d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2b956a5a834de329908e4bc82d5b3a5bd49b2a03
explorer-monorepo/NETWORK_CONNECTIVITY_ISSUE.md

128 lines
3.0 KiB
Markdown
Raw Normal View History

Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-10 11:32:49 -08:00
# Network Connectivity Issue - NPMplus Not Reachable
**Date**: 2026-01-21
**Issue**: NPMplus (192.168.11.166) not reachable from 192.168.11.4, but working internally
---
## Current Status
### ✅ Working:
- Container is running
- Ports 80/443 are listening inside container
- Ping works (ICMP)
- NPMplus responds from inside container
### ❌ Not Working:
- TCP connections from 192.168.11.4 → 192.168.11.166:80/443 → Connection refused
- This suggests a firewall or network policy blocking TCP
---
## Analysis
**Connection Refused** (not timeout) typically means:
1. Service is not listening on that interface
2. Firewall is actively rejecting connections
3. Network policy is blocking TCP traffic
Since:
- ✅ Service IS listening (verified inside container)
- ✅ Ping works (ICMP allowed)
- ❌ TCP connections refused
**Conclusion**: Firewall or network policy is blocking TCP traffic to 192.168.11.166
---
## Possible Causes
### 1. Container Firewall
- Container may have firewall rules blocking incoming connections
- Check: `pct exec 10233 -- iptables -L -n -v`
### 2. Host Firewall
- Proxmox host firewall may be blocking
- Check: `iptables -L -n -v` on r630-01
### 3. UDM Pro Firewall
- UDM Pro may have rules blocking internal → internal TCP
- Check firewall rules for internal network restrictions
### 4. Network Segmentation
- VLAN or network policy may be blocking
- Check network configuration
---
## Fix Steps
### Step 1: Check Container Firewall
```bash
ssh root@r630-01
pct exec 10233 -- iptables -L -n -v
```
**If blocking rules found:**
- Add allow rules for ports 80/443
- Or disable container firewall if not needed
### Step 2: Check Host Firewall
```bash
ssh root@r630-01
iptables -L -n -v | grep 192.168.11.166
```
**If blocking rules found:**
- Add allow rules for 192.168.11.166:80/443
- Or adjust firewall policy
### Step 3: Check UDM Pro Internal Rules
UDM Pro may have rules blocking internal → internal traffic:
- Check firewall rules for Internal → Internal policies
- Ensure TCP traffic is allowed between internal IPs
---
## Quick Test
Test from different internal IP to see if it's specific to 192.168.11.4:
```bash
# From another internal device
curl -v http://192.168.11.166 -H "Host: explorer.d-bis.org"
```
---
## Impact on External Access
**Important**: Even if internal access doesn't work, **external access might still work** if:
- Port forwarding rules are active
- External → Internal firewall rules allow traffic
- UDM Pro routes external traffic differently than internal traffic
**The real test is external access from the internet.**
---
## Summary
**Issue**: Internal access to NPMplus blocked (likely firewall)
**Impact**:
- ❌ Internal testing from 192.168.11.4 won't work
- ❓ External access may still work (needs testing)
**Next Steps**:
1. Check and fix firewall rules
2. **Test external access** (most important)
3. If external works, internal issue is separate
---
**Status**: ⚠️ **INTERNAL ACCESS BLOCKED - TEST EXTERNAL ACCESS**
Reference in New Issue Copy Permalink