109 lines
2.6 KiB
Markdown
109 lines
2.6 KiB
Markdown
# Complete Diagnosis Summary - Explorer External Access Issue
|
|
|
|
**Date**: 2026-01-21
|
|
**Status**: ✅ **ROOT CAUSE IDENTIFIED**
|
|
|
|
---
|
|
|
|
## Executive Summary
|
|
|
|
**Problem**: `explorer.d-bis.org` is not accessible externally (ERR_CONNECTION_TIMED_OUT)
|
|
|
|
**Root Cause**: Port forwarding and firewall rules exist in UDM Pro Web UI but are **NOT active** in the firewall/NAT table
|
|
|
|
**Solution**: Enable port forwarding rules and verify firewall allow rules in UDM Pro Web UI
|
|
|
|
---
|
|
|
|
## Complete Path Analysis
|
|
|
|
### ✅ Working Components
|
|
|
|
1. **DNS**: ✅ `explorer.d-bis.org` → `76.53.10.36` (correct)
|
|
2. **NPMplus**: ✅ Running, listening on ports 80/443
|
|
3. **NPMplus Config**: ✅ Proxy host configured correctly
|
|
4. **VMID 5000**: ✅ Operational, serving HTTP 200
|
|
5. **Proxmox Firewall**: ✅ Not blocking (disabled)
|
|
6. **Internal Path**: ✅ Working (NPMplus → VMID 5000 = HTTP 200)
|
|
|
|
### ❌ Broken Components
|
|
|
|
1. **UDM Pro Port Forwarding**: ❌ Rules NOT active in NAT table
|
|
2. **UDM Pro Firewall**: ❌ No allow rules for 192.168.11.166
|
|
|
|
---
|
|
|
|
## Diagnosis Results
|
|
|
|
### Port Forwarding (NAT Table)
|
|
```
|
|
Status: ❌ NOT ACTIVE
|
|
Issue: No DNAT rules found for 76.53.10.36:80/443
|
|
```
|
|
|
|
### Firewall Rules
|
|
```
|
|
Status: ❌ MISSING
|
|
Issue: No ACCEPT rules found for 192.168.11.166:80/443
|
|
```
|
|
|
|
---
|
|
|
|
## Fix Required
|
|
|
|
### Critical Actions:
|
|
|
|
1. **Enable Port Forwarding Rules**
|
|
- UDM Pro Web UI → Settings → Firewall & Security → Port Forwarding
|
|
- Enable rules for 76.53.10.36:80/443
|
|
- Save and wait 30 seconds
|
|
|
|
2. **Verify Firewall Allow Rules**
|
|
- UDM Pro Web UI → Settings → Firewall & Security → Firewall Rules
|
|
- Ensure "Allow Port Forward..." rules exist
|
|
- Move allow rules to top of list
|
|
- Save and wait 30 seconds
|
|
|
|
---
|
|
|
|
## Expected Results After Fix
|
|
|
|
- ✅ NAT table will show DNAT rules for 76.53.10.36
|
|
- ✅ Firewall will show ACCEPT rules for 192.168.11.166
|
|
- ✅ External access will work (HTTP 200)
|
|
- ✅ `explorer.d-bis.org` will be accessible
|
|
|
|
---
|
|
|
|
## Verification Commands
|
|
|
|
After making changes, verify:
|
|
|
|
```bash
|
|
# SSH to UDM Pro
|
|
ssh OQmQuS@192.168.11.1
|
|
|
|
# Check NAT rules (should show DNAT now)
|
|
sudo iptables -t nat -L PREROUTING -n -v | grep "76.53.10.36"
|
|
|
|
# Check firewall rules (should show ACCEPT now)
|
|
sudo iptables -L FORWARD -n -v | grep "192.168.11.166"
|
|
|
|
# Test external access
|
|
curl -v http://76.53.10.36
|
|
curl -v https://explorer.d-bis.org
|
|
```
|
|
|
|
---
|
|
|
|
## Files Created
|
|
|
|
1. `UDM_PRO_DIAGNOSIS_REPORT.md` - Complete diagnosis report
|
|
2. `UDM_PRO_FIX_REQUIRED.md` - Detailed fix instructions
|
|
3. `UDM_PRO_COMPLETE_DIAGNOSIS.sh` - Diagnosis script
|
|
4. `COMPLETE_DIAGNOSIS_SUMMARY.md` - This summary
|
|
|
|
---
|
|
|
|
**Status**: ✅ **DIAGNOSIS COMPLETE - FIX REQUIRED IN UDM PRO WEB UI**
|