#!/bin/bash # UDM Pro SSH Diagnosis Script # Checks firewall rules and port forwarding configuration set -uo pipefail UDM_USER="${UDM_USER:-OQmQuS}" UDM_PASS="${UDM_PASS:-m0MFXHdgMFKGB213b04}" UDM_IP="${UDM_IP:-}" # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' echo "==========================================" echo "UDM Pro SSH Diagnosis" echo "==========================================" echo "" # Find UDM Pro IP if not provided if [ -z "$UDM_IP" ]; then echo -e "${BLUE}Finding UDM Pro IP...${NC}" for ip in 192.168.11.1 192.168.1.1 192.168.0.1; do if timeout 2 sshpass -p "$UDM_PASS" ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$UDM_USER@$ip" "echo 'Found UDM Pro at $ip'" 2>/dev/null; then UDM_IP="$ip" echo -e "${GREEN}Found UDM Pro at: $UDM_IP${NC}" break fi done fi if [ -z "$UDM_IP" ]; then echo -e "${RED}Could not find UDM Pro IP${NC}" echo "Please provide UDM_IP environment variable" exit 1 fi echo -e "${BLUE}Connecting to UDM Pro at $UDM_IP...${NC}" echo "" # Function to run command on UDM Pro udm_cmd() { sshpass -p "$UDM_PASS" ssh -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null "$UDM_USER@$UDM_IP" "$@" 2>&1 } # Check 1: System Info echo -e "${BLUE}=== System Information ===${NC}" udm_cmd "uname -a" echo "" # Check 2: Network Interfaces echo -e "${BLUE}=== Network Interfaces ===${NC}" udm_cmd "ip addr show | grep -E 'inet |inet6 ' | grep -v '127.0.0.1'" echo "" # Check 3: Port Forwarding Rules (NAT Table) echo -e "${BLUE}=== Port Forwarding Rules (NAT) ===${NC}" echo "Checking for 76.53.10.36 port forwarding..." udm_cmd "iptables -t nat -L -n -v | grep -A 5 '76.53.10.36' || echo 'No port forwarding rules found for 76.53.10.36'" echo "" # Check 4: Firewall Rules echo -e "${BLUE}=== Firewall Rules for NPMplus ===${NC}" echo "Checking for 192.168.11.166 firewall rules..." udm_cmd "iptables -L -n -v | grep -A 5 '192.168.11.166' || echo 'No firewall rules found for 192.168.11.166'" echo "" # Check 5: Rule Order echo -e "${BLUE}=== Firewall Rule Order ===${NC}" echo "Listing firewall rules with line numbers..." udm_cmd "iptables -L FORWARD -n --line-numbers | head -30" echo "" # Check 6: Check if ports are listening echo -e "${BLUE}=== Port Listening Status ===${NC}" udm_cmd "netstat -tlnp 2>/dev/null | grep -E ':80 |:443 ' || ss -tlnp | grep -E ':80 |:443 ' || echo 'Cannot check listening ports'" echo "" # Check 7: Configuration Files echo -e "${BLUE}=== Configuration Files ===${NC}" echo "Checking firewall.json..." udm_cmd "test -f /mnt/data/udapi-config/firewall.json && cat /mnt/data/udapi-config/firewall.json | grep -A 10 '76.53.10.36' || echo 'firewall.json not found or no rules for 76.53.10.36'" echo "" # Check 8: UniFi Config echo -e "${BLUE}=== UniFi Gateway Config ===${NC}" udm_cmd "test -f /mnt/data/unifi/config/config.gateway.json && cat /mnt/data/unifi/config/config.gateway.json | grep -A 20 'port-forward' || echo 'config.gateway.json not found or no port-forward section'" echo "" echo "==========================================" echo "Diagnosis Complete" echo "=========================================="