diff options
| author | arf20 <aruizfernandez05@gmail.com> | 2023-09-05 13:51:59 +0200 |
|---|---|---|
| committer | arf20 <aruizfernandez05@gmail.com> | 2023-09-05 13:51:59 +0200 |
| commit | c5caae84a9bad417e778ebf778658ff5453c4375 (patch) | |
| tree | fe7decc022947297712adf5bae34035263fa1e30 | |
| download | arfnet2-c5caae84a9bad417e778ebf778658ff5453c4375.tar.gz arfnet2-c5caae84a9bad417e778ebf778658ff5453c4375.zip | |
Initial commit
| -rw-r--r-- | arfnet2.md | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/arfnet2.md b/arfnet2.md new file mode 100644 index 0000000..742a4bc --- /dev/null +++ b/arfnet2.md @@ -0,0 +1,57 @@ +# ARFNET2 deployment + +Stage 1, very safe + - Close all ports + - Nuke (or stop) all old VMs (exclude OPNSense) + - Make DMZ + - Make the following ones (cloning deb12 template) + - Open following ports + +## Networks + - DMZ VLAN 4 192.168.4.0/24: Services and management + - LAN VLAN 5 192.168.5.0/24: Clients + +## Hosts + - server (...) + - desktop .8 + - raspi .14 + +## Management + - server iDRAC .5 + - Proxmox .4 + - OPNSense .1 + - switch .2 + - WAP .3 + - printer .7 + +## VMs and services +All VMs must run the wazuh agent + +### OPNSense .1 + - (routing) + - SSH + - DHCP + - DNS + - OpenVPN + - IPsec + +### NAS .9 +RAID attached here (with the grey stuff) (local only) + - SSH + - NFS + - Samba + - DLNA + +### wazuh .10 + - SSH + - wazuh + +### web .6 + - SSH + - nginx (static only site, isolated from NAS) + +## Port forwards + - SSH -> somewhere possibly not a machine with services just to be sure? + - OpenVPN -> opnsense + - HTTP/S -> web + |