[Rack] [Noisebridge-discuss] network down this afternoon, an interesting guide for people who want to help when the network goes down

John Adams jna at retina.net
Tue Jun 5 15:27:58 PDT 2012


One thing that we do is to put a blanket ACL across untrusted networks.

Block UDP 0.0.0.0/0 port 67 and port 68 from your LANs and from any source
that shouldn't be offering DHCP.

-john

On Tue, Jun 5, 2012 at 1:40 PM, Jonathan Lassoff <jof at thejof.com> wrote:

> On Tue, Jun 5, 2012 at 12:44 PM, Ben Kochie <ben at nerp.net> wrote:
> > We could easily separate some of the services off of the one NAT box.
> >
> > I've thought about setting up a synced virtual router on stallion using
> > failoverd and vyatta's NAT state sync.
> >
> > It would also possibly make sense to put the local DHCP/DNS services on a
> > separate instance from the NAT handling.  We can easily do this with some
> > virtual machines on stallion.  Or we could move some of these services to
> > minotaur.
>
> I think there is some value to keeping all of the network functions on
> something that is mounted to the "Wall-O-Tubes". This way, there is a
> clear distinction as to what hardware is the bare-minimum necessary to
> keep basic services working.
>
> Perhaps we could:
>  - add another soekris or atom board
>  - Wire up some 2.4 Ghz APs to the W.O.T. (there is/was a 5 ghz one)
>  - Setup all downstream distribution through that Juniper EX, setup
> DHCP-based port security protections
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/rack/attachments/20120605/b5356b66/attachment.htm 


More information about the Rack mailing list