From e894b4f94f4f4ac33796038b7ee24ecf1940e1b1 Mon Sep 17 00:00:00 2001 From: arf20 Date: Thu, 18 Sep 2025 11:37:36 +0200 Subject: additions --- arfnet2.html | 3865 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 1945 insertions(+), 1920 deletions(-) (limited to 'arfnet2.html') diff --git a/arfnet2.html b/arfnet2.html index 93dcb8a..8b00d6e 100644 --- a/arfnet2.html +++ b/arfnet2.html @@ -23,74 +23,79 @@

ARFNET2 deployment

-

After the disastrous ISP schism

-

Masterplan

-

Stage 1: very safe

- -

Stage 2: new services

- -

Stage 3*: finally

- -

Stage 4: DN42

- -

Stage 5: Telephony - Asterisk - IP phones and ATAs - Trunks; SDF, - Tandmx, uwutel, PSTN

-

Stage 6*: Site B (piso)

- -

Domain

-

arf20.com

-

Registrar: namecheap

-

Name sever glue records - at registrar

- - - - - - - - - - - - - - - - - - - - -
NameserverNameIP
NS1ns1.arf20.com2.59.235.35
2600:70ff:f039:4::13
NS2ns2.arf20.com5.250.186.185
2001:ba0:210:d600::1
-

Networking

-

Hardware

- 
                   WAP
+
After the disastrous ISP schism

+
Masterplan

+
Stage 1: very safe

+
    
+
  • Close all ports
    • 
+
  • Nuke (or stop) all old VMs (exclude OPNSense)
    • 
+
  • Make DMZ
    • 
+
  • Make new basic VMs (cloning deb12 template)
    • 
+
  • Open basic ports
    • 
+

+
Stage 2: new services

+
    
+
  • IONOS VPS for mail
    • 
+
  • Some new very safe services
    • 
+
  • HE IPv6 tunnel
    • 
+
  • Own authoritative nameservers for domain zone
    • 
+

+
Stage 3*: finally

+
    
+
  • Another VPS in unknown provider for
+
      
+
    • Tor
      • 
+
    • Reverse-proxying the media library
      • 
+
    • 
+
  • PHP on main site with more web services from scratch, hopefully
+secure
    • 
+
  • More new services
    • 
+

+
Stage 4: DN42

+
    
+
  • Make DN42 router VM with bird and wg
    • 
+
  • Peer with people
    • 
+
  • Bring up BGP sessions
    • 
+
  • Services
    • 
+

+
Stage 5: Telephony - Asterisk - IP phones and ATAs - Trunks; SDF,
+Tandmx, uwutel, PSTN

+
Stage 6*: Site B (piso)

+
    
+
  • Firewall and switch
    • 
+
  • Site to Site wireguard
    • 
+
  • Establish telephony
    • 
+

+
Domain

+
arf20.com

+
Registrar: namecheap

+
Name sever glue records at
+registrar

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
NameserverNameIP
NS1ns1.arf20.com2.59.235.35 
 2600:70ff:f039:4::13
NS2ns2.arf20.com5.250.186.185 
 2001:ba0:210:d600::1

+
Networking

+
Hardware

+
                   WAP
                     |
        +-----+   +--------------------------+     +----------------+
 ISP ===| ONT |---| DELL switch              |-----| TP-Link switch |
@@ -104,8 +109,8 @@ ISP ===| ONT |---| DELL switch              |-----| TP-Link switch |
                    
 - 1000BASE-T
 = GPON fiber

-  
12U rack

-  
+--------------+--------+
+
12U rack

+
+--------------+--------+
 | drawer       |        |
 | drawer       | PDU    |
 | patch panel  |        |
@@ -119,1855 +124,1875 @@ ISP ===| ONT |---| DELL switch              |-----| TP-Link switch |
 |              |        |
 |              | UPS    |
 +--------------+--------+

-  
    
-  
  • ONT: CPE Huawei GPON
    • 
-  
  • switch: DELL PowerConnect 5424
    • 
-  
  • server: DELL PowerEdge R720 @ 2x E5-2670 + 64GB + (240+120)GB SSD
-  + (4+3x7RAID5)TB HDD
    • 
-  
  • ATA: Cisco/Linksys PAP2T
    • 
-  

-  
DELL PowerConnect 5424
-  switch

-  
Port assignents

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
portendpointoptions
g2ONTVLAN access 2
g4server eno2 WANVLAN access 2
g6test2VLAN access 2
g3WAPVLAN access 5
g5PCVLAN access 4
g7Living R.VLAN access 5
g9server eno1 DMZ+LANVLAN trunk 4, 5
g12voip poe switchVLAN access 9
g15test4VLAN access 4
g16ATAVLAN access 4
g17test1VLAN access 1
g19test5VLAN access 5
g21iDRACVLAN access 4
g23printerVLAN access 4

-  
Management

-  
    
-  
  • interface vlan 4: 192.168.4.2/24 gw 192.168.4.1
    • 
-  

-  
Public IPs

-  
    
-  
  • AVANZA_STATIC: 2.59.235.35
    • 
-  
  • AVANZA_CGNAT: dynamic 100.x.x.x
    • 
-  
  • HE prefixes
-  
      
-  
    • 2001:470:1f21:125::/64
      • 
-  
    • 2600:70ff:f039::/48
      • 
-  
    • 
-  
  • IONOS VPS: 5.250.186.185 2001:ba0:210:d600::1
    • 
-  

-  
Gateways

-  
    
-  
  • AVANZA
-  
      
-  
    • WAN_STATIC: 2.59.235.1
      • 
-  
    • WAN_CGNAT: dynamic
      • 
-  
    • 
-  
  • HE v6 tunnel
-  
      
-  
    • server: 216.66.87.102, 2001:470:1f20:125::1/64
      • 
-  
    • client: 2.59.235.35, 2001:470:1f20:125::2
      • 
-  
    • 
-  

