Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
(→‎Free Open Unsecure Wifi: updated with new wifi info)
No edit summary
 
(118 intermediate revisions by 30 users not shown)
Line 1: Line 1:
{{network}}
{{blackbox}}[[File:Nbrack.png|400px|right]]
You are standing beneath Noisebridge's network rack on the wall in the [[Hackitorium]].
You see a "Noisebridge has an open WiFi network" sign.
'''EXITS:''' [[Hackitorium]], [[Roll up door]]
{{cursorboxend}}
{{headerbox}}
'''The open WiFi networks''' are free to all at Noisebridge. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
{{boxend}}
== Free Public Wireless Networks ==
The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.
The following wireless networks (SSIDs) are active:
* '''Noisebridge Cap'''
** No password
** 802.11g/n/ac 2.4 and 5 gHz
** This is a temporary SSID set up for use during the move until the long term equipment is set up.
If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.
__TOC__
== [[Network Troubleshooting]] ==
== [[Network Troubleshooting]] ==


Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.


== Disclaimer ==
== Network Security Disclaimer ==


''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''


== Wireless networks ==
See [[Security]] for tips on maintaining your own security.
=== Free Open Wifi ===
Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
 
The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.
 
The following networks are active:
* '''Noisebridge'''
** No password
** Uplink through Sonic.net and Monkeybrains
** 802.11gn 2.4 gHz and 802.11an 5 gHz, your wifi device decides which network is the best for it and roams accordingly
* '''Noisebridge 5g'''
** No password
** Uplink through Sonic.net and Monkeybrains
** 802.11an 5 gHz only


== Wired network ==
== Wired network ==
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).


== DNS ==
== Local Network Address Information ==
DHCP is offered automatically on the network. Currently the IP range is as follows:


Dynamic DNS is provided by the nat machine for DHCP clients on 172.30.0.30/22. Resolution of machines with static addresses is done by ipv4 or ipv6 mDNS and dynamic DNS entries on the nat machine from the DHCP service.
* IP Range: 10.21.0.1-10.21.1.254
 
* Gateway: 10.21.0.1
== Development ==
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
* See [[Network/testing]].
* DNS: 10.21.0.1, 1.1.1.1


==Network Devices & Services==
==Network Devices & Services==
* [[Music]]
* [[Music]]
* [[Printers]]
* [[2D Paper Printer]]
* [[Infrastructure]]
* [[Infrastructure]]


= 2169 Mission =


== Uplinks ==
== Uplinks ==
=== DSL Circuit ===
There is a Sonic.net Fusion ADSL2+ DSL connection in the building.  The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room), then over to the Wall o' Tubes.  The CPE is a Motorola 2210 ADSL2+.  The admin password is the serial number, written on the bottom. 
The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
The default CPE settings are not correct for our circuit configuration.  From a factory reset, do the following to configure the CPE:
# Configure a computer for 192.168.1.253/24.
# Connect the computer to the DSL CPE.
# Power cycle the DSL CPE.
# Connect to 192.168.1.254 using your web browser.
# You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
# Get into expert mode.
# Under configure->connections, set the following:
## VPI: 0
## VCI: 35
## Protocol: Bridged Ethernet LLC/SNAP
## Bridging: on
# Under configure->DHCP server, set the following:
## DHCP Server Enabled: unchecked
# Save and reboot.
[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]
=== Monkeybrains Wireless Link ===
=== Monkeybrains Wireless Link ===
We have a point-to-point wireless link to Monkeybrains on the roof. It comes down through the Dirty Shop skylight and runs in to the server closet.
We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.


=== SFBroadband / City of SF / Internet Archive ===
==I want to help!==
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.


We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.
== Router ==
 
There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.
 
== Access Control==
 
Most hardware is set to use the most guessable logins and passwords possible. If you're interested in logging in, just make some guesses as to what the login can be. Use your favorite search engine. Poke around. Hack.
 
Experience the thrill of guessing a password that just works.


== Router ==
Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).
Bikeshed is our humble router. It is a Soekris running Vyatta(a Linux-based router distribution).


The machines currently provides
The machines currently provides
   * dhcpd
   * NAT
   * DNS (dnsmasq) - .noise local TLD and recursive proxy
  * DHCPD
  * Automatic loadbalancing and ailover between Sonic DSL and monkeybrains
   * DNS (dnsmasq) - <s>local TLD and</s> recursive proxy


Access is via SSH with keys.
Access is via SSH with keys and a https web interface.


