oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f8c19cfccb93de1fb533161120f1791c5cc49f9
knowledge-base/projects/znamenskoye/network-topology-diagram.md

271 lines
9.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
date: 2026-05-04
type: project
tags: [znamenskoye, diagram, mermaid]
---
# 🗺️ Знаменское — Графические схемы (Mermaid)
> Mermaid-диаграммы инфраструктуры 3 объектов Знаменского + VPS-хаба swtest.ru.
> Источники: [[../dttb/znamenskoye-network-topology|Home network]], [[../../claude-memory/znamenskoye-ohothozyistvo|Охотхозяйство]], [[../../claude-memory/znamenskoe-home|Home memory]], [[../../decisions/2026-04-21-znamenskoye-ohothozyistvo-wg-backup-channel|WG fix]].
> Управляющий: Сергей; шеф над ним.
---
## 1. Обзор: 3 объекта + VPS hub
```mermaid
flowchart TB
Internet([🌐 Internet])
subgraph VPS["☁️ VPS swtest.ru — 89.111.140.86"]
VPSwg[wg0 hub<br/>10.5.0.1/24 :51821]
VPSnb[Netbird 100.70.93.36]
DNAT[DNAT 8xxx → камеры]
end
subgraph Home["🏠 Знаменское Home (192.168.1.0/24)"]
UDM[UDM-Pro .1<br/>FW 5.0.12<br/>Netbird 100.70.100.155]
Cudy[Cudy TR3000<br/>10.3.0.1<br/>Netbird 100.70.54.204<br/>WG 10.5.0.4 → VPS]
HomeCam[12 камер XMeye + Hikvision NVR .123]
end
subgraph Ohot["🏕️ Охотхозяйство (192.168.8.0/24)"]
MTLte[MikroTik hAP ax lite LTE6<br/>192.168.8.1<br/>WAN: LTE CGNAT 7.90.8.47]
OPi[Orange Pi R1+ LTS<br/>192.168.8.254<br/>Netbird 100.70.106.227<br/>WG 10.5.0.3 → VPS]
OhotCam[6 камер + NVR HiWatch .247]
end
subgraph Z29["🏘️ Знаменское 29 (192.168.88.0/24)"]
MT29[MikroTik 192.168.88.1<br/>WG 10.5.0.2 → VPS]
Z29Cam[1 камера HiWatch .42]
end
Internet --> VPS
Cudy -.->|WG :51821| VPSwg
OPi -.->|WG :51821| VPSwg
MT29 -.->|WG :51821| VPSwg
UDM -.->|Netbird mesh| VPSnb
Cudy -.->|Netbird mesh| VPSnb
OPi -.->|Netbird mesh| VPSnb
UDM --> HomeCam
MTLte --> OhotCam
MT29 --> Z29Cam
Cudy --> UDM
classDef vps fill:#5d2e1f,stroke:#d97757,color:#fff
classDef home fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef ohot fill:#2d5016,stroke:#7cb342,color:#fff
classDef z29 fill:#3d2817,stroke:#d4a017,color:#fff
class VPSwg,VPSnb,DNAT vps
class UDM,Cudy,HomeCam home
class MTLte,OPi,OhotCam ohot
class MT29,Z29Cam z29
```
---
## 2. VPS swtest.ru (hub) — WG пиры + DNAT
```mermaid
flowchart LR
subgraph VPS["VPS Ubuntu 24.04 · 89.111.140.86 · 10.5.0.1/24:51821"]
WG[wg0 ListenPort 51821]
DN[iptables DNAT<br/>порты 8xxx]
NB[Netbird 100.70.93.36]
DK[Docker camera-proxy]
end
subgraph Peers["WG пиры"]
P1[10.5.0.2 · Знаменское 29<br/>Allowed 192.168.88.0/24<br/>UP ✓]
P2[10.5.0.3 · Охотхозяйство<br/>Allowed 192.168.8.0/24<br/>UP ✓ после fix 2026-04-21]
P3[10.5.0.4 · Знаменское Home<br/>Allowed 192.168.1.0/24, 192.168.100.0/24<br/>UP ✓ · 4.37 TiB rx]
end
WG --- P1
WG --- P2
WG --- P3
DN -->|8080,8082,8554| Z29[→ Z29 камера .42]
DN -->|8180,8100,8555| OhotNVR[→ Охот NVR .247]
DN -->|8561-8566 · 8201-8206| OhotCam[→ Охот 6 камер]
DN -->|8280,8282,8284| HomeNVR[→ Home NVR .123]
SSH[💻 ssh vps-znam<br/>~/.ssh/vps_znam_key] -->|root| VPS
```
⚠️ **VPS диск 84% used** — нужна очистка. **TODO:** сохранить vps_znam_key в Bitwarden как `VPS znam (89.111.140.86)`.