-  
Physical and Logical
-  Networks

-  
-  -  -  -  -  -  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  






nameVLANnetdesc
WAN2
DMZ4192.168.4.0/24 
 2600:70ff:f039:4::/64		Services
LAN5192.168.5.0/24 
 2600:70ff:f039:5::/64		Clients
VPN192.168.6.0/24 
 2600:70ff:f039:6::/64		Wireguard clients
dark192.168.7.0/24 
dark IPsec remote subnet
B:PSNun192.168.18.0/24Site-B:PisoNET
B:SBN192.168.8.0/24Site-B:SiteBNET
voip9192.168.9.0/24VoIP
dn4242172.20.196.32/27 
 fdfd:acab:caca::/48		DN42 ARFNET-MNT

-  
Firewall

-  
Interface Rules

-  
    
-  
  • WAN_CGNAT in
-  
      
-  
    • deny *
      • 
-  
    • 
-  
  • WAN_STATIC in
-  
      
-  
    • allow v4 from * to {services} –> NAT rules
      • 
-  
    • 
-  
  • DMZ in
-  
      
-  
    • deny v4 to LAN net
      • 
-  
    • allow v4 to firewall
      • 
-  
    • allow v4 to * gw WAN_STATIC
      • 
-  
    • allow v6 to * gw HE_TUNNELV6
      • 
-  
    • 
-  
  • LAN in
-  
      
-  
    • allow v4 ICMP to firewall
      • 
-  
    • allow v4 IP DNS to firewall
      • 
-  
    • allow v4 to DMZ net
      • 
-  
    • allow v4 to * gw WAN_CGNAT
      • 
-  
    • allow v6 to * gw HE_TUNNELV6
      • 
-  
    • 
-  
  • Wireguard in
-  
      
-  
    • allow v4+6 to DMZ net
      • 
-  
    • allow v4 to * gw WAN_CGNAT
      • 
-  
    • allow v6 to * gw HE_TUNNELV6
      • 
-  
    • 
-  

-  
IPv4 NAT Rules

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
ServiceCustomerIPProtoExt PortHostRe Port
WireGuardUDP51820router
DNS NS1TCP/UDP53misc
iperf3TCP5201misc
NNTPTCP119misc
WebTCP80,443web
GitTCP9418web
bittorrentTCP/UDP8999nas
rsyncTCP/UDP873nas
IRCTCP6667comm
IRCSTCP6697comm
XMPP c2sTCP5222comm
XMPP s2sTCP5269comm
TURN STUNTCP/UDP3478comm
TURNTCP/UDP5349comm
TURN UDP relayTCP/UDP49152-50176comm
mc waterfall proxyTCP25565game25567
mc bedrock geyserTCP19132game19132
css-dsTCP/UDP27015game
exo sshexoTCP4041exovps22
exo extraexoTCP4040exovps4040
yero sshyeroTCP1511yerovps22
yero mcyeroTCP25569yerovps25565
yero panelyeroTCP24444yerovps24444

-  
IPv6 port rules

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
ServiceCustomerIPProtoDest HostDest Port
DNS NS1TCP/UDPmisc53
WebTCPweb80,443
NNTPTCPmisc119
iperf3TCPmisc5201
GitTCP9418web
bittorrentTCP/UDP8999nas
rsyncTCP/UDP873nas
IRCTCP6667comm
IRCSTCP6697comm
XMPP c2sTCP5222comm
XMPP s2sTCP5269comm
TURN STUNTCP/UDP3478comm
TURNTCP/UDP5349comm
TURN UDP relayTCP/UDP49152-50176comm
mc-waterfall-proxyTCP25565game
exo-sshexoTCP4041exovps
exo-extraexoTCP4040exovps
yero-sshyeroTCP1511yerovps
yero-sqlyeroTCP1512yerovps
FiveM SuperioresRPyeroTCP/UDP30120,40120yerovps

-  
Hosts

-  
    
-  
  • server - DELL PowerEdge R720 running Proxmox PVE - …
    • 
-  
  • mail - IONOS VPS running Debian 12 - 5.250.186.185
-  2001:ba0:210:d600::1
    • 
-  
  • dark - HostMeNow VPS running Debian 12 - 92.60.77.4
    • 
-  

-  
Management

-  
    
-  
  • OPNSense router DMZ.1
    • 
-  
  • DELL switch DMZ.2
    • 
-  
  • TP-Link WAP LAN.2
    • 
-  
  • Proxmox hypervisor DMZ.4
    • 
-  
  • DELL server iDRAC DMZ.5
    • 
-  
  • HP printer DMZ.7
    • 
-  
  • Linksys ATA DMZ.18
    • 
-  

-  
server VMs and services

-  
server runs Proxmox PVE.

-  
All VMs are Debian 12 (templated) with wazuh agent

-  
proxmox DMZ.4 (hypervisor)

-  
    
-  
  • SSH
    • 
-  
  • Proxmox management interface :8006
    • 
-  
  • smartmon + node exporter :9100
    • 
-  
  • sensor exporter*
    • 
-  
  • NUT - Network UPS TOols daemon (and proper UPS)*
    • 
-  

-  
router DMZ.1

-  
    
-  
  • (routing/firewalling)
    • 
-  
  • SSH
    • 
-  
  • DHCP
    • 
-  
  • unbound DNS
    • 
-  
  • OpenVPN
    • 
-  
  • WireGuard
    • 
-  
  • IPsec
    • 
-  
  • ntopng :3000
    • 
-  
  • telegraf - note: editing config via webfig breaks (timeout and
-  unbound config)
    • 
-  

-  
nas DMZ.6

-  
RAID attached here (with the grey stuff) (local only)

-  
    
-  
  • SSH
    • 
-  
  • NFS
    • 
-  
  • Samba SMB*
    • 
-  
  • MiniDLNA*
    • 
-  
  • FTP
    • 
-  
  • qBittorrent-nox
    • 
-  
  • jellyfin
    • 
-  
  • nginx
    • 
-  
  • mpd :8000
    • 
-  

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
vhostwebroot/proxyComment
dark.arf20.com/d/FTPServer/Allow only VPS and private

-  
web DMZ.9

-  
    
-  
  • SSH
    • 
-  
  • cerbot
    • 
-  
  • nginx (status at :8080)
    • 
-  
  • fastcgi PHP
    • 
-  
  • mariadb SQL
    • 
-  
  • nginx-prometheus-exporter :9113
    • 
-  
  • prometheus :9090
    • 
-  
  • telegraf
    • 
-  
  • influxdb :8086
    • 
-  
  • grafana :3000
-  
      
