Dan Head
1c59ca4af4
- Pull current config from router (OpenWRT 24.10.2) - Add backup, safe-apply, and push-all scripts - Add CLAUDE.md with workflow rules and context - Add network-map.md with current topology and planned VLANs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
71 lines
3.7 KiB
Markdown
71 lines
3.7 KiB
Markdown
# Network Map
|
|
|
|
## Router
|
|
| Item | Value |
|
|
|------------|-------------------------------------|
|
|
| Device | TP-Link Archer AX23 v1 |
|
|
| OpenWRT | 24.10.2 |
|
|
| LAN IP | 10.0.0.1 |
|
|
| LAN Subnet | 10.0.0.0/24 (pre-VLAN) |
|
|
| WAN | Full fibre, 1gbps down / 100mbps up |
|
|
| SSH | `ssh openwrt` |
|
|
|
|
## Current SSIDs
|
|
| SSID | Band | Status |
|
|
|----------------------|---------------|---------------------------------------------------|
|
|
| Moonshield | 2.4GHz + 5GHz | Main network |
|
|
| Stow on the Wireless | 2.4GHz | Unused — will become IoT SSID ("Cloud Connected") |
|
|
|
|
## Planned VLAN Layout
|
|
| VLAN ID | Name | Subnet | Purpose |
|
|
|---------|---------|--------------|--------------------------------|
|
|
| 1 | trusted | 10.0.1.0/24 | Phones, laptops |
|
|
| 10 | servers | 10.0.10.0/24 | NAS, Pis, HA, Frigate, PiHole |
|
|
| 20 | iot | 10.0.20.0/24 | Smart devices, cameras |
|
|
| 30 | media | 10.0.30.0/24 | Shield TV, consoles, smart TVs |
|
|
| 40 | guest | 10.0.40.0/24 | Guest WiFi |
|
|
|
|
## Planned SSID → VLAN Mapping
|
|
| SSID | VLAN | Notes |
|
|
|-----------------|---------|-------------------------------------|
|
|
| Moonshield | trusted | Existing main SSID |
|
|
| Cloud Connected | iot | Renamed from "Stow on the Wireless" |
|
|
| Pinball Map | media | New SSID for Shield + consoles |
|
|
| Passenger | guest | New — optional |
|
|
|
|
## External Access
|
|
|
|
Ports forwarded to `everlost.lan` (10.0.0.2), which runs Nginx + Letsencrypt + auth before proxying to internal services.
|
|
|
|
### Port Forwards
|
|
| Name | Proto | WAN Port | Dest IP | Dest Port |
|
|
|----------------------|-------|----------|-----------|-----------|
|
|
| HTTP | TCP | 80 | 10.0.0.2 | 80 |
|
|
| HTTPS | TCP | 443 | 10.0.0.2 | 443 |
|
|
| SSH - Everlost | TCP | 22563 | 10.0.0.2 | 22563 |
|
|
| SSH - Home Assistant | TCP | 22553 | 10.0.0.11 | 22553 |
|
|
| SSH - Frigate | TCP | 22583 | 10.0.0.12 | 22583 |
|
|
| SSH - Jester | TCP | 22573 | 10.0.0.21 | 22573 |
|
|
| SSH - Wayfaerer | TCP | 22593 | 10.0.0.22 | 22593 |
|
|
| SSH - Gitea | TCP | 2222 | 10.0.0.2 | 2222 |
|
|
| Wireguard | UDP | 51820 | 10.0.0.2 | 51820 |
|
|
| Plex - Jester | TCP | 32400 | 10.0.0.21 | 32400 |
|
|
| Plex - Wayfaerer | TCP | 32450 | 10.0.0.22 | 32450 |
|
|
|
|
## Planned WAN2 (Failover)
|
|
| Item | Value |
|
|
|----------|---------------------------------------------------------------|
|
|
| Device | GL-XE300 (Puli) |
|
|
| Firmware | GL.iNet 4.3.27 (based on OpenWRT 22.03.4) |
|
|
| LAN IP | 10.0.100.1 (change from default 192.168.8.1 before wiring in) |
|
|
| Subnet | 10.0.100.0/24 |
|
|
| WAN | 4G LTE via M.2 modem |
|
|
| SSH | `ssh openwrtwan` |
|
|
|
|
`mwan3` on the main router handles automatic failover. A firewall rule on the main router allows management access from the trusted VLAN to `10.0.100.1` on ports 22/80/443.
|
|
|
|
---
|
|
|
|
> For full device inventory, static DHCP leases, and cross-VLAN firewall requirements see:
|
|
> [`vlan-requirements.md`](vlan-requirements.md)
|