From eeef9373b80022ec3be4a48b01fcabf13192db6e Mon Sep 17 00:00:00 2001 From: arf20 Date: Sun, 25 Feb 2024 14:09:08 +0100 Subject: Add arfnet2 to about --- about/about.css | 81 ++++ about/arfnet2.html | 1168 ++++++++++++++++++++++++++++++++++++++++++++++++++++ about/arfnet2.pdf | Bin 0 -> 141075 bytes about/index.html | 66 +++ 4 files changed, 1315 insertions(+) create mode 100644 about/about.css create mode 100644 about/arfnet2.html create mode 100644 about/arfnet2.pdf create mode 100755 about/index.html (limited to 'about') diff --git a/about/about.css b/about/about.css new file mode 100644 index 0000000..5af0aeb --- /dev/null +++ b/about/about.css @@ -0,0 +1,81 @@ +.verticaltext { + text-align: center; + writing-mode: vertical-rl; + transform: rotate(180deg); +} + +.row { + display: flex; +} + +.col { + flex: 33%; + padding: 40px; +} + +.col2 { + float: left; + width: 100%; +} + +.text { + margin-left: 20px; +} + +.invisibletd { + padding-left: 20px; +} + +.title { + font-size: 36px; +} + +header *{ + display: inline-block; +} + +*{ + vertical-align: middle; + max-width: 100%; +} + +.pic100 { + width: 100%; +} + +.pic50 { + width: 49%; +} + +.pic2 { + width: calc(100% / 3); +} + +.img { + margin-bottom: 10px; +} + +.div { + margin: auto; + max-width: 1024px; +} + +.aecenter { + text-align: center; + display: flex; + justify-content: space-between; +} + +p, li { + font-size: 20px; +} + +@media only screen and (max-width: 600px) { + .div { + width: 100%; + } +} + +table, th, td { + border: 1px solid black; +} diff --git a/about/arfnet2.html b/about/arfnet2.html new file mode 100644 index 0000000..d4f7488 --- /dev/null +++ b/about/arfnet2.html @@ -0,0 +1,1168 @@ + + + + + + + + +

ARFNET2 deployment

+

After the disastrous ISP schism

+

Masterplan

+

Stage 1: very safe - Close all ports - Nuke (or stop) all old VMs + (exclude OPNSense) - Make DMZ - Make new basic VMs (cloning deb12 + template) - Open basic ports

+

Stage 2: new services - IONOS VPS for mail - Some new very safe + services - HE IPv6 tunnel - Own authoritative nameservers for domain + zone

+

Stage 3*: finally - Another VPS in unknown provider for - Tor - + Reverse-proxying the media library - PHP on main site with more web + services from scratch, hopefully secure - More new services

+

Domain

+

arf20.com

+

Registrar: namecheap

+

Name sever glue records + at registrar

+ + + + + + + + + + + + + + + + + + + + +
NameserverNameIP
NS1ns1.arf20.com2.59.235.35
2001:470:1f21:125::13
NS2ns2.arf20.com5.250.186.185
2001:ba0:210:d600::1
+

Networking

+

Hardware

+ 
                   WAP
+                    |
+       +-----+   +--------------------------+     +----------------+
+ISP ===| ONT |---| DELL switch              |-----| TP-Link switch |
+       +-----+   +--------------------------+     +----------------+
+                    |        |          |                |
+                    |        |          |                |
+                 +---------------+  Rest of devices   Living room devices
+                 | eno1     eno2 |
+                 | server router |
+                 +---------------+
+                   
+- 1000BASE-T
+= GPON fiber
+

DELL PowerConnect 5424 + switch

+

Port assignents

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
portendpointoptions
g2ONTVLAN access 2
g4server eno2 WANVLAN access 2
g6test2VLAN access 2
g3WAPVLAN access 5
g5PCVLAN access 4
g7Living R.VLAN access 5
g9server eno1 DMZ+LANVLAN trunk 4, 5
g15test4VLAN access 4
g17test1VLAN access 1
g19test5VLAN access 5
g21iDRACVLAN access 4
g23printerVLAN access 4
+

Management

+ +

Public IPs

+ +

Gateways

+ +

Physical and Logical + Networks

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
nameVLANnetdesc
WAN2
DMZ4192.168.4.0/24
2001:470:1f21:125::/64		Services
LAN5192.168.5.0/24Clients
VPN10.5.0.0/24Wireguard clients
+

Firewall

+

Interface Rules

+ +

IPv4 NAT Rules

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ServiceCustomerIPProtoExt PortHostRe Port
OpenVPNTCP1195router
WireGuardUDP51820router
DNS NS1TCP/UDP53misc
iperf3TCP5201misc
NNTPTCP119misc
WebTCP80,443web
GitTCP9418web
bittorrentTCP/UDP8999nas
rsyncTCP/UDP873nas
IRCTCP6667comm
IRCSTCP6697comm
XMPP c2sTCP5222comm
XMPP s2sTCP5269comm
TURN STUNTCP/UDP3478comm
TURNTCP/UDP5349comm
TURN UDP relayTCP/UDP49152-50176comm
mc-waterfall-proxyTCP25565game25567
exo-sshexoTCP4041exovps22
exo-extraexoTCP4040exovps4040
yero-sshyeroTCP1511yerovps22
yero-sqlyeroTCP1512yerovps3306
FiveM SuperioresRPyeroTCP30120,40120yerovps
+

IPv6 port rules

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
ServiceCustomerIPProtoHostPort
DNS NS1TCP/UDPmisc53
WebTCPweb80,443
+

Hosts

+ +

Management

+ +

server VMs and services

+

server runs Proxmox PVE.

