d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
903c03c65b953d50006bff96c4acf7eef003a130
explorer-monorepo/UDM_PRO_INTERNET_BLOCKING_CONFIRMED.md

3.5 KiB
Raw Blame History

UDM Pro Internet Blocking - CONFIRMED

Date: 2026-01-21
Evidence Source: UniFi Network Controller Screenshot
Client: NPMplus dot 167 (192.168.11.167)

Critical Finding: Zero Internet Activity

UDM Pro Client Overview

  • Client Name: NPMplus dot 167
  • IP Address: 192.168.11.167
  • MAC Address (from UDM Pro): bc:24:11:8d:ec:b7
  • 24H Internet Activity: 0 B ⚠️
  • Virtual Network: MGMT-LAN (VLAN ID 11)
  • Manufacturer: Proxmox Server Solutions GmbH

Analysis

Device Recognition

UDM Pro correctly identifies the NPMplus container:

  • IP address matches: 192.168.11.167
  • Manufacturer correctly identified as Proxmox
  • Connected via UDM Pro GbE

Internet Access Blocked

24H Internet Activity: 0 B confirms:

  • UDM Pro firewall is blocking outbound internet traffic
  • This explains why Docker Hub pulls are timing out
  • This explains why container cannot reach 8.8.8.8

⚠️ MAC Address Discrepancy

  • UDM Pro shows: bc:24:11:8d:ec:b7
  • Container config shows: BC:24:11:A8:C1:5D

Possible explanations:

  1. UDM Pro may be showing a different MAC (bridge/veth pair)
  2. MAC address may have changed
  3. UDM Pro may be tracking a different interface

Action: Verify which MAC is actually active

Root Cause Confirmed

The 0 B internet activity definitively proves:

  • Container is recognized by UDM Pro
  • Outbound internet traffic is blocked by UDM Pro firewall
  • This is preventing Docker Hub access
  • This is preventing NPMplus updates

Solution: UDM Pro Firewall Rule

Step 1: Access UDM Pro

  1. Open: https://192.168.11.1
  2. Navigate to: ClientsNPMplus dot 167

Step 2: Check Current Firewall Rules

  1. Go to: Settings → Firewall & Security → Firewall Rules
  2. Look for rules affecting:
    • Source: 192.168.11.167
    • Virtual Network: MGMT-LAN (VLAN 11)
    • Outbound traffic

Step 3: Add Allow Rule

Create a new firewall rule:

Rule Configuration:

  • Name: Allow NPMplus Outbound
  • Action: Accept / Allow
  • Source:
    • Type: IP Address
    • Address: 192.168.11.167
    • Or use MAC: bc:24:11:8d:ec:b7
  • Destination: Any (or Internet)
  • Protocol: Any
  • Port: Any
  • Direction: Outbound or Both
  • Virtual Network: MGMT-LAN (VLAN 11)
  • Placement: BEFORE any deny/drop rules

Step 4: Verify Fix

After adding the rule, wait 30 seconds, then:

# Test from container
ssh root@r630-01
pct exec 10233 -- ping -c 2 8.8.8.8

# Test Docker Hub
pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3

# Check UDM Pro client overview again
# Should show internet activity > 0 B

Alternative: MAC-Based Rule

If IP-based rules don't work, try MAC-based:

  • Source MAC: bc:24:11:8d:ec:b7
  • Action: Accept
  • Destination: Any

Expected Result

After adding the firewall rule:

  • Container can reach internet (8.8.8.8)
  • Container can reach Docker Hub
  • Docker pull will succeed
  • UDM Pro client overview will show internet activity > 0 B

Summary

Status: ROOT CAUSE CONFIRMED

Evidence:

  • UDM Pro shows 0 B internet activity for 192.168.11.167
  • This confirms firewall blocking outbound traffic

Solution:

  • Add UDM Pro firewall rule to allow outbound from 192.168.11.167
  • Use IP address or MAC address (bc:24:11:8d:ec:b7)

Next Step: Add firewall rule in UDM Pro Web UI

Action Required: Configure UDM Pro firewall rule to allow outbound internet access

Reference in New Issue View Git Blame Copy Permalink