-  
    • Proxmox
      • 
-  
    • nginx
      • 
-  
    • iDRAC
      • 
-  
    • 
-  
  • zabbix*
    • 
-  
  • netbox*
    • 
-  
  • fcgiwrap
    • 
-  
  • git-http-backend - git smart http server CGI
    • 
-  
  • gitd - git daemon
    • 
-  
  • cgit - web frontend for git
    • 
-  
  • phpBB - forum software
    • 
-  
  • Jekyll - blog static site generator thing
    • 
-  
  • opentracker? - bittorrent tracker*
    • 
-  
  • gophernicus - gopher server*
    • 
-  
  • photoprism - photo shit
    • 
-  
  • squid - http proxy server :3128
    • 
-  

-  
-  -  -  -  -  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  





vhostwebroot/proxyComment
default<return 418 im a teapot>
default:8080<return nstub_status>
arf20.com/var/www/arf20.com/html/
www.arf20.com<301 redirect arf20.com>
matrix.arf20.comhttp://comm.lan:8008/_matrix
webmail.arf20.com/var/www/webmail.arf20.com/html/SquirrelMail
nextcloud.arf20.com/var/www/nextcloud.arf20.com/html/
grafana.arf20.comhttp://localhost:3000
jellyfin.arf20.comhttp://nas.lan:8096
git.arf20.com/srv/git/
cgit.arf20.comfastcgi:/usr/lib/cgit/cgit.cgi
blog.arf20.com/var/www/blog.arf20.com/_site/
forum.arf20.com/var/www/forum.arf20.com/html/
deb.arf20.com/d/FTPServer/software/debian/
memes.arf20.com/var/www/memes.arf20.com/, /d/FTPserver/{dcimg, dcmemes,
-  explosionsandfire}
news.arf20.comWeb-News NNTP newsgroups frontend
dash.arf20.com/var/www/dash.arf20.com/html/CSTIMS
ftp.arf20.com/d/FTPServer/public/
photo.arf20.com[::1]:2342photoprism
radio.arf20.com/ = /var/www/radio.arf20.com/html/; /stream = nas:8000
os.arf20.com/ = /d/FTPServer/OS/
dark.arf20.com/ = /ar/www/dark.arf20.com/html/
wiki.arf20.com/usr/share/dokuwiki
qbt.arf20.comhttp://192.168.4.6:8085
radarr.arf20.comhttp://192.168.4.6:7878
sonarr.arf20.comhttp://192.168.4.6:8989
status.yero.devhttp://yerovps.lan:3001
panaland.arf20.com/var/www/panaland.arf20.com/html/

-  
wazuh DMZ.10 -> secure*

-  
    
-  
  • SSH
    • 
-  
  • wazuh
    • 
-  
  • password manager server*
    • 
-  

-  
game DMZ.11

-  
    
-  
  • SSH
    • 
-  
  • waterfall (minecraft reverse proxy) :25565
-  
      
-  
    • mclobby (auth)
      • 
-  
    • minepau*
      • 
-  
    • 
-  
  • panaland mc modded :25566
    • 
-  
  • css dedicated server :27015
    • 
-  

-  
comm DMZ.12

-  
    
-  
  • SSH
    • 
-  
  • cerbot
    • 
-  
  • unrealircd - IRC
    • 
-  
  • synapse - matrix
    • 
-  
  • postgresql - DB for synapse
    • 
-  
  • pantalaimon - encrypt matterbridge traffic to matrix
    • 
-  
  • matterbridge - bridge channels with different protocols
-  
      
-  
    • discord
      • 
-  
    • matrix
      • 
-  
    • irc
      • 
-  
    • xmpp
      • 
-  
    • 
-  
  • prosody - XMPP
    • 
-  
  • coturn - TURN server for matrix and xmpp
    • 
-  
  • asterisk - VoIP SIP PBX
    • 
-  

-  
Dialplan

-  
    
-  
  • 1xxx -> users
    • 
-  
  • 2xxx -> services
    • 
-  
  • 8xxxxxxx -> tandmx
    • 
-  
  • 733xxxx -> SDF
    • 
-  
  • 0119xxxxxxx -> uwutel
    • 
-  
  • xxxxxx -> regional PSTN
    • 
-  
  • xxxxxxxxx -> national PSTN
    • 
-  
  • 00x! -> international PSTN
    • 
-  

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
numberdescription
2000IVR
2001conference
2002time
2003voicemail
2100test hello world
2101test digits 10
2102test echo
1000alias for operator
1001Site A ATA p1
1002Site A ATA p2
1011Site B ATA p1
1012Site B ATA p2
1021soft phone 1
1022soft phone 2
1031remote phone 1
1032remote phone 2
1051cisco 3911 1
1101cisco 7941

-  
misc (Deb12 LXC) DMZ.13

-  
    
-  
  • SSH
    • 
-  
  • iperf3
    • 
-  
  • bind9 - master authoritative nameserver for arf20.com zone NS1
-  
      
-  
    • public recursive*
      • 
-  
    • 
-  
  • OpenLDAP LDAP*
    • 
-  
  • INN2 - NNTP USENET server with SDF peering
    • 
-  
  • Discord servers
-  
      
-  
    • gDebrid (gookie)
      • 
-  
    • 
-  
  • squid - HTTP proxy
    • 
-  
  • microsocks - SOCKS5 proxy
    • 
-  

-  
t2 (T/2 SDE build box) DMZ.15

-  
pubnix (OpenBSD 7.5) DMZ.16

-  
    
-  
  • SSH
    • 
-  

-  
cucm (Cisco
-  Unified Communications Manager) DMZ.19

-  
callbox (5G gNodeB) DMZ.20

-  
    
-  
  • Amarisoft Callbox
    • 
-  

-  
dn42 DMZ.21

-  
    
-  
  • (ip forward)
    • 
-  
  • wireguard
    • 
-  
  • bird eBGP daemon
    • 
-  
  • bind9 master arfnet.dn42
    • 
-  

