notes:
x reflector setup at nac
- stuff: gaffers tape, masking tape, sharpies, composition notebook, wireties,
  power strips, rj45s.
- mark up floorplan with ip addresses and locations of gear

+ public2 = webserver / ftp server : Newby's sparc:
 - standard services cleanup:
  - mkdir rc.old ; find rc.* | cpio -vdump rc.old
  - rm rc*/*{lp,sendmail,rpc,nfs*,yaddayadda}
 - add ssh, apache, gnu tools, bind,
 - ncftpd
  - anonymous
 - ssh for web user
 - squid?

+ public3 
 - dhcpd?

+ public1 = shell box
 - standard services cleanup:
  - mkdir rc.old ; find rc.* | cpio -vdump rc.old
  - rm rc*/*{lp,sendmail,rpc,nfs*,yaddayadda}
 - add ssh, apache, gnu tools, bind,

* web content
 - permit only from internal hosts, deny from outside
 - on outside, deny from outside, allow from all
 - redirect from internal IP's to internal webserver
 - incident handling.

+ streaming
 - reflector access: joec@nac.net

+ core bridge:
 - dhcpd, pump up nmbclusters
 - redirect port 23 to 2023 on sparc with banner "dont telnet, or if you must
   use port 3123"
 - redirect 3123 to port 23
 - redirect port 80 to squid proxy
 - redirect port 443 to squid proxy

+ ip addressing: 64.21.128.0/22

/22 = 
 .128.0/26   = core
  .128.0/29  = uplink, ids
  .128.1     = pub1
  .128.2     = pub2
  .128.3     = pub3
  .128.4     = 
  .128.5     = 
  .128.6     = router
  .128.8/29  = management (our laptops)
  .128.13    = csw1 (summit 48)
  .128.14    = csw2 (summit 24)
  .128.16/28 = internal services
  .128.17    = APschuy
  .128.18    = APptopn
  .128.19    = APptops
  .128.20    = APstop
  .128.21    = wms1
  .128.22    = wms2
  .128.23    = wms3
  .128.24    = wms4
  .128.25    = wms5
  .128.26    = AP
  .128.27    = AP
  .128.28    = AP
  .128.29    = AP
  .128.30    = AP
  .128.32/27 = free (schuyler?)
 .128.64/26  = penntop north wireless
 .128.128/26 = penntop south wireless 
 .128.192/26 = skytop wireless
 .129.0/24   = public area
 .130.0/25   = ptc
 .130.128/25 = wireless
 .131.0/24   = wireless

+ dns
 .con.h2k2.net		= zone

 pub1			= sunblade
 pub2			= sunblade
 pub3			= netbsd + ipf + bind 9.2.1 + dhcp
 
 ans1			= pub1
 rns1			= pub2
 rns2			= pub3

 www, ftp, proxy	= cnames to public1
 network devices	= int1, csw1, csw2, 
 workstations		= ipXXXXXXXX.con.h2k2.net
                        = txt records stating
                          "To report abuse visit www.h2k2.net"
 
+ ip protection.
 * fact sheets for ipsettings.
  - DNS
  - routers
  - base stations
  - mac addresses for all of them.

+ internet uplink
 - 1) 
 - 2) 22, 23, 25, 443, 993, 995, 465
 - 3) all else