+

All VMs are Debian 12 (templated) with wazuh agent

+

proxmox DMZ.4 (hypervisor)

+ +

router DMZ.1

+ +

nas DMZ.6

+

RAID attached here (with the grey stuff) (local only)

+ +

web DMZ.9

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
vhostwebroot/proxyComment
default<return 418 im a teapot>
default:8080<return nstub_status>
arf20.com/var/www/arf20.com/html/
www.arf20.com<301 redirect arf20.com>
matrix.arf20.comhttp://comm.lan:8008/_matrix
webmail.arf20.com/var/www/webmail.arf20.com/html/SquirrelMail
nextcloud.arf20.com/var/www/nextcloud.arf20.com/html/
grafana.arf20.comhttp://localhost:3000
jellyfin.arf20.comhttp://nas.lan:8096
git.arf20.com/srv/git/
cgit.arf20.comfastcgi:/usr/lib/cgit/cgit.cgi
blog.arf20.com/var/www/blog.arf20.com/_site/
forum.arf20.com/var/www/forum.arf20.com/html/
deb.arf20.com/d/FTPServer/software/debian/
memes.arf20.com/var/www/memes.arf20.com/, /d/FTPserver/{dcimg, dcmemes, + explosionsandfire}
news.arf20.comWeb-News NNTP newsgroups frontend*
status.yero.devhttp://yerovps.lan:3001
+

wazuh DMZ.10

+ +

game DMZ.11

+ +

comm DMZ.12

+ +

misc (Deb12 LXC) DMZ.13

+ +

pubnix?*

+

mail + (ARFNET-IONOS VPS) 5.250.186.185 2001:ba0:210:d600::1

+ +

proxy (ARFNET-HOSTMENOW VPS) + *

+ +
+

yerovps DMZ.192 (yero)

+ +

exovps DMZ.195 (exo)

+ +

*TODO

+

Internal Name and + Number Assignation Table

+

DMZ IPv4s and IPv6 ends in the same way

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AddrName
DMZ.1router.lan
DMZ.2switch.lan
DMZ.3wap.lan
DMZ.4proxmox.lan
DMZ.5idrac.lan
DMZ.6nas.lan
DMZ.7printer.lan
DMZ.8desktop.lan
DMZ.9web.lan
DMZ.10wazuh.lan
DMZ.11game.lan
DMZ.12comm.lan
DMZ.13misc.lan
DMZ.192yerovps
DMZ.195exovps
+

Domain DNS zone

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeContentComment
@NSns1.arf20.com
@NSns2.arf20.com
ns1A2.59.235.35
ns1AAAA2001:470:1f21:125::13
ns2A5.250.186.185
ns2AAAA2001:ba0:210:d600::1
arf20.comA2.59.235.35
arf20.comAAAA2001:470:1f21:125::9
mail.arf20.comA5.250.186.185ARFNET-IONOS
mail.arf20.comAAAA2001:ba0:210:d600::1ARFNET-IONOS
web.arf20.comA2.59.235.35
web.arf20.comAAAA2001:470:1f21:125::9
game.arf20.comA2.59.235.35
game.arf20.comAAAA2001:470:1f21:125::11
comm.arf20.comA2.59.235.35
comm.arf20.comAAAA2001:470:1f21:125::12
misc.arf20.comA2.59.235.35
misc.arf20.comAAAA2001:470:1f21:125::13
irc.arf20.comCNAMEcomm.arf20.com
jellyfin.arf20.comCNAMEweb.arf20.com
matrix.arf20.comCNAMEweb.arf20.com
nextcloud.arf20.comCNAMEweb.arf20.com
turn.arf20.comCNAMEcomm.arf20.com
webmail.arf20.comCNAMEweb.arf20.com
www.arf20.comCNAMEweb.arf20.com
xmpp.arf20.comCNAMEcomm.arf20.com
xmppconf.arf20.comCNAMEcomm.arf20.com
grafana.arf20.comCNAMEweb.arf20.com
git.arf20.comCNAMEweb.arf20.com
cgit.arf20.comCNAMEweb.arf20.com
blog.arf20.comCNAMEweb.arf20.com
forum.arf20.comCNAMEweb.arf20.com
deb.arf20.comCNAMEweb.arf20.com
zabbix.arf20.comCNAMEweb.arf20.com
memes.arf20.comCNAMEweb.arf20.com
news.arf20.comCNAMEmisc.arf20.com
_acme-challenge.jellyfinCNAME(challenge)
_acme-challenge.ircCNAME(challenge)
_acme-challenge.matrixCNAME(challenge)
_acme-challenge.mailCNAME(challenge)
_acme-challenge.xmppCNAME(challenge)
arf20.comMXmail.arf20.com
selector._domainkeyTXT(DKIM)DKIM for selector ‘selector’
_dmarcTXT(DMARC)
arf20.comTXT(SPF)
+