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
| peer | asn | bgp |
| prefixlabs | 4242421240 | fe80::1240
-  |
| routedbits | 4242420207 | fe80::207
-  |
| lezi | 4242423377 | fe80::3377 |
| carlos | 4242420034 | 172.23.34.1
-  |
| exo | 4242421112 | fe80::dead |

-  
dn42-services DMZ.23

-  
    
-  
  • bind9 slave
    • 
-  
  • nginx reverse proxy
    • 
-  

-  
| vhost | webroot/proxy |
-  comment

-  
arfnet.dn42 | http://192.168.4.9 | ARFNET in DN42

-  
open5gs DMZ.22

-  
Remote gNodeB

-  
    
-  
  • Open5GC
    • 
-  
  • Kamailio
    • 
-  
  • OAI?
    • 
-  

-  

-  
mail
-  (ARFNET-IONOS VPS) 5.250.186.185 2001:ba0:210:d600::1

-  
    
-  
  • SSH
    • 
-  
  • certbot
    • 
-  
  • postfix - MTA smtpd, submission, submissions config
    • 
-  
  • dovecot - imapd
    • 
-  
  • opendkim
    • 
-  
  • opendmarc
    • 
-  
  • bind9 - slave authoritative nameserver NS2
    • 
-  
  • mlmmj - mailing list manager
-  
      
-  
    • installed to /usr/local/bin/mlmmj-webarchiver.sh and
-  /etc/mlmmj-webarchiver
      • 
-  
    • 
-  
  • mlmmj-webarchiver - mailing list archiver
    • 
-  

-  
-  -  -  -  -  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  





vhostwebroot/proxyComment
default<return 418 im a teapot>
lists.arf20.com/ = /var/www/lists.arf20.com/html/
 /archive =
-  /srv/www/htdocs/archive/		Mailing lists

-  
proxy (ARFNET-HOSTMENOW
-  VPS) 92.60.77.4

-  
    
-  
  • SSH
    • 
-  
  • IPsec tunnel
    • 
-  
  • nginx reverse proxy to nas
    • 
-  

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
vhostwebroot/proxyComment
default<return 418 im a teapot>
jokesondmca.mooo.comhttp://nas/Stuff

-  

-  
yero-debian VPS DMZ.192
-  (yero)

-  
    
-  
  • SSH
    • 
-  
  • mariadb
    • 
-  
  • FiveM SuperioresRP
    • 
-  

-  
exo-debian VPS DMZ.195 (exo)

-  
    
-  
  • SSH
    • 
-  
  • netbox
    • 
-  

-  
loofa-debian VPS DMZ.196
-  (loofa)

-  
    
-  
  • SSH
    • 
-  
  • ?
    • 
-  

-  
*TODO

-  
Internal Name and
-  Number Assignation Table

-  
DMZ IPv4s and IPv6 ends in the same way

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
AddrNameDescription
DMZ.1router.lanOPNSense managent
DMZ.2switch.lanDELL PowerConnect 5424 management
DMZ.3wap.lanTP-Link Omada AP255
DMZ.4proxmox.lanProxmox VE management
DMZ.5idrac.lanDELL R720 iDRAC7 management
DMZ.6nas.lan
DMZ.7printer.lanHP Officejet 8020
DMZ.8desktop.lanreserved for desktop on DMZ
DMZ.9web.lan
DMZ.10wazuh.lan
DMZ.11game.lan
DMZ.12comm.lan
DMZ.13misc.lan
DMZ.15(t2)T/2 SDE build box
DMZ.16pubnix
DMZ.17[reserved]for future raspi
DMZ.18ata.lanLinksys ATA
DMZ.19cucmelanCisco CallManager
DMZ.20callbox.lan5G gNodeB
DMZ.21dn42.lanDN42 edge router
DMZ.22open5gs.lanOpen5GS 5G core
DMZ.23dn42-services.lanDN42 service machine
DMZ.192yero-debianyero.lan
DMZ.195exo-debianexo.lan
DMZ.196loofa-debianloofa.lan

-  
Site-B:PiSoNet

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
AddrNameDescription
PSN.1Huawei CPE Combo Box
PSN.2DELL switch on untagged
PSN.3Mikrotik firewall downstream
PSN.4Grandstream ATA
PSN.8desktop (when applies)

-  
DNS

-  
Public domain zone

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
NameTypeContentComment
@NSns1.arf20.com
@NSns2.arf20.com
ns1A2.59.235.35
ns1AAAA2600:70ff:f039:4::13
ns2A5.250.186.185
ns2AAAA2001:ba0:210:d600::1
arf20.comA2.59.235.35
arf20.comAAAA2600:70ff:f039:4::9
mail.arf20.comA5.250.186.185ARFNET-IONOS
mail.arf20.comAAAA2001:ba0:210:d600::1ARFNET-IONOS
web.arf20.comA2.59.235.35
web.arf20.comAAAA
game.arf20.comA2.59.235.35
game.arf20.comAAAA2600:70ff:f039:4::11
comm.arf20.comA2.59.235.35
comm.arf20.comAAAA2600:70ff:f039:4::12
misc.arf20.comA2.59.235.35
misc.arf20.comAAAA2600:70ff:f039:4::13
pubnix.arf20.comA2.59.235.35
pubnix.arf20.comAAAA2600:70ff:f039:4::16
irc.arf20.comCNAMEcomm.arf20.com
jellyfin.arf20.comCNAMEweb.arf20.com
matrix.arf20.comCNAMEweb.arf20.com
nextcloud.arf20.comCNAMEweb.arf20.com
turn.arf20.comCNAMEcomm.arf20.com
webmail.arf20.comCNAMEweb.arf20.com
www.arf20.comCNAMEweb.arf20.com
xmpp.arf20.comCNAMEcomm.arf20.com
xmppconf.arf20.comCNAMEcomm.arf20.com
grafana.arf20.comCNAMEweb.arf20.com
git.arf20.comCNAMEweb.arf20.com
cgit.arf20.comCNAMEweb.arf20.com
blog.arf20.comCNAMEweb.arf20.com
forum.arf20.comCNAMEweb.arf20.com
deb.arf20.comCNAMEweb.arf20.com
zabbix.arf20.comCNAMEweb.arf20.com
memes.arf20.comCNAMEweb.arf20.com
news.arf20.comCNAMEmisc.arf20.com
dash.arf20.comCNAMEweb.arf20.com
ftp.arf20.comCNAMEweb.arf20.com
photo.arf20.comCNAMEweb.arf20.com
radio.arf20.comCNAMEweb.arf20.com
os.arf20.comCNAMEweb.arf20.com
tel.arf20.comCNAMEcomm.arf20.com
netbox.arf20.comCNAMEweb.arf20.com
dark.arf20.comCNAMEweb.arf20.com
wiki.arf20.comCNAMEweb.arf20.com
qbt.arf20.comCNAMEweb.arf20.com
radarr.arf20.comCNAMEweb.arf20.com
sonarr.arf20.comCNAMEweb.arf20.com
status.arf20.comCNAMEmail.arf20.com
lists.arf20.comCNAMEmail.arf20.com
mlmmj.arf20.comCNAMEmail.arf20.com
lahomosexualidadde.arf20.comCNAMEweonpollo.xyz
panaland.arf20.comCNAMEweb.arf20.com
_acme-challenge.jellyfinCNAME(challenge)
_acme-challenge.ircCNAME(challenge)
_acme-challenge.matrixCNAME(challenge)
_acme-challenge.mailCNAME(challenge)
_acme-challenge.xmppCNAME(challenge)
arf20.comMXmail.arf20.com
selector._domainkeyTXT(DKIM)DKIM for selector ‘selector’
_dmarcTXT(DMARC)
arf20.comTXT(SPF)

