d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e4c9dda0fda271eb6a2c97873c07face9ed866a9
proxmox/docs/04-configuration/verification-evidence/UDM_PRO_CHECK_20260303.md
defiQUG e4c9dda0fd
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: update submodule references and documentation 
- Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes.
- Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions.
- Enhanced the README and various index files to provide clearer navigation and task completion guidance.

Made-with: Cursor
2026-03-04 02:03:08 -08:00

2.4 KiB
Raw Blame History

UDM Pro check — 2026-03-03

Checked from: ASERET (192.168.11.23), LAN.

Summary

Check Result
Gateway 192.168.11.1 reachable (ping OK)
UDM Pro management https://192.168.11.1:443HTTP 200 (UniFi controller)
Public IP from LAN https://76.53.10.36:443timeout (000) — expected without NAT hairpin
NPMplus internal 192.168.11.166 / 192.168.11.167:80,443 — not reachable from this host (timeout)

Expected port forwarding (manual verification in UniFi UI)

In UniFi NetworkSettingsFirewall & SecurityPort Forwarding confirm:

Rule Destination IP Dest Port Forward to IP Forward to Port Protocol
NPMplus HTTPS 76.53.10.36 443 192.168.11.167 443 TCP
NPMplus HTTP 76.53.10.36 80 192.168.11.167 80 TCP

Verified 2026-03-03 (screenshot): UI shows Nginx HTTP and Nginx HTTPS on 76.53.10.36 → 192.168.11.167:80 and :443. Also present: 76.53.10.38→.169 (Alltra/HYBX), 76.53.10.40→.170/.60 (Dev), 76.53.10.41→.171 (Mifos). Full table: UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md.

Interpretation

  • UDM Pro device: Online and responding; management at https://192.168.11.1 works.
  • Public URL from LAN: Traffic to 76.53.10.36 from 192.168.11.23 times out — typical when NAT hairpin (loopback) is disabled. Enable it in UniFi if you want explorer.d-bis.org to work from LAN without a hosts entry.
  • External access: Test from a device off the LAN (e.g. phone on cellular): if https://explorer.d-bis.org works there, port forward and NPMplus are correct and the issue is LAN-only (hairpin).
  • Prior run (2026-02-07): From another host, internal and public tests all passed — so port forward and NPMplus were working from that segment.

Manual steps

  1. Open https://192.168.11.1 in a browser (on the LAN).
  2. Go to SettingsFirewall & SecurityPort Forwarding.
  3. Confirm the two rules above exist and are enabled.
  4. (Optional) Look for NAT loopback / Hairpin NAT and enable so LAN clients can reach 76.53.10.36.

Script: bash scripts/verify/verify-udm-pro-port-forwarding.sh (runs connectivity tests and writes evidence to verification-evidence/udm-pro-verification-*).

Reference in New Issue View Git Blame Copy Permalink