Network map

The lab puts five hosts on one LAN subnet using two network modes. This page is the addressing and port reference; the reasoning behind it is in host networking and the macvlan detour.

Hosts

Defaults shown; all are set in .env. The example subnet here is 10.22.22.0/24.

Host	Default IP	Network mode	Role
`dc1`	`10.22.22.22`	host	Writable domain controller
`print1`	`10.22.22.23`	macvlan + `samba` bridge	Print server (Samba member + CUPS)
`rodc1`	`10.22.22.24`	macvlan + `samba` bridge	Read-only domain controller
`print-snmp`	`10.22.22.25`	macvlan + `samba` bridge	SNMP printer-device sidecar
`print-ipp`	`10.22.22.26`	macvlan + `samba` bridge	IPP Everywhere sidecar

Ports the DC owns

A domain controller is many services, which is why it runs on host networking.

Port	Protocol	Service
53	TCP/UDP	DNS
88	TCP/UDP	Kerberos
135	TCP	RPC endpoint mapper
389	TCP/UDP	LDAP
445	TCP	SMB
464	TCP/UDP	kpasswd (password change)
636	TCP	LDAPS
3268 / 3269	TCP	Global Catalog (plain / TLS)
49152+	TCP	Dynamic RPC range

That dynamic high range is the reason -p publishing does not work cleanly and the DC takes the host’s network namespace instead.

Ports the sibling hosts serve

Host	Port	Service
`print1`	445	SMB print spooling
`print1`	631	CUPS / IPP (`ipp://print1:631/printers/<queue>`)
`rodc1`	53, 389, 88	Read-only DNS, LDAP, Kerberos
`print-snmp`	161/UDP	SNMP Printer-MIB (community = lowercased queue name)
`print-ipp`	8631-8633	IPP Everywhere reference printers

The two networks

samba — a shared external bridge. Sibling app containers join it to reach the DC through the host gateway. Create it once with make net.
macvlan — gives print1, rodc1, and the sidecars their own LAN IPs so real clients address them like physical machines. Configured by PRINT_LAN_PARENT, PRINT_LAN_SUBNET, and PRINT_LAN_GATEWAY.