update notes
This commit is contained in:
parent
be826f5ecb
commit
b08b74f9a2
23
README.md
23
README.md
|
@ -21,8 +21,17 @@
|
|||
### Proxy DMZ leaf
|
||||
- `cd rb_proxy_dmz ; docker-compose up -d ; cd ..`
|
||||
|
||||
### MySQL for Services
|
||||
- `cd rb_mysql ; docker-compose up -d `
|
||||
- The database needs to be sourced / created and the structure file is mapped into the container by compose, `docker exec -it <id> /bin/bash` run `mysql -u root`
|
||||
- follow the instructions in the .txt file thats in the `rb_mysql` dir.
|
||||
|
||||
### Services
|
||||
- `cd rb_services ; docker-compose up -d ; cd ..`
|
||||
- had to strace it, it's a little under-cooked. Finally got it to work.
|
||||
|
||||
# Networking
|
||||
- everything is segmented, networks are technically isolated. Follow the rest of the guide to find out how to isolate them completely.
|
||||
|
||||
## Uplinking
|
||||
|
||||
|
@ -151,3 +160,17 @@ DOCKER_OPTS="--dns='198.18.48.1' --userns-remap=default --iptables=false --ip-ma
|
|||
- `ip link del docker0`
|
||||
- `ip link add docker0 type bridge`
|
||||
- `ip addr add 198.18.48.1/25 dev docker0`
|
||||
|
||||
|
||||
# TODO
|
||||
- DCC from bouncer to services. bouncer to hub scope requires ident, ident module works but port 113 is difficult to get, there's a way without root,
|
||||
its one of:
|
||||
- `setcap +eip`
|
||||
- `net.ipv4.ip_unprivileged_port_start=0`
|
||||
```
|
||||
- compose
|
||||
cap_add:
|
||||
- CAP_NET_BIND_SERVICE
|
||||
```
|
||||
the services' config also have an option `dcc_vhost = "192.168.70.90";` which is is a vlan that is shared with the bouncer. The bouncer has another option:
|
||||
- `LoadModule = bouncedcc` I just haven't been able to get it to work: `n3tw3rk.services: No access.`
|
||||
|
|
|
@ -1,48 +1,55 @@
|
|||
class "remote_edge_server" {
|
||||
ping_time = 8 seconds;
|
||||
ping_time = 30 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "edge_server" {
|
||||
ping_time = 128 seconds;
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 8;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "tor_dmz_server" {
|
||||
ping_time = 128 seconds;
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 8;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "proxy_client_dmz_server" {
|
||||
ping_time = 128 seconds;
|
||||
class "proxy_dmz_server" {
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 8;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "general_server" {
|
||||
ping_time = 128 seconds;
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 8;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "hub_server" {
|
||||
ping_time = 128 seconds;
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 8;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "dmz_to_hub_server" {
|
||||
ping_time = 2 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 2;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
||||
class "services" {
|
||||
ping_time = 128 seconds;
|
||||
connectfreq = 2 seconds;
|
||||
max_number = 64;
|
||||
max_number = 1;
|
||||
sendq = 16 megabytes;
|
||||
};
|
||||
|
|
|
@ -41,6 +41,7 @@ services:
|
|||
ipv4_address: 198.18.55.18
|
||||
hub:
|
||||
ipv4_address: 198.18.70.75
|
||||
services:
|
||||
services:
|
||||
ipv4_address: 198.18.70.91
|
||||
volumes:
|
||||
- ./znc.conf:/home/znc/.znc/configs/znc.conf:rw
|
||||
|
|
|
@ -22,7 +22,6 @@ serverhide {
|
|||
hidden = yes;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*";
|
||||
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
|
||||
|
@ -33,6 +32,10 @@ shared {
|
|||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.43";
|
||||
|
|
|
@ -33,6 +33,10 @@ shared {
|
|||
flags = all;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "bounce.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.75";
|
||||
|
@ -97,7 +101,7 @@ connect "proxy-dmz.netwerk.insecurity.corp" {
|
|||
accept_password = "password";
|
||||
port = 7002;
|
||||
aftype = ipv4;
|
||||
class = "proxy_client_dmz_server";
|
||||
class = "proxy_dmz_server";
|
||||
flags = topicburst;
|
||||
};
|
||||
|
||||
|
@ -121,10 +125,6 @@ connect "n3tw3rk.services" {
|
|||
flags = topicburst;
|
||||
};
|
||||
|
||||
service {
|
||||
name = "n3tw3rk.services";
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.70.74";
|
||||
port = 6666;
|
||||
|
|
Loading…
Reference in New Issue