Skip to content

Topologia de Rede

Topologia de Rede

VMs

VM	IP Interno	SSH Externo (NAT)	Servico	MAC
vyos-router	192.168.0.1 (eth1)	:65401	Firewall / Router	bc:24:11:ce:be:d9 (eth0), bc:24:11:fb:c4:b2 (eth1)
debian-proxy	192.168.0.5	:65402	Traefik (reverse proxy)	bc:24:11:97:98:34
vm-cpps-02	192.168.0.51	:65403	K3s cluster (apps)	bc:24:11:1e:d4:c4
vm-cpps-03	192.168.0.52	:65404	(a mapear)	BC:24:11:B4:DB:67

IP Publico

200.145.122.96 — eth0 do VyOS (DHCP da rede UNESP)

Rede Interna

Subnet: 192.168.0.0/23 (192.168.0.0 - 192.168.1.255)
Gateway: 192.168.0.1 (VyOS eth1)
DNS: 192.168.0.1 (VyOS forwarding para 1.1.1.1 e 8.8.8.8)
DHCP range: 192.168.1.200 - 192.168.1.209

NAT Destination Rules

Rule	Porta Ext	Destino	Porta Int	Descricao
10	65402	192.168.0.5	22	SSH debian-proxy
20	80	192.168.0.5	80	HTTP Traefik
30	443	192.168.0.5	443	HTTPS Traefik
40	65403	192.168.0.51	22	SSH vm-cpps-02
50	65404	192.168.0.52	22	SSH vm-cpps-03
60	27017	192.168.0.5	27017	MongoDB

NAT Source

Rule	Source	Interface	Descricao
100	192.168.0.0/23	eth0	Masquerade LAN

Firewall (input filter)

Rule	Acao	Descricao
default	drop	Bloqueia tudo por padrao
10	accept	SSH VyOS (porta 65401)
20	accept	Conexoes established/related
30	accept	Loopback (127.0.0.0/8)
40	accept	Trafego da LAN (192.168.0.0/23)

Apps no K3s (vm-cpps-02)

App	Namespace	Tipo	Porta Exposta
Airflow 3.0.2	airflow	Helm	8080 (ClusterIP)
Authentik 2026.2.1	authentik	Helm	8880/443 (ClusterIP)
CPPS Dashboard	dashboard	Manifests	3770 (ClusterIP)
Invenio	invenio	Manifests	5000/5001 (ClusterIP)
MongoDB (3 replicas)	mongodb	Operator	27017 (NodePort 30000-30002)
OJS 3.4.0	ojs	Helm (custom)	80 (NodePort 31519)
Prometheus	monitoring	Helm	80 (ClusterIP)
SeaweedFS 4.17	seaweedfs	Helm	8333 (ClusterIP)
Superset 5.0.0	superset	Helm	8088 (LoadBalancer) - FAILED
Tutor/Open edX 21.0.4	tutor-openedx	Kustomize	31855 (NodePort - Caddy)
OCRmyPDF	smbcedaph	CronJob	-
cert-manager	cert-manager	-	-
CSI SMB	kube-system	Helm	-
Traefik (K3s)	kube-system	HelmChart	Ingress controller

Ingress

Host	Namespace	Backend
airflow.cppsunesp.org	airflow	Traefik K3s
lms.colabh.org	tutor-openedx	Traefik (debian-proxy) → NodePort 31855 → Caddy
cms.lms.colabh.org	tutor-openedx	”
apps.lms.colabh.org	tutor-openedx	”
meilisearch.lms.colabh.org	tutor-openedx	”
notes.lms.colabh.org	tutor-openedx	” (futuro)
discovery.lms.colabh.org	tutor-openedx	” (futuro)