HE v6 rDNS zone

+ + + + + + + + + + + + + + + + + + + + + + + +
NameTypeContentComment
2001:470:1f21:125::13PTRns1.arf20.com
2001:470:1f21:125::9PTRarf20.com
+

IONOS rDNS zone

+ + + + + + + + + + + + + + + + + +
NameTypeContentComment
5.250.186.185PTRmail.arf20.com
+ + diff --git a/about/arfnet2.pdf b/about/arfnet2.pdf new file mode 100644 index 0000000..7fc2afd Binary files /dev/null and b/about/arfnet2.pdf differ diff --git a/about/index.html b/about/index.html new file mode 100755 index 0000000..608baef --- /dev/null +++ b/about/index.html @@ -0,0 +1,66 @@ + + + + + + + ARFNET + + + +
+ + ARFNET +
+
+

About ARFNET

+

ARFNET technical description

+
+

+ ARFNET is a non-profit organization (a homelab really) devoted to several causes such as: +

+ + +

+ The ARFNET infrastructure consists of a network of hosts providing services like this website itself. + Some of the services are for my own use, some others are public, for friends or everyone to use them, for example, + /FTPServer is the general directory for sharing random stuff. + But ARFNET didn't start like it is today, in the begining this was just me opening random ports. Now is (mostly) well organised and administrated. +

+ +

+ A little bit of history now. A long time ago, several years back, I downloaded Apache HTTP Server in my shitty Pentium PC (the first host), and opened port 80 in my router. + That is the origin. But I wanted more, I got a FreeDNS domain, the former arf20.mooo.com, and made a HTTPS certificate. Also installed Bitvise SSH server for remote management, + with public key authentication, and allowed my NIC to wake the PC with Wake-on-LAN, to have it always available. But this wasn't a very good way of hosting a website, is not 24/7. + I had a little Raspberry Pi 2B (raspi), which used to serve PPTP 24/7. But a raspi is not beefy enough to run nginx and to have a big drive. So, the waiting + has paid off, and in summer 2021 I got my first real thicc and beautiful enterprise server. A DELL PowerEdge R720, which I inmediately bricked. You are not warned of the + special update process that iDRAC needs, so I just tried updating to the last version, which went wrong. So wrong that iDRAC cound't be reflashed again. The only + thing that I could do is change the motherboard, but that is even more expensive than another server. Another server? I still got eBay 1 month return warranty, + so I applied it. Told the seller "iDRAC broke itself lol", somehow they accepted. I got my 300€ back, and bought another R720, with better CPU! So I popped the boot drive, + for which I choosed Ubuntu Server, and HDD from the old server, and it was almost plug-and-play. ARFNET back in business! From that point on, I have been migrating more services + to the server, and adding new ones, like NTP and DNS. Now, my workstation is so linked to the server with SMB mounts that it is useless without it :concern:. I'll be more careful. +

+ +

+ Update 2022-3: Got a rack, mounted server in the rack, also got a Mikrotik RB2011UiaS-RM, but turns out it sucks (can't do NAT fast enough), rewired the network with a nice patch panel, + got donated a few DELL switches and Cisco router, and finally kicked Vodafone, in favor of Avanzafibra, local ISP. + Pretty nice people, they offer static IPs, 1000/1000 FTTH, separate ONT, and SIP credentials. + Then I won an auction for 10x 3TB HGST drives, so now I've got a pretty nice 18TB RAID5 vault. The raspi died, sad. And then I eventually opened my mind and discovered just + how shitty ubuntu is, so I installed proxmox and made debian VMs, from which ARFNET is running now. Also got 64GB of 2Rx4 RAM for more VMs, like an OPNSense to replace the Mikrotik, + now I can finally make use of a full gigabit backbone, you'll notice a fantastic increase of speed. +

+ +

+ And what will the future hold? Well, the future is not written, but I got a few ideas. Like a 10gig upgrade, but not the whole network, that would be just too expensive. + Just a 10GBASE-SR link, between the server and desktop, to make it even more linked together, with SATA speeds network shares. Both with their respectible 1000BASE-T links to + the router. I could also get a rackmounted KVM console, one of the coolest things one can have in a rack. Maybe with a KVM switch for future servers? I should get a proper 2U UPS too, + this one doesn't last enough. +

+
+ + + -- cgit v1.2.3