d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
2026-02-10 11:32:49 -08:00
parent aafcd913c2
commit 88bc76da91
815 changed files with 125522 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
UDM_PRO_MANUAL_SSH_DIAGNOSIS.md Normal file
View File

@@ -0,0 +1,210 @@
# UDM Pro Manual SSH Diagnosis Guide
**Date**: 2026-01-21
**Purpose**: Manual commands to run on UDM Pro via SSH to diagnose firewall/port forwarding
**SSH Credentials:**
- **Username**: `OQmQuS`
- **Password**: `m0MFXHdgMFKGB213b04`
- **IP**: `192.168.11.1` (or your UDM Pro IP)
---
## Connect to UDM Pro
```bash
ssh OQmQuS@192.168.11.1
# Enter password when prompted: m0MFXHdgMFKGB213b04
```
---
## Diagnosis Commands
### 1. Check Port Forwarding Rules (NAT Table)
```bash
# Check if port forwarding rules exist for 76.53.10.36
iptables -t nat -L -n -v | grep -A 5 "76.53.10.36"
```
**Expected Output (if working):**
```
DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:80 to:192.168.11.166:80
DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:443 to:192.168.11.166:443
```
**If empty**: Port forwarding rules are not active
---
### 2. Check Firewall Rules for NPMplus
```bash
# Check if firewall allows traffic to 192.168.11.166
iptables -L FORWARD -n -v | grep -A 5 "192.168.11.166"
```
**Expected Output (if working):**
```
ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:443
```
**If empty**: Firewall may be blocking traffic
---
### 3. Check Firewall Rule Order
```bash
# List all FORWARD rules with line numbers
iptables -L FORWARD -n -v --line-numbers
```
**What to look for:**
- **Allow rules** for 192.168.11.166 should be **BEFORE** any **block rules**
- If block rules come first, they will block the traffic
---
### 4. Check All NAT Rules
```bash
# List all NAT rules
iptables -t nat -L -n -v
```
**What to look for:**
- DNAT rules for 76.53.10.36:80 → 192.168.11.166:80
- DNAT rules for 76.53.10.36:443 → 192.168.11.166:443
---
### 5. Check Network Interfaces
```bash
# Check if 76.53.10.36 is on a network interface
ip addr show | grep "76.53.10"
```
**Expected**: Should show the IP on a WAN interface
---
### 6. Check Configuration Files
```bash
# Check firewall configuration
cat /mnt/data/udapi-config/firewall.json | grep -A 10 "76.53.10.36"
# Check UniFi gateway config
cat /mnt/data/unifi/config/config.gateway.json | grep -A 20 "port-forward"
```
---
## Quick Diagnosis Script
Run this complete check:
```bash
echo "=== Port Forwarding (NAT) ==="
iptables -t nat -L -n -v | grep -A 3 "76.53.10.36"
echo ""
echo "=== Firewall Rules (FORWARD) ==="
iptables -L FORWARD -n -v --line-numbers | grep -A 3 "192.168.11.166"
echo ""
echo "=== All FORWARD Rules (First 20) ==="
iptables -L FORWARD -n -v --line-numbers | head -20
```
---
## What to Look For
### ✅ If Port Forwarding is Working:
- NAT table shows DNAT rules for 76.53.10.36:80/443
- Rules have packet/byte counts (showing traffic)
### ❌ If Port Forwarding is NOT Working:
- NAT table is empty for 76.53.10.36
- No DNAT rules found
### ✅ If Firewall Allows Traffic:
- FORWARD chain shows ACCEPT rules for 192.168.11.166:80/443
- Allow rules come BEFORE block rules
### ❌ If Firewall is Blocking:
- No ACCEPT rules for 192.168.11.166
- Block rules come BEFORE allow rules
- DROP/REJECT rules for 192.168.11.166
---
## Common Issues and Fixes
### Issue 1: Port Forwarding Rules Not in NAT Table
**Symptom**: `iptables -t nat -L` shows no rules for 76.53.10.36
**Fix**:
- Go to UDM Pro Web UI
- Settings → Firewall & Security → Port Forwarding
- Verify rules are **enabled**
- If disabled, enable them
- Save and wait 30 seconds
### Issue 2: Firewall Blocking Traffic
**Symptom**: NAT rules exist but no ACCEPT rules in FORWARD chain
**Fix**:
- Go to UDM Pro Web UI
- Settings → Firewall & Security → Firewall Rules
- Ensure "Allow Port Forward..." rules exist
- Move them to the **top** of the list
- Save and wait 30 seconds
### Issue 3: Rule Order Issue
**Symptom**: Block rules come before allow rules
**Fix**:
- Go to UDM Pro Web UI
- Settings → Firewall & Security → Firewall Rules
- Reorder rules: Allow rules at top, Block rules below
- Save and wait 30 seconds
---
## After Making Changes
1. **Wait 30 seconds** for rules to apply
2. **Re-run diagnosis commands** to verify
3. **Test external access**:
```bash
curl -v http://76.53.10.36
curl -v https://76.53.10.36
```
---
## Summary
**SSH Access Allows:**
- ✅ View current firewall/port forwarding configuration
- ✅ Diagnose why ports are blocked
- ✅ Verify rule order
- ⚠️ Changes via CLI may not persist (use Web UI for changes)
**Recommended Workflow:**
1. SSH to UDM Pro
2. Run diagnosis commands
3. Identify the issue
4. Make changes via Web UI
5. Verify via SSH again
---
**Next Step**: SSH to UDM Pro and run the diagnosis commands above