---
tags:
- landing-page
- upnote-import
---
# Heimnetz
TODO
[OPNsense - Router - schulnetzkonzept.de](https://old.schulnetzkonzept.de/opnsense)
# Seiten
- [[N: Home-Assistent über HAProxy 📑]]
- [[N: Full Cert Chain in OpnSense verwenden 📑]]
[[N: Paperless-NGX 📑]]
# Planung neues Netzwerk:
[Netzwerkstruktur und IP-Segmentierung](https://chatgpt.com/c/68d793e6-1f84-8331-867c-ea6842b1a6d3)
Hardware-Kauf-Optionen:
[Firewall Micro Appliance N150 Lüfterloser Mini PC mit 4 Ports i226 2,5GHz LAN, für pfSense, Firewall, Router, OpenWRT, ohne RAM, ohne Speicher, ohne System.: Amazon.de: Computer & Zubehör](https://www.amazon.de/dp/B0F3JLKMB3?ref=emc_p_m_5_i_atc&th=1)
AliExpress: [Intel N150 N100 Mini-PC-Firewall-Router 4 LAN i226-V 2,5 G Celeron N5105 N6210 NVMe Lüfterloser Mini-Computer Low Power pfSense Box - AliExpress](https://de.aliexpress.com/item/1005007002786305.html?spm=a2g0o.productlist.main.3.35d3Z6kOZ6kO5G&algo_pvid=12b128c3-7a02-4c23-9467-a41ff8c4770d&algo_exp_id=12b128c3-7a02-4c23-9467-a41ff8c4770d-2&pdp_ext_f=%7B%22order%22%3A%22152%22%2C%22eval%22%3A%221%22%2C%22fromPage%22%3A%22search%22%7D&pdp_npi=6%40dis%21EUR%21183.32%21120.99%21%21%21210.20%21138.73%21%40210384b917593333635278191edfa7%2112000046663703988%21sea%21DE%210%21ABX%211%210%21n_tag%3A-29910%3Bd%3Aa233012%3Bm03_new_user%3A-29895&curPageLogUid=vZzqLxp7ExnI&utparam-url=scene%3Asearch%7Cquery_from%3A%7Cx_object_id%3A1005007002786305%7C_p_origin_prod%3A#nav-specification)
## Terra-Firewall:
Inventarseite [[I: TERRA FIREWALL "BLACK DWARF" G3 UTM 1 Jahr🗄️]]
MAC: 00:07:32:7B:91:93
IP: 192.168.1.1
[https://192.168.1.1:55443/](https://192.168.1.1:55443/)
diverse OpnSense tutorials: [Wie konfiguriert man DoT (DNS über TLS) auf der OPNsense-Firewall? - zenarmor.com](https://www.zenarmor.com/docs/de/netzwerksicherheitstutorials/wie-konfiguriert-man-dot-auf-der-opnsense-firewall)
## LANCom Switch GS-2310:
Inventarseite: [[I: Switch LANCom GS-2310 🗄️]]
MAC: 00:A0:57:41:67:87
[http://192.168.1.2/](http://192.168.1.2/)
[Downloads - LANCOM Systems GmbH](https://my.lancom-systems.de/downloads/?L=0&unique_id=2c8b76d14646c62f86bd3c495973c816&dllang=DE)
Ports:
| | | | |
| --- | --- | --- | --- |
| Port | Beschreibung | VLANs | **Egress Rule**
|
| 1 | Uplink Firewall | 1 | Hybrid |
| 2 | TRUNK | 1 | Trunk |
| 3 | PowerLine | 10-User | Hybrid
|
| 7 | admin-Port
| 1-default | Hybrid
|
| 8 |
| 10-User |
|
|
|
|
|
|
## DIGITUS DN-95331
| | | | |
| --- | --- | --- | --- |
| Port | Beschreibung | VLANs | **Egress Rule**
|
| 5 | NSA NW-Port2 | 41-DOCKER\_NAS | Hybrid |
| 6 | USV |
|
|
| 7 | NAS NW-Port1 | 40-SERVER | Hybrid
|
| 8 | Uplink Trunk von NW Dose Wohnzimmer | 1-default |
|
## Netgear Switch GS308EPP
### Fritzbox WLAN Controller + WAN Router
[http://192.168.178.1/](http://192.168.178.1/)
Notfall-IP: 169.254.1.1 - PC über Port 2 verbinden
# VLANs
Tagged: Ports, die den VLAN Traffic durchlassen
UnTagged: Ports für ein bestimmtes Gerät, um ein VLAN zuzuweisen
| | | | |
| --- | --- | --- | --- |
| VLAN | Interface | DHCP | Netz |
| 1 - defaut
| 192.168.1.1
|
| 192.168.1.0/24
|
| 10 - USER
| 10.10.0.1
| 10.10.0.2 - 10.10.0.199
|
|
| 20 - GUEST
| 10.20.0.1
| 10.20.0.1
|
|
| 30 - IOT
| 10.30.0.1
|
|
|
| 40 - SERVER
| 10.40.0.1
| 10.40.0.3 - 10.40.0.199
| 10.40.0.0/16
|
| 41 - DOCKER\_NAS | 10.40.10.1
| 10.40.10.3 - 10.40.10.199
| 10.40.10.0/24
|
Netze
10.10.0.0/16 - USER
10.20.0.0/16 - GUEST
10.30.0.0/16 - IOT
10.40.0.0/16 - SERVER
# Übersicht
| | | | |
| --- | --- | --- | --- |
| Gerät | Port | IP | Pages |
| FritzBox alt DSL
| WAN
| Telekom IP
|
|
| FritzBox alt DSL
| LAN DHCP -> OpnSense WAN Port
| 192.168.178.106
| dhcp
|
| FritzBox alt DSL
|
| [192.168.178.1](http://192.168.178.1/) |
|
| OpnSense
| WAN Port (Port LAN2)
| 192.168.178.21
| dhcp |
| OpnSense
| LAN Port (Port LAN1)
| [192.168.1.1](https://192.168.1.1:55443/)
[AdGuard](http://192.168.1.1:3000/) | static
[[N: Multicast DNS Repeater zwischen 📑]]
[[N: HAProxy Reverse-Proxy-Servers auf OPNsense 📑]] |
| LANCOM GS-23310 |
| [192.168.1.2](http://192.168.1.2/)
| [[I: Switch LANCom GS-2310 🗄️]] |
| FritzBox Neu WLAN
| 3 | [192.168.1.103](http://192.168.1.103/#/)
|
|
| Home-Assistant |
| [192.168.1.192](http://192.168.1.192:8123/)
Proxy: 192.168.1.1 |
|
| EMMA |
| 192.168.1.178
| [[I: Huawai EMMA 🗄️]] |
| HUE Bridge |
| 192.168.1.137
| 00:17:88:69:AD:F8
|
| DIGITUS Gigabit Keller
|
| [192.168.1.111](http://192.168.1.111/) | [[I: DIGITUS DN-95331 Netzwerkswitch 🗄️]] |
| NAS |
| [192.168.1.124](http://192.168.1.124/) | [[I: Synology NAS DS 🗄️]]
[[N: MACVLAN für Docker anlegen 📑]]
[[N: Netzwerk-Interface neu starten 📑]]
[[Neue Notiz]]
[[N: AdGuard auf OPNsense installieren 📑]] |
|
|
|
|
|
| | | | | | |
| --- | --- | --- | --- | --- | --- |
| **Server** | **IP** | **Ports** | **host** | **Proxy** | **Beschreibung** |
| gitea | 10.40.10.130
| 3000 - WebUi
| NAS | HA | Git-Server |
| paperless | 10.40.10.131
| 8000 - WebUi | NAS | HA | Archivsystem |
| homeassistant | 192.168.1.192
| 8123 - WebUi
| Raspberry | HA | Home-Automatisierung |
| immich
immich-prometheus | 10.40.10.132
10.40.10.133
| 2283 - WebUi
9090 - WebUi
| NAS
| NPM | Foto-Verwaltung |
| nginx proxy manager | 10.40.10.134
| 81 - WebUI | NAS | \- | [Login – Nginx Proxy Manager](http://10.40.10.134:81/login)
|
|
|
|
|
|
|
|
Netzwerkdose Wohnzimmer links
## Speedport
Gerätepasswort: 83767207
[http://192.168.2.1/](http://192.168.2.1/)
# Zugriff aus dem Web:
- [RRset Konflikt (CAA + CNAME) bei HAProxy mit LE Wildcard von deSEC / dedyn.io - Page 3](https://forum.opnsense.org/index.php?topic=49125.30)
- [Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating](https://forum.opnsense.org/index.php?topic=23339.0)

