Network configuration: Difference between revisions

Overview

• Aris DOCSIS modem in bridge mode provided by Spectrum (no WiFi thank you very much!)
• Edgerouter as firewall, Unifi for WiFi
• 8 port DLINK 1G switch
• Unifi wireless access point
• Unifi controller in Docker on Bellman

Bellman provides DNS and DHCP

• WLAN wildsong2 2.4 GHz
• WLAN wildsong5 5 GHz

Someday I might put up SSID=wildsong for guest access and create a separate VLAN but at the moment I have more interesting things to do.

Wired

• Bellman server
• Murre Windows 10 Desktop
• Other random gadgets come and go including a Raspberry Pi

Wireless via Unifi

I think everything but the Squeezebox should work on 5 GHz.

Desktop Tern

Laptops

• Plover
• Stellar
• Swift

Squeezebox, 2.4 GHz ONLY

3 Android phones

Edgerouter

Use bwilson account to get access

I have a basic firewall set up here.

Getting syn flooded from 23.225.141.70

ssh into bellman then ssh into edgerouter

configure

# Find a good rule number to use
show firewall name WAN_IN

# Add the rule to blacklist the attacker

set firewall name WAN_IN rule 40 action drop
set firewall name WAN_IN rule 40 source address 23.225.141.70
set firewall name WAN_IN rule 40 protocol tcp

commit; save

# Did not work!

delete firewall name WAN_IN rule 40
commit; save

# Heavy handed, but we're running all services on HTTP anyway
# Just drop port forwarding for port 80!

show port-forward

rule 4 {
    description HTTP
    forward-to {
        address 192.168.123.2
        port 80
    }
    original-port 80
    protocol tcp
}
...

delete port-forward rule 4
commit; save

This worked. For now anyway.

Unifi

Use admin account to get access