Weston/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Corrected Foxtrot location in network topology

Browse Source 
- Foxtrot now correctly shown in office connected to mesh node
- Office: Mesh node, Foxtrot, Laptop, Pi-hole
- Server room: Unraid, PiKVM (direct), Code-Server VM
This commit is contained in:
weston
2025-11-01 00:31:43 +01:00
parent c30f44b975
commit e768ccb902
1 changed files with 292 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

292
network-map.md Normal file
View File

@@ -0,0 +1,292 @@
# 🌐 Network Map & Topology
**Last Updated:** October 31, 2025
**Network Range:** 192.168.68.0/22
**Maintained By:** Weston
---
## 📊 Quick Reference
| Device | IP Address | Purpose |
|--------|-----------|---------|
| **TP-Link Router** | 192.168.68.1 | Gateway, DHCP, Mesh Primary |
| **Foxtrot (Gaming PC)** | 192.168.68.50 | Workstation |
| **Unraid Server (Tower)** | 192.168.68.51 | Main infrastructure |
| **PiKVM** | 192.168.68.53 | Server out-of-band management |
| **Pi-hole (Pi Zero 2W)** | 192.168.68.61 | DNS + Ad-blocking + Unbound |
| **Code-Server VM** | 192.168.68.70 | Ubuntu headless + VS Code |
| **TP-Link Mesh Node** | 192.168.71.250 | Office WiFi extender |
---
## 🗺️ Physical Network Topology
```
Internet
│ (WAN)
┌───────┴────────┐
│ TP-Link Router│
│ 192.168.68.1 │
│ (Mesh Primary) │
└───────┬────────┘
│ (LAN - Mesh Network)
┌──────────────┼──────────────┐
│ │ │
┌────┴─────┐ ┌────┴─────┐ ┌────┴─────┐
│TP-Link │ │ Unraid │ │Pi Zero │
│Mesh Node │ │ Server │ │Pi-hole │
│ .71.250 │ │ Tower │ │Unbound │
│ (Office) │ │ .68.51 │ │ .68.61 │
└────┬─────┘ └────┬─────┘ └──────────┘
│ │
┌────┼────┐ ┌────┼─────┐
│ │ │ │ │ │
┌────┴┐ ┌─┴────┐ ┌─┴──┐ │ ┌──┴────┐
│Foxtrot│Laptop│ │PiKVM│ │ │VM: │
│Gaming│(WiFi)│ │.68.53│ │ │Code │
│ PC │ │ │(Direct│ │ │Server │
│.68.50│ │ │to Svr)│ │ │.68.70 │
└──────┘ └─────┘ └──────┘ │ └───────┘
(Server VMs)
```
---
## 🖥️ Unraid Server Virtual Network
```
Physical: eth0 (2.5GbE) → bond0 → br0 (192.168.68.51)
┌────────────────────┼────────────────────┐
│ │ │
┌────┴─────┐ ┌─────┴──────┐ ┌─────┴─────┐
│ VMs │ │ Docker │ │ Tailscale │
│ │ │ │ │ VPN │
└────┬─────┘ └─────┬──────┘ └───────────┘
│ │ 100.122.220.126
│ ┌────┴─────┐
┌────┴─────┐ │ docker0 │
│Code-Srvr │ │172.17.0.1│
│ .68.70 │ └────┬─────┘
│ (Ubuntu) │ │
└──────────┘ ┌────┼────────┬──────┐
│ │ │ │
┌────┴┐ ┌─┴──┐ ┌───┴──┐ ┌─┴───┐
│open-│ │NPM │ │Gitea │ │Guac │
│webui│ │ .4 │ │ .3 │ │ .2 │
│ .5 │ └────┘ └──────┘ └─────┘
└─────┘
```
---
## 📍 Complete IP Address Table
### Infrastructure & Services
| Device/Service | IP Address | MAC | Type | Notes |
|---------------|-----------|-----|------|-------|
| **TP-Link Router** | 192.168.68.1 | - | Physical | Gateway, DHCP, primary mesh |
| **Foxtrot (Gaming PC)** | 192.168.68.50 | - | Physical | Workstation, static IP |
| **Unraid Server** | 192.168.68.51 | 58:47:ca:7b:97:b0 | Physical | Main server, static IP |
| **PiKVM** | 192.168.68.53 | - | Physical | Direct to server, management |
| **Pi-hole (Pi Zero 2W)** | 192.168.68.61 | - | Physical | DNS/ad-block/Unbound, static |
| **Code-Server VM** | 192.168.68.70 | - | Virtual | Ubuntu + VS Code, KVM/QEMU |
| **Laptop** | DHCP | - | Physical | Mobile device, WiFi |
| **TP-Link Mesh Node** | 192.168.71.250 | - | Physical | Office WiFi extender |
### Docker Containers (172.17.0.0/16)
| Container | Docker IP | Host Port | Purpose |
|-----------|-----------|-----------|---------|
| **ApacheGuacamole** | 172.17.0.2 | 4000 | Remote desktop gateway |
| **Gitea** | 172.17.0.3 | 3002, 22 | Git server |
| **NginxProxyManager** | 172.17.0.4 | 1880, 7818, 18443 | Reverse proxy |
| **open-webui** | 172.17.0.5 | 3000 | LLM interface |
| **Cloudflared** | 172.17.0.6 | 46495 | Cloudflare tunnel |
| **Vaultwarden** | 172.17.0.7 | 4743 | Password manager |
### VPN
| Service | IP | Network | Purpose |
|---------|----|---------| --------|
| **Tailscale** | 100.122.220.126 | 100.64.0.0/10 | Secure remote access |
---
