. '''To [[SystemAdministration|System Administration]]''' - '''To [[SystemAdministration/Systems|Systems Overview]]''' ---- = Systems - IP list = This is a list of IP addresses used in our infrastructure. The new documentation contains an [[https://infradocs.cacert.org/iplist.html|automatically generated IP address list]] and a [[https://infradocs.cacert.org/network.html|page describing the network setup]]. == Bit, Ede, NL == === 10.0.0.0/24 === Internal host network on [[https://infradocs.cacert.org/systems/infra02.html|Infra02]]. Have a look at the [[https://infradocs.cacert.org/iplist.html#v4range-10-0-0-0-24|new documentation]]. |||| '''IP-Adress''' || '''System''' || '''Comments''' || |||| 10.0.0.1 || [[https://infradocs.cacert.org/systems/infra02.html|Infra02]] || Infrastructure host || || || 10.0.0.2 - 10.0.0.11 || - || {i} available || || || 10.0.0.12 || [[SystemAdministration/Systems/Wiki|Wiki]] || || || || 10.0.0.13 || [[https://infradocs.cacert.org/systems/blog.html|Blog]] || || || || 10.0.0.14 - 10.0.0.15 || {i} available || || || 10.0.0.16 || [[https://infradocs.cacert.org/systems/bugs.html|Bugs]] || || || || 10.0.0.17 || [[https://infradocs.cacert.org/systems/lists.html|Lists]] || || || || 10.0.0.18 || [[https://infradocs.cacert.org/systems/monitor.html|Monitor]] || Icinga server || || || 10.0.0.19 || [[https://infradocs.cacert.org/systems/email.html|Email]] || || || || 10.0.0.20 || [[https://infradocs.cacert.org/systems/svn.html|SVN]] || || || || 10.0.0.21 - 10.0.0.25 || - || {i} available || || || 10.0.0.26 || [[https://infradocs.cacert.org/systems/web.html|Web]] || || || || 10.0.0.27 || [[https://infradocs.cacert.org/systems/cats.html|CATS]] || || || || 10.0.0.28 || [[https://infradocs.cacert.org/systems/issue.html|Issue]] || || || || 10.0.0.29 - 10.0.0.30 || - || {i} available || || || 10.0.0.31 || [[https://infradocs.cacert.org/systems/translations.html|Translations]] || || || || 10.0.0.32 || [[https://infradocs.cacert.org/systems/emailout.html|Emailout]] || || || || 10.0.0.33 || - || {i} available || || || 10.0.0.34 || [[https://infradocs.cacert.org/systems/board.html|Board]] || || || || 10.0.0.35 || [[https://infradocs.cacert.org/systems/proxyin.html|Proxyin]] || || || || 10.0.0.36 - 10.0.0.114 || - || {i} available || || || 10.0.0.115 || [[https://infradocs.cacert.org/systems/jenkins.html|Jenkins]] || || || || 10.0.0.116 || [[https://infradocs.cacert.org/systems/webstatic.html|Webstatic]] || || || || 10.0.0.117 || [[https://infradocs.cacert.org/systems/motion.html|Motion]] || || || || 10.0.0.118 || [[https://infradocs.cacert.org/systems/community.html|Community]] (webmail and selfservice) || || || || 10.0.0.119 || [[SystemAdministration/Systems/Pgpkeys|Pgpkeys]] || || || || 10.0.0.120 || - || {i} available || || || 10.0.0.121 - 10.0.0.129 || - || {i} available || || || 10.0.0.130 || [[https://infradocs.cacert.org/systems/ircserver.html|Ircserver]] || || || || 10.0.0.131 - 10.0.0.143 || - || {i} available || || || 10.0.0.144 || - || forwarded from 172.16.2.28 (ports 14422, 14480, 14443), no actual container uses this IP || || || 10.0.0.145 - 10.0.0.147 || - || {i} available || || || 10.0.0.148 || [[SystemAdministration/Systems/Testmgr|Testmgr]] || || || || 10.0.0.149 - 10.0.0.240 || - || {i} available || || || 10.0.0.200 || [[https://infradocs.cacert.org/systems/puppet.html|Puppet]] || || || || 10.0.0.201 || [[https://infradocs.cacert.org/systems/proxyout.html|Proxyout]] || || || || 10.0.0.241 - 10.0.0.247 || - || {i} available || || || 10.0.0.248 || [[https://infradocs.cacert.org/systems/test.html|Test]] || || || || 10.0.0.249 || [[SystemAdministration/Systems/Test2|Test2]] || || || || 10.0.0.250 || [[https://infradocs.cacert.org/systems/git.html|Git]] || || || || 10.0.0.251 - 10.0.0.254 || - || {i} available || === 172.16.2.0/24 === Have a look at the [[https://infradocs.cacert.org/iplist.html#v4range-172-16-2-0-24|new documentation]]. || '''IP''' || '''Machine''' || '''Comments''' || || 172.16.2.1 || firewall || || || 172.16.2.2 || firewall-01 || || || 172.16.2.3 || firewall-02 || || || 172.16.2.9 || [[https://infradocs.cacert.org/systems/infra02.html|Infra02]] || || || 172.16.2.10 || [[https://infradocs.cacert.org/systems/emailout.html|Emailout]] || outbound email server for automated services, SNAT address for traffic leaving [[https://infradocs.cacert.org/systems/infra02.html|Infra02]] || || 172.16.2.12 || [[SystemAdministration/Systems/Wiki|Wiki]] || || || 172.16.2.13 || [[https://infradocs.cacert.org/systems/blog.html|Blog]] || || || 172.16.2.14 || [[https://infradocs.cacert.org/systems/ircserver.html|Ircserver]] || [[Technology/TechnicalSupport/EndUserSupport/IRC|irc]] || || 172.16.2.15 || [[https://infradocs.cacert.org/systems/svn.html|SVN]] || || || 172.16.2.16 || [[https://infradocs.cacert.org/systems/bugs.html|Bugs]] || || || 172.16.2.17 || [[https://infradocs.cacert.org/systems/lists.html|Lists]] || || || 172.16.2.18 || [[https://infradocs.cacert.org/systems/monitor.html|Monitor]] || || || 172.16.2.19 || [[https://infradocs.cacert.org/systems/email.html|Email]] || forward 12022 to community:22, 19022 to email:22 ( should not be needed, email is directly reachable on port 22), 32022 to emailout:22, 21022 to mail:22, 11022 to ldap:22 || || 172.16.2.20 || [[https://infradocs.cacert.org/systems/community.html|Community]] || community webmail and selfservice || || 172.16.2.21 || [[SystemAdministration/Systems/Mail|Mail]] || || || 172.16.2.26 || [[https://infradocs.cacert.org/systems/web.html|Web]] || reverse proxy for funding.cacert.org and infradocs.cacert.org on webstatic and jenkins.cacert.org on jenkins, portforwarding 11622 to webstatic:22, portforwarding 11522 to jenkins:22 || || 172.16.2.27 || [[https://infradocs.cacert.org/systems/cats.html|CATS]] || || || 172.16.2.28 || [[https://infradocs.cacert.org/systems/issue.html|Issue]] || several suspicious forwardings to non-existing container issue-test with internal IP 10.0.0.144 {0} TODO: cleanup || || 172.16.2.31 || [[https://infradocs.cacert.org/systems/translations.html|Translations]] || || || 172.16.2.32 || [[https://infradocs.cacert.org/systems/emailout.html|Emailout]] || outbound email server for automated services, address for traffic going to [[https://infradocs.cacert.org/systems/infra02.html]] containers || || 172.16.2.33 || - || {i} available || || 172.16.2.34 || [[https://infradocs.cacert.org/systems/board.html|Board]] || || || 172.16.2.100 || [[SystemAdministration/Systems/Hopper|Hopper]] || for