From Hack Manhattan Wiki
Revision as of 02:51, 26 June 2019 by Beadsland (Talk | contribs) (Static IP allocations (as of 2019-04-17))

Jump to: navigation, search


Operations Contact List

Name Email Phone
Hack Manhattan Space VoIP Phone info@hackmanhattan.com +1-646-513-4503


Every board member should have access to most of the relevant passwords. Some passwords for financial accounts are only held by a couple of board members.


At the moment only guan, rmd6502, and jacolatern have AFRefiorstv mode on #hackmanhattan on Freenode. obscurite has fo but that's a really weird setup.

Out of House Infrastructure and Utilities

Verizon FiOs

The building pays for 150/150 Mbps at $200 monthly.

Digital Ocean

We have a virtual machine with Digital Ocean. Backups are done with ? (I can't hear Guan over all this noise and heard something along the lines of dupe or rsync or something with two machines). This machine runs our website, wiki, building website, building wiki, and mailing lists. This is accomplished with a traditional LAMP stack (Apache, MySQL/MariaDB, PHP). We accomplish having multiple websites on the same host with Nginx. The machine's IP is The typical username is hackmanhattan apparently. hackmanhattan.com points to a WordPress installation. wiki.hackmanhattan.com is a MediaWiki installation. ratpark.nyc is also another WordPress setup. wiki.ratpark.nyc is of course, MediaWiki. list.hackmanhattan is Postfix and Mailman, for mailing lists.

members.hackmanhattan.com, our in-house payment system, is a custom ?. For some reason list.hackmanhattan.com responds to requests to that hostname. Why?


So we have SSL certs for every hostname currently involved except for ratpark.nyc, which keeps presenting hackmanhattan.com's instead. They're issued by Comodo. I would've thought we'd have had wildcard card certs for both major domains but apparently this is not the case (for *.hackmanhattan.com and *.ratpark.nyc).

Google Apps

@hackmanhattan.com (and therefore not @list.hackmanhattan.com) addresses are with Google Apps.

Network Infrastructure

Static IP allocations (as of 2019-04-17)

Sorted by IP.

: Hesiod enabled. i.e. if you have a hesiod dns record set (ask mz) you can log into all these machines with centralised credentials.

Assigned by DHCP

Hostname IPv4 address MAC address Device Maintainer Comment Location
space.hackmanhattan.com 64:70:02:77:ec:e0 TP-Link TL-WDR4300 v1 mz-ish & Guan-ish & Beadsland-ish Network cubby
137W14 e8:de:27:f9:cc:27 TP-LINK WR841N citybadger Harry Potter Closet
brother-printer 30:05:5c:f6:35:db Brother HL-L2380DW N/A Under the tool shelf
chromecast 48:d6:d5:39:28:f8 Chromecast (not 4K) mz Shows our space dashboard Attached to the TV by the desks
buzzer-pi-shop ⁂ b8:27:eb:b4:da:cb RaspberryPi jay-ish & mz-ish & beadsland-ish By the shop buzzer, showing the dashboard
hydrocontroller ⁂ b8:27:eb:5e:c5:bc RaspberryPi jay On the roof
octoprint-main ⁂ b8:27:eb:38:84:a2 RaspberryPi jay-ish & mz-ish By the 3D printer table
rfid-access-space 64:cf:d9:fd:42:93 BeagleBone Black mz & Guan Attachted to the back of the space door
rfid-access-building 64:cf:d9:fd:23:00 BeagleBone Black mz & Guan Also hosts the door camera Building door, top right when you enter
voip-phone 00:0b:82:4d:a0:6c Grandstream GXP1400 Guan Under the network cubby
voip-elevator 00:0b:82:47:26:30 Grandstream HT701 Guan Elevator shaft shed on the roof
voip-grandstream 00:0b:82:ad:e8:21 Grandstream HT814 Guan & mz Phone gateway for teletron8000 In the network cubby
bricolage 98:90:96:d0:63:4a Dell Optiplex 9020 Beadsland & jay-ish On the shelf by the window
box0rs f0:de:f1:03:00:0f Lenovo T410 mz In the network cubby
teletron8000 ⁂ 00:16:3e:5e:e2:ee box0rs Guan-ish & mz-ish asterisk server hosting the phone project

