Update port forwards and IPs for VLAN 10 setup

- Updated NAT port forwards to use 192.168.10.20 (Unraid on VLAN 10)
- Added hairpin NAT rules for internal access to WAN IP
- Updated SSH connection commands
- AdGuard DNS rules pending (not configured yet)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs/01-NETWORK-MAP.md

@@ -13,8 +13,8 @@
 | **Dashboard** | https://xtrm-lab.org |
 | **DNS Primary** | dns.xtrm-lab.org (HAP1) |
 | **DNS Secondary** | dns2.xtrm-lab.org (XTRM-U) |
-| **Unraid SSH** | `ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422` |
+| **Unraid SSH** | `ssh -i ~/.ssh/id_ed25519_unraid root@192.168.10.20 -p 422` |
-| **MikroTik SSH** | `ssh -i ~/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1` |
+| **MikroTik SSH** | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.1` |
 
 ---
 
@@ -236,13 +236,25 @@ flowchart TB
 
 | External Port | Destination | Service |
 |---------------|-------------|---------|
-| 80 | 192.168.31.2:8001 | Traefik HTTP |
+| 80 | 192.168.10.20:8001 | Traefik HTTP |
-| 443 | 192.168.31.2:44301 | Traefik HTTPS |
+| 443 | 192.168.10.20:44301 | Traefik HTTPS |
+| 32400 | 192.168.10.20:32400 | Plex |
+| 51413 | 192.168.10.20:51413 | Transmission |
+| 21115-21119 | 192.168.10.20 | RustDesk |
+
+### Hairpin NAT (internal access to WAN IP)
+
+| Destination | To | Service |
+|-------------|-----|---------|
+| 62.73.120.142:80 | 192.168.10.20:8001 | Traefik HTTP |
+| 62.73.120.142:443 | 192.168.10.20:44301 | Traefik HTTPS |
+
+### AdGuard DNS (pending - not configured yet)
+
+| External Port | Destination | Service |
+|---------------|-------------|---------|
 | 853 | 172.17.0.5:853 | AdGuard DoT |
 | 8853 | 172.17.0.5:8853 | AdGuard DoQ |
-| 32400 | 192.168.31.2:32400 | Plex |
-| 51413 | 192.168.31.2:51413 | Transmission |
-| 21115-21119 | 192.168.31.2 | RustDesk |
 
 ---