Version 1 (modified by rick, 12 years ago) ( diff )


Hybrid Design is an new idea of IRIS which combines all software functions in one unit, instead of having seperate configurations for different units.

Current Status: Pre-Production Testing


  • More flexible software configuration.
  • Only one branch to maintain.
  • Better understanding of the different systems in use.
  • Using less hardware at an location.

Some downsides:

  • Implementation is sometimes not so trivial to understand.

Extra goals:

  • No manual configuration on the nodes anymore, all configuration flags in Gformat.
  • More robust setup (no full file:/var partions anymore).
  • Take better use of available hardware (use buildin standard daemons, instead of the light versions).

Implementation details:

  • An Node can have services, this desides the role and daemons to run.
  • Firewall logic is stored in pf firewall. file:/etc/pf.*.conf
  • Routing table 0, reflect the main function of the machine (e.g. how clients uses the machine).
  • Routing table 1, is an shadow routing table with an default gateway pointing to the directly connected route.
  • file:/tools/check-inet-alive enables or disables services which reflects the current state of the inet connection.
  • Useless traffic is blocked/rejected as soon as possible.

Current Roles:

  • service_proxy_ileiden = Outgoing NAT Router.
  • service_proxy_normal = Outgoing HTTP Proxy.
  • service_access_point = Accesspoint with Captive Portal.
  • service_incoming_rdr = Incoming NAT/RDR Router.

To-Be-Implemented Roles:

  • service_openvpn_server = Incoming OpenVPN Server.
  • service_openvpn_client = Outgoing OpenVPN Client.
Note: See TracWiki for help on using the wiki.