From: Mark Wooding Date: Tue, 19 Jul 2011 08:34:38 +0000 (+0100) Subject: distorted.lisp, harlequin.lisp, hosts.lisp: Reorgranization. X-Git-Url: https://git.distorted.org.uk/~mdw/zones/commitdiff_plain/ff6c53ad07d4f9987d648085e8c0656fa825322d distorted.lisp, harlequin.lisp, hosts.lisp: Reorgranization. * Move the distorted host definitions into hosts.lisp, because harlequin is still using raw hostnames which are being resolved. * Qualify all of the basic host definitions. * Move the name switch there too, and use unqualified hostnames to indicate view-dependent mappings. * Rename some of the networks, most obviously inet -> dmz. --- diff --git a/Makefile b/Makefile index 0c4632e..17fa80f 100644 --- a/Makefile +++ b/Makefile @@ -51,8 +51,8 @@ ZONESETS = ZONESETS += distorted distorted_VIEWS = inside outside -distorted_outside_NETS = inet -distorted_inside_NETS = fretwank +distorted_outside_NETS = dmz +distorted_inside_NETS = unsafe distorted_all_ZONES = distorted.org.uk io.distorted.org.uk distorted_inside_ZONES = 199.29.172.in-addr.arpa @@ -63,8 +63,8 @@ distorted_inside_ZONES = 199.29.172.in-addr.arpa ZONESETS += harlequin harlequin_VIEWS = inside outside -harlequin_outside_NETS = inet -harlequin_inside_NETS = fretwank +harlequin_outside_NETS = dmz +harlequin_inside_NETS = unsafe harlequin_all_ZONES = harlequin.org.uk diff --git a/distorted.lisp b/distorted.lisp index b264645..3ff1057 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -3,79 +3,11 @@ (load "hosts.lisp" :verbose nil) ;;;-------------------------------------------------------------------------- -;;; Network allocations -;;; (RFC1918 addresses are allocated from Cambridge G-RIN.) - -(defnet inet 62.49.204.144/28) - -(defnet distorted.org.uk 172.29.198.0/23 - (untrusted 256 - (wireless 128) - (iodine 16)) - (trusted 256 - (fretwank 128 - (unsafe 32) - (dhcp 32) - (safe 32)) - (virtual 32) - (its 4))) - -;;;-------------------------------------------------------------------------- -;;; Host allocations - -;; External addresses. -(defhost guvnor.inet (inet 1)) -(defhost radius.inet (inet 2)) -(defhost roadstar.inet (inet 3)) -(defhost jem.inet (inet 4)) -(defhost artist.inet (inet 5)) -(defhost vampire.inet (inet 6)) -(defhost ibanez.inet (inet 9)) -(defhost gate.inet (inet 13)) -(defhost nat.inet (inet 14)) - -;; Unsafe network. -(defhost radius (unsafe 1)) -(defhost roadstar (unsafe 2)) -(defhost jem (unsafe 3)) -(defhost artist (unsafe 4)) -(defhost vampire (unsafe 5)) -(defhost ibanez (unsafe 14)) - -;; Safe network. -(defhost tubescreamer (safe 1)) -(defhost obsidian (safe 2)) - -;; Wireless network. -(defhost radius.untrusted (untrusted 1)) -(defhost evolution (untrusted 2)) -(defhost vampire.untrusted (untrusted 3)) - -;; Virtual private network. -(defhost crybaby (virtual 1)) -(defhost terror (virtual 2)) - -;; Iodine network. -(defhost vampire.iodine (iodine 1)) - -;; Special network for ITS. -;; It doesn't understand point-to-point links, so we need a little net. -(defhost gw (its 1)) -(defhost mz (its 2)) - -;;;-------------------------------------------------------------------------- ;;; Other definitions. (setf *default-zone-admin* "hostmaster@distorted.org.uk") -(setf *default-zone-source* 'vampire.distorted.org.uk.) -(preferred-subnet-case - (internal - (defhost www-frontend vampire) - (defhost dns-frontend vampire)) - (t - (defhost www-frontend vampire.inet) - (defhost dns-frontend vampire.inet))) +(setf *default-zone-source* 'radius.distorted.org.uk.) ;;;-------------------------------------------------------------------------- ;;; Main zone definition. @@ -83,12 +15,13 @@ (defzone distorted.org.uk ;; ;; Nameservers. - :ns #+view/inside ((vampire.ns :ip vampire)) - #-view/inside ((mythic-beasts-1.ns :ip mythic-ns1) + :ns #+view/inside ((radius.ns :ip radius) + (vampire.ns :ip vampire)) + #-view/inside ((radius.ns :ip radius) + (vampire.ns :ip vampire) + (mythic-beasts-1.ns :ip mythic-ns1) (mythic-beasts-2.ns :ip mythic-ns2) - (chiark.ns :ip chiark.greenend.org.uk) - (radius.ns :ip radius.inet) - (vampire.ns :ip vampire.inet)) + (chiark.ns :ip chiark.greenend.org.uk)) ;; ;; Mail servers. ((@ mail lists bugs cryptomail) @@ -100,43 +33,44 @@ (:ftp ftp)) ;; ;; Entry is via little router box. - (inet :net inet) - (guvnor (inet :a guvnor.inet) (internal :svc gate.inet)) - (gate (inet :a gate.inet)) - (nat (inet :a nat.inet)) + (dmz :net dmz) + (guvnor (inside :svc gate.dmz) (dmz :a guvnor.dmz)) + (gate (dmz :a gate.dmz)) + (nat (dmz :a nat.dmz)) ;; ;; Wireless gateway. - (untrusted :net untrusted) - (evolution (untrusted :a evolution)) + (wireless :net wireless) + (evolution (untrusted :a evolution.untrusted)) ;; ;; Local services. - :svc www-frontend + :svc vampire ((www ftp wiki git bugs mail db tor i2p rawk vox www-cache) - (inet :svc vampire.inet) - (internal :svc vampire)) + :svc vampire) ;; ;; Internal services. - ((ntp) (internal :svc ibanez)) - ((wpad ntp1 news) (internal :svc vampire)) + #+view/inside ((ntp) :svc ibanez.unsafe) + #+view/inside ((wpad ntp1 news) :svc vampire.unsafe) ;; ;; Wired ethernet. - (internal :net fretwank) - (vampire (internal :a vampire) - (inet :a vampire.inet) + (wired :net wired) + (vampire (unsafe :a vampire.unsafe) + (dmz :a vampire.dmz) (untrusted :a vampire.untrusted) (iodine :a vampire.iodine)) - (obsidian (internal :a obsidian)) - (ibanez (internal :a ibanez) - (inet :a ibanez.inet)) - (radius (internal :a radius) - (inet :a radius.inet) + (obsidian (safe :a obsidian.safe)) + (ibanez (unsafe :a ibanez.unsafe) + (dmz :a ibanez.dmz)) + (radius (unsafe :a radius.unsafe) + (dmz :a radius.dmz) (untrusted :a radius.untrusted)) - (roadstar (internal :a roadstar) - (inet :a roadstar.inet)) - (jem (internal :a jem) - (inet :a jem.inet)) - (artist (internal :a artist) - (inet :a artist.inet)) + (roadstar (unsafe :a roadstar.unsafe) + (dmz :a roadstar.dmz)) + (jem (unsafe :a jem.unsafe) + (dmz :a jem.dmz)) + (artist (unsafe :a artist.unsafe) + (dmz :a artist.dmz)) + ;; + ;; DHCP hosts. (gibson :cname gibson.dhcp) (lespaul :cname lespaul.dhcp) (firebird :cname firebird.dhcp) @@ -145,46 +79,51 @@ ;; ;; Virtual network. (virtual :net virtual) - (crybaby (virtual :a crybaby)) - (terror (virtual :a terror)) + (crybaby (virtual :a crybaby.virtual)) + (terror (virtual :a terror.virtual)) (iodine :net iodine) ;; ;; ITS. (its :net its) - (gw (its :a gw)) - (mz (its :a mz)) + (gw (its :a gw.its)) + (mz (its :a mz.its)) ;; ;; Delegations. - #+view/inside (dhcp :ns (vampire.ns)) - (io :ns ((ns.io :ip dns-frontend)))) + #+view/inside (dhcp :ns (radius.ns vampire.ns)) + (io :ns ((ns.io :ip vampire)))) ;;;-------------------------------------------------------------------------- ;;; Other subsidiary zones. (defrevzone trusted - :ns ((vampire.ns :ip vampire)) + :ns ((radius.ns :ip radius) + (vampire.ns :ip vampire)) :reverse trusted - #+view/inside (dhcp :ns (metalzone.ns vampire.ns)) - #+view/inside (@ :cidr-delegation - (dhcp - (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa)))) + (dhcp :ns (radius.ns vampire.ns)) + (@ :cidr-delegation + (dhcp (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa)))) (defrevzone untrusted - :ns ((vampire.ns :ip vampire)) + :ns ((radius.ns :ip radius) + (vampire.ns :ip vampire)) :reverse untrusted) -(defrevzone inet - :reverse inet) +(defrevzone dmz + :ns ((radius.ns :ip radius) + (vampire.ns :ip vampire)) + :reverse dmz) (defzone dhcp.distorted.org.uk - :ns ((vampire.ns :ip vampire)) + :ns ((radius.ns :ip radius) + (vampire.ns :ip vampire)) :net dhcp) (defzone io.distorted.org.uk - :ns ((ns :ip dns-frontend)) + :ns ((ns :ip vampire)) (about :txt "Fake zone used for IP-over-DNS tunnelling.")) (defzone dhcp.199.29.172.in-addr.arpa - :ns ((vampire.ns :ip vampire))) + :ns ((radius.ns :ip