synchronized live configuration

author: Andreas Baumann <mail@andreasbaumann.cc> 2017-01-08 14:09:09 +0100
committer: Andreas Baumann <mail@andreasbaumann.cc> 2017-01-08 14:09:09 +0100
commit: 6ba5e590193291dcfbfa3be405a39aa2ca0e03b2 (patch)
tree: 5df7b3e051bd18adb1c790102d7921dc5e52cf40 /config
parent: 1ff0afa2225aa68742af938c8c1793ede86fccbe (diff)
download: OpenBSD-firewall-6ba5e590193291dcfbfa3be405a39aa2ca0e03b2.tar.gz
OpenBSD-firewall-6ba5e590193291dcfbfa3be405a39aa2ca0e03b2.tar.bz2
7 files changed, 41 insertions, 14 deletions
diff --git a/config/obr/dhcpd.conf b/config/obr/dhcpd.conf
index c14a8a2..3421c88 100644
--- a/config/obr/dhcpd.conf
+++ b/config/obr/dhcpd.conf
@@ -48,7 +48,7 @@ shared-network LAN {
     }
 
     host eurobuild3 {
-      hardware ethernet 00:15:17:25:76:5C;
+      hardware ethernet 00:16:76:e0:d3:3f;
       fixed-address 192.168.1.12;
     }
 
@@ -87,5 +87,14 @@ shared-network LAN {
       fixed-address 192.168.1.18;
     }
 
+    host phone {
+      hardware ethernet 00:04:13:4B:35:8E;
+      fixed-address 192.168.1.19;
+    }
+
+    host euromac {
+      hardware ethernet 00:1c:b3:c3:74:8c;
+      fixed-address 192.168.1.20;
+    }
   }
 }
diff --git a/config/obr/nsd-external/zones/andreasbaumann.cc b/config/obr/nsd-external/zones/andreasbaumann.cc
index 298e8e4..d6912bf 100644
--- a/config/obr/nsd-external/zones/andreasbaumann.cc
+++ b/config/obr/nsd-external/zones/andreasbaumann.cc
@@ -3,7 +3,7 @@
 $TTL 60
 
 @		IN	SOA	ns.andreasbaumann.cc. admin.andreasbaumann.cc. (
-				2016071400	; serial
+				2017010800	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -25,6 +25,7 @@ smtp	IN	A		83.150.2.48
 
 www	IN	A		83.150.2.48
 cloud	IN	A		83.150.2.48
+blog	IN	A		83.150.2.48
 ftp	IN	A		83.150.2.48
 imap	IN	A		83.150.2.48
 pop	IN	A		83.150.2.48
@@ -32,6 +33,7 @@ smtp	IN	A		83.150.2.48
 webmail	IN	A		83.150.2.48
 git	IN	A		83.150.2.48
 devel	IN	A		83.150.2.48
+mon	IN	A		83.150.2.48
 
 ; this is hosted at GoDaddy
 backup	IN	A		192.186.235.194
diff --git a/config/obr/nsd-internal/zones/1.168.192.in-addr b/config/obr/nsd-internal/zones/1.168.192.in-addr
index 51ebe91..cb06ac5 100644
--- a/config/obr/nsd-internal/zones/1.168.192.in-addr
+++ b/config/obr/nsd-internal/zones/1.168.192.in-addr
@@ -5,7 +5,7 @@ $ORIGIN .
 $TTL 60
 
 1.168.192.in-addr.arpa	IN SOA	obr.lan. root.obr.lan. (
-				2016091800	; serial
+				2016123100	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -31,6 +31,7 @@ $ORIGIN 1.168.192.in-addr.arpa.
 16		IN	PTR	euroserver.lan.
 17		IN	PTR	eurohp1.lan.
 18		IN	PTR	eurobuild4.lan.
-19		IN	PTR	euroobr.lan.
+19		IN	PTR	phone.lan.
+20		IN	PTR	euromac.lan.
 253		IN	PTR	wrt2.lan.
 254		IN	PTR	wrt1.lan.
diff --git a/config/obr/nsd-internal/zones/andreasbaumann.cc b/config/obr/nsd-internal/zones/andreasbaumann.cc
index 7cfb802..4157c2b 100644
--- a/config/obr/nsd-internal/zones/andreasbaumann.cc
+++ b/config/obr/nsd-internal/zones/andreasbaumann.cc
@@ -3,7 +3,7 @@
 $TTL 60
 
 @		IN	SOA	ns.andreasbaumann.cc. root.andreasbaumann.cc. (
-				2016071400	; serial
+				2017010800	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -21,6 +21,7 @@ $ORIGIN andreasbaumann.cc.
 ns			A	192.168.1.1
 
 cloud			A	192.168.1.15
+blog			A	192.168.1.15
 ftp			A	192.168.1.9
 imap			A	192.168.1.15
 pop			A	192.168.1.15
@@ -29,6 +30,7 @@ webmail			A	192.168.1.15
 www			A	192.168.1.15
 git			A	192.168.1.15
 devel			A	192.168.1.12
+mon			A	192.168.1.16
 
