#!/bin/bash # Complete UDM Pro Diagnosis Script # Runs all diagnosis commands and generates report set -uo pipefail UDM_USER="OQmQuS" UDM_PASS="m0MFXHdgMFKGB2l3bO4" UDM_IP="192.168.11.1" REPORT_FILE="/home/intlc/projects/proxmox/explorer-monorepo/UDM_PRO_DIAGNOSIS_REPORT.md" # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' echo "==========================================" echo "UDM Pro Complete Diagnosis" echo "==========================================" echo "" # Function to run command on UDM Pro udm_cmd() { sshpass -p "$UDM_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR "$UDM_USER@$UDM_IP" "$@" 2>&1 } # Start report cat > "$REPORT_FILE" << EOF # UDM Pro Complete Diagnosis Report **Date**: $(date) **UDM Pro IP**: $UDM_IP **SSH User**: $UDM_USER --- ## 1. System Information EOF echo -e "${BLUE}=== System Information ===${NC}" SYSTEM_INFO=$(udm_cmd "uname -a") echo "$SYSTEM_INFO" echo "$SYSTEM_INFO" >> "$REPORT_FILE" echo "" >> "$REPORT_FILE" # Port Forwarding Check echo "" echo -e "${BLUE}=== Port Forwarding (NAT Rules) ===${NC}" cat >> "$REPORT_FILE" << EOF ## 2. Port Forwarding Rules (NAT Table) Checking for DNAT rules for 76.53.10.36:80/443 → 192.168.11.166:80/443 EOF NAT_RULES=$(udm_cmd "sudo iptables -t nat -L PREROUTING -n -v 2>&1 | grep -A 3 '76.53.10.36'") if [ -n "$NAT_RULES" ]; then echo -e "${GREEN}✅ Port forwarding rules found:${NC}" echo "$NAT_RULES" echo "**Status**: ✅ **Port forwarding rules are active**" >> "$REPORT_FILE" echo '```' >> "$REPORT_FILE" echo "$NAT_RULES" >> "$REPORT_FILE" echo '```' >> "$REPORT_FILE" else echo -e "${RED}❌ No port forwarding rules found for 76.53.10.36${NC}" echo "**Status**: ❌ **Port forwarding rules are NOT active**" >> "$REPORT_FILE" echo "**Issue**: No DNAT rules found for 76.53.10.36:80/443" >> "$REPORT_FILE" echo "**Fix**: Enable port forwarding rules in UDM Pro Web UI" >> "$REPORT_FILE" fi echo "" >> "$REPORT_FILE" # Firewall Rules Check echo "" echo -e "${BLUE}=== Firewall Rules for NPMplus ===${NC}" cat >> "$REPORT_FILE" << EOF ## 3. Firewall Rules for NPMplus (192.168.11.166) Checking for ACCEPT rules for 192.168.11.166:80/443 EOF FW_RULES=$(udm_cmd "sudo iptables -L FORWARD -n -v 2>&1 | grep -A 3 '192.168.11.166'") if [ -n "$FW_RULES" ]; then echo -e "${GREEN}✅ Firewall rules found:${NC}" echo "$FW_RULES" echo "**Status**: ✅ **Firewall rules exist**" >> "$REPORT_FILE" echo '```' >> "$REPORT_FILE" echo "$FW_RULES" >> "$REPORT_FILE" echo '```' >> "$REPORT_FILE" # Check if rules are ACCEPT or DROP if echo "$FW_RULES" | grep -q "ACCEPT"; then echo "**Action**: ACCEPT (✅ Allowing traffic)" >> "$REPORT_FILE" elif echo "$FW_RULES" | grep -qE "DROP|REJECT"; then echo "**Action**: DROP/REJECT (❌ Blocking traffic)" >> "$REPORT_FILE" echo "**Issue**: Firewall is blocking traffic to NPMplus" >> "$REPORT_FILE" echo "**Fix**: Change rules to ACCEPT or add allow rules" >> "$REPORT_FILE" fi else echo -e "${RED}❌ No firewall rules found for 192.168.11.166${NC}" echo "**Status**: ❌ **No firewall rules found**" >> "$REPORT_FILE" echo "**Issue**: Firewall may be blocking traffic (default deny)" >> "$REPORT_FILE" echo "**Fix**: Add allow rules for 192.168.11.166:80/443" >> "$REPORT_FILE" fi echo "" >> "$REPORT_FILE" # Rule Order Check echo "" echo -e "${BLUE}=== Firewall Rule Order ===${NC}" cat >> "$REPORT_FILE" << EOF ## 4. Firewall Rule Order Checking if allow rules come before block rules EOF RULE_ORDER=$(udm_cmd "sudo iptables -L FORWARD -n -v --line-numbers 2>&1 | head -50") echo "$RULE_ORDER" echo '```' >> "$REPORT_FILE" echo "$RULE_ORDER" >> "$REPORT_FILE" echo '```' >> "$REPORT_FILE" echo "" >> "$REPORT_FILE" # Analysis cat >> "$REPORT_FILE" << EOF ## 5. Analysis & Recommendations EOF # Check for issues ISSUES=0 if [ -z "$NAT_RULES" ]; then echo "### Issue 1: Port Forwarding Not Active" >> "$REPORT_FILE" echo "- **Problem**: No DNAT rules found for 76.53.10.36" >> "$REPORT_FILE" echo "- **Fix**: Enable port forwarding rules in UDM Pro Web UI" >> "$REPORT_FILE" echo " 1. Settings → Firewall & Security → Port Forwarding" >> "$REPORT_FILE" echo " 2. Verify rules for 76.53.10.36:80/443 are **enabled**" >> "$REPORT_FILE" echo " 3. Save and wait 30 seconds" >> "$REPORT_FILE" ((ISSUES++)) fi if [ -z "$FW_RULES" ] || echo "$FW_RULES" | grep -qE "DROP|REJECT"; then echo "### Issue 2: Firewall Blocking Traffic" >> "$REPORT_FILE" echo "- **Problem**: No allow rules or rules are blocking" >> "$REPORT_FILE" echo "- **Fix**: Add/update firewall rules in UDM Pro Web UI" >> "$REPORT_FILE" echo " 1. Settings → Firewall & Security → Firewall Rules" >> "$REPORT_FILE" echo " 2. Ensure 'Allow Port Forward...' rules exist" >> "$REPORT_FILE" echo " 3. Move allow rules to the **top** of the list" >> "$REPORT_FILE" echo " 4. Save and wait 30 seconds" >> "$REPORT_FILE" ((ISSUES++)) fi if [ $ISSUES -eq 0 ]; then echo "### Status: ✅ All Rules Appear Correct" >> "$REPORT_FILE" echo "- Port forwarding rules are active" >> "$REPORT_FILE" echo "- Firewall rules allow traffic" >> "$REPORT_FILE" echo "- If external access still doesn't work, check:" >> "$REPORT_FILE" echo " - ISP blocking ports 80/443" >> "$REPORT_FILE" echo " - Network routing issues" >> