Infrastructure
From Smop.co.uk
This is my new home network, I've set it up in a similar way to a commercial environment. I've produced an approximate guide to the order in which I set things up.
I originally used Xen to host the various virtual machines (the CPU in the machine had no hardware acceleration and so paravirtualisation was the way to go), however it's now using KVM.
Going through the machines from left to right we have:
Netgear DG834G router
- this just routes - I've disabled the firewall and NATing
Ripley (was 128MB memory, now 3.5GB (shared with guests)):
- this is the Xen host domain and hosts all the virtual machines
- the physical box is a BioStar Ideq 200V with AthonXP 2200+ (1795MHz) and 1.5GB RAM
- runs the dmzbr0 and intbr0 ethernet bridges
- also runs the wireless LAN access point (prism2 card using HostAP)
- this used to be done on the internal firewall but I hit issues
Ferro (was 48MB memory, now 192MB):
- perimeter firewall using Firehol
Burke (was 220MB memory, now 256MB):
- "insecure" DMZ machine
- running services likely to be compromised - namely PHP
- runs Apache (website)
- runs Mediawiki (wiki)
- runs Roundcube (webmail)
- runs Wordpress (blog)
Vasquez (was 256MB memory, now 768MB):
- "secure" DMZ machine
- runs DNS slave (internal and hidden master)
- runs email (SMTP - postfix, IMAPS - dovecot, clamav, spamassassin)
- runs MySQL (database)
- runs LDAP slave
Spunkmeyer (was 48MB memory, now 96MB):
- interior firewall using Firehol
Bishop (was 196MB memory, now 1024MB):
- "master" server
- runs LDAP master
- will run DNS master
- runs BackupPC backups
- will run monitoring
- runs Puppet master
Other items