---
## 3. Знаменское Home (UDM-Pro + Cudy + видеонаблюдение)
```mermaid
flowchart TB
ISP[ISP WAN]
UDM[UDM-Pro «Знаменское»<br/>192.168.1.1 · 10.3.0.175<br/>Netbird 100.70.100.155<br/>FW 5.0.12]
Cudy[Cudy TR3000 v1<br/>OpenWrt 24.10<br/>10.3.0.1 · WAN 192.168.100.2<br/>WG → VPS · AWG → finland<br/>podkop+sing-box bypass]
ISP --> Cudy --> UDM
subgraph Switches["UniFi свитчи"]
S1[USW-16-PoE .220<br/>45W · 8 портов]
S2[Switch Lite .66<br/>45W · 6 портов]
S3[Switch Lite .96<br/>45W · 3 порта]
S4[Switch Lite .213<br/>45W · 5 портов]
end
subgraph APs["UniFi AP (3×U6-LR)"]
AP1[Гараж .133]
AP2[Охрана пост .130]
AP3[Гостевой .244]
end
subgraph Mesh["TP-Link Deco P9 mesh"]
M1[.187 master]
M2[.196]
M3[.208]
end
subgraph Cams["📹 Видеонаблюдение"]
NVR1[Hikvision DS-N316D .123<br/>16ch · ONVIF]
DVR1[TBTec XMeye .23<br/>16ch DVR]
DVR2[TBTec mini .49 · .100<br/>4ch DVR]
XM[12 камер XMeye 53H20AF<br/>2MP · ONVIF :8899]
end
UDM --> Switches
UDM --> APs
UDM -->|port 5| Mesh
Switches --> Cams
subgraph Wifi["📶 Wi-Fi сети"]
W1[ASUS — основная asus2015]
W2[Ohrana post — Qwerty123]
W3[Cam — для камер]
end
APs --> Wifi
```
⚠️ **Известные проблемы:** /boot/firmware 96% · слабые Wi-Fi пароли · WAN:80 → UDM-Pro web открыт наружу · нет VLAN.
---
## 4. Охотхозяйство (LTE + Orange Pi gateway)
```mermaid
flowchart TB
LTE[LTE оператор<br/>CGNAT 7.90.8.47]
MT[MikroTik hAP ax lite LTE6<br/>RouterOS 7.22<br/>192.168.8.1<br/>SSID Hunter]
LTE -->|lte1| MT
subgraph Gateway["🔐 Резервный канал управления"]
OPi[Orange Pi R1+ LTS · .254<br/>OpenWrt 21.02<br/>Netbird 100.70.106.227<br/>wg0 10.5.0.3 → VPS:51821]
end
MT --> OPi
OPi -.->|Netbird mesh<br/>route 192.168.8.0/24| Admin[💻 Mac Олега]
OPi -.->|WG туннель<br/>fix 2026-04-21| VPS[VPS swtest 51821]
subgraph LAN["LAN 192.168.8.0/24"]
NVR[NVR HiWatch .247<br/>Web :80 · SDK :8000 · RTSP :554]
C1[Камера 1 · .2]
C2[Камера 2 · .3]
C3[Камера 3 · .102]
C4[Камера 4 · .110]
C5[Камера 5 · .113]
C6[Камера 6 · .120]
end
MT --> LAN
Hunter[📶 SSID Hunter<br/>WPA2/3 · pw: 12345678a<br/>~12 Wi-Fi гостей]
MT --> Hunter
```
⚠️ **MikroTik wg-vps DISABLED** — ломал интернет (default route hijacking distance=2). WG только на Orange Pi.
