# 🌐 Network Map & Topology **Last Updated:** October 31, 2025 **Network Range:** 192.168.68.0/22 **Maintained By:** Weston --- ## πŸ“Š Quick Reference | Device | IP Address | Purpose | |--------|-----------|---------| | **TP-Link Router** | 192.168.68.1 | Gateway, DHCP, Mesh Primary | | **Foxtrot (Gaming PC)** | 192.168.68.50 | Workstation | | **Unraid Server (Tower)** | 192.168.68.51 | Main infrastructure | | **PiKVM** | 192.168.68.53 | Server out-of-band management | | **Pi-hole (Pi Zero 2W)** | 192.168.68.61 | DNS + Ad-blocking + Unbound | | **Code-Server VM** | 192.168.68.70 | Ubuntu headless + VS Code | | **TP-Link Mesh Node** | 192.168.71.250 | Office WiFi extender | --- ## πŸ—ΊοΈ Physical Network Topology ``` Internet β”‚ β”‚ (WAN) β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ TP-Link Routerβ”‚ β”‚ 192.168.68.1 β”‚ β”‚ (Mesh Primary) β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ (LAN - Mesh Network) β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”‚TP-Link β”‚ β”‚ Unraid β”‚ β”‚Pi Zero β”‚ β”‚Mesh Node β”‚ β”‚ Server β”‚ β”‚Pi-hole β”‚ β”‚ .71.250 β”‚ β”‚ Tower β”‚ β”‚Unbound β”‚ β”‚ (Office) β”‚ β”‚ .68.51 β”‚ β”‚ .68.61 β”‚ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”΄β” β”Œβ”€β”΄β”€β”€β”€β”€β” β”Œβ”€β”΄β”€β”€β” β”‚ β”Œβ”€β”€β”΄β”€β”€β”€β”€β” β”‚Foxtrotβ”‚Laptopβ”‚ β”‚PiKVMβ”‚ β”‚ β”‚VM: β”‚ β”‚Gamingβ”‚(WiFi)β”‚ β”‚.68.53β”‚ β”‚ β”‚Code β”‚ β”‚ PC β”‚ β”‚ β”‚(Directβ”‚ β”‚ β”‚Server β”‚ β”‚.68.50β”‚ β”‚ β”‚to Svr)β”‚ β”‚ β”‚.68.70 β”‚ β””β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”˜ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ (Server VMs) ``` --- ## πŸ–₯️ Unraid Server Virtual Network ``` Physical: eth0 (2.5GbE) β†’ bond0 β†’ br0 (192.168.68.51) β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”‚ VMs β”‚ β”‚ Docker β”‚ β”‚ Tailscale β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ VPN β”‚ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ 100.122.220.126 β”‚ β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β” β”‚ docker0 β”‚ β”‚Code-Srvr β”‚ β”‚172.17.0.1β”‚ β”‚ .68.70 β”‚ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜ β”‚ (Ubuntu) β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”Œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”΄β” β”Œβ”€β”΄β”€β”€β” β”Œβ”€β”€β”€β”΄β”€β”€β” β”Œβ”€β”΄β”€β”€β”€β” β”‚open-β”‚ β”‚NPM β”‚ β”‚Gitea β”‚ β”‚Guac β”‚ β”‚webuiβ”‚ β”‚ .4 β”‚ β”‚ .3 β”‚ β”‚ .2 β”‚ β”‚ .5 β”‚ β””β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”˜ ``` --- ## πŸ“ Complete IP Address Table ### Infrastructure & Services | Device/Service | IP Address | MAC | Type | Notes | |---------------|-----------|-----|------|-------| | **TP-Link Router** | 192.168.68.1 | - | Physical | Gateway, DHCP, primary mesh | | **Foxtrot (Gaming PC)** | 192.168.68.50 | - | Physical | Workstation, static IP | | **Unraid Server** | 192.168.68.51 | 58:47:ca:7b:97:b0 | Physical | Main server, static IP | | **PiKVM** | 192.168.68.53 | - | Physical | Direct to server, management | | **Pi-hole (Pi Zero 2W)** | 192.168.68.61 | - | Physical | DNS/ad-block/Unbound, static | | **Code-Server VM** | 192.168.68.70 | - | Virtual | Ubuntu + VS Code, KVM/QEMU | | **Laptop** | DHCP | - | Physical | Mobile device, WiFi | | **TP-Link Mesh Node** | 192.168.71.250 | - | Physical | Office WiFi extender | ### Docker Containers (172.17.0.0/16) | Container | Docker IP | Host Port | Purpose | |-----------|-----------|-----------|---------| | **ApacheGuacamole** | 172.17.0.2 | 4000 | Remote desktop gateway | | **Gitea** | 172.17.0.3 | 3002, 22 | Git server | | **NginxProxyManager** | 172.17.0.4 | 1880, 7818, 18443 | Reverse proxy | | **open-webui** | 172.17.0.5 | 3000 | LLM interface | | **Cloudflared** | 172.17.0.6 | 46495 | Cloudflare tunnel | | **Vaultwarden** | 172.17.0.7 | 4743 | Password manager | ### VPN | Service | IP | Network | Purpose | |---------|----|---------| --------| | **Tailscale** | 100.122.220.126 | 100.64.0.0/10 | Secure remote access | --- ## 🌐 Network Details **Subnet:** 192.168.68.0/22 **Netmask:** 