--- tags: - landing-page - upnote-import --- # Heimnetz TODO  [OPNsense - Router - schulnetzkonzept.de](https://old.schulnetzkonzept.de/opnsense) # Seiten - [[N: Home-Assistent über HAProxy 📑]] - [[N: Full Cert Chain in OpnSense verwenden 📑]] [[N: Paperless-NGX 📑]] # Planung neues Netzwerk: [Netzwerkstruktur und IP-Segmentierung](https://chatgpt.com/c/68d793e6-1f84-8331-867c-ea6842b1a6d3) Hardware-Kauf-Optionen: [Firewall Micro Appliance N150 Lüfterloser Mini PC mit 4 Ports i226 2,5GHz LAN, für pfSense, Firewall, Router, OpenWRT, ohne RAM, ohne Speicher, ohne System.: Amazon.de: Computer & Zubehör](https://www.amazon.de/dp/B0F3JLKMB3?ref=emc_p_m_5_i_atc&th=1) AliExpress: [Intel N150 N100 Mini-PC-Firewall-Router 4 LAN i226-V 2,5 G Celeron N5105 N6210 NVMe Lüfterloser Mini-Computer Low Power pfSense Box - AliExpress](https://de.aliexpress.com/item/1005007002786305.html?spm=a2g0o.productlist.main.3.35d3Z6kOZ6kO5G&algo_pvid=12b128c3-7a02-4c23-9467-a41ff8c4770d&algo_exp_id=12b128c3-7a02-4c23-9467-a41ff8c4770d-2&pdp_ext_f=%7B%22order%22%3A%22152%22%2C%22eval%22%3A%221%22%2C%22fromPage%22%3A%22search%22%7D&pdp_npi=6%40dis%21EUR%21183.32%21120.99%21%21%21210.20%21138.73%21%40210384b917593333635278191edfa7%2112000046663703988%21sea%21DE%210%21ABX%211%210%21n_tag%3A-29910%3Bd%3Aa233012%3Bm03_new_user%3A-29895&curPageLogUid=vZzqLxp7ExnI&utparam-url=scene%3Asearch%7Cquery_from%3A%7Cx_object_id%3A1005007002786305%7C_p_origin_prod%3A#nav-specification) ## Terra-Firewall:   Inventarseite [[I: TERRA FIREWALL "BLACK DWARF" G3 UTM 1 Jahr🗄️]]  MAC: 00:07:32:7B:91:93  IP: 192.168.1.1  [https://192.168.1.1:55443/](https://192.168.1.1:55443/)  diverse OpnSense tutorials: [Wie konfiguriert man DoT (DNS über TLS) auf der OPNsense-Firewall? - zenarmor.com](https://www.zenarmor.com/docs/de/netzwerksicherheitstutorials/wie-konfiguriert-man-dot-auf-der-opnsense-firewall) ## LANCom Switch GS-2310:   Inventarseite: [[I: Switch LANCom GS-2310 🗄️]]  MAC: 00:A0:57:41:67:87  [http://192.168.1.2/](http://192.168.1.2/)   [Downloads - LANCOM Systems GmbH](https://my.lancom-systems.de/downloads/?L=0&unique_id=2c8b76d14646c62f86bd3c495973c816&dllang=DE)  Ports: | | | | | | --- | --- | --- | --- | | Port | Beschreibung | VLANs | **Egress Rule**
| | 1 | Uplink Firewall | 1 | Hybrid | | 2 | TRUNK | 1 | Trunk | | 3 | PowerLine | 10-User | Hybrid
| | 7 | admin-Port
| 1-default | Hybrid
| | 8 |
| 10-User |
| |
|
|
|
| ## DIGITUS DN-95331 | | | | | | --- | --- | --- | --- | | Port | Beschreibung | VLANs | **Egress Rule**
| | 5 | NSA NW-Port2 | 41-DOCKER\_NAS | Hybrid | | 6 | USV |
|
| | 7 | NAS NW-Port1 | 40-SERVER | Hybrid
| | 8 | Uplink Trunk von NW Dose Wohnzimmer | 1-default |
| ## Netgear Switch GS308EPP ### Fritzbox WLAN Controller + WAN Router  [http://192.168.178.1/](http://192.168.178.1/)  Notfall-IP:  169.254.1.1  - PC über Port 2 verbinden # VLANs Tagged: Ports, die den VLAN Traffic durchlassen UnTagged: Ports für ein bestimmtes Gerät, um ein VLAN zuzuweisen | | | | | | --- | --- | --- | --- | | VLAN | Interface | DHCP | Netz | | 1 - defaut
| 192.168.1.1
|
| 192.168.1.0/24
| | 10 - USER
| 10.10.0.1
| 10.10.0.2 - 10.10.0.199
|
| | 20 - GUEST
| 10.20.0.1
| 10.20.0.1
|
| | 30 - IOT
| 10.30.0.1
|
|
| | 40 - SERVER
| 10.40.0.1
| 10.40.0.3 - 10.40.0.199
| 10.40.0.0/16
| | 41 - DOCKER\_NAS | 10.40.10.1
| 10.40.10.3 - 10.40.10.199
| 10.40.10.0/24
| Netze 10.10.0.0/16 - USER 10.20.0.0/16 - GUEST 10.30.0.0/16 - IOT 10.40.0.0/16 - SERVER # Übersicht | | | | | | --- | --- | --- | --- | | Gerät | Port | IP | Pages | | FritzBox alt DSL
| WAN 
| Telekom IP
|
| | FritzBox alt DSL
| LAN DHCP -> OpnSense WAN Port
| 192.168.178.106
| dhcp
| | FritzBox alt DSL
|
| [192.168.178.1](http://192.168.178.1/) |
| | OpnSense 
| WAN Port (Port LAN2)
