[Rack] [Noisebridge-discuss] network down this afternoon, an interesting guide for people who want to help when the network goes down
jna at retina.net
Tue Jun 5 15:27:58 PDT 2012
One thing that we do is to put a blanket ACL across untrusted networks.
Block UDP 0.0.0.0/0 port 67 and port 68 from your LANs and from any source
that shouldn't be offering DHCP.
On Tue, Jun 5, 2012 at 1:40 PM, Jonathan Lassoff <jof at thejof.com> wrote:
> On Tue, Jun 5, 2012 at 12:44 PM, Ben Kochie <ben at nerp.net> wrote:
> > We could easily separate some of the services off of the one NAT box.
> > I've thought about setting up a synced virtual router on stallion using
> > failoverd and vyatta's NAT state sync.
> > It would also possibly make sense to put the local DHCP/DNS services on a
> > separate instance from the NAT handling. We can easily do this with some
> > virtual machines on stallion. Or we could move some of these services to
> > minotaur.
> I think there is some value to keeping all of the network functions on
> something that is mounted to the "Wall-O-Tubes". This way, there is a
> clear distinction as to what hardware is the bare-minimum necessary to
> keep basic services working.
> Perhaps we could:
> - add another soekris or atom board
> - Wire up some 2.4 Ghz APs to the W.O.T. (there is/was a 5 ghz one)
> - Setup all downstream distribution through that Juniper EX, setup
> DHCP-based port security protections
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rack