-  
HE v6 rDNS zone

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
NameTypeContentComment
2600:70ff:f039:4::13PTRns1.arf20.com
2600:70ff:f039:4::9PTRarf20.com
2600:70ff:f039:4::195PTRglobal.dns.navy

-  
IONOS rDNS zone

-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
NameTypeContentComment
5.250.186.185PTRmail.arf20.com

-  
Custom ARFNET software

-  
    
-  
  • cstims:
-  client, service, ticket and invoice management system
    • 
-  
  • lists: mailing
-  list browser
    • 
-  

+
    
+
  • ONT: CPE Huawei GPON
    • 
+
  • switch: DELL PowerConnect 5424
    • 
+
  • server: DELL PowerEdge R720 @ 2x E5-2670 + 64GB + (240+120)GB SSD +
+(4+3x7RAID5)TB HDD
    • 
+
  • ATA: Cisco/Linksys PAP2T
    • 
+

+
DELL PowerConnect 5424
+switch

+
Port assignents

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
portendpointoptions
g2ONTVLAN access 2
g4server eno2 WANVLAN access 2
g6test2VLAN access 2
g3WAPVLAN access 5
g5PCVLAN access 4
g7Living R.VLAN access 5
g9server eno1 DMZ+LANVLAN trunk 4, 5
g12voip poe switchVLAN access 9
g15test4VLAN access 4
g16ATAVLAN access 4
g17test1VLAN access 1
g19test5VLAN access 5
g21iDRACVLAN access 4
g23printerVLAN access 4

+
Management

+
    
+
  • interface vlan 4: 192.168.4.2/24 gw 192.168.4.1
    • 
+

+
Public IPs

+
    
+
  • AVANZA_STATIC: 2.59.235.35
    • 
+
  • AVANZA_CGNAT: dynamic 100.x.x.x
    • 
+
  • HE prefixes
+
      
+
    • 2001:470:1f21:125::/64
      • 
+
    • 2600:70ff:f039::/48
      • 
+
    • 
+
  • IONOS VPS: 5.250.186.185 2001:ba0:210:d600::1
    • 
+

+
Gateways

+
    
+
  • AVANZA
+
      
+
    • WAN_STATIC: 2.59.235.1
      • 
+
    • WAN_CGNAT: dynamic
      • 
+
    • 
+
  • HE v6 tunnel
+
      
+
    • server: 216.66.87.102, 2001:470:1f20:125::1/64
      • 
+
    • client: 2.59.235.35, 2001:470:1f20:125::2
      • 
+
    • 
+

+
Physical and Logical
+Networks

+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






nameVLANnetdesc
WAN2
DMZ4192.168.4.0/24 
 2600:70ff:f039:4::/64		Services
LAN5192.168.5.0/24 
 2600:70ff:f039:5::/64		Clients
VPN192.168.6.0/24 
 2600:70ff:f039:6::/64		Wireguard clients
dark192.168.7.0/24 
dark IPsec remote subnet
B:PSNun192.168.18.0/24Site-B:PisoNET
B:SBN192.168.8.0/24Site-B:SiteBNET
voip9192.168.9.0/24VoIP
dn4242172.20.196.32/27 
 fdfd:acab:caca::/48		DN42 ARFNET-MNT

+
Firewall

+
Interface Rules

+
    
+
  • WAN_CGNAT in
+
      
+
    • deny *
      • 
+
    • 
+
  • WAN_STATIC in
+
      
+
    • allow v4 from * to {services} –> NAT rules
      • 
+
    • 
+
  • DMZ in
+
      
+
    • deny v4 to LAN net
      • 
+
    • allow v4 to firewall
      • 
+
    • allow v4 to * gw WAN_STATIC
      • 
+
    • allow v6 to * gw HE_TUNNELV6
      • 
+
    • 
+
  • LAN in
+
      
+
    • allow v4 ICMP to firewall
      • 
+
    • allow v4 IP DNS to firewall
      • 
+
    • allow v4 to DMZ net
      • 
+
    • allow v4 to * gw WAN_CGNAT
      • 
+
    • allow v6 to * gw HE_TUNNELV6
      • 
+
    • 
+
  • Wireguard in
+
      
+
    • allow v4+6 to DMZ net
      • 
+
    • allow v4 to * gw WAN_CGNAT
      • 
+
    • allow v6 to * gw HE_TUNNELV6
      • 
+
    • 
+