| 192.168.178.21
| dhcp | | OpnSense
| LAN Port (Port LAN1)
| [192.168.1.1](https://192.168.1.1:55443/)
[AdGuard](http://192.168.1.1:3000/) | static
[[N: Multicast DNS Repeater zwischen 📑]]
[[N: HAProxy Reverse-Proxy-Servers auf OPNsense 📑]] | | LANCOM GS-23310 |
| [192.168.1.2](http://192.168.1.2/)
| [[I: Switch LANCom GS-2310 🗄️]] | | FritzBox Neu WLAN
| 3 | [192.168.1.103](http://192.168.1.103/#/)
|
| | Home-Assistant |
| [192.168.1.192](http://192.168.1.192:8123/)
Proxy: 192.168.1.1 |
| | EMMA |
| 192.168.1.178
| [[I: Huawai EMMA 🗄️]] | | HUE Bridge |
| 192.168.1.137
| 00:17:88:69:AD:F8
| | DIGITUS Gigabit Keller
|
| [192.168.1.111](http://192.168.1.111/) | [[I: DIGITUS DN-95331 Netzwerkswitch 🗄️]] | | NAS |
| [192.168.1.124](http://192.168.1.124/) | [[I: Synology NAS DS 🗄️]]

[[N: MACVLAN für Docker anlegen 📑]]
[[N: Netzwerk-Interface neu starten 📑]]
[[Neue Notiz]]
[[N: AdGuard auf OPNsense installieren 📑]] | |
|
|
|
| | | | | | | | | --- | --- | --- | --- | --- | --- | | **Server** | **IP** | **Ports** | **host** | **Proxy** | **Beschreibung** | | gitea | 10.40.10.130
| 3000 - WebUi
| NAS | HA | Git-Server | | paperless | 10.40.10.131
| 8000 - WebUi | NAS | HA | Archivsystem | | homeassistant | 192.168.1.192
| 8123 - WebUi
| Raspberry | HA | Home-Automatisierung | | immich
immich-prometheus | 10.40.10.132
10.40.10.133
| 2283 - WebUi
9090 - WebUi
| NAS
| NPM | Foto-Verwaltung | | nginx proxy manager | 10.40.10.134
| 81 - WebUI | NAS | \- | [Login – Nginx Proxy Manager](http://10.40.10.134:81/login)
| |
|
|
|
|
|
| Netzwerkdose Wohnzimmer links ## Speedport  Gerätepasswort: 83767207  [http://192.168.2.1/](http://192.168.2.1/) # Zugriff aus dem Web: - [RRset Konflikt (CAA + CNAME) bei HAProxy mit LE Wildcard von deSEC / dedyn.io - Page 3](https://forum.opnsense.org/index.php?topic=49125.30) - [Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating](https://forum.opnsense.org/index.php?topic=23339.0) ![](..\..\files\301b5284-018a-411d-a8c4-32e0f36fe9a2.png)
# Statische Routen und doppeltes NATing erst einen Alias für das Fritz-Netz: ![](..\..\files\18213d46-5345-42de-be62-ff1a8ee3a278.png)
Um doppeltes Nating zu vermieden legt man in OS eine NAT-Regel an: ![](..\..\files\d33db927-c4ad-4727-af07-72c41bfb9ed0.png)
Das sollte später weiter eingeschränkt werden, z.B. nur Admin, oder IO etc, nicht aber Gäste und User  Statische Routen, so dass die Netze hinter der OS auch Geräte im Fritz-Netz erreichen können ![](..\..\files\af0fa525-56ad-4845-80e1-be1abadd58f3.png) [Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating](https://forum.opnsense.org/index.php?topic=23339.0) [Einstellungen OPNsense hinter FritzBox - Zugriff von außen](https://forum.opnsense.org/index.php?topic=39053.0) [Setup OPNsense with HAProxy and Let's Encrypt | Marcus Holtz](https://blog.holtzweb.com/posts/opnsense-with-haproxy-and-lets-encrypt/) [opnsense Received something which does not look like a PROXY protocol header - Google Suche](https://www.google.com/search?q=opnsense+Received+something+which+does+not+look+like+a+PROXY+protocol+header&newwindow=1&sca_esv=69afb27cda6b1637&sxsrf=AE3TifNGCTUN_X9hUalFtKqVKJ9xTQtN-A%3A1760112723749&ei=UzDpaKqwLciE9u8PyY3QkQw&ved=0ahUKEwjqpaftgpqQAxVIgv0HHckGNMIQ4dUDCBA&uact=5&oq=opnsense+Received+something+which+does+not+look+like+a+PROXY+protocol+header&gs_lp=Egxnd3Mtd2l6LXNlcnAiTG9wbnNlbnNlIFJlY2VpdmVkIHNvbWV0aGluZyB3aGljaCBkb2VzIG5vdCBsb29rIGxpa2UgYSBQUk9YWSBwcm90b2NvbCBoZWFkZXJIjhhQAFibF3AAeAGQAQCYAaMBoAHuCKoBAzEuOLgBA8gBAPgBAZgCAaACfMICBhAAGAcYHpgDAJIHAzAuMaAHuRCyBwMwLjG4B3zCBwMwLjHIBwE&sclient=gws-wiz-serp) DMZ einrichten: [Deploy Nginx Proxy Manager in a DMZ with OPNsense](https://homenetworkguy.com/how-to/deploy-nginx-proxy-manager-in-dmz-with-opnsense/)