User:John/FreedomBox/Network architecture

From ProgClub
Jump to: navigation, search

Some notes about fbx network architecture.

Use case

User wants to register their fbx on their existing domain name on their static home IP address

Prerequisites:

  • user has a domain name registered (example.com)
  • user has DNS hosting and nameservers configured
  • user has access to do web based configuration of their DNS settings
    • note: in future we might be able to do for them via API from DNS hosting services
      • we could enumerate a list of supported providers (possibility for paid placement)

Out of scope:

  • no IPv6 configuration yet (we can add later)

Process:

  1. tell user to access http://freedombox.local/ (*not* https://freedombox.local/) after pluging in power and network then booting
  2. get the user to pick an IP address, subnet mask, and gateway for their fbx on their LAN
    • they will currently have a DHCP allocated address but as we can't ensure that IP will be constant/reserved (it's probably not) we want a static IP instead
  3. reconfigure fbx with nominated static IP address (192.168.0.2), netmask (255.255.255.0) and gateway (192.168.0.1)
    • don't release the DHCP address (192.168.0.123), the server will have two IP addresses during this process
  4. when static IP address settings are valid/successful:
    1. add firewall rule to block port 8080 access from all addresses other than current client IP address (the rest of the configuration will need to be completed from the same client)
      • this could be relaxed to blocking only gateway/router
    2. HTTP redirect over to the static IP address on port 8080 at e.g. http://192.168.0.2:8080/
  5. get the user to pick a DNS service:
    • their broadband router probably proxies to their ISP DNS resolvers so we could default to that, e.g. 192.168.0.1
    • 1.1.1.1 and 1.0.0.1 as fall back
    • 8.8.8.8 also an option
    • DNS resolver is another possibility for paid placement
  6. ask the user to tell us thier domain name, e.g. 'example.com'
  7. ask user to pick a hostname at their domain, we recommend 'fbx'.
    • note that what we want is one single global unambiguous well-branded hostname for this fbx and something in the form 'fbx.example.com' is ideal
    • note that support for other domain aliases such as 'www.example.com' or 'blog.example.com' etc can be added later at the user's option
  8. tell the user to add an A record for 'fbx' for their public IP address.
    • we could offer to auto-detect public IP address
  9. configure the local Bind9 server with DNS resolver nominated above
  10. configure the local Bind9 server with an A record for 'fbx.example.com' to point to 192.168.0.2

User wants to register their fbx on a new domain name on their static home IP address

User wants to register their fbx on their existing domain name on their dynamic home IP address

User wants to register their fbx on a new domain name on their dynamic home IP address

Email

We might use the default RDNS name as the hostname of our mail server and the hostname for our MX records.

Processes

nmap discovery

Help user discover their fbx IPv4 address using an nmap command such as:

nmap -p 80 --open -sV 192.168.0.0/24

DHCP server status

Help user discover their fbx IPv4 address by reviewing the status of their DHCP server (often in the commodity internet router) and looking for 'freedombox' in the hostname or otherwise just trying allocated IP addresses to "see if they work".