255.255.252.0 **Usable Range:** 192.168.68.1 - 192.168.71.254 (1022 hosts) **Gateway:** 192.168.68.1 **Primary DNS:** 192.168.68.61 (Pi-hole) **Secondary DNS:** 9.9.9.9 (Quad9) **Broadcast:** 192.168.71.255 --- ## πŸ”Œ Port Reference Guide ### Unraid Server Ports | Service | Port | Protocol | URL | |---------|------|----------|-----| | **Unraid WebUI** | 80 | HTTP | http://192.168.68.51 | | **Unraid SSL** | 443 | HTTPS | https://192.168.68.51 | | **SMB** | 445 | TCP | \\\\192.168.68.51 | | **SSH** | 22 | TCP | ssh root@192.168.68.51 | ### Container Access | Service | URL | Port | Notes | |---------|-----|------|-------| | **open-webui** | http://192.168.68.51:3000 | 3000 | LLM chat interface | | **Gitea** | http://192.168.68.51:3002 | 3002 | Git web UI | | **Gitea (domain)** | https://gitea.segelschiff.app | 443 | Via Cloudflare | | **NPM Web** | http://192.168.68.51:1880 | 1880 | Proxy frontend | | **NPM Admin** | http://192.168.68.51:7818 | 7818 | Management UI | | **Guacamole** | http://192.168.68.51:4000 | 4000 | Remote desktop | | **Vaultwarden** | http://192.168.68.51:4743 | 4743 | Password vault | ### Infrastructure Access | Service | URL | Default Port | |---------|-----|--------------| | **PiKVM** | https://192.168.68.53 | 443 | | **Pi-hole Admin** | http://192.168.68.61/admin | 80 | | **Code-Server** | http://192.168.68.70:8080 | 8080 (typical) | --- ## πŸ›‘οΈ DNS Configuration **Primary:** Pi-hole (192.168.68.61) - Ad-blocking - Local DNS records - Query logging - DHCP relay **Upstream:** Unbound (same device) - Recursive DNS resolver - No forwarding to ISP - Privacy-focused - DNSSEC validation **Resolution Flow:** ``` Client β†’ Pi-hole (192.168.68.61) β†’ Unbound β†’ Root Servers ``` **Fallback:** 9.9.9.9 (Quad9) - Privacy-respecting public DNS --- ## 🌐 Remote Access ### Cloudflare Tunnel ``` Internet β†’ Cloudflare Edge β†’ Tunnel β†’ NPM β†’ Services ``` - **Domain:** *.segelschiff.app - **Services Exposed:** Gitea (and others via NPM) - **Benefits:** No open ports, DDoS protection, SSL - **Container:** Cloudflared (172.17.0.6) ### Tailscale VPN ``` Remote Device β†’ Encrypted Tunnel β†’ Unraid (100.122.220.126) ``` - **Network:** 100.64.0.0/10 (CGNAT) - **Protocol:** WireGuard - **Benefits:** Zero-trust, peer-to-peer, NAT traversal - **Access:** Full homelab as if local --- ## πŸ“Š Network Performance | Link | Capacity | Usage | Status | |------|----------|-------|--------| | **Unraid NIC** | 2.5 Gbps | <1% | Underutilized | | **Mesh Backhaul** | Unknown | Unknown | Check model specs | | **Internet WAN** | Unknown | Unknown | ISP dependent | **Observed (eth0):** ~2 Mbps average = 0.08% of 2.5G capacity --- ## πŸ”§ Troubleshooting Commands ### Connectivity Tests ```bash # Test key infrastructure ping 192.168.68.1 # Router ping 192.168.68.51 # Unraid ping 192.168.68.61 # Pi-hole ping 192.168.68.70 # Code-Server VM ping 8.8.8.8 # Internet # DNS tests nslookup google.com 192.168.68.61 # Test Pi-hole dig @192.168.68.61 example.com # Detailed DNS query ``` ### Network Status (from Unraid) ```bash # Interfaces ip addr show ip link show # Routes ip route show # Active connections ss -tulpn # Docker networks docker network ls docker network inspect bridge ``` ### VM Network (Code-Server) ```bash # List VMs virsh list --all # Get VM IP virsh domifaddr # VM network info virsh net-info default ``` --- ## πŸ“ Recommendations ### Security 1. ⚠️ **Separate Gitea SSH port** - Currently conflicts with Unraid SSH (both port 22) 2. ⚠️ **Implement VLANs** - Segment management/services/workstations 3. ⚠️ **Firewall hardening** - Move from ACCEPT-all to explicit rules ### Performance 1. Monitor mesh performance between nodes 2. Document ISP speeds and plan accordingly 3. Consider 10GbE upgrade path (future) ### Documentation 1. βœ… Document Code-Server VM configuration 2. βœ… Record TP-Link mesh model and capabilities 3. βœ… Map exact ISP speeds and plan --- **Last Updated:** October 31, 2025 **Next Review:** When network topology changes **Quick Access:** See README.md for service URLs