 ; hosted at godaddy
 backup			A	192.186.235.194 
diff --git a/config/obr/nsd-internal/zones/lan b/config/obr/nsd-internal/zones/lan
index 159153d..e607632 100644
--- a/config/obr/nsd-internal/zones/lan
+++ b/config/obr/nsd-internal/zones/lan
@@ -5,7 +5,7 @@ $ORIGIN .
 $TTL 60
 
 lan	IN		SOA	obr.lan. root.obr.lan. (
-				2016091800	; serial
+				2016123100	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -31,6 +31,8 @@ euroweb			A		192.168.1.15
 euroserver		A		192.168.1.16
 eurohp1			A		192.168.1.17
 eurobuild4		A		192.168.1.18
+phone			A		192.168.1.19
+euromac			A		192.168.1.20
 wrt2			A		192.168.1.253
 wrt1			A		192.168.1.254
 iway-gateway		A		83.150.2.1
diff --git a/config/obr/pf.conf b/config/obr/pf.conf
index 51944a5..0c6666f 100644
--- a/config/obr/pf.conf
+++ b/config/obr/pf.conf
@@ -14,7 +14,9 @@ WLAN_if = athn0
 
 # service machines
 europa1 = 192.168.1.2
-euroserver = 192.168.1.12
+eeepc = 192.168.1.8
+euroserver = 192.168.1.16
+eurobuild3 = 192.168.1.12
 eurodata = 192.168.1.9
 euroweb = 192.168.1.15
 rpmaster = 192.168.1.253
@@ -79,9 +81,11 @@ pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state \
 pass on $DMZ_if all
 pass on $WLAN_if all
 
+# relayd scrubbing
+pass in on $ext_if proto tcp from any to port 80
+pass in on $ext_if proto tcp from any to port 443
+
 # reroute public services to their machines in the LAN
-pass in on $ext_if proto tcp from any to port 80 rdr-to $euroweb
-pass in on $ext_if proto tcp from any to port 443 rdr-to $euroweb
 pass in on $ext_if proto tcp from any to port 25 rdr-to $euroweb
 pass in on $ext_if proto tcp from any to port 587 rdr-to $euroweb
 pass in on $ext_if proto tcp from any to port 110 rdr-to $euroweb
@@ -93,7 +97,10 @@ anchor "ftp-proxy/*"
 pass in on $ext_if inet proto tcp to port 21 divert-to 127.0.0.1 port 8021
 pass out on $int_if inet proto tcp to $eurodata port 21 user proxy
 pass in on $ext_if inet proto tcp to port 2121 divert-to 127.0.0.1 port 8022
-pass out on $int_if inet proto tcp to $euroserver port 2121 user proxy
-pass in on $ext_if proto tcp from any to port 2223 rdr-to $euroserver port 22
-pass in on $ext_if proto tcp from any to port 5900:5999 rdr-to $euroserver
-pass in on $ext_if proto tcp from any to port 6881:6889 rdr-to $euroserver
+pass out on $int_if inet proto tcp to $eurobuild3 port 2121 user proxy
+pass in on $ext_if proto tcp from any to port 2221 rdr-to $euroweb port 22
+pass in on $ext_if proto tcp from any to port 2223 rdr-to $eurobuild3 port 22
+pass in on $ext_if proto tcp from any to port 5900:5999 rdr-to $eurobuild3
+pass in on $ext_if proto tcp from any to port 6881:6889 rdr-to $eurobuild3
+pass in on $ext_if proto tcp from any to port 6001 rdr-to $europa1 port 6000
+pass in on $ext_if proto tcp from any to port 9372 rdr-to $eeepc port 9372
diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf
index 23e4c0d..788170d 100644
--- a/config/obr/relayd.conf
+++ b/config/obr/relayd.conf
@@ -29,6 +29,10 @@ http protocol "http_protocol" {
 		forward to <euroweb> no tag
 	match request quick header "Host" value "www.andreasbaumann.cc" \
 		forward to <euroweb> no tag
+	match request quick header "Host" value "maschezuoz.ch" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "andreasbaumann.cc" \
+		forward to <euroweb> no tag
 	match request quick header "Host" value "git.andreasbaumann.cc" \
 		forward to <euroweb> no tag
 	match request quick header "Host" value "webmail.andreasbaumann.cc" \
@@ -75,4 +79,4 @@ relay https_relay {
 
 	forward with tls to <euroweb> port 443
 }
-	
-\ No newline at end of file
+
author	Andreas Baumann <mail@andreasbaumann.cc>	2017-01-08 14:09:09 +0100
committer	Andreas Baumann <mail@andreasbaumann.cc>	2017-01-08 14:09:09 +0100
commit	6ba5e590193291dcfbfa3be405a39aa2ca0e03b2 (patch)
tree	5df7b3e051bd18adb1c790102d7921dc5e52cf40 /config
parent	1ff0afa2225aa68742af938c8c1793ede86fccbe (diff)
download	OpenBSD-firewall-6ba5e590193291dcfbfa3be405a39aa2ca0e03b2.tar.gz OpenBSD-firewall-6ba5e590193291dcfbfa3be405a39aa2ca0e03b2.tar.bz2