UDM_PRO_MANUAL_COMMANDS.md

# UDM Pro Manual Diagnosis Commands

**Date**: 2026-01-21  
**SSH Credentials**: OQmQuS@192.168.11.1  
**Password**: m0MFXHdgMFKGB2l3bO4

---

## Connect to UDM Pro

```bash
ssh OQmQuS@192.168.11.1
# Enter password when prompted
```

---

## Critical Diagnosis Commands

### 1. Check Port Forwarding (NAT Rules)

```bash
sudo iptables -t nat -L PREROUTING -n -v | grep -A 3 "76.53.10.36"
```

**What to look for:**
- Should show DNAT rules for ports 80 and 443
- If empty: Port forwarding rules are NOT active

**Expected output (if working):**
```
DNAT       tcp  --  0.0.0.0/0      76.53.10.36        tcp dpt:80  to:192.168.11.166:80
DNAT       tcp  --  0.0.0.0/0      76.53.10.36        tcp dpt:443 to:192.168.11.166:443
```

---

### 2. Check Firewall Rules for NPMplus

```bash
sudo iptables -L FORWARD -n -v | grep -A 3 "192.168.11.166"
```

**What to look for:**
- Should show ACCEPT rules for ports 80 and 443
- Should NOT show DROP or REJECT rules

**Expected output (if working):**
```
ACCEPT     tcp  --  0.0.0.0/0      192.168.11.166     tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0      192.168.11.166     tcp dpt:443
```

---

### 3. Check Firewall Rule Order

```bash
sudo iptables -L FORWARD -n -v --line-numbers | head -50
```

**What to look for:**
- **Allow rules** for 192.168.11.166 should be **BEFORE** any **block rules**
- If block rules come first, they will block the traffic

---

### 4. Complete Check (All in One)

```bash
echo "=== Port Forwarding (NAT) ==="
sudo iptables -t nat -L PREROUTING -n -v | grep -A 3 "76.53.10.36"
echo ""
echo "=== Firewall Rules (FORWARD) ==="
sudo iptables -L FORWARD -n -v | grep -A 3 "192.168.11.166"
echo ""
echo "=== Rule Order (First 30 rules) ==="
sudo iptables -L FORWARD -n -v --line-numbers | head -30
```

---

## What Each Result Means

### If NAT Rules Are Missing:
**Problem**: Port forwarding rules are not active  
**Fix**: Go to Web UI → Port Forwarding → Enable rules for 76.53.10.36:80/443

### If Firewall Rules Are Missing:
**Problem**: Firewall is blocking traffic  
**Fix**: Go to Web UI → Firewall Rules → Add "Allow Port Forward..." rules

### If Block Rules Come Before Allow Rules:
**Problem**: Rule order is wrong  
**Fix**: Go to Web UI → Firewall Rules → Move allow rules to the top

---

## Quick Fix Checklist

Based on diagnosis results:

- [ ] **Port forwarding rules enabled** in Web UI
- [ ] **Firewall allow rules exist** for 192.168.11.166:80/443
- [ ] **Allow rules are at the top** of firewall rules list
- [ ] **Rules are saved and applied**

---

## After Making Changes

1. Wait 30 seconds for rules to apply
2. Re-run diagnosis commands to verify
3. Test external access:
   ```bash
   curl -v http://76.53.10.36
   curl -v https://76.53.10.36
   ```

---

**Run these commands manually and share the output for analysis**
Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-10 11:32:49 -08:00			`# UDM Pro Manual Diagnosis Commands`

			`Date: 2026-01-21`
			`SSH Credentials: OQmQuS@192.168.11.1`
			`Password: m0MFXHdgMFKGB2l3bO4`

			`---`

			`## Connect to UDM Pro`

			```bash
			`ssh OQmQuS@192.168.11.1`
			`# Enter password when prompted`
			```

			`---`

			`## Critical Diagnosis Commands`

			`### 1. Check Port Forwarding (NAT Rules)`

			```bash
			`sudo iptables -t nat -L PREROUTING -n -v \| grep -A 3 "76.53.10.36"`
			```

			`What to look for:`
			`- Should show DNAT rules for ports 80 and 443`
			`- If empty: Port forwarding rules are NOT active`

			`Expected output (if working):`
			```
			`DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:80 to:192.168.11.166:80`
			`DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:443 to:192.168.11.166:443`
			```

			`---`

			`### 2. Check Firewall Rules for NPMplus`

			```bash
			`sudo iptables -L FORWARD -n -v \| grep -A 3 "192.168.11.166"`
			```

			`What to look for:`
			`- Should show ACCEPT rules for ports 80 and 443`
			`- Should NOT show DROP or REJECT rules`

			`Expected output (if working):`
			```
			`ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:80`
			`ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:443`
			```

			`---`

			`### 3. Check Firewall Rule Order`

			```bash
			`sudo iptables -L FORWARD -n -v --line-numbers \| head -50`
			```

			`What to look for:`
			`- Allow rules for 192.168.11.166 should be BEFORE any block rules`
			`- If block rules come first, they will block the traffic`

			`---`

			`### 4. Complete Check (All in One)`

			```bash
			`echo "=== Port Forwarding (NAT) ==="`
			`sudo iptables -t nat -L PREROUTING -n -v \| grep -A 3 "76.53.10.36"`
			`echo ""`
			`echo "=== Firewall Rules (FORWARD) ==="`
			`sudo iptables -L FORWARD -n -v \| grep -A 3 "192.168.11.166"`
			`echo ""`
			`echo "=== Rule Order (First 30 rules) ==="`
			`sudo iptables -L FORWARD -n -v --line-numbers \| head -30`
			```

			`---`

			`## What Each Result Means`

			`### If NAT Rules Are Missing:`
			`Problem: Port forwarding rules are not active`
			`Fix: Go to Web UI → Port Forwarding → Enable rules for 76.53.10.36:80/443`

			`### If Firewall Rules Are Missing:`
			`Problem: Firewall is blocking traffic`
			`Fix: Go to Web UI → Firewall Rules → Add "Allow Port Forward..." rules`

			`### If Block Rules Come Before Allow Rules:`
			`Problem: Rule order is wrong`
			`Fix: Go to Web UI → Firewall Rules → Move allow rules to the top`

			`---`

			`## Quick Fix Checklist`

			`Based on diagnosis results:`

			`- [ ] Port forwarding rules enabled in Web UI`
			`- [ ] Firewall allow rules exist for 192.168.11.166:80/443`
			`- [ ] Allow rules are at the top of firewall rules list`
			`- [ ] Rules are saved and applied`

			`---`

			`## After Making Changes`

			`1. Wait 30 seconds for rules to apply`
			`2. Re-run diagnosis commands to verify`
			`3. Test external access:`
			```bash
			`curl -v http://76.53.10.36`
			`curl -v https://76.53.10.36`
			```

			`---`

			`Run these commands manually and share the output for analysis`