+
IPv4 NAT Rules

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
ServiceCustomerIPProtoExt PortHostRe Port
WireGuardUDP51820router
DNS NS1TCP/UDP53misc
iperf3TCP5201misc
NNTPTCP119misc
WebTCP80,443web
GitTCP9418web
bittorrentTCP/UDP8999nas
rsyncTCP/UDP873nas
IRCTCP6667comm
IRCSTCP6697comm
XMPP c2sTCP5222comm
XMPP s2sTCP5269comm
TURN STUNTCP/UDP3478comm
TURNTCP/UDP5349comm
TURN UDP relayTCP/UDP49152-50176comm
mc waterfall proxyTCP25565game25567
mc bedrock geyserTCP19132game19132
css-dsTCP/UDP27015game
exo sshexoTCP4041exovps22
exo extraexoTCP4040exovps4040
yero sshyeroTCP1511yerovps22
yero mcyeroTCP25569yerovps25565
yero panelyeroTCP24444yerovps24444

+
IPv6 port rules

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
ServiceCustomerIPProtoDest HostDest Port
DNS NS1TCP/UDPmisc53
WebTCPweb80,443
NNTPTCPmisc119
iperf3TCPmisc5201
GitTCP9418web
bittorrentTCP/UDP8999nas
rsyncTCP/UDP873nas
IRCTCP6667comm
IRCSTCP6697comm
XMPP c2sTCP5222comm
XMPP s2sTCP5269comm
TURN STUNTCP/UDP3478comm
TURNTCP/UDP5349comm
TURN UDP relayTCP/UDP49152-50176comm
mc-waterfall-proxyTCP25565game
exo-sshexoTCP4041exovps
exo-extraexoTCP4040exovps
yero-sshyeroTCP1511yerovps
yero-sqlyeroTCP1512yerovps
FiveM SuperioresRPyeroTCP/UDP30120,40120yerovps

+
Hosts

+
    
+
  • server - DELL PowerEdge R720 running Proxmox PVE - …
    • 
+
  • mail - IONOS VPS running Debian 12 - 5.250.186.185
+2001:ba0:210:d600::1
    • 
+
  • dark - HostMeNow VPS running Debian 12 - 92.60.77.4
    • 
+

+
Management

+
    
+
  • OPNSense router DMZ.1
    • 
+
  • DELL switch DMZ.2
    • 
+
  • TP-Link WAP LAN.2
    • 
+
  • Proxmox hypervisor DMZ.4
    • 
+
  • DELL server iDRAC DMZ.5
    • 
+
  • HP printer DMZ.7
    • 
+
  • Linksys ATA DMZ.18
    • 
+

+
server VMs and services

+
server runs Proxmox PVE.

+
All VMs are Debian 12 (templated) with wazuh agent

+
proxmox DMZ.4 (hypervisor)

+
    
+
  • SSH
    • 
+
  • Proxmox management interface :8006
    • 
+
  • smartmon + node exporter :9100
    • 
+
  • sensor exporter*
    • 
+
  • NUT - Network UPS TOols daemon (and proper UPS)*
    • 
+

+
router DMZ.1

+
    
+
  • (routing/firewalling)
    • 
+
  • SSH
    • 
+
  • DHCP
    • 
+
  • unbound DNS
    • 
+
  • OpenVPN
    • 
+
  • WireGuard
    • 
+
  • IPsec
    • 
+
  • ntopng :3000
    • 
+
  • telegraf - note: editing config via webfig breaks (timeout and
+unbound config)
    • 
+

+
nas DMZ.6

+
RAID attached here (with the grey stuff) (local only)

+
    
+
  • SSH
    • 
+
  • NFS
    • 
+
  • Samba SMB*
    • 
+
  • MiniDLNA*
    • 
+
  • FTP
    • 
+
  • qBittorrent-nox
    • 
+
  • jellyfin
    • 
+
  • nginx
    • 
+
  • mpd :8000
    • 
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
vhostwebroot/proxyComment
dark.arf20.com/d/FTPServer/Allow only VPS and private

+
web DMZ.9

+
    
+
  • SSH
    • 
+
  • cerbot
    • 
+
  • nginx (status at :8080)
    • 
+
  • fastcgi PHP
    • 
+
  • mariadb SQL
    • 
+
  • nginx-prometheus-exporter :9113
    • 
+
  • prometheus :9090
    • 
+
  • telegraf
    • 
+
  • influxdb :8086
    • 
+
  • grafana :3000
+
      
+
    • Proxmox
      • 
+
    • nginx
      • 
+
    • iDRAC
      • 
+
    • 
+
  • zabbix*
    • 
+
  • netbox*
    • 
+
  • fcgiwrap
    • 
+
  • git-http-backend - git smart http server CGI
    • 
+
  • gitd - git daemon
    • 
+
  • cgit - web frontend for git
    • 
+
  • phpBB - forum software
    • 
+
  • Jekyll - blog static site generator thing
    • 
+
  • opentracker? - bittorrent tracker*
    • 
+
  • gophernicus - gopher server*
    • 
+
  • photoprism - photo shit
    • 
+
  • squid - http proxy server :3128
    • 
+

+
+++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+





vhostwebroot/proxyComment
default<return 418 im a teapot>
default:8080<return nstub_status>
arf20.com/var/www/arf20.com/html/
www.arf20.com<301 redirect arf20.com>
matrix.arf20.comhttp://comm.lan:8008/_matrix
webmail.arf20.com/var/www/webmail.arf20.com/html/SquirrelMail
nextcloud.arf20.com/var/www/nextcloud.arf20.com/html/
grafana.arf20.comhttp://localhost:3000
jellyfin.arf20.comhttp://nas.lan:8096
git.arf20.com/srv/git/
cgit.arf20.comfastcgi:/usr/lib/cgit/cgit.cgi
blog.arf20.com/var/www/blog.arf20.com/_site/
forum.arf20.com/var/www/forum.arf20.com/html/
deb.arf20.com/d/FTPServer/software/debian/
memes.arf20.com/var/www/memes.arf20.com/, /d/FTPserver/{dcimg, dcmemes,
+explosionsandfire}
news.arf20.comWeb-News NNTP newsgroups frontend
dash.arf20.com/var/www/dash.arf20.com/html/CSTIMS
ftp.arf20.com/d/FTPServer/public/
photo.arf20.com[::1]:2342photoprism
radio.arf20.com/ = /var/www/radio.arf20.com/html/; /stream = nas:8000
os.arf20.com/ = /d/FTPServer/OS/
dark.arf20.com/ = /var/www/dark.arf20.com/html/
wiki.arf20.com/usr/share/dokuwiki
qbt.arf20.comhttp://192.168.4.6:8085
radarr.arf20.comhttp://192.168.4.6:7878
sonarr.arf20.comhttp://192.168.4.6:8989
kanboard.arf20.com/ = /var/www/kanboard.arf20.com/html/
vw.arf20.comhttp://192.168.4.10:8000
status.yero.devhttp://yerovps.lan:3001
panaland.arf20.com/var/www/panaland.arf20.com/html/

