Network configuration

From Wildsong
Jump to navigationJump to search

Overview

  • Aris DOCSIS modem in bridge mode provided by Spectrum (no WiFi thank you very much!)
  • Ubiquiti Edgerouter as firewall and 4 ports (one is used up by the DLINK)
  • 8 port DLINK 1G switch
  • Unifi wireless access point; Unifi controller in Docker on Bellman

Bellman provides DNS and DHCP

  • WLAN wildsong2 2.4 GHz
  • WLAN wildsong5 5 GHz

Someday I might put up SSID=wildsong for guest access and create a separate VLAN but at the moment I have more interesting things to do.

Wired

  • Bellman server
  • Murre Windows 10 Desktop
  • Other random gadgets come and go including a Raspberry Pi
  • 1 Grandstream Android phone

Wireless via Unifi

I think everything but the Squeezebox should work on 5 GHz.

In the eLab,

  • Desktop Tern in the eLab.
  • 1 Grandstream Android phone

Laptops

Squeezebox, 2.4 GHz ONLY

Edgerouter

Use bwilson account to get access

You can SSH into it or go to its web interface.

I have a basic firewall set up here.

Getting syn flooded from 23.225.141.70

ssh into bellman then ssh into edgerouter

configure

# Find a good rule number to use
show firewall name WAN_IN

# Add the rule to blacklist the attacker
set firewall name WAN_IN rule 40 action drop
set firewall name WAN_IN rule 40 source address 23.225.141.70
set firewall name WAN_IN rule 40 protocol tcp
commit; save

# Did not work!
delete firewall name WAN_IN rule 40
commit; save
# Heavy handed, but we're running all services on HTTP anyway
# Just drop port forwarding for port 80!
show port-forward
rule 4 {
    description HTTP
    forward-to {
        address 192.168.123.2
        port 80
    }
    original-port 80
    protocol tcp
}
...
delete port-forward rule 4
commit; save

This worked. For now anyway.

Unifi

Use vastra account to get access to UniFi server in Docker.