Note: there used to be no system with regards to how these IPs are assigned, it was basically just whatever DHCP first gave these machines made permanent through OpenWRT's LuCI. New devices ought to be assigned to up to

Static configurations

Hostname IP address MAC address Device Maintainer Comment Location
ap-west 30:b5:c2:b2:76:3a TP-Link Archer C7 mz-ish AP/switch for WPA2-PSK mounted on the left side of the tool shelf
ap-elevator-shaft 64:66:b3:c6:f1:d4 TP-Link TL-WDR4300 v1 Guan-ish & mz-ish AP/switch for the rooftop Inside the elevator maintenance shed
3rdfloor 64:66:b3:fa:af:c4 TP-Link TL-WDR4300 v1 Guan-ish & mz-ish AP/switch for the 3rd floor 3rd floor, left from the office hallway door
wrtnode-webcam 64:51:7e:80:06:d6 WRTNode Guan-ish & mz-ish Hanging by the cubby power strip

Not integrated in our normal network

Hostname IP address MAC address Device Maintainer Comment Location 64:d1:54:ad:12:04 MikroTik SXTsq 5 ac N/A (yet) For potential LinkNYC uplink Mounted on the satellite dish on the rooftop

Notes about subnets, routes and DHCP

Since bo.x0.rs provides its own,,, and subnets, it essentially acts as a second router. Hence, we send out classless static routes via DHCP to make sure none of the clients run into problems and the containers can identify which device is talking to them. This also means static routes are set on the router, plus the necessary DHCP-options may be found in LuCI: Network -> Interfaces -> lan -> DHCP -> Advanced -> DHCP Options.

Since the spec says to ignore the default route packet if classless static route options are seen, we include the default route in the static routes we send out.

Dynamic allocations start at

Approximate Network Hierarchy (as of 2018-04-25)

Bold entries provide wired or wireless network connectivity to other physical devices. Non-permanent infrastructure and WiFi devices not listed.

  • Router
    • box0rs
    • West Switch
      • bricolage
      • brother-printer
      • octoprint-main
      • Windows Tower (not a hostname)
      • West Access Point
        • foo (Experimental router to replace our current one)
          • ap-foo
    • Network Cubby 24 Port Switch
      • cnc
      • voip-phone
      • buzzer-pi-shop
      • wrtnode-webcam
      • rfid-access-space
      • voip-teletron8000
        • teletron8000 line 1 (Microwave - Dungeon)
        • teletron8000 line 2 (Desk - Get Human)
      • North Switch
        • Basement (NAT, not our responsibility)
      • Hallway Switch
        • rfid-access-building
        • 137W14 (NAT, not our responsibility)
        • 3rdfloor Access Point & Switch
      • ap-elevator-shaft Access Point & Switch
        • MikroTik SXTsq 5 ac (WAN port)
        • voip-elevator
          • Elevator line
          • Rooftop elevator shaft shed line
Outdated-content.png The content of the following article/section isn't up to date.
If you have some spare time, please consult the usual suspects and help update it!

IP and DHCP Information (Old-ish)

The previous plan called for a private Class A block (10/8). After much thought, it was decided this was unreasonable.

This new plan will use a Class C subnet: This gives us a theoretical maximum of 510 IPs. The main router also handle DHCP requests for both wired and wireless clients, assigning IPs from the range to Wired and wireless machines will be able to set up static IPs in the to range. Sure, one could set up VLANs, but since we don't intend on complicating our setup, a /23 is a reasonable thing to do.

Information for statically assigned IPs.
Variable Value Comment
IP Address n/a Be allocated one. Typically incremental. See the allocation table.
Subnet Mask

Machine and IP Allocation Table (Old)

