From c5caae84a9bad417e778ebf778658ff5453c4375 Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Tue, 5 Sep 2023 13:51:59 +0200
Subject: Initial commit

---
 arfnet2.md | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 arfnet2.md

(limited to 'arfnet2.md')

diff --git a/arfnet2.md b/arfnet2.md
new file mode 100644
index 0000000..742a4bc
--- /dev/null
+++ b/arfnet2.md
@@ -0,0 +1,57 @@
+# ARFNET2 deployment
+
+Stage 1, very safe
+ - Close all ports
+ - Nuke (or stop) all old VMs (exclude OPNSense)
+ - Make DMZ
+ - Make the following ones (cloning deb12 template)
+ - Open following ports
+
+## Networks
+ - DMZ VLAN 4 192.168.4.0/24: Services and management
+ - LAN VLAN 5 192.168.5.0/24: Clients
+
+## Hosts
+ - server (...)
+ - desktop .8
+ - raspi .14
+
+## Management
+ - server iDRAC .5
+ - Proxmox .4
+ - OPNSense .1
+ - switch .2
+ - WAP .3
+ - printer .7
+
+## VMs and services
+All VMs must run the wazuh agent
+
+### OPNSense .1
+ - (routing)
+ - SSH
+ - DHCP
+ - DNS
+ - OpenVPN
+ - IPsec
+
+### NAS .9
+RAID attached here (with the grey stuff) (local only)
+ - SSH
+ - NFS
+ - Samba
+ - DLNA
+
+### wazuh .10
+ - SSH
+ - wazuh
+
+### web .6
+ - SSH
+ - nginx (static only site, isolated from NAS)
+
+## Port forwards
+ - SSH -> somewhere possibly not a machine with services just to be sure?
+ - OpenVPN -> opnsense
+ - HTTP/S -> web
+
-- 
cgit v1.2.3