Systems - IP list
This is a list of IP addresses used in our infrastructure. The new documentation contains an automatically generated IP address list and a page describing the network setup.
Bit, Ede, NL
10.0.0.0/24
Internal host network on Infra02. Have a look at the new documentation.
IP-Adress |
System |
Comments |
|
10.0.0.1 |
Infrastructure host |
||
|
10.0.0.2 - 10.0.0.11 |
- |
|
|
10.0.0.12 |
|
|
|
10.0.0.13 |
|
|
|
10.0.0.14 - 10.0.0.15 |
|
|
|
10.0.0.16 |
|
|
|
10.0.0.17 |
|
|
|
10.0.0.18 |
Icinga server |
|
|
10.0.0.19 |
|
|
|
10.0.0.20 |
|
|
|
10.0.0.21 - 10.0.0.25 |
- |
|
|
10.0.0.26 |
|
|
|
10.0.0.27 |
|
|
|
10.0.0.28 |
|
|
|
10.0.0.29 - 10.0.0.30 |
- |
|
|
10.0.0.31 |
|
|
|
10.0.0.32 |
|
|
|
10.0.0.33 |
- |
|
|
10.0.0.34 |
|
|
|
10.0.0.35 |
|
|
|
10.0.0.36 - 10.0.0.114 |
- |
|
|
10.0.0.115 |
|
|
|
10.0.0.116 |
|
|
|
10.0.0.117 |
|
|
|
10.0.0.118 |
Community (webmail and selfservice) |
|
|
10.0.0.119 |
|
|
|
10.0.0.120 |
- |
|
|
10.0.0.121 - 10.0.0.129 |
- |
|
|
10.0.0.130 |
|
|
|
10.0.0.131 - 10.0.0.143 |
- |
|
|
10.0.0.144 |
- |
|
|
10.0.0.145 - 10.0.0.147 |
- |
|
|
10.0.0.148 |
|
|
|
10.0.0.149 - 10.0.0.240 |
- |
|
|
10.0.0.200 |
|
|
|
10.0.0.201 |
|
|
|
10.0.0.241 - 10.0.0.247 |
- |
|
|
10.0.0.248 |
|
|
|
10.0.0.249 |
|
|
|
10.0.0.250 |
|
|
|
10.0.0.251 - 10.0.0.254 |
- |
|
172.16.2.0/24
Have a look at the new documentation.
IP
Machine
Comments
172.16.2.1
firewall
172.16.2.2
firewall-01
172.16.2.3
firewall-02
172.16.2.9
172.16.2.10
outbound email server for automated services, SNAT address for traffic leaving Infra02
172.16.2.12
172.16.2.13
172.16.2.14
172.16.2.15
172.16.2.16
172.16.2.17
172.16.2.18
172.16.2.19
forward 12022 to community:22, 19022 to email:22 (
should not be needed, email is directly reachable on port 22), 32022 to emailout:22, 21022 to mail:22, 11022 to ldap:22 172.16.2.20
community webmail and selfservice
172.16.2.21
172.16.2.26
reverse proxy for funding.cacert.org and infradocs.cacert.org on webstatic and jenkins.cacert.org on jenkins, portforwarding 11622 to webstatic:22, portforwarding 11522 to jenkins:22
172.16.2.27
172.16.2.28
several suspicious forwardings to non-existing container issue-test with internal IP 10.0.0.144 {0} TODO: cleanup 172.16.2.31
172.16.2.32
outbound email server for automated services, address for traffic going to https://infradocs.cacert.org/systems/infra02.html containers
172.16.2.33
-
available 172.16.2.34
172.16.2.100
for critical-admin only
172.16.2.115
172.16.2.116
172.16.2.117
172.16.2.118
-
available 172.16.2.119
172.16.2.148
172.16.2.241
Proxy for incoming connections forwarding to motion and possibly other new systems
172.16.2.248
port forwarding on 14822, 14880, 14843 to Testmgr
172.16.2.249
172.16.2.250
172.16.3.0/24
172.28.50.0/24
IP
Machine
Comments
172.28.50.1
firewall
172.28.50.2
firewall-01
172.28.50.3
firewall-02
172.28.50.12
172.28.50.13
172.28.50.14
172.28.50.52
sun1ilo
172.28.50.53
sun2ilo
172.28.50.54
sun3ilo
172.28.50.55
sun4ilo
172.28.50.56
infra02ilo
172.28.50.80
172.28.50.100
for critical-admin only
172.28.50.101
172.28.50.102
172.28.50.103
172.28.50.104
213.154.225.224/27
Have a look at the new documentation.
