcp)
 
 (defzone io.distorted.org.uk
@@ -172,6 +185,6 @@
   (about :txt "Fake zone used for IP-over-DNS tunnelling."))
 
 (defzone dhcp.199.29.172.in-addr.arpa
-  :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)))
+  :ns ((vampire.ns :ip vampire)))
 
 ;;;----- That's all, folks --------------------------------------------------

diff --git a/harlequin.lisp b/harlequin.lisp
index 1133965..3090579 100644 (file)
--- a/harlequin.lisp
+++ b/harlequin.lisp
@@ -4,22 +4,23 @@
 
 (setf *default-zone-admin* "hostmaster@distorted.org.uk")
 
+(setf *default-zone-source* 'vampire.distorted.org.uk.)
 (preferred-subnet-case
   (fretwank
-   (setf *default-zone-source* 'vampire.distorted.org.uk.)
-   (defhost mail metalzone)
-   (defhost bloghost vampire))
+   (defhost mail vampire.fretwank)
+   (defhost bloghost vampire.fretwank))
   (t
-   (setf *default-zone-source* 'guvnor.distorted.org.uk.)
-   (defhost mail guvnor.distorted.org.uk)
-   (defhost bloghost guvnor.distorted.org.uk)))
+   (defhost mail vampire.demon)
+   (defhost bloghost vampire.demon)))
 
 (defzone harlequin.org.uk
   ;;
   ;; Nameservers
-  :ns ((mythic-beasts-1.ns :ip mythic-ns1)
-       (mythic-beasts-2.ns :ip mythic-ns2)
-       (guvnor.ns :ip guvnor.demon))
+  :ns #+subnet/fretwank ((vampire.ns :ip vampire))
+      #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
+                        (mythic-beasts-2.ns :ip mythic-ns2)
+                        (radius.ns :ip radius.demon)
+                        (vampire.ns :ip vampire.demon))
   ;;
   ;; Mail servers
   :mx ((mail :ip mail))

diff --git a/hosts.lisp b/hosts.lisp
index e8b8765..ffd5f21 100644 (file)
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -1,6 +1,7 @@
 ;; Static IP addresses for various useful hosts
 
-(defhost guvnor.distorted.org.uk 80.177.3.76)
+(defhost radius.demon 62.49.204.146)
+(defhost vampire.demon 62.49.204.150)
 (defhost boyle.nsict.org 85.158.42.162)
 (defhost chiark.greenend.org.uk 212.13.197.229)
 (defhost mccoy.flatline.org.uk 80.74.241.31)