3.8 KiB
The Shadowfeed is the networking gateway between the AniNIX and the outside world -- it broadcasts the AniNIX signal and allows the network to communicate.
Etymology
The Shadowfeed is named after a resistance communications network in the Star Wars universe. The [http://starwars.wikia.com/wiki/CIS_Shadowfeed Shadowfeed] was a disseminated network routed through existing communications technology, allowing a separatist movement to broadcast its message.
Capacity and Components
The Shadowfeed is an Netgear R7000 Nighthawk router hardware flashed with DD-WRT firmware.Category:DD-WRTCategory:Netgear It can hold numerous clients wirelessly, and it supports wired USB 2.0 and 3.0 hard-drives to create simple NAS storage. There are five physical slots, one occupied by wired connection to the Forge2 frame, one by a connection to the Verizon wireless tower, and one to the Infrastructure. One remaining slot is free with a 100ft Cat5e cable and the other reserved for hotswap in case of port failure or LAN need.
Note: the best place we've found to grab firmware updates is [https://ddwrt-kong.clonevince.fr/ this upload site for Kong's builds]. Ensure that you are on build 33525 or later to avoid being vulnerable to [https://aircrack-ng.blogspot.com/2017/10/krack-wpa-vulnerability-key.html KRACK]. Follow the instructions [https://dd-wrt.com/wiki/index.php/Installation from the DD-WRT Wiki] to flash your router with new firmware or to patch. Make sure to watch for the peacocking notes! Use the dork "kong dd-wrt build " -- if you use Chromecasts for Geth, make sure to look for explicit validation of the devices, or run your own extensive regressions.
Hosted Services and Entities
Nothing is hosted by the Shadowfeed, but it is manageable by either SSH or an onboard webserver.Category:Lighttpd
Connections
The Shadowfeed has a number of hosts and entities that connect to it -- unknown entities are routed to a guest network, while known hosts are allowed inside the DMZ where they can access internal services. Direct AniNIX network members are listed below. {{Reference|Core}}{{Reference|Windows}}{{Reference|DarkNet}}{{Reference|Print}}{{Reference|Bastion}}{{Reference|Tricorder}}{{Reference|Geth}}{{Reference|Forge2}}{{Reference|Infrastructure}}
Additional Reference
Add NAT Rule
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 3389 -j DNAT --to 10.0.1.2 [ -s SourceIP ] iptables -I FORWARD -p tcp -d 10.0.1.2 --dport 3389 -j ACCEPT iptables -t nat -I PREROUTING -p udp -d $(nvram get wan_ipaddr) --dport 3389 -j DNAT --to 10.0.1.2 [ -s SourceIP ] iptables -I FORWARD -p udp -d 10.0.1.2 --dport 3389 -j ACCEPT
Direct config alteration
nvram show will get all the current options, whereas nvram get variable will return a variable.
nvram set or unset change variables.
nvram commit pushes the change.
Guest Wifi
[https://dd-wrt.com/wiki/index.php/Guest_Network See here.]
Sample Startup Script
The following will insert firewall lines into your sample startup script to harden your network edge. This allows WebServer, SSH, IRC, Geth, and Nazara access through the firewall, dropping all others. It also sets up the block chain for Cerberus.
iptables -N severe iptables -I INPUT 2 -i vlan2 -j DROP iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 22 -j ACCEPT iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 80 -j ACCEPT iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 443 -j ACCEPT iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 6641 -j ACCEPT iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 6697 -j ACCEPT iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 9022 -j ACCEPT iptables -I INPUT 2 -j severe iptables -I FORWARD -j severe
}}