476
edits
Docs/Switches: Difference between revisions
no edit summary
(Created page with "Our firewall/router runs [https://www.pfsense.org/ pfSense], soon to be migrated to [https://opnsense.org/ OPNsense]. All IP addressing of servers and virtual machines happens through DHCP, and can be viewed in the pfSense 'DHCP Leases' tab. (except Proxmox nodes, which don't support DHCP and require static addressing) Otherwise, most configuration can be viewed by poking around the web interface. === Firewall rules === View the WebUI for the specific firewall rules,...") |
No edit summary |
||
|
Otherwise, most configuration can be viewed by poking around the web interface.
Our WAN is a LAGG across two ports. The link needs '''LACP enabled''' ("Static mode" '''off''' in 1Gb Ubiquiti Switch) [https://www.reddit.com/r/Ubiquiti/comments/7xs70n/lag_dynamic_vs_static/duauolg/], and '''STP off'''.
IT configures their switches to automatically shut off ports if they detect STP advertisements.
<describe vlan config>
== OPNsense ==
=== Firewall Rules ===
View the WebUI for the specific firewall rules, but some of the more basic/essential ones are:
## Neither config should have access to WAN, just to prevent someone getting LUG in hot water if they attempt to torrent or something similarly dumb through the VPN.
===
==== Main networks ====
We have two main networks:
* 10.10.0.0/24 - Management (OOB Management services like [https://www.dell.com/en-us/lp/dt/open-manage-idrac Dell iDRAC] / [https://www.hpe.com/us/en/hpe-integrated-lights-out-ilo.html HP iLO])
The plan is to use reverse-NAT to map the public IPs to select internal IPs, since we won't have enough IPs for every VM (so we can't do it like IT and exclusively use publicly routable addresses).
==== VPN Networks ====
In addition, there are two main VPN networks:
| |||