This is the main point of ingress into the UTAT network. It’s a Ubiquiti EdgeRouter X.
| Port | Device |
|---|---|
| eth0 | Myhal Internet |
| eth1 | DellPrecision |
| eth2 | CADMachine |
| eth3 | N/C |
| eth4 | N/C |
Found at Services → DHCP Server. We use the UTAT_LAN server, which provides addresses on 10.0.1.2-149. Note that this is NOT what gives out IPs for the VPN — this is just for devices that are physically wired into the network.
DNS is given as the EdgeRouter, and the domain is in.utat.space. The DNS resolver is set to dnsmasq which allows for resolution of local hostnames.
There are a few devices with a devices with a static DHCP allocation:
Static DHCP allocation as of May 2024
For custom services, a DNS entry should be put in Config Tree → System → static-host-mapping.
For each target IP, a host should be made, with aliases to this address. This way, a single host (i.e. utat-server @ 10.0.1.150) can have multiple FQDNs pointing to it, so that a reverse proxy can reroute as needed.
Port forwarding can easily be done using Firewall/NAT → Port Forwarding. The challenge is convincing Myhal to open the ports!
Myhal controls both inbound and outbound ports, which is fairly restricting. Here’s what we have:
| Port | Direction |
|---|---|
| 80/tcp (HTTP) | Outbound |
| 53/tcp (DNS) | Outbound |
| 123/udp (NTP) | Outbound |
| ICMP | Outbound |
| 443/tcp (HTTPS) | In/Out |
| 1194/udp (OpenVPN) | In/Out |
Any further ports need to be requested through the IT helpdesk: https://uthrprod.service-now.com/engineering. Make sure to mention that we’re in MY618 and that we’re UTAT, that we’ve previously gotten port allocation, and a good reason why we need more ports. They’ll take a while to get it going (if ever), so don’t wait to make your requests!
Since we are not guarenteed a static IP from Myhal, the EdgeRouter updates DuckDNS (a dynamic DNS service) with its current public IP. From there, external DNS services point to the DuckDNS FQDN (spacesys-utat.duckdns.org) which will resolve to our current public IP.
