[Raion]

Let's share (some) of our home network setups. 

What I mean by this is our hostnames, topology etc. that our systems all connect into so we can pass around ideas of security and safety, as well as spitball at each other regarding our setups:

So my network is technically split in two. One half goes to the business next door (I live in a duplex) and the other half goes to me. 

I have changed some details in case someone gets a funny idea of trying to port scan me. 

So here's the WAN:

Modem (Atlantic Broadband-provided)
|
|
|
Router (EdgeRouterX)
VLAN 0 (My network, on 192.168.0.0/23 & 192.168.2.0/24)   VLAN 1 (Business network, 10.10.0.0/23) Unknown Network
|
|
|
|
|
Yomi (My storage server and second defensive server) FreeBSD 12.1
|
|
|
|
Zelan (Jumpstation and webserver running NetBSD 9 on RPi3B)
Switch 0                                           Switch 1
|                                                        |
|                                                        |
Main Systems                                  Vintage Systems
|           |             |                                  |
|           |             |                                  |
Asuka  SHODAN  Cisna                      SGI Origin 350 (Kanna, Acts as a build server and gatekeeper/router to the other SGIs)
FreeBSD Windows  Mac                      |                                                 |
Desktop  Desktop  Desktop                 |                                                 |
                                              Scinfaxi and Hrimfaxi                     Everything Else
                                              IRIX 6.5.22 Challenge S                  |                   |
                                                                                       |                   |
                                                                                         Murasaki            Passionlip, Takemikazuchi and Kafuru
                                                                                         Tezro                Onyx2        Octane2 600  Octane2 400

Zelan does have a direct line to everything below it. But again, you're not gonna get through to my network with such vague info.

Image below of what it looks like in case your monitor fucks up.

[GeekLucanis]

Mine is rather quick
I have the ISP provided FTTN Pace router (abolute shit), disabled the wifi on it and placed it in DMZ mode.
|
|
I have a PFsense firewall providing DHCP and AES-NI Crypto. It's the only thing connected to the ISP router
|
|
I have a Netgear 24 port switch giving hard lines to everything on My Wife and I's desks, and 2 APs- Asus RT68U and Apple Airport.
|
|
Everything is connected over hard line or wifi through the switch, including vintage machines.

[jan-jaap]

I've got FTTH terminating in my utility cabinet (750/750Mb/s). This hooks into the WAN port of my pfSense router box (pcEngines APU2C4).

There's a real DMZ where my world visible web server (Jetway system) lives, and a LAN port. My LAN is segmented using VLANs. I have VLANs for 'regular' LAN, administrative ports (IPMI, admin interfaces of routers, PDUs, etc). I have a VLAN for my SGIs and some others (a guest network, IoT etc). I have managed switches everywhere.

The pfSense box is what guards access to/from these segments, and what's allowed (the SGI segment allows older, insecure protocols for example, and only a few systems have access from LAN to the admin segment).

I have an FDDI fiber network segment with a dozen or so SGIs connected. I have yet another low power Linux PC acting as a router between the SGI VLAN and the FDDI segment.

When I moved into my current computer room I decided to wire *everything*. Ethernet, serial consoles, FC, FDDI, if a system has it it's wired. In retrospect, that was a pretty crazy plan. The wiring in the room is in now and terminates at a small 4U patch panel behind the 19" rack. We're talking about ~ 70 network/serial cables on 2x 48port patch strips, and ~ 30 FC/FDDI fiber ports on 2 patch strips. Since I have to move the rack to get behind it, there's a fat "umbilical cord" from the patch panel to the rack. Right now I'm busy wiring everything in the rack.

Here are some pictures as a warning should you ever consider something like this:


Patch panel. The fibers still need to be done, to the right the cables headed for my desk area. There's normally a floor panel covering that.


19" Rack, back side, lower half. You're looking at the back side of some disk arrays and my SAN. To the right power distribution. Normally there are panels covering the rack but I removed them while I'm working on it.


19" Rack, front side, lower half. My server (with the lights), space for the O350, a TP9100, an IBM DS4000 SAN with expansion bay and a DELL SCSI array in the bottom.


Rack, top half, inside. Under construction, total cable madness. You can spot the back sides of two Netgear 24 port managed switches, a Brocade SAN switch, a Cyclades port server and a Cisco WS-C1400 FDDI concentrator.

On the shelf the FDDI bridge PC, the purple blob in the background is my Tezro.

It's going to take me a few more weeks to complete this wiring project, by then I'll maybe post some glamour shots.

There are other things going on like intrusion detection, cameras and an alarm system, details of those I will keep to myself for obvious reasons.

[shrek]

To put it nicely my networking setup is shit-tier. A four year old could do better. It's around $50 worth of hacked together TP-Link garbage and Chinese cables all the way down.