# Network Issues - Complete Fix Guide **Date**: 2026-01-21 **Status**: ✅ **ISSUES IDENTIFIED** - Fix instructions provided --- ## Network Issues Identified ### ✅ Issue 1: Gateway Connectivity - FIXED - **Problem**: Container could not reach gateway (192.168.11.1) - **Root Cause**: Stale ARP cache entries - **Fix Applied**: ARP cache flushed, gateway entry refreshed - **Status**: ✅ **RESOLVED** ### ✅ Issue 2: DNS Configuration - FIXED - **Problem**: DNS queries timing out - **Root Cause**: Limited DNS servers, no backup - **Fix Applied**: Added backup DNS servers (8.8.8.8, 1.1.1.1) - **Status**: ✅ **RESOLVED** ### ❌ Issue 3: Internet Connectivity - BLOCKED BY FIREWALL - **Problem**: Container cannot reach internet (8.8.8.8) - **Root Cause**: **UDM Pro firewall blocking outbound traffic** - **Evidence**: - ✅ Container can reach internal IPs (192.168.11.10, 192.168.11.11, 192.168.11.140) - ✅ Container can reach gateway (192.168.11.1) after ARP refresh - ❌ Container cannot reach internet (8.8.8.8) - 100% packet loss - ✅ Proxmox host CAN reach internet - **Status**: ⚠️ **REQUIRES UDM PRO FIREWALL RULE** ### ❌ Issue 4: Docker Hub Access - BLOCKED BY FIREWALL - **Problem**: Container cannot reach registry-1.docker.io - **Root Cause**: UDM Pro firewall blocking HTTPS outbound - **Status**: ⚠️ **REQUIRES UDM PRO FIREWALL RULE** --- ## Root Cause: UDM Pro Firewall **Conclusion**: UDM Pro firewall has rules blocking outbound internet traffic from container IPs (192.168.11.166/167). **Evidence**: - Internal connectivity: ✅ Working - Gateway connectivity: ✅ Working (after ARP fix) - Internet connectivity: ❌ Blocked - Proxmox host internet: ✅ Working This pattern indicates UDM Pro firewall is blocking outbound traffic from the container IPs. --- ## Fix: UDM Pro Firewall Rule ### Step 1: Access UDM Pro Web UI 1. Open browser: `https://192.168.11.1` 2. Login with your credentials ### Step 2: Add Firewall Rule 1. Navigate to: **Settings → Firewall & Security → Firewall Rules** 2. Click **"Create New Rule"** or **"Add Rule"** 3. Configure rule: - **Name**: `Allow Container Outbound` - **Action**: `Accept` or `Allow` - **Source**: - Type: `IP Address` - Address: `192.168.11.166, 192.168.11.167` - Or use CIDR: `192.168.11.166/32, 192.168.11.167/32` - **Destination**: `Any` or leave blank - **Protocol**: `Any` or `All` - **Port**: `Any` or leave blank - **Direction**: `Outbound` or `Both` 4. **Placement**: Ensure this rule is **BEFORE** any deny/drop rules 5. **Enable**: Make sure rule is enabled (not paused) 6. Click **"Save"** or **"Apply"** 7. Wait 30 seconds for rules to apply ### Step 3: Verify Fix After adding the rule, test from container: ```bash # Test internet connectivity ssh root@r630-01 pct exec 10233 -- ping -c 2 8.8.8.8 # Test DNS pct exec 10233 -- nslookup registry-1.docker.io # Test Docker Hub pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3 # Test Docker pull pct exec 10233 -- docker pull zoeyvid/npmplus:2026-01-20-r2 ``` --- ## Alternative Solutions (If Firewall Rule Not Possible) ### Option 1: Use Proxmox Host as Docker Registry Proxy If you can't modify UDM Pro firewall, set up a local Docker registry proxy on Proxmox host. ### Option 2: Manual Image Transfer 1. Download image on a machine with internet 2. Transfer to Proxmox host 3. Load into container's Docker ### Option 3: Configure Container to Use Different Network Move container to a network segment that has outbound access allowed. --- ## Current Network Status ### ✅ Working - Container ↔ Gateway (192.168.11.1) - Container ↔ Internal IPs (192.168.11.10, 192.168.11.11, 192.168.11.140) - Container ↔ VMID 5000 (192.168.11.140:80) - DNS servers configured - Default route correct ### ❌ Blocked by UDM Pro Firewall - Container → Internet (8.8.8.8) - Container → Docker Hub (registry-1.docker.io) - Container → Any external HTTPS/HTTP --- ## Summary **Status**: ✅ **NETWORK ISSUES IDENTIFIED** **Fixes Applied**: - ✅ DNS configuration (backup servers added) - ✅ Gateway connectivity (ARP cache refreshed) - ✅ Default route (verified correct) - ✅ Container restarted (applied changes) **Remaining Issue**: - ❌ **UDM Pro firewall blocking outbound internet** **Solution**: - ⚠️ **Add firewall rule in UDM Pro Web UI** (see instructions above) **Impact**: - Explorer functionality: ✅ Working (internal path works) - NPMplus update: ⚠️ Blocked (cannot pull Docker images) - External access: ✅ Working (port forwarding configured) --- **Next Step**: Add UDM Pro firewall rule to allow container outbound access