+
secure DMZ.10

+
    
+
  • SSH
    • 
+
  • wazuh*
    • 
+
  • vaultwarden :8000
    • 
+

+
game DMZ.11

+
    
+
  • SSH
    • 
+
  • waterfall (minecraft reverse proxy) :25565
+
      
+
    • mclobby (auth)
      • 
+
    • minepau*
      • 
+
    • 
+
  • panaland mc modded :25566
    • 
+
  • css dedicated server :27015
    • 
+

+
comm DMZ.12

+
    
+
  • SSH
    • 
+
  • cerbot
    • 
+
  • unrealircd - IRC
    • 
+
  • synapse - matrix
    • 
+
  • postgresql - DB for synapse
    • 
+
  • pantalaimon - encrypt matterbridge traffic to matrix
    • 
+
  • matterbridge - bridge channels with different protocols
+
      
+
    • discord
      • 
+
    • matrix
      • 
+
    • irc
      • 
+
    • xmpp
      • 
+
    • 
+
  • prosody - XMPP
    • 
+
  • coturn - TURN server for matrix and xmpp
    • 
+
  • asterisk - VoIP SIP PBX
    • 
+

+
Dialplan

+
    
+
  • 1xxx -> users
    • 
+
  • 2xxx -> services
    • 
+
  • 8xxxxxxx -> tandmx
    • 
+
  • 733xxxx -> SDF
    • 
+
  • 0119xxxxxxx -> uwutel
    • 
+
  • xxxxxx -> regional PSTN
    • 
+
  • xxxxxxxxx -> national PSTN
    • 
+
  • 00x! -> international PSTN
    • 
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
numberdescription
2000IVR
2001conference
2002time
2003voicemail
2100test hello world
2101test digits 10
2102test echo
1000alias for operator
1001Site A ATA p1
1002Site A ATA p2
1011Site B ATA p1
1012Site B ATA p2
1021soft phone 1
1022soft phone 2
1031remote phone 1
1032remote phone 2
1051cisco 3911 1
1101cisco 7941

+
misc (Deb12 LXC) DMZ.13

+
    
+
  • SSH
    • 
+
  • iperf3
    • 
+
  • bind9 - master authoritative nameserver for arf20.com zone NS1
+
      
+
    • public recursive*
      • 
+
    • 
+
  • INN2 - NNTP USENET server with SDF peering
    • 
+
  • Discord servers
+
      
+
    • gDebrid (gookie)
      • 
+
    • 
+
  • squid - HTTP proxy
    • 
+
  • microsocks - SOCKS5 proxy
    • 
+

+
t2 (T/2 SDE build box) DMZ.15

+
pubnix (OpenBSD 7.5) DMZ.16

+
    
+
  • SSH
    • 
+

+
cucm (Cisco
+Unified Communications Manager) DMZ.19

+
callbox DMZ.20

+
    
+
  • Amarisoft Callbox
    • 
+

+
dn42 DMZ.21

+
    
+
  • (ip forward)
    • 
+
  • wireguard
    • 
+
  • bird eBGP daemon
    • 
+
  • bind9 master arfnet.dn42
    • 
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
| peer | asn | bgp |
| prefixlabs | 4242421240 | fe80::1240
+|
| routedbits | 4242420207 | fe80::207
+|
| lezi | 4242423377 | fe80::3377 |
| carlos | 4242420034 | 172.23.34.1 |
| exo | 4242421112 | fe80::dead |

+
dn42-services DMZ.23

+
    
+
  • bind9 slave
    • 
+
  • nginx reverse proxy
    • 
+

+
| vhost | webroot/proxy |
+comment

+
arfnet.dn42 | http://192.168.4.9 | ARFNET in DN42

+
open5gs DMZ.22

+
Remote gNodeB

+
    
+
  • Open5GC
    • 
+
  • Kamailio
    • 
+
  • OAI?
    • 
+

+

+
mail
+(ARFNET-IONOS VPS) 5.250.186.185 2001:ba0:210:d600::1

+
    
+
  • SSH
    • 
+
  • certbot
    • 
+
  • postfix - MTA smtpd, submission, submissions config
    • 
+
  • dovecot - imapd
    • 
+
  • opendkim
    • 
+
  • opendmarc
    • 
+
  • bind9 - slave authoritative nameserver NS2
    • 
+
  • mlmmj - mailing list manager
+
      
+
    • installed to /usr/local/bin/mlmmj-webarchiver.sh and
+/etc/mlmmj-webarchiver
      • 
+
    • 
+
  • mlmmj-webarchiver - mailing list archiver
    • 
+

+
+++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+





vhostwebroot/proxyComment
default<return 418 im a teapot>
lists.arf20.com/ = /var/www/lists.arf20.com/html/
 /archive =
+/srv/www/htdocs/archive/		Mailing lists

+
proxy (ARFNET-HOSTMENOW
+VPS) 92.60.77.4

+
    
+
  • SSH
    • 
+
  • IPsec tunnel
    • 
+
  • nginx reverse proxy to nas
    • 
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
vhostwebroot/proxyComment
default<return 418 im a teapot>
jokesondmca.mooo.comhttp://nas/Stuff

+

+
yero-debian VPS DMZ.192
+(yero)