=== Salient configuration ===
Access the router UI over https at 10.21.0.1.
* It is configured to fail over between DSL and Monkeybrains as conditions warrant.
* It is configured with traffic shaping to prevent individual users from sucking up all the tubes.
 
If you have questions about these particular points of configuration, email rack. Nothing is particularly complicated.


== Address Allocations ==
== Address Allocations ==
The reserved address allocations are:
===WAN - Monkeybrains - 192.195.83.128/29 ===
* Address range: 192.195.83.129-134
* Gateway: 192.195.83.129
* DNS: 208.69.43.23, 208.69.40.4
* Subnet Mask: 255.255.255.248


===75.101.62.88/29 from Sonic.net===
====Addresses====
We have a range within the encompassing /24: 75.101.62.{88..95}


* .88 - bikeshed
{| class="wikitable"
* .89 - pony.noisebridge.net
* .90 - stallion.noisebridge.net
* .91 - ChaosVPN la fonera eth0.1
* .92 - minotaur.noisebridge.net
* .93 - Unallocated
* .94 - Unallocated
* .95 - Mode-S Equipment (various port-NATings)
 
===172.30.0.0/22 ("inside" network)===
====172.30.0.0 - 127 Statically-addressed things====
 
''Note: This is '''not''' a /25 subnet! The netmask is a /22.''
 
* .2 - bikeshed, soekris router (runs Vyatta Linux and iptables/netfilter)
* .3 - free
* .4 - minotaur - console server and network troubleshooting/monitoring box
* .5 - goat - Internal network testing VM on stallion
* .6 - treechopper, [http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl07288/bpl07288.pdf|HP Laserjet 5Si MX] (working, not hosed)
* .7 -
* .8 -
* .9 -
* .10 - stallion - VM hosting server
* .11 - ChaosVPN la fonera internal interface (br-lan)
* .12 -
* .13 -
* .14 -
* .15 - Primary switch - Netgear GS724Tv2
* .16 -
* .17 -
* .18 -
* .19 -
* .20 -
* .21 -
* .26 -
* .30 - [[Pony]], main sandbox server
* .31 -
* .32 -
* .33 -
* .34 -
* .35 - Cisco IP Phone
* .36 - Red Payphone (Linksys PAP2)
* .37 -
* .41 -
* .42 -
* .43 -
* .44 -
* .48 -
* .49 -
* .50 -
* .51 -
* .52 - bunny (Bullion Mode-S receiver on the roof)
* .53 - ronin (white Atom works with bunny, lives in Susan the Rack)
* .54 - st01-noisebridge-sfo (sfwireless.org Ubiquiti Nanobridge M5 on the roof. Currently aimed at Twin Peaks.)
* .55 -
* .56 -
 
====172.30.0.128/25, 172.30.1.0/24, 172.30.2.0/24, 172.30.3.0/24====
* DHCP-assigned, user-access IP space
 
===172.30.4.0/24 (Tor-ified network)===
 
Note that 172.30.4.1 transparently proxies TCP connections via privoxy to tor.
 
* .1 - "torbridge" interface on pony
* .2 - "noisebridge-tor" access point.
* .10 - .254 -- Tor-ified clients (served by DHCP)
 
===172.31.0.0/24===
 
This is a separate NAT-ed network for Monkeybrains-only traffic. It's served by "bikeshed".
 
* .1 - wlan0.bikeshed.noise
* .100 - .199 -- DHCP pool for clients.
 
=== 10.100.4.0/23 ChaosVPN Range ===
* Network in the ChaosVPN
** Has yet to be setup. In the future, we may join the network so that we can route to other hackerspaces
* [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ip_ranges ChaosVPN Wiki]
 
=== IPv6 ===
 
We have IPv6 support on the DSL circuit via a tunnel provided by sonic.net.  Some details on how to get the OpenBSD-based flashrd distribution on the routers to tunnel correctly can be found on the [[Flashrd]] page.
 
Note that using IPv6 in some situations can result in people knowing what model of computer you have and the network card's serial number, because of the way IPv6 stateless address configuration works.  If this is a concern, tell your computer not to use IPv6.  Ask around Noisebridge if you need help or want more details.
 
