Museum NetworkΒΆ

Because there are a number of pieces of machinery running a variety of old software, almost everything in the museum is behind a network gateway, currently provided by gacrux (our dual-PPC G5 machine). It is at present managed by Shorewall.

Note

As is typical of the ACM, gacrux’s configuration files are frequently automatically backed up to AFS (and in turn pushed into the ACM’s archives); /afs/acm.jhu.edu/group/acm-museum/machine-backups/gacrux holds the most recent copy, and the gacrux.sh script beside it is what runs under cron automation.

The relevant bits here are that Gacrux has two ethernet ports and a built-in 802.11 card. We are using one ethernet port for uplink to CS public IP space (128.220.35.0/24) while the other is configured as a gateway for wired network links within the case. The 802.11 system is set up as a master for the acmmuseum network, speaking WEP [0].

[0]We know WEP is useless, cryptographically. We run it as a way of asking politely that people not join the network.

Behind the gateway, it’s “anything goes”. The gateway is porus for Kerberos, LDAP, and AFS access, generally. On the wired side, HTTP(S) access is permitted to the Internet at large. On the wireless side, exemptions are narrower (but include HTTP(S) access to 128.220/16, and enough to get on Freenode IRC).

The network internally is divided into two /25s, 192.168.14.0/25 being the wired segment in the display case and 192.168.14.128/25 being the wireless segment. Gacrux has an IP in each and dnsmasq does the right thing.

Previous topic

Ultra 60

Next topic

APC Power Controller

This Page