Systems - IP list

This is a list of IP addresses used in our infrastructure. The new documentation contains an automatically generated IP address list and a page describing the network setup.

Bit, Ede, NL

Internal host network on Infra02. Have a look at the new documentation.

IP-Adress		System	Comments
10.0.0.1		Infra02	Infrastructure host
	10.0.0.2 - 10.0.0.11	-	available
	10.0.0.12	Wiki
	10.0.0.13	Blog
	10.0.0.14 - 10.0.0.15	available
	10.0.0.16	Bugs
	10.0.0.17	Lists
	10.0.0.18	Monitor	Icinga server
	10.0.0.19	Email
	10.0.0.20	SVN
	10.0.0.21 - 10.0.0.25	-	available
	10.0.0.26	Web
	10.0.0.27	CATS
	10.0.0.28	Issue
	10.0.0.29 - 10.0.0.30	-	available
	10.0.0.31	Translations
	10.0.0.32	Emailout
	10.0.0.33	-	available
	10.0.0.34	Board
	10.0.0.35	Proxyin
	10.0.0.36 - 10.0.0.114	-	available
	10.0.0.115	Jenkins
	10.0.0.116	Webstatic
	10.0.0.117	Motion
	10.0.0.118	Community (webmail and selfservice)
	10.0.0.119	Pgpkeys
	10.0.0.120	-	available
	10.0.0.121 - 10.0.0.129	-	available
	10.0.0.130	Ircserver
	10.0.0.131 - 10.0.0.143	-	available
	10.0.0.144	-	forwarded from 172.16.2.28 (ports 14422, 14480, 14443), no actual container uses this IP
	10.0.0.145 - 10.0.0.147	-	available
	10.0.0.148	Testmgr
	10.0.0.149 - 10.0.0.240	-	available
	10.0.0.200	Puppet
	10.0.0.201	Proxyout
	10.0.0.241 - 10.0.0.247	-	available
	10.0.0.248	Test
	10.0.0.249	Test2
	10.0.0.250	Git
	10.0.0.251 - 10.0.0.254	-	available

Have a look at the new documentation.

IP	Machine	Comments
172.16.2.1	firewall
172.16.2.2	firewall-01
172.16.2.3	firewall-02
172.16.2.9	Infra02
172.16.2.10	Emailout	outbound email server for automated services, SNAT address for traffic leaving Infra02
172.16.2.12	Wiki
172.16.2.13	Blog
172.16.2.14	Ircserver	irc
172.16.2.15	SVN
172.16.2.16	Bugs
172.16.2.17	Lists
172.16.2.18	Monitor
172.16.2.19	Email	forward 12022 to community:22, 19022 to email:22 ( should not be needed, email is directly reachable on port 22), 32022 to emailout:22, 21022 to mail:22, 11022 to ldap:22
172.16.2.20	Community	community webmail and selfservice
172.16.2.21	Mail
172.16.2.26	Web	reverse proxy for funding.cacert.org and infradocs.cacert.org on webstatic and jenkins.cacert.org on jenkins, portforwarding 11622 to webstatic:22, portforwarding 11522 to jenkins:22
172.16.2.27	CATS
172.16.2.28	Issue	several suspicious forwardings to non-existing container issue-test with internal IP 10.0.0.144 {0} TODO: cleanup
172.16.2.31	Translations
172.16.2.32	Emailout	outbound email server for automated services, address for traffic going to https://infradocs.cacert.org/systems/infra02.html containers
172.16.2.33	-	available
172.16.2.34	Board
172.16.2.100	Hopper	for critical-admin only
172.16.2.115	Jenkins
172.16.2.116	Webstatic
172.16.2.117	Motion
172.16.2.118	-	available
172.16.2.119	Pgpkeys
172.16.2.148	Testmgr
172.16.2.241	Proxyin	Proxy for incoming connections forwarding to motion and possibly other new systems
172.16.2.248	Test	port forwarding on 14822, 14880, 14843 to Testmgr
172.16.2.249	Test2
172.16.2.250	Git

Have a look at the new documentation.

IP	System	Comments
213.154.225.225	gw
213.154.225.226	vrrp1
213.154.225.227	vrrp2
213.154.225.228	email, emailout (in), mail, ldap, community
213.154.225.229	cacert-fw
213.154.225.230	infra02, monitor, emailout (out), *
213.154.225.231	lists
213.154.225.232	bugs
213.154.225.233	ircserver
213.154.225.234	blog
213.154.225.235	wiki
213.154.225.236	crl
213.154.225.237	ocsp
213.154.225.238	svn
213.154.225.239	community and Emailout
213.154.225.240	translations
213.154.225.241	proxyin / motion
213.154.225.242	web, funding.cacert.org, jenkins.cacert.org, infradocs.cacert.org
213.154.225.243	cats
213.154.225.244	issue
213.154.225.245	Webdb (www)
213.154.225.246	Webdb (secure)
213.154.225.247	Webdb (tverify)
213.154.225.248	test
213.154.225.249	test2
213.154.225.250	git
213.154.225.251	ns1
213.154.225.252	board
213.154.225.253	cacert-fw01
213.154.225.254	cacert-fw02

IPv6 transition

The following subnets are used:

Following addresses are configured:

Have a look at the new documentation.

Address	System	Comments
2001:7b8:616:162:1::10	infra02	infrastructure host and router/firewall for infrastructure containers

Have a look at the new documentation.

Infra02 is routing traffic for the IPv6 subnet to the containers hosted on that machine.

The following addresses are already routed to the corresponding containers:

Following addresses are reserved but not yet configured:

Address	System	Comments
2001:7b8:616:162:2::9	infra01	old infrastructure host, this assignment can be freed later
2001:7b8:616:162:2::17	lists
2001:7b8:616:162:2::20	community
2001:7b8:616:162:2::27	cats
2001:7b8:616:162:2::28	issue
2001:7b8:616:162:2::34	board
2001:7b8:616:162:2::248	test
2001:7b8:616:162:2::249	test2
2001:7b8:616:162:2::250	git

Following addresses are configured:

IP Internet	IP Intranet	Machine
192.109.159.22	10.38.6.66	vmware-host.it-sls.de
192.109.159.23	10.38.6.74	cacert1.it-sls.de, Main testserver, webdb patches
192.109.159.24	10.38.6.79	secure1.it-sls.de, Main testserver, webdb patches, secure channel
192.109.159.25	10.38.6.86	cacert2.it-sls.de, Main testserver, os + applic patches, dedicated to critical team
192.109.159.26	10.38.6.87	secure2.it-sls.de, Main testserver, os + applic patches, secure channel, dedicated to critical team
192.109.159.27	10.38.6.88	ca-mgr1.it-sls.de, Testserver Management Console (incl. mailboxes for testserver accounts, testserver 1)
192.109.159.28	10.38.6.88	cats1.it-sls.de, new CATS testserver
212.38.6.89	10.38.6.89	ca-mgr2.it-sls.de, Testserver Management Console (incl. mailboxes for testserver accounts, testserver 2) - not yet activated -
192.109.159.29	10.38.6.92	git-cacert.it-sls.de, central git repository (old + new software)

IP	System	Comments
78.46.255.66	audit, dev (cacert.org / cacert.cl)
78.47.142.76	community-vpn