critical-admin only || || 172.16.2.115 || [[https://infradocs.cacert.org/systems/jenkins.html|Jenkins]] || || || 172.16.2.116 || [[https://infradocs.cacert.org/systems/webstatic.html|Webstatic]] || || || 172.16.2.117 || [[SystemAdministration/Systems/Motion|Motion]] || || || 172.16.2.118 || - || {i} available || || 172.16.2.119 || [[SystemAdministration/Systems/Pgpkeys|Pgpkeys]] || || || 172.16.2.148 || [[SystemAdministration/Systems/Testmgr|Testmgr]] || || || 172.16.2.241 || [[https://infradocs.cacert.org/systems/proxyin.html|Proxyin]] || Proxy for incoming connections forwarding to motion and possibly other new systems || || 172.16.2.248 || [[https://infradocs.cacert.org/systems/test.html|Test]] || port forwarding on 14822, 14880, 14843 to [[SystemAdministration/Systems/Testmgr|Testmgr]] || || 172.16.2.249 || [[SystemAdministration/Systems/Test2|Test2]] || || || 172.16.2.250 || [[https://infradocs.cacert.org/systems/git.html|Git]] || || === 172.16.3.0/24 === || '''IP''' || '''Machine''' || '''Comments''' || || 172.16.3.1 || firewall || || || 172.16.3.2 || firewall-01 || || || 172.16.3.3 || firewall-02 || || || 172.16.3.100 || [[SystemAdministration/Systems/Hopper|Hopper]] || for critical-admin only || || 172.16.3.102 || [[SystemAdministration/Systems/Ns|Ns]] || || || 172.16.3.103 || [[SystemAdministration/Systems/Ocsp|Ocsp]] || || || 172.16.3.104 || [[SystemAdministration/Systems/Crl|Crl]] || || === 172.28.50.0/24 === || '''IP''' || '''Machine''' || '''Comments''' || || 172.28.50.1 || firewall || || || 172.28.50.2 || firewall-01 || || || 172.28.50.3 || firewall-02 || || || 172.28.50.12 || [[SystemAdministration/Systems/Webdb|Webdb]] || || || 172.28.50.13 || [[SystemAdministration/Systems/Sun3|Sun3]] || || || 172.28.50.14 || [[SystemAdministration/Systems/Sun4|Sun4]] || || || 172.28.50.52 || sun1ilo || || || 172.28.50.53 || sun2ilo || || || 172.28.50.54 || sun3ilo || || || 172.28.50.55 || sun4ilo || || || 172.28.50.56 || infra02ilo || || || 172.28.50.80 || [[SystemAdministration/Systems/Backup|Backup]] || || || 172.28.50.100 || [[SystemAdministration/Systems/Hopper|Hopper]] || for critical-admin only || || 172.28.50.101 || [[SystemAdministration/Systems/Syslog|Syslog]] || || || 172.28.50.102 || [[SystemAdministration/Systems/Ns|Ns]] || || || 172.28.50.103 || [[SystemAdministration/Systems/Ocsp|Ocsp]] || || || 172.28.50.104 || [[SystemAdministration/Systems/Crl|Crl]] || || === 213.154.225.224/27 === Have a look at the [[https://infradocs.cacert.org/iplist.html#v4range-213-154-225-224-27|new documentation]]. || '''IP''' || '''System''' || '''Comments''' || || 213.154.225.225 || gw || || || 213.154.225.226 || ''vrrp1'' || || || 213.154.225.227 || ''vrrp2'' || || || 213.154.225.228 || [[https://infradocs.cacert.org/systems/email.html|email]], [[https://infradocs.cacert.org/systems/emailout.html|emailout]] (in), mail, ldap, [[https://infradocs.cacert.org/systems/community.html|community]] || || || 213.154.225.229 || cacert-fw || || || 213.154.225.230 || [[https://infradocs.cacert.org/systems/infra02.html|infra02]], [[https://infradocs.cacert.org/systems/monitor.html|monitor]], [[https://infradocs.cacert.org/systems/emailout.html|emailout]] (out), * || || || 213.154.225.231 || [[https://infradocs.cacert.org/systems/lists.html|lists]] || || || 213.154.225.232 || [[https://infradocs.cacert.org/systems/bugs.html|bugs]] || || || 213.154.225.233 || [[https://infradocs.cacert.org/systems/ircserver.html|ircserver]] || || || 213.154.225.234 || [[https://infradocs.cacert.org/systems/blog.html|blog]] || || || 213.154.225.235 || wiki || || || 213.154.225.236 || crl || || || 213.154.225.237 || ocsp || || || 213.154.225.238 || svn || || || 213.154.225.239 || [[https://infradocs.cacert.org/systems/community.html|community]] and [[https://infradocs.cacert.org/systems/emailout.html|Emailout]] || || || 213.154.225.240 || translations || || || 213.154.225.241 || proxyin / motion || || || 213.154.225.242 || [[https://infradocs.cacert.org/systems/web.html|web]], funding.cacert.org, jenkins.cacert.org, infradocs.cacert.org || || || 213.154.225.243 || [[https://infradocs.cacert.org/systems/cats.html|cats]] || || || 213.154.225.244 || issue || || || 213.154.225.245 || Webdb (www) || || || 213.154.225.246 || Webdb (secure) || || || 213.154.225.247 || Webdb (tverify) || || || 213.154.225.248 || [[https://infradocs.cacert.org/systems/test.html|test]] || || || 213.154.225.249 || test2 || || || 213.154.225.250 || [[https://infradocs.cacert.org/systems/git.html|git]] || || || 213.154.225.251 || ns1 || || || 213.154.225.252 || [[https://infradocs.cacert.org/systems/board.html|board]] || || || 213.154.225.253 || cacert-fw01 || || || 213.154.225.254 || cacert-fw02 || || === 2001:7b8:3:9c::/64 === [[IPv6]] transition || '''IP''' || '''System''' || '''Comments''' || || 2001:7b8:3:9c::245 || www (wwwmail) || || || 2001:7b8:3:9c::246 || secure || || || 2001:7b8:3:9c::247 || tverify || || === 2001:7b8:616::/48 === The following subnets are used: ==== 2001:7b8:616:162::/64 ==== Following addresses are configured: || 2001:7b8:616:162::1 || cacert-fw || || 2001:7b8:616:162::2 || cacert-fw01 || || 2001:7b8:616:162::3 || cacert-fw02 || || 2001:7b8:616:162::100 || hopper || ===== 2001:7b8:616:162:1::/80 ===== Have a look at the [[https://infradocs.cacert.org/iplist.html#v6range-2001-7b8-616-162-1---80|new documentation]]. || '''Address''' || '''System''' || '''Comments''' || || 2001:7b8:616:162:1::10 || [[https://infradocs.cacert.org/systems/infra02.html|infra02]] || infrastructure host and router/firewall for infrastructure containers || ===== 2001:7b8:616:162:2::/80 ===== Have a look at the [[https://infradocs.cacert.org/iplist.html#v6range-2001-7b8-616-162-2---80|new documentation]]. [[SystemAdministration/Systems/Infra02|Infra02]] is routing traffic for the IPv6 subnet to the containers hosted on that machine. The following addresses are already routed to the corresponding containers: || '''Address''' || '''System''' || '''Comments''' || || 2001:7b8:616:162:2::12 || [[https://infradocs.cacert.org/systems/wiki.html|wiki]] || || || 2001:7b8:616:162:2::13 || [[https://infradocs.cacert.org/systems/blog.html|blog]] || || || 2001:7b8:616:162:2::14 || [[https://infradocs.cacert.org/systems/ircserver.html|ircserver]] || || || 2001:7b8:616:162:2::15 || [[https://infradocs.cacert.org/systems/svn.html|svn]] || || || 2001:7b8:616:162:2::16 || [[https://infradocs.cacert.org/systems/bugs.html|bugs]] || || || 2001:7b8:616:162:2::18 || [[https://infradocs.cacert.org/systems/monitor.html|monitor]] || || || 2001:7b8:616:162:2::31 || [[https://infradocs.cacert.org/systems/translations.html|Translations, l10n]] || || || 2001:7b8:616:162:2::228 || [[https://infradocs.cacert.org/systems/email.html|email]] || || || 2001:7b8:616:162:2::239 || [[https://infradocs.cacert.org/systems/emailout.html|emailout]] || || Following addresses are reserved but not yet configured: || '''Address''' || '''System''' || '''Comments''' || || 2001:7b8:616:162:2::9 || infra01 || old infrastructure host, this assignment can be freed later || || 2001:7b8:616:162:2::17 || lists || || || 2001:7b8:616:162:2::20 || [[https://infradocs.cacert.org/systems/webmail.html|community]] || || || 2001:7b8:616:162:2::27 || [[https://infradocs.cacert.org/systems/cats.html|cats]] || || || 2001:7b8:616:162:2::28 || [[https://infradocs.cacert.org/systems/issue.html|issue]] || || || 2001:7b8:616:162:2::34 || [[https://infradocs.cacert.org/systems/board.html|board]] || || || 2001:7b8:616:162:2::248 || test || || || 2001:7b8:616:162:2::249 || test2 || || || 2001:7b8:616:162:2::250 || [[https://infradocs.cacert.org/systems/git.html|git]] || || ==== 2001:7b8:616:163::/64 ==== Following addresses are configured: || 2001:07b8:0616:0163::1 || cacert-fw || || 2001:07b8:0616:0163::2 || cacert-fw01 || || 2001:07b8:0616:0163::3 || cacert-fw02|| || 2001:07b8:0616:0163::100 || hopper || || 2001:07b8:0616:0163::102 || ns1 || || 2001:07b8:0616:0163::103 || ocsp || || 2001:07b8:0616:0163::104 || crl || == IT-SLS, Offenbach/Main, DE == === 192.109.159.0/24, 10.38.6.0/24 === || '''IP Internet''' || '''IP Intranet''' || '''Machine''' || || 192.109.159.22 || --(10.38.6.66)-- || vmware-host.it-sls.de || || 192.109.159.23 || --(10.38.6.74)-- || [[SystemAdministration/Systems/cacert1-test|cacert1.it-sls.de]], Main testserver, webdb patches || || 192.109.159.24 || --(10.38.6.79)-- || [[SystemAdministration/Systems/cacert1-test|secure1.it-sls.de]], Main testserver, webdb patches, secure channel || || 192.109.159.25 || --(10.38.6.86)-- || [[SystemAdministration/Systems/cacert2-test|cacert2.it-sls.de]], Main testserver, os + applic patches, dedicated to critical team || || 192.109.159.26 || --(10.38.6.87)-- || [[SystemAdministration/Systems/cacert2-test|secure2.it-sls.de]], Main testserver, os + applic patches, secure channel, dedicated to critical team || || 192.109.159.27 || --(10.38.6.88)-- || [[SystemAdministration/Systems/ca-mgr1-test|ca-mgr1.it-sls.de]], Testserver Management Console (incl. mailboxes for testserver accounts, testserver 1) || || 192.109.159.28 || --(10.38.6.88)-- || [[SystemAdministration/Systems/ca-mgr1-test|cats1.it-sls.de]], new CATS testserver || || --(212.38.6.89)-- || --(10.38.6.89)-- || [[SystemAdministration/Systems/ca-mgr2-test|ca-mgr2.it-sls.de]], Testserver Management Console (incl. mailboxes for testserver accounts, testserver 2) - not yet activated - || || 192.109.159.29 || --(10.38.6.92)-- || [[SystemAdministration/Systems/git|git-cacert.it-sls.de]], central git repository (old + new software) || == Other == || '''IP''' || '''System''' || '''Comments''' || || 78.46.255.66 || audit, dev (cacert.org / cacert.cl) || || || 78.47.142.76 || community-vpn || || ---- . CategoryInfrastructure . CategorySystems