+
    
+
  • SSH
    • 
+
  • mariadb
    • 
+
  • FiveM SuperioresRP
    • 
+

+
exo-debian VPS DMZ.195 (exo)

+
    
+
  • SSH
    • 
+
  • netbox
    • 
+

+
loofa-debian VPS DMZ.196
+(loofa)

+
    
+
  • SSH
    • 
+
  • ?
    • 
+

+
*TODO

+
Internal Name and
+Number Assignation Table

+
DMZ IPv4s and IPv6 ends in the same way

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
AddrNameDescription
DMZ.1router.lanOPNSense managent
DMZ.2switch.lanDELL PowerConnect 5424 management
DMZ.3wap.lanTP-Link Omada AP255
DMZ.4proxmox.lanProxmox VE management
DMZ.5idrac.lanDELL R720 iDRAC7 management
DMZ.6nas.lan
DMZ.7printer.lanHP Officejet 8020
DMZ.8desktop.lanreserved for desktop on DMZ
DMZ.9web.lan
DMZ.10wazuh.lan
DMZ.11game.lan
DMZ.12comm.lan
DMZ.13misc.lan
DMZ.15(t2)T/2 SDE build box
DMZ.16pubnix
DMZ.17[reserved]for future raspi
DMZ.18ata.lanLinksys ATA
DMZ.19cucmelanCisco CallManager
DMZ.20callbox.lan5G gNodeB
DMZ.21dn42.lanDN42 edge router
DMZ.22open5gs.lanOpen5GS 5G core
DMZ.23dn42-services.lanDN42 service machine
DMZ.192yero-debianyero.lan
DMZ.195exo-debianexo.lan
DMZ.196loofa-debianloofa.lan

+
Site-B:PiSoNet

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
AddrNameDescription
PSN.1Huawei CPE Combo Box
PSN.2DELL switch on untagged
PSN.3Mikrotik firewall downstream
PSN.4Grandstream ATA
PSN.8desktop (when applies)

+
DNS

+
Public domain zone

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
NameTypeContentComment
@NSns1.arf20.com
@NSns2.arf20.com
ns1A2.59.235.35
ns1AAAA2600:70ff:f039:4::13
ns2A5.250.186.185
ns2AAAA2001:ba0:210:d600::1
arf20.comA2.59.235.35
arf20.comAAAA2600:70ff:f039:4::9
mail.arf20.comA5.250.186.185ARFNET-IONOS
mail.arf20.comAAAA2001:ba0:210:d600::1ARFNET-IONOS
web.arf20.comA2.59.235.35
web.arf20.comAAAA
game.arf20.comA2.59.235.35
game.arf20.comAAAA2600:70ff:f039:4::11
comm.arf20.comA2.59.235.35
comm.arf20.comAAAA2600:70ff:f039:4::12
misc.arf20.comA2.59.235.35
misc.arf20.comAAAA2600:70ff:f039:4::13
pubnix.arf20.comA2.59.235.35
pubnix.arf20.comAAAA2600:70ff:f039:4::16
irc.arf20.comCNAMEcomm.arf20.com
jellyfin.arf20.comCNAMEweb.arf20.com
matrix.arf20.comCNAMEweb.arf20.com
nextcloud.arf20.comCNAMEweb.arf20.com
turn.arf20.comCNAMEcomm.arf20.com
webmail.arf20.comCNAMEweb.arf20.com
www.arf20.comCNAMEweb.arf20.com
xmpp.arf20.comCNAMEcomm.arf20.com
xmppconf.arf20.comCNAMEcomm.arf20.com
grafana.arf20.comCNAMEweb.arf20.com
git.arf20.comCNAMEweb.arf20.com
cgit.arf20.comCNAMEweb.arf20.com
blog.arf20.comCNAMEweb.arf20.com
forum.arf20.comCNAMEweb.arf20.com
deb.arf20.comCNAMEweb.arf20.com
zabbix.arf20.comCNAMEweb.arf20.com
memes.arf20.comCNAMEweb.arf20.com
news.arf20.comCNAMEmisc.arf20.com
dash.arf20.comCNAMEweb.arf20.com
ftp.arf20.comCNAMEweb.arf20.com
photo.arf20.comCNAMEweb.arf20.com
radio.arf20.comCNAMEweb.arf20.com
os.arf20.comCNAMEweb.arf20.com
tel.arf20.comCNAMEcomm.arf20.com
netbox.arf20.comCNAMEweb.arf20.com
dark.arf20.comCNAMEweb.arf20.com
wiki.arf20.comCNAMEweb.arf20.com
qbt.arf20.comCNAMEweb.arf20.com
radarr.arf20.comCNAMEweb.arf20.com
sonarr.arf20.comCNAMEweb.arf20.com
kanboard.arf20.comCNAMEweb.arf20.com
vw.arf20.comCNAMEweb.arf20.com
status.arf20.comCNAMEmail.arf20.com
lists.arf20.comCNAMEmail.arf20.com
mlmmj.arf20.comCNAMEmail.arf20.com
lahomosexualidadde.arf20.comCNAMEweonpollo.xyz
panaland.arf20.comCNAMEweb.arf20.com
_acme-challenge.jellyfinCNAME(challenge)
_acme-challenge.ircCNAME(challenge)
_acme-challenge.matrixCNAME(challenge)
_acme-challenge.mailCNAME(challenge)
_acme-challenge.xmppCNAME(challenge)
arf20.comMXmail.arf20.com
selector._domainkeyTXT(DKIM)DKIM for selector ‘selector’
_dmarcTXT(DMARC)
arf20.comTXT(SPF)

+
HE v6 rDNS zone

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
NameTypeContentComment
2600:70ff:f039:4::13PTRns1.arf20.com
2600:70ff:f039:4::9PTRarf20.com
2600:70ff:f039:4::195PTRglobal.dns.navy

+
IONOS rDNS zone

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
NameTypeContentComment
5.250.186.185PTRmail.arf20.com

+
Custom ARFNET software

+
    
+
  • cstims: client,
+service, ticket and invoice management system
    • 
+
  • lists: mailing
+list browser
    • 
+

 	
 
-- 
cgit v1.2.3