# External Network Test Report (Tethering Active) **Date**: 2026-01-21 **Test Environment**: External Network (Mobile Tethering) **Public IP**: 76.53.10.36 --- ## Test Results Summary | Test | Status | Details | |------|--------|---------| | DNS Resolution | ✅ PASS | explorer.d-bis.org → 76.53.10.36 | | TCP Connection (HTTPS) | ⚠️ PARTIAL | Connects but SSL handshake times out | | TCP Connection (HTTP) | ⚠️ PARTIAL | Connects but response times out | | Public IP Direct | ⚠️ PARTIAL | Connects but response times out | | Frontend Content | ❌ FAIL | No content received | | API Endpoint | ❌ FAIL | Not accessible | | NPMplus Container | ✅ PASS | Running | | VMID 5000 Container | ✅ PASS | Running | | UDM Pro SSH | ⚠️ WARN | Unreachable from external (expected) | --- ## Critical Findings ### ✅ Progress: TCP Connections Are Being Established **Key Discovery**: Unlike previous tests, TCP connections ARE now being established: - ✅ Can connect to port 80 (HTTP) - ✅ Can connect to port 443 (HTTPS) - ✅ DNS resolution works - ✅ TCP handshake completes **This indicates port forwarding rules may be partially active or there's a different issue.** ### ❌ Problem: Connections Timeout After Establishment **Issue**: After TCP connection is established: - HTTP: Connection established but no response received (timeout after 15s) - HTTPS: SSL handshake times out - No data is being returned **Possible Causes:** 1. **Port forwarding rules are active but incomplete** - DNAT may be working (allowing connection) - But return path may be blocked - Or firewall rules may be blocking responses 2. **Firewall rules blocking return traffic** - UDM Pro may allow incoming connections - But may block outgoing responses - Need to check FORWARD chain rules 3. **NPMplus not responding to external connections** - May only be listening on internal interface - May have firewall rules blocking external IPs - May need to check NPMplus configuration 4. **Asymmetric routing issue** - Traffic coming in via UDM Pro - But responses trying to go out different path - Need proper routing configuration --- ## Detailed Test Results ### 1. DNS Resolution ✅ ``` explorer.d-bis.org → 76.53.10.36 ``` **Status**: Working correctly ### 2. HTTPS Connection (Port 443) ⚠️ ``` * Connected to explorer.d-bis.org (76.53.10.36) port 443 * SSL connection timeout ``` **Status**: TCP connection established, but SSL handshake times out ### 3. HTTP Connection (Port 80) ⚠️ ``` * Connected to explorer.d-bis.org (76.53.10.36) port 80 * Operation timed out after 15003 milliseconds with 0 bytes received ``` **Status**: TCP connection established, but no HTTP response received ### 4. Public IP Direct ⚠️ ``` * Connected to 76.53.10.36 (76.53.10.36) port 80 * Operation timed out after 15002 milliseconds with 0 bytes received ``` **Status**: Same behavior as domain name - confirms issue is at network level ### 5. Frontend Content ❌ **Status**: No HTML content received ### 6. API Endpoint ❌ **Status**: Not accessible ### 7. Internal Components ✅ - NPMplus (VMID 10233): Running - VMID 5000: Running --- ## Diagnosis ### What's Working 1. ✅ DNS resolution 2. ✅ TCP connection establishment (ports 80/443) 3. ✅ Internal services running 4. ✅ Port forwarding appears to be allowing connections ### What's Not Working 1. ❌ No data/response after connection established 2. ❌ SSL handshake fails 3. ❌ HTTP requests timeout 4. ❌ No content returned ### Root Cause Analysis **Most Likely Issue**: **Firewall rules blocking return traffic** The fact that TCP connections are established but no data flows suggests: - Port forwarding (DNAT) is working (allowing connections) - But firewall rules are blocking the return path - Or NPMplus is not configured to accept connections from external IPs --- ## Recommended Fixes ### Priority 1: Check UDM Pro Firewall Rules **Action**: Verify firewall rules allow return traffic 1. Access UDM Pro Web UI (from internal network) 2. Go to: Settings → Firewall & Security → Firewall Rules 3. Check for rules that: - Allow traffic FROM 192.168.11.166 (NPMplus) - Allow traffic TO 192.168.11.166:80/443 - Are placed BEFORE any deny rules 4. Verify "Allow Port Forward..." rules exist and are enabled ### Priority 2: Check NPMplus Configuration **Action**: Verify NPMplus accepts external connections ```bash # Check if NPMplus is listening on all interfaces ssh root@192.168.11.10 "ssh root@r630-01 'pct exec 10233 -- ss -tlnp | grep -E \":80 |:443 \"'" # Check NPMplus logs for connection attempts ssh root@192.168.11.10 "ssh root@r630-01 'pct exec 10233 -- docker logs npmplus --tail 50'" ``` ### Priority 3: Verify Port Forwarding Rules Are Active **Action**: Check if DNAT rules are actually in NAT table ```bash sshpass -p 'm0MFXHdgMFKGB2l3bO4' ssh OQmQuS@192.168.11.1 \ "sudo iptables -t nat -L PREROUTING -n -v | grep '76.53.10.36'" ``` If no rules found, enable them in UDM Pro Web UI. ### Priority 4: Check Routing **Action**: Verify return path routing ```bash # On UDM Pro, check routing table sshpass -p 'm0MFXHdgMFKGB2l3bO4' ssh OQmQuS@192.168.11.1 \ "ip route show | grep 192.168.11" ``` --- ## Next Steps 1. **From internal network**, check UDM Pro firewall rules 2. **Enable/unpause** any paused firewall rules 3. **Verify** port forwarding rules are active 4. **Check** NPMplus logs for incoming connection attempts 5. **Re-test** from external network (tethering) --- ## Test Statistics - **Total Tests**: 9 - **Passed**: 3 - **Partial/Working**: 3 - **Failed**: 3 - **Warnings**: 1 --- ## Conclusion **Status**: ⚠️ **PROGRESS MADE - TCP CONNECTIONS WORKING** **Key Finding**: Port forwarding appears to be working (connections established), but firewall rules or return path routing is blocking responses. **Action Required**: Check and fix UDM Pro firewall rules to allow return traffic from NPMplus. --- **Next Test**: After fixing firewall rules, re-run tests from external network.