update notes

2020-11-05 20:30:36 +00:00 · 2020-11-05 20:30:36 +00:00 · b08b74f9a2
parent be826f5ecb
commit b08b74f9a2
5 changed files with 54 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -21,8 +21,17 @@
 ### Proxy DMZ leaf 
 - `cd rb_proxy_dmz ; docker-compose up -d ; cd ..`

+### MySQL for Services 
+- `cd rb_mysql ; docker-compose up -d `
+- The database needs to be sourced / created and the structure file is mapped into the container by compose, `docker exec -it <id> /bin/bash` run `mysql -u root`
+- follow the instructions in the .txt file thats in the `rb_mysql` dir. 
+
 ### Services 
 - `cd rb_services ; docker-compose up -d ; cd ..`
+- had to strace it, it's a little under-cooked. Finally got it to work. 
+
+# Networking 
+- everything is segmented, networks are technically isolated. Follow the rest of the guide to find out how to isolate them completely. 

 ## Uplinking

@ -151,3 +160,17 @@ DOCKER_OPTS="--dns='198.18.48.1' --userns-remap=default --iptables=false --ip-ma
 - `ip link del docker0`
 - `ip link add docker0 type bridge`
 - `ip addr add 198.18.48.1/25 dev docker0`
+
+
+# TODO
+- DCC from bouncer to services. bouncer to hub scope requires ident, ident module works but port 113 is difficult to get, there's a way without root, 
+its one of: 
+- `setcap +eip`
+- `net.ipv4.ip_unprivileged_port_start=0`
+``` 
+- compose
+    cap_add:                                                                                                                                                             
+       - CAP_NET_BIND_SERVICE
+```
+the services' config also have an option `dcc_vhost = "192.168.70.90";` which is is a vlan that is shared with the bouncer. The bouncer has another option:
+- `LoadModule = bouncedcc` I just haven't been able to get it to work: `n3tw3rk.services: No access.`
--- a/etc/server.classes.conf
+++ b/etc/server.classes.conf
@ -1,48 +1,55 @@
 class "remote_edge_server" {
-        ping_time   = 8 seconds;
+        ping_time   = 30 seconds;
        connectfreq = 2 seconds;
        max_number  = 64;
        sendq       = 16 megabytes;
 };

 class "edge_server" {
-        ping_time   = 128 seconds;
+        ping_time   = 2 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 8;
        sendq       = 16 megabytes;
 };

 class "tor_dmz_server" {
-        ping_time   = 128 seconds;
+        ping_time   = 2 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 8;
        sendq       = 16 megabytes;
 };

-class "proxy_client_dmz_server" {
-        ping_time   = 128 seconds;
+class "proxy_dmz_server" {
+        ping_time   = 2 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 8;
        sendq       = 16 megabytes;
 };

 class "general_server" {
-        ping_time   = 128 seconds;
+        ping_time   = 2 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 8;
        sendq       = 16 megabytes;
 };

 class "hub_server" {
-        ping_time   = 128 seconds;
+        ping_time   = 2 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 8;
+        sendq       = 16 megabytes;
+};
+
+class "dmz_to_hub_server" {
+        ping_time   = 2 seconds;
+        connectfreq = 2 seconds;
+        max_number  = 2;
        sendq       = 16 megabytes;
 };

 class "services" {
        ping_time   = 128 seconds;
        connectfreq = 2 seconds;
-        max_number  = 64;
+        max_number  = 1;
        sendq       = 16 megabytes;
 };
--- a/rb_bounce/docker-compose.yml
+++ b/rb_bounce/docker-compose.yml
@ -41,6 +41,7 @@ services:
        ipv4_address: 198.18.55.18
      hub:
        ipv4_address: 198.18.70.75
-      services: 
+      services:
+        ipv4_address: 198.18.70.91
    volumes:
      - ./znc.conf:/home/znc/.znc/configs/znc.conf:rw
--- a/rb_edge/edge.conf
+++ b/rb_edge/edge.conf
@ -22,7 +22,6 @@ serverhide {
 	hidden         = yes;
 	disable_hidden = no;
 };
-
 cluster {
 	name = "*";
 	flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
@ -33,6 +32,10 @@ shared {
 	flags = all;
 };

+service {
+         name = "n3tw3rk.services";
+};
+
 auth {
  spoof = "console.netwerk.insecurity.corp";
 	user  = "*@198.18.70.43";
--- a/rb_hub/hub.conf
+++ b/rb_hub/hub.conf
@ -33,6 +33,10 @@ shared {
 	flags = all;
 };

+service {
+         name = "n3tw3rk.services";
+};
+
 auth {
  spoof = "bounce.netwerk.insecurity.corp";
  user  = "*@198.18.70.75";
@ -97,7 +101,7 @@ connect "proxy-dmz.netwerk.insecurity.corp" {
        accept_password = "password";
        port            = 7002;
        aftype          = ipv4;
-        class           = "proxy_client_dmz_server";
+        class           = "proxy_dmz_server";
        flags           = topicburst;
 };

@ -121,10 +125,6 @@ connect "n3tw3rk.services" {
        flags           = topicburst;
 };

-service {
-         name = "n3tw3rk.services";
-};
-
 listen {
        host    = "198.18.70.74";
        port    = 6666;