radius) + (vampire.ns :ip vampire))) ;;;----- That's all, folks -------------------------------------------------- diff --git a/harlequin.lisp b/harlequin.lisp index e1bdb18..789282a 100644 --- a/harlequin.lisp +++ b/harlequin.lisp @@ -4,26 +4,20 @@ (setf *default-zone-admin* "hostmaster@distorted.org.uk") -(setf *default-zone-source* 'vampire.distorted.org.uk.) -(preferred-subnet-case - (internal - (defhost mail vampire) - (defhost bloghost vampire)) - (t - (defhost mail vampire.demon) - (defhost bloghost vampire.demon))) +(setf *default-zone-source* 'radius.distorted.org.uk.) (defzone harlequin.org.uk ;; ;; Nameservers - :ns #+view/inside ((vampire.ns :ip vampire)) - #-view/inside ((mythic-beasts-1.ns :ip mythic-ns1) - (mythic-beasts-2.ns :ip mythic-ns2) - (radius.ns :ip radius.demon) - (vampire.ns :ip vampire.demon)) + :ns #+view/inside ((radius.ns :ip radius) + (vampire.ns :ip vampire)) + #-view/inside ((radius.ns :ip radius) + (vampire.ns :ip vampire) + (mythic-beasts-1.ns :ip mythic-ns1) + (mythic-beasts-2.ns :ip mythic-ns2)) ;; ;; Mail servers - :mx ((mail :ip mail)) + :mx ((mail :ip vampire)) :srv ((:smtp mail)) ;; ;; Web service @@ -31,4 +25,4 @@ :srv ((:http www)) ;; ;; Web log (currently local) - (bindery :svc bloghost)) + (bindery :svc vampire)) diff --git a/hosts.lisp b/hosts.lisp index ffd5f21..7393a7c 100644 --- a/hosts.lisp +++ b/hosts.lisp @@ -1,9 +1,87 @@ -;; Static IP addresses for various useful hosts +;;; -*-lisp-*- +;;; +;;; distorted.org.uk hosts and networks, and other useful addresses. + +;;;-------------------------------------------------------------------------- +;;; External hosts. -(defhost radius.demon 62.49.204.146) -(defhost vampire.demon 62.49.204.150) (defhost boyle.nsict.org 85.158.42.162) (defhost chiark.greenend.org.uk 212.13.197.229) (defhost mccoy.flatline.org.uk 80.74.241.31) (defhost mythic-ns1 69.56.173.190) (defhost mythic-ns2 93.93.128.67) + +;;;-------------------------------------------------------------------------- +;;; Internal addresses. + +;; Externally routable DMZ. +(defnet dmz 62.49.204.144/28) + +;; (RFC1918 addresses are allocated from Cambridge G-RIN.) +(defnet distorted.org.uk 172.29.198.0/23 + (untrusted 256 + (wireless 128) + (iodine 16)) + (trusted 256 + (wired 128 + (unsafe 32) + (dhcp 32) + (safe 32)) + (virtual 32) + (its 4))) + +;;;-------------------------------------------------------------------------- +;;; Host allocations + +;; External addresses. +(defhost guvnor.dmz (dmz 1)) +(defhost radius.dmz (dmz 2)) +(defhost roadstar.dmz (dmz 3)) +(defhost jem.dmz (dmz 4)) +(defhost artist.dmz (dmz 5)) +(defhost vampire.dmz (dmz 6)) +(defhost ibanez.dmz (dmz 9)) +(defhost gate.dmz (dmz 13)) +(defhost nat.dmz (dmz 14)) + +;; Unsafe network. +(defhost radius.unsafe (unsafe 1)) +(defhost roadstar.unsafe (unsafe 2)) +(defhost jem.unsafe (unsafe 3)) +(defhost artist.unsafe (unsafe 4)) +(defhost vampire.unsafe (unsafe 5)) +(defhost ibanez.unsafe (unsafe 14)) + +;; Safe network. +(defhost tubescreamer.safe (safe 1)) +(defhost obsidian.safe (safe 2)) + +;; Wireless network. +(defhost radius.untrusted (untrusted 1)) +(defhost evolution.untrusted (untrusted 2)) +(defhost vampire.untrusted (untrusted 3)) + +;; Virtual private network. +(defhost crybaby.virtual (virtual 1)) +(defhost terror.virtual (virtual 2)) + +;; Iodine network. +(defhost vampire.iodine (iodine 1)) + +;; Special network for ITS. +;; It doesn't understand point-to-point links, so we need a little net. +(defhost gw.its (its 1)) +(defhost mz.its (its 2)) + +;;;-------------------------------------------------------------------------- +;;; Host switch. + +(preferred-subnet-case + (dmz + (defhost radius radius.dmz) + (defhost vampire vampire.dmz)) + (t + (defhost radius radius.unsafe) + (defhost vampire vampire.unsafe))) + +;;;----- That's all, folks --------------------------------------------------