==== 2001:5a8:4:5630::/60 ====
 
This is the IPv6 subnet assigned to us by sonic.  We only use the bottom /64 of this /60 so automatic address configuration works right; the other 15/16s of the address space are intentionally wasted.  r00ter hands out IPv6 router advertisements for this subnet directly.  They're directly routable, but unsolicited incoming traffic is blocked by the firewall to protect the users.  This means you can't run an IPv6 server on our IPv6 subnet, but you can connect to other machines on the IPv6 Internet just fine.  If you really need to run an IPv6 server for some reason, consider using Teredo.
 
== OOB Management ==
 
Everything is connected to Minotaur.
 
{|border="1" cellspacing="0" cellpadding="5"
!Device
!Where
!Settings
|-
|-
|bikeshed
! IP
|ops /dev/ttyS2
! DNS
|115200
! Info
|}
 
== Machine Rack ==
 
The rack of machines and switches is counted by U, from the top, starting from "1".
 
{|border="1" cellspacing="0" cellpadding="5"
!"U"/Unit
!Device
|-
|-
|1-2
| 192.195.83.130
|patch panel
| cycletrailer.noisebridge.net/cycletrailer.noisebridge.io
| EdgeRouter ER-4
|-
|-
|3
| 192.195.83.131
|Netgear G724Tv2 switch
| cia.noisebridge.io
|
|-
|-
|5
| 192.195.83.132
|Shelf with Bikeshed and POE injectors
| jitsi.noisebridge.io
|
|-
|-
|7
| 192.195.83.133
|Minotaur
| zeppelin.noisebridge.net/zeppelin.noisebridge.io
|  
|-
|-
|Bottom
| 192.195.83.134
|APC UPS
| pegasus.noisebridge.net/pegasus.noisebridge.io
|  
|}
|}


== Switch Ports ==
===Primary switch===
'''Netgear G724Tv2'''


VLANs:
===LAN - 10.21.0.0/16===
* VLAN 1: Internal network, 1-17
====10.21.1.0 - 1.254====
* VLAN 2: Monkeybrains, 18-19
* DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.
* VLAN 3: Sonic, 20-24
 
=== IPv6 ===
We would like to setup IPv6, some day.
 
== [[Machine Rack]] ==
[[File:rack-front.jpg|right|The rack layout, subject to change]]
There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.
 
===Can I install/setup boxes on Noisebridge's network?===
====Short answer====
'''No.'''
 
====Long answer====
See [[Rack]].

Latest revision as of 02:03, 6 January 2022

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Resources | Events | Projects | 5MoF | Meetings | Donate | (Edit)
Resources | Where to find things | Network | AV | Audio | Library | Servers | Printers | Sustenance | Edit
Network | Network Troubleshooting | Machine Rack | Planning | Edit
Nbrack.png

You are standing beneath Noisebridge's network rack on the wall in the Hackitorium.

You see a "Noisebridge has an open WiFi network" sign.

EXITS: Hackitorium, Roll up door

> Blinkingcursor.gif

The open WiFi networks are free to all at Noisebridge. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

Free Public Wireless Networks

The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following wireless networks (SSIDs) are active:

  • Noisebridge Cap
    • No password
    • 802.11g/n/ac 2.4 and 5 gHz
    • This is a temporary SSID set up for use during the move until the long term equipment is set up.

If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Network Security Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

See Security for tips on maintaining your own security.

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network. Currently the IP range is as follows:

  • IP Range: 10.21.0.1-10.21.1.254
  • Gateway: 10.21.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.21.0.1, 1.1.1.1

Network Devices & Services


Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).

The machines currently provides 

  * NAT
  * DHCPD
  * DNS (dnsmasq) - local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Access the router UI over https at 10.21.0.1.

Address Allocations

WAN - Monkeybrains - 192.195.83.128/29

  • Address range: 192.195.83.129-134
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23, 208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

IP DNS Info
192.195.83.130 cycletrailer.noisebridge.net/cycletrailer.noisebridge.io EdgeRouter ER-4
192.195.83.131 cia.noisebridge.io
192.195.83.132 jitsi.noisebridge.io
192.195.83.133 zeppelin.noisebridge.net/zeppelin.noisebridge.io
192.195.83.134 pegasus.noisebridge.net/pegasus.noisebridge.io


LAN - 10.21.0.0/16

10.21.1.0 - 1.254

  • DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack layout, subject to change

There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

See Rack.

Retrieved from "https://www.noisebridge.net/index.php?title=Resources/Network&oldid=76517"