## 🌐 Network Details
**Subnet:** 192.168.68.0/22
**Netmask:** 255.255.252.0
**Usable Range:** 192.168.68.1 - 192.168.71.254 (1022 hosts)
**Gateway:** 192.168.68.1
**Primary DNS:** 192.168.68.61 (Pi-hole)
**Secondary DNS:** 9.9.9.9 (Quad9)
**Broadcast:** 192.168.71.255
---
## 🔌 Port Reference Guide
### Unraid Server Ports
| Service | Port | Protocol | URL |
|---------|------|----------|-----|
| **Unraid WebUI** | 80 | HTTP | http://192.168.68.51 |
| **Unraid SSL** | 443 | HTTPS | https://192.168.68.51 |
| **SMB** | 445 | TCP | \\\\192.168.68.51 |
| **SSH** | 22 | TCP | ssh root@192.168.68.51 |
### Container Access
| Service | URL | Port | Notes |
|---------|-----|------|-------|
| **open-webui** | http://192.168.68.51:3000 | 3000 | LLM chat interface |
| **Gitea** | http://192.168.68.51:3002 | 3002 | Git web UI |
| **Gitea (domain)** | https://gitea.segelschiff.app | 443 | Via Cloudflare |
| **NPM Web** | http://192.168.68.51:1880 | 1880 | Proxy frontend |
| **NPM Admin** | http://192.168.68.51:7818 | 7818 | Management UI |
| **Guacamole** | http://192.168.68.51:4000 | 4000 | Remote desktop |
| **Vaultwarden** | http://192.168.68.51:4743 | 4743 | Password vault |
### Infrastructure Access
| Service | URL | Default Port |
|---------|-----|--------------|
| **PiKVM** | https://192.168.68.53 | 443 |
| **Pi-hole Admin** | http://192.168.68.61/admin | 80 |
| **Code-Server** | http://192.168.68.70:8080 | 8080 (typical) |
---
## 🛡️ DNS Configuration
**Primary:** Pi-hole (192.168.68.61)
- Ad-blocking
- Local DNS records
- Query logging
- DHCP relay
**Upstream:** Unbound (same device)
- Recursive DNS resolver
- No forwarding to ISP
- Privacy-focused
- DNSSEC validation
**Resolution Flow:**
```
Client → Pi-hole (192.168.68.61) → Unbound → Root Servers
```
**Fallback:** 9.9.9.9 (Quad9) - Privacy-respecting public DNS
---
## 🌐 Remote Access
### Cloudflare Tunnel
```
Internet → Cloudflare Edge → Tunnel → NPM → Services
```
- **Domain:** *.segelschiff.app
- **Services Exposed:** Gitea (and others via NPM)
- **Benefits:** No open ports, DDoS protection, SSL
- **Container:** Cloudflared (172.17.0.6)
### Tailscale VPN
```
Remote Device → Encrypted Tunnel → Unraid (100.122.220.126)
```
- **Network:** 100.64.0.0/10 (CGNAT)
- **Protocol:** WireGuard
- **Benefits:** Zero-trust, peer-to-peer, NAT traversal
- **Access:** Full homelab as if local
---
## 📊 Network Performance
| Link | Capacity | Usage | Status |
|------|----------|-------|--------|
| **Unraid NIC** | 2.5 Gbps | <1% | Underutilized |
| **Mesh Backhaul** | Unknown | Unknown | Check model specs |
| **Internet WAN** | Unknown | Unknown | ISP dependent |
**Observed (eth0):** ~2 Mbps average = 0.08% of 2.5G capacity
---
## 🔧 Troubleshooting Commands
### Connectivity Tests
```bash
# Test key infrastructure
ping 192.168.68.1 # Router
ping 192.168.68.51 # Unraid
ping 192.168.68.61 # Pi-hole
ping 192.168.68.70 # Code-Server VM
ping 8.8.8.8 # Internet
# DNS tests
nslookup google.com 192.168.68.61 # Test Pi-hole
dig @192.168.68.61 example.com # Detailed DNS query
```
### Network Status (from Unraid)
```bash
# Interfaces
ip addr show
ip link show
# Routes
ip route show
# Active connections
ss -tulpn
# Docker networks
docker network ls
docker network inspect bridge
```
### VM Network (Code-Server)
```bash
# List VMs
virsh list --all
# Get VM IP
virsh domifaddr <vm-name>
# VM network info
virsh net-info default
```
---
## 📝 Recommendations
### Security
1. ⚠️ **Separate Gitea SSH port** - Currently conflicts with Unraid SSH (both port 22)
2. ⚠️ **Implement VLANs** - Segment management/services/workstations
3. ⚠️ **Firewall hardening** - Move from ACCEPT-all to explicit rules
### Performance
1. Monitor mesh performance between nodes
2. Document ISP speeds and plan accordingly
3. Consider 10GbE upgrade path (future)
### Documentation
1. ✅ Document Code-Server VM configuration
2. ✅ Record TP-Link mesh model and capabilities
3. ✅ Map exact ISP speeds and plan
---
**Last Updated:** October 31, 2025
**Next Review:** When network topology changes
**Quick Access:** See README.md for service URLs