IP Hostname Device Maintainer Comment (Location)
n/a n/a Alcatel I-211M-K Operations ONT and Modem for Verizon FiOs rtr1.ratpark.net TP-Link TL-WDR4300 v1 Operations Main router. Also does DNS, DHCP. Channel 1. Nonstandard port for external connections. Nonstandard password. (Hack Manhattan)
n/a n/a Netgear JGS516 Operations 16 Port Gigabit Switch
n/a n/a  ? Operations 8 Port Switch
n/a n/a  ? Operations 4 Port Switch rtr2.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (2rd Floor Hallway) rtr3.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 6. (3rd Floor Hallway) rtr4.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (Elevator Machine Room)
surv-frontdoor.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (First Floor)
surv-main.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (Hack Manhattan)
wrtnode-hmdoor.ratpark.net WRTnode? Guan Yang Controls door strike. (First Floor)
octopi.ratpark.net Raspberry Pi Allows for unattended (no computer needed) printing. Username hackmanhattan. Canonical password. (Hack Manhattan)
boiler-wired.ratpark.net WRTnode Guan Yang Boiler controller and sensor. Is it still in use? (Where in the 3rd floor is the boiler?)
hackmanhattan.club  ? Guan Yang Is it still in use? (Where is it?)
wr703n.ratpark.net TP-Link TL-WR703N  ? We definitely do not need this. (Hack Manhattan)
quinn.ratpark.net What is this? (Where is it?)
ai-stem.ratpark.net What is this? (Where is it?)
kiosk.ratpark.net What is this? (Where is it?)
 !?!?!? The list goes on and on. Operations DHCP Allocation Block Operations Broadcast

Network Diagram


|(physical port on parent_device)-(physical port on child_device)child_device

null can be used where applicable (device only has 1 port, etc.)
? can be used for incomplete data that could not be obtained due to security reasons or other.

             |(1)-(1)jgs516 # Netgear JGS516
                     |(7)-(null)big-box # Octopi, Big-Box, and Backup_Terminal
                     |(8)-(8)teg580g # Treadnet TEG-580g 8 port switch on Laptopia
                     |(9)-(null)gxp400 # IP Phone
                              |(2)-(1)rtr3 # light pink cable that gets painted over on it's way up
                                      |(2)-(null)wrtnode # boiler wrtnode
                              |(3)-(?)firstfloor # goes into box, don't want to break it open
                              |(4)-(null)null # long blue cable that goes to nothing
                              |(wan)-(5)tlsg1005d # TP-Link TL-SG1005D
                                        |(4)-(null)ds215j # Synology DS215j
                                        |(1)-(null)null # goes into gray cable that goes to nothing
                              |(2)-(null)null # black cable, goes to front of building
                              |(3)-(null)gx # grandstream telephone line modem/device, need model number
                              |(4)-(null)null # short blue cable, goes to nothing

I'm not going to use proprietary diagramming tools or bother writing some script to graph this. Text is enough and more than sufficient for our purposes.


Fiber Modem
  |-Netgear JGS516
    |-IP Phone
    |-8 Port Switch On Laptopia
    |-Area with octopi, bigbox, and backup terminal?
    |-First Floor 4 Port Switch
    |-Stuff in the boiler room?
    |-Stuff in the elevator machine room?

Security and Liability

It would be in our best interests to not homebrew hardware and instead use known commercial hardware. Ubiquiti comes to mind. They have the Unifi series of cameras, the UVC-Micro, UVC, UVC-Dome, and the UVC-Pro. One would use their appliance, which they provide free access to the packages for so you don't need to buy their hardware appliance and instead deploy it on your own machine.

Given that the UVC and the UVC-Micro run for ~100 each, it'd be great to cover the first floor, space, machine area, and roof with them. A separate webcam would be used for the public space webcam, and access to the appliance would be limited to the board and trusted members of the space. For about 400 dollars, we can cover the four spaces and we're not locked into some crappy online "cloud"-based DVR system.


  • 2016-05-31: The space VoIP phone was reported to have no networking. A troubleshooting monkey was dispatched, and it was found that if one plugs said phone in the inappropriate holes, it will not work. RESOLVED.
  • 2016-05-23: Since our wrtnodes that run our streams operate within that band, our space stream was no longer accessible (but the front door still was?). This has been rectified by having it connect as a client to a different access point. Resolved.
  • 2016-05-23: Whilst performing hotfixes to rectify the 2016-05-23 network problem, one of our volunteer monkeys disabled the wireless interfaces on our space access point, and they are currently still down. Whack the main space stream once this is fixed. UNRESOLVED.
  • 2016-05-23: A building community member reported failure to obtain a DHCP lease on all over our access points' 2.4 GHz networks, which is extremely odd since they're all on the same VLAN and on the same hardware as their 5GHz radio interfaces. Regardless, volunteers attempted to look at the problem, which was magically gone by 2016-05-27. Unable to reproduce. Resolved.