Skip to content

IP Address Reference

Complete inventory of IP addresses, interfaces, and ports across the Astradial infrastructure.

NUC Interfaces

The NUC gateway has four network interfaces:

Interface Name IP Address Purpose
NNI enp86s0 10.54.225.90 Tata SIP trunk (dedicated Ethernet)
Wi-Fi wlo1 192.168.0.13 Local network / internet access
USB-Eth enx* 192.168.0.14 Backup local network Ethernet
WireGuard wg0 10.10.10.2 VPN tunnel to cloud server

NNI interface

The enp86s0 interface is connected directly to the Tata CPE via Ethernet. It carries all SIP signaling and RTP media from the Tata SBC. This interface is on a separate network from the local LAN and must not be used for general internet traffic.

Cloud Server

Interface IP Address Purpose
Public 89.116.31.109 Internet-facing (Contabo)
WireGuard 10.10.10.1 VPN tunnel to NUC

Tata Communications

Resource IP / Range Purpose
SBC 10.79.215.102 SIP signaling endpoint
Media pool 1 10.79.167.0/28 RTP media (voice packets)
Media pool 2 10.79.167.48/28 RTP media (voice packets)
NNI gateway 10.54.225.89 Default gateway for NNI subnet

Media vs Signaling

SIP signaling comes from the SBC IP (10.79.215.102) but RTP media comes from the media pool ranges. Both must be allowed through any firewall or ACL rules on the NUC.

Ports

SIP and Voice

Port Protocol Service Where
5060 UDP/TCP SIP (standard) NUC (Tata trunk)
5080 UDP SIP (alternate, ISP-safe) Cloud (clients)
8089 TCP WebSocket Secure (WSS) SIP Cloud
10000-20000 UDP RTP media Both

Infrastructure

Port Protocol Service Where
22 TCP SSH Both
51820 UDP WireGuard VPN Both
19999 TCP Netdata monitoring Both
8000 TCP AstraPBX API Cloud

Firewall Rules (Cloud -- UFW)

Current UFW rules on the cloud server:

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
5080/udp                   ALLOW       Anywhere
8089/tcp                   ALLOW       Anywhere
10000:20000/udp            ALLOW       Anywhere
51820/udp                  ALLOW       Anywhere
19999/tcp                  ALLOW       Anywhere
8000/tcp                   ALLOW       Anywhere

Restricting Netdata

Port 19999 (Netdata) is open to the internet for convenience but should ideally be restricted to known IPs or accessed through WireGuard only.

Network Diagram (Logical)

                    Internet
                       |
              +--------+--------+
              |                 |
         Cloud Server      Tata SBC
       89.116.31.109     10.79.215.102
       (WG: 10.10.10.1)       |
              |                |
         WireGuard         NNI Link
         (51820/udp)          |
              |                |
         +----+----+-----------+
              |
          NUC Gateway
       WG:  10.10.10.2
       NNI: 10.54.225.90
       LAN: 192.168.0.13

Calls flow: Tata SBC --> NUC (NNI) --> WireGuard tunnel --> Cloud --> SIP clients (Zoiper etc.)

Subnet Summary

Subnet CIDR Purpose
WireGuard tunnel 10.10.10.0/24 NUC-Cloud VPN
Tata NNI 10.54.225.88/29 NUC-to-Tata CPE link
Tata media pool 1 10.79.167.0/28 RTP from Tata
Tata media pool 2 10.79.167.48/28 RTP from Tata
Local LAN 192.168.0.0/24 Office network