IP |
System |
Comments |
213.154.225.225 |
gw |
|
213.154.225.226 |
vrrp1 |
|
213.154.225.227 |
vrrp2 |
|
213.154.225.228 |
|
|
213.154.225.229 |
cacert-fw |
|
213.154.225.230 |
|
|
213.154.225.231 |
|
|
213.154.225.232 |
|
|
213.154.225.233 |
|
|
213.154.225.234 |
|
|
213.154.225.235 |
wiki |
|
213.154.225.236 |
crl |
|
213.154.225.237 |
ocsp |
|
213.154.225.238 |
svn |
|
213.154.225.239 |
|
|
213.154.225.240 |
translations |
|
213.154.225.241 |
proxyin / motion |
|
213.154.225.242 |
web, funding.cacert.org, jenkins.cacert.org, infradocs.cacert.org |
|
213.154.225.243 |
|
|
213.154.225.244 |
issue |
|
213.154.225.245 |
Webdb (www) |
|
213.154.225.246 |
Webdb (secure) |
|
213.154.225.247 |
Webdb (tverify) |
|
213.154.225.248 |
|
|
213.154.225.249 |
test2 |
|
213.154.225.250 |
|
|
213.154.225.251 |
ns1 |
|
213.154.225.252 |
|
|
213.154.225.253 |
cacert-fw01 |
|
213.154.225.254 |
cacert-fw02 |
|
2001:7b8:3:9c::/64
IPv6 transition
IP |
System |
Comments |
2001:7b8:3:9c::245 |
www (wwwmail) |
|
2001:7b8:3:9c::246 |
secure |
|
2001:7b8:3:9c::247 |
tverify |
|
2001:7b8:616::/48
The following subnets are used:
2001:7b8:616:162::/64
Following addresses are configured:
2001:7b8:616:162::1 |
cacert-fw |
2001:7b8:616:162::2 |
cacert-fw01 |
2001:7b8:616:162::3 |
cacert-fw02 |
2001:7b8:616:162::100 |
hopper |
2001:7b8:616:162:1::/80
Have a look at the new documentation.
Address |
System |
Comments |
2001:7b8:616:162:1::10 |
infrastructure host and router/firewall for infrastructure containers |
2001:7b8:616:162:2::/80
Have a look at the new documentation.
Infra02 is routing traffic for the IPv6 subnet to the containers hosted on that machine.
The following addresses are already routed to the corresponding containers:
Address |
System |
Comments |
2001:7b8:616:162:2::12 |
|
|
2001:7b8:616:162:2::13 |
|
|
2001:7b8:616:162:2::14 |
|
|
2001:7b8:616:162:2::15 |
|
|
2001:7b8:616:162:2::16 |
|
|
2001:7b8:616:162:2::18 |
|
|
2001:7b8:616:162:2::31 |
|
|
2001:7b8:616:162:2::228 |
|
|
2001:7b8:616:162:2::239 |
|
Following addresses are reserved but not yet configured:
Address |
System |
Comments |
2001:7b8:616:162:2::9 |
infra01 |
old infrastructure host, this assignment can be freed later |
2001:7b8:616:162:2::17 |
lists |
|
2001:7b8:616:162:2::20 |
|
|
2001:7b8:616:162:2::27 |
|
|
2001:7b8:616:162:2::28 |
|
|
2001:7b8:616:162:2::34 |
|
|
2001:7b8:616:162:2::248 |
test |
|
2001:7b8:616:162:2::249 |
test2 |
|
2001:7b8:616:162:2::250 |
|
2001:7b8:616:163::/64
Following addresses are configured:
2001:07b8:0616:0163::1 |
cacert-fw |
2001:07b8:0616:0163::2 |
cacert-fw01 |
2001:07b8:0616:0163::3 |
cacert-fw02 |
2001:07b8:0616:0163::100 |
hopper |
2001:07b8:0616:0163::102 |
ns1 |
2001:07b8:0616:0163::103 |
ocsp |
2001:07b8:0616:0163::104 |
crl |
IT-SLS, Offenbach/Main, DE
192.109.159.0/24, 10.38.6.0/24
IP Internet
IP Intranet
Machine
192.109.159.22
10.38.6.66
vmware-host.it-sls.de
192.109.159.23
10.38.6.74
cacert1.it-sls.de, Main testserver, webdb patches
192.109.159.24
10.38.6.79
secure1.it-sls.de, Main testserver, webdb patches, secure channel
192.109.159.25
10.38.6.86
cacert2.it-sls.de, Main testserver, os + applic patches, dedicated to critical team
192.109.159.26
10.38.6.87
secure2.it-sls.de, Main testserver, os + applic patches, secure channel, dedicated to critical team
192.109.159.27
10.38.6.88
ca-mgr1.it-sls.de, Testserver Management Console (incl. mailboxes for testserver accounts, testserver 1)
192.109.159.28
10.38.6.88
cats1.it-sls.de, new CATS testserver
212.38.6.89
10.38.6.89
ca-mgr2.it-sls.de, Testserver Management Console (incl. mailboxes for testserver accounts, testserver 2) - not yet activated -
192.109.159.29
10.38.6.92
git-cacert.it-sls.de, central git repository (old + new software)
Other
IP |
System |
Comments |
78.46.255.66 |
audit, dev (cacert.org / cacert.cl) |
|
78.47.142.76 |
community-vpn |
|