# Statische Routen und doppeltes NATing
erst einen Alias für das Fritz-Netz:

Um doppeltes Nating zu vermieden legt man in OS eine NAT-Regel an:

Das sollte später weiter eingeschränkt werden, z.B. nur Admin, oder IO etc, nicht aber Gäste und User
Statische Routen, so dass die Netze hinter der OS auch Geräte im Fritz-Netz erreichen können

[Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating](https://forum.opnsense.org/index.php?topic=23339.0)
[Einstellungen OPNsense hinter FritzBox - Zugriff von außen](https://forum.opnsense.org/index.php?topic=39053.0)
[Setup OPNsense with HAProxy and Let's Encrypt | Marcus Holtz](https://blog.holtzweb.com/posts/opnsense-with-haproxy-and-lets-encrypt/)
[opnsense Received something which does not look like a PROXY protocol header - Google Suche](https://www.google.com/search?q=opnsense+Received+something+which+does+not+look+like+a+PROXY+protocol+header&newwindow=1&sca_esv=69afb27cda6b1637&sxsrf=AE3TifNGCTUN_X9hUalFtKqVKJ9xTQtN-A%3A1760112723749&ei=UzDpaKqwLciE9u8PyY3QkQw&ved=0ahUKEwjqpaftgpqQAxVIgv0HHckGNMIQ4dUDCBA&uact=5&oq=opnsense+Received+something+which+does+not+look+like+a+PROXY+protocol+header&gs_lp=Egxnd3Mtd2l6LXNlcnAiTG9wbnNlbnNlIFJlY2VpdmVkIHNvbWV0aGluZyB3aGljaCBkb2VzIG5vdCBsb29rIGxpa2UgYSBQUk9YWSBwcm90b2NvbCBoZWFkZXJIjhhQAFibF3AAeAGQAQCYAaMBoAHuCKoBAzEuOLgBA8gBAPgBAZgCAaACfMICBhAAGAcYHpgDAJIHAzAuMaAHuRCyBwMwLjG4B3zCBwMwLjHIBwE&sclient=gws-wiz-serp)
DMZ einrichten: [Deploy Nginx Proxy Manager in a DMZ with OPNsense](https://homenetworkguy.com/how-to/deploy-nginx-proxy-manager-in-dmz-with-opnsense/)