---
## 5. Знаменское 29 (минимальный объект)
```mermaid
flowchart LR
Internet([🌐])
MT29[MikroTik 192.168.88.1<br/>admin/admin01<br/>WG 10.5.0.2 → VPS:51821]
Cam[HiWatch камера<br/>192.168.88.42<br/>admin/1qaz!QAZ<br/>Web :80 · SDK :8000 · RTSP :554]
Internet --> MT29 --> Cam
MT29 -.->|WG туннель<br/>UP ✓| VPS[VPS hub]
VPS -.->|DNAT<br/>:8080 web<br/>:8082 SDK<br/>:8554 RTSP| Cam
```
---
## 6. Каналы удалённого доступа
```mermaid
flowchart LR
Admin[💻 Олег / Сергей]
subgraph CH1["Канал 1: Netbird (основной)"]
NB[Netbird mesh<br/>relay netbird.io:443]
end
subgraph CH2["Канал 2: WG через VPS (резерв + видеопотоки)"]
WG[VPS 89.111.140.86<br/>порты 8xxx DNAT]
end
Admin --> NB
Admin -->|RTSP/Web| WG
NB -.->|100.70.100.155| Home[🏠 Home UDM-Pro]
NB -.->|100.70.106.227| OhotGW[🏕️ Охот Orange Pi]
NB -.->|100.70.54.204| Cudy[🏠 Home Cudy]
WG -.->|10.5.0.4| HomeLAN[Home LAN .1.0/24]
WG -.->|10.5.0.3| OhotLAN[Охот LAN .8.0/24]
WG -.->|10.5.0.2| Z29LAN[З-29 LAN .88.0/24]
classDef nb fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef wg fill:#5d2e1f,stroke:#d97757,color:#fff
class NB,Home,OhotGW,Cudy nb
class WG,HomeLAN,OhotLAN,Z29LAN wg
```
---
## 7. DNAT-карта портов на VPS 89.111.140.86
| Объект | WG | Сервис | Внешний порт | → Backend |
|--------|-----|--------|--------------|-----------|
| Охот | 10.5.0.3 | NVR Web | **8180** | .247:80 |
| Охот | 10.5.0.3 | NVR SDK | **8100** | .247:8000 |
| Охот | 10.5.0.3 | NVR RTSP | **8555** | .247:554 |
| Охот | 10.5.0.3 | Cam 1 RTSP/SDK | **8561 / 8201** | .2:554 / .2:8000 |
| Охот | 10.5.0.3 | Cam 2 RTSP/SDK | **8562 / 8202** | .3:554 / .3:8000 |
| Охот | 10.5.0.3 | Cam 3 RTSP/SDK | **8563 / 8203** | .102:554 / .102:8000 |
| Охот | 10.5.0.3 | Cam 4 RTSP/SDK | **8564 / 8204** | .110:554 / .110:8000 |
| Охот | 10.5.0.3 | Cam 5 RTSP/SDK | **8565 / 8205** | .113:554 / .113:8000 |
| Охот | 10.5.0.3 | Cam 6 RTSP/SDK | **8566 / 8206** | .120:554 / .120:8000 |
| З-29 | 10.5.0.2 | Cam Web/SDK/RTSP | **8080 / 8082 / 8554** | .42:80 / :8000 / :554 |
| Home | 10.5.0.4 | NVR Web/SDK/RTSP | **8280 / 8282 / 8284** | .123:80 / :8000 / :554 |
---
## Учётные данные (краткая выжимка)
| Объект | Узел | Логин / Пароль | Доступ |
|--------|------|----------------|--------|
| Home | UDM-Pro | admin / 1qaz!QAZ | Netbird 100.70.100.155 |
| Home | Cudy | root / 1qaz!QAZ | Netbird 100.70.54.204 |
| Home | NVR Hikvision | admin / 1qaz!QAZ | 192.168.1.123 |
| Охот | MikroTik | admin / 1qaz!QAZ | REST/SSH 192.168.8.1 |
| Охот | Orange Pi | root / 1qaz!QAZ | SSH (Dropbear, expect) |
| З-29 | MikroTik | admin / admin01 | 192.168.88.1 |
| З-29 | Камера | admin / 1qaz!QAZ | 192.168.88.42 |
| VPS | swtest.ru | root + ключ | `ssh vps-znam` (~/.ssh/vps_znam_key) |
Reference in New Issue View Git Blame Copy Permalink