# KavCorp Network Map > **Last Updated**: 2025-12-28 > **Network**: 10.4.2.0/24 > **Gateway**: 10.4.2.1 (OPNsense) > **DNS**: 10.4.2.11 (Pi-hole) ## Network Topology ``` INTERNET │ │ WAN (AT&T) │ Public: 99.74.188.161 ▼ ┌─────────────────────────────┐ │ OPNsense (VM 130) │ │ 10.4.2.1 │ │ WAN: vmbr1 | LAN: vmbr0 │ └──────────────┬──────────────┘ │ ┌───────────────────────────┼───────────────────────────┐ │ vmbr0 Bridge │ │ 10.4.2.0/24 (LAN) │ └───┬───────┬───────┬───────┬───────┬───────────────────┘ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ ┌─────┐ ┌─────┐ ┌─────┐ ┌─────┐ ┌──────────┐ ┌─────────┐ │ pm1 │ │ pm2 │ │ pm3 │ │ pm4 │ │ elantris │ │ KavNas │ │ .2 │ │ .6 │ │ .3 │ │ .5 │ │ .14 │ │ .13 │ └──┬──┘ └──┬──┘ └──┬──┘ └──┬──┘ └────┬─────┘ └─────────┘ │ │ │ │ │ ┌───────┘ │ │ │ └────────┐ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ ┌──────┐ ┌───────────┐ ┌────┐ ┌──────────┐ ┌─────────┐ │HA │ │Media Stack│ │Game│ │ Infra │ │ Media │ │Zwave │ │ Services │ │Svcs│ │ Services │ │ Storage │ │Twing.│ │ │ │ │ │ │ │ │ └──────┘ └───────────┘ └────┘ └──────────┘ └─────────┘ ``` ## IP Address Allocation ### Proxmox Nodes (10.4.2.2-9) | IP | Hostname | Description | |----|----------|-------------| | 10.4.2.2 | pm1.kav | Proxmox node 1 | | 10.4.2.3 | pm3.kav | Proxmox node 3 | | 10.4.2.5 | pm4.kav | Proxmox node 4 | | 10.4.2.6 | pm2.kav | Proxmox node 2 (primary management) | | 10.4.2.14 | elantris.kav | Proxmox node 5 (128GB RAM, ZFS) | ### Core Infrastructure (10.4.2.10-19) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.1 | opnsense.kav | OPNsense Gateway | 130 | pm4 | | 10.4.2.10 | traefik.kav | Reverse Proxy | 104 | pm2 | | 10.4.2.11 | pihole.kav | DNS Server | 103 | pm4 | | 10.4.2.12 | authelia.kav | SSO Authentication | 116 | pm2 | | 10.4.2.13 | kavnas.kav | Synology NAS | - | - | | 10.4.2.15 | vaultwarden.kav | Password Manager | 125 | pm4 | | 10.4.2.16 | unifi.kav | UniFi Controller | 111 | pm4 | ### Media Stack (10.4.2.20-29) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.20 | sonarr.kav | TV Shows | 105 | pm2 | | 10.4.2.21 | whisparr.kav | Adult Content | 117 | pm2 | | 10.4.2.22 | prowlarr.kav | Indexer Manager | 114 | pm2 | | 10.4.2.23 | bazarr.kav | Subtitles | 119 | pm2 | | 10.4.2.24 | radarr.kav | Movies | 108 | pm2 | | 10.4.2.25 | jellyseerr.kav | Media Requests | 115 | pm2 | | 10.4.2.26 | jellyfin.kav | Media Server | 121 | elantris | | 10.4.2.27 | kometa.kav | Plex Meta Manager | 120 | pm2 | | 10.4.2.28 | recyclarr.kav | Quality Profiles | 122 | pm2 | | 10.4.2.29 | notifiarr.kav | Notifications | 118 | pm2 | ### Services (10.4.2.30-39) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.30 | immich.kav | Photo Management | 126 | pm4 | | 10.4.2.31 | gitea.kav | Git Server | 127 | pm4 | | 10.4.2.32 | frigate.kav | NVR | 128 | pm3 | | 10.4.2.33 | homeassistant.kav | Home Automation | 100 | pm1 (VM) | | 10.4.2.34 | ollama.kav | LLM Server | 123 | elantris | | 10.4.2.35 | twingate.kav | Zero Trust Access | 101 | pm1 | | 10.4.2.37 | foundryvtt.kav | Virtual Tabletop | 112 | pm3 | ### Game Servers (10.4.2.40-49) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.40 | amp.kav | Game Server Manager | 124 | elantris | ### IoT / Home Automation (10.4.2.50-99) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.50 | zwave.kav | Z-Wave JS UI | 102 | pm1 | | 10.4.2.51 | mqtt.kav | MQTT Broker | 106 | pm3 | ### Docker Hosts (10.4.2.200-209) | IP | Hostname | Service | VMID | Node | |----|----------|---------|------|------| | 10.4.2.200 | docker-pm2.kav | Docker Host | 113 | pm2 | | 10.4.2.201 | docker-pm4.kav | Docker Host | 110 | pm4 | | 10.4.2.202 | docker-pm3.kav | Docker Host | 109 | pm3 (VM) | | 10.4.2.203 | dockge.kav | Docker Management | 107 | pm3 | ## IP Range Summary | Range | Purpose | Status | |-------|---------|--------| | 10.4.2.1 | OPNsense Gateway | Assigned | | 10.4.2.2-9 | Proxmox Nodes | Assigned | | 10.4.2.10-19 | Core Infrastructure | Assigned | | 10.4.2.20-29 | Media Stack | Assigned | | 10.4.2.30-39 | Services | Partially used | | 10.4.2.40-49 | Game Servers | Partially used | | 10.4.2.50-99 | IoT / Reserved | Partially used | | 10.4.2.100-199 | DHCP Pool | Dynamic | | 10.4.2.200-209 | Docker Hosts | Assigned | | 10.4.2.210-239 | Reserved | Available | | 10.4.2.240-249 | Network Controllers | Reserved | | 10.4.2.250-254 | Network Gear | Reserved | ## Access Methods ### SSH Access All containers have SSH enabled with key-based authentication: ```bash ssh root@.kav # Example: ssh root@traefik.kav ``` ### Web Access All web services are accessible via Traefik reverse proxy: - External: `https://.kavcorp.com` - Internal: `http://:` ### Local DNS Pi-hole provides `.kav` domain resolution for all services. Configure your device to use `10.4.2.11` as DNS server. ## Generating Updated Map Use the network map script to generate a current view: ```bash cd /home/kavren/proxmox-infra ./scripts/monitoring/network-map.sh ```