Infrastructure
From Smop.co.uk
This is my new home network, I've set it up in a similar way to a commercial environment. I've produced an approximate guide to the order in which I set things up.
I've used Xen to host the various virtual machines (the CPU in the machine has no hardware acceleration and so paravirtualisation was the way to go).
Going through the machines from left to right we have:
Netgear DG834G router
- this just routes - I've disabled the firewall and NATing
Ripley (128MB memory):
- this is the Xen host domain and hosts all the virtual machines
- the physical box is a BioStar Ideq 200V with AthonXP 2200+ (1795MHz) and 1.5GB RAM
- runs the dmzbr0 and intbr0 ethernet bridges
- also runs the wireless LAN access point (prism2 card using HostAP)
- this used to be done on the internal firewall but I hit issues
Ferro (48MB memory):
- perimeter firewall using Firehol
Burke (220MB memory):
- "insecure" DMZ machine
- running services likely to be compromised - namely PHP
- runs Apache (website)
- runs Mediawiki (wiki)
- runs Roundcube (webmail)
- runs Wordpress (blog)
Vasquez (256MB memory):
- "secure" DMZ machine
- runs DNS slave (internal and hidden master)
- runs email (SMTP - postfix, IMAPS - dovecot, clamav, spamassassin)
- runs MySQL (database)
- runs LDAP slave
Spunkmeyer (48MB memory):
- interior firewall using Firehol
Bishop (196MB memory):
- "master" server
- runs LDAP master
- will run DNS master
- runs BackupPC backups
- will run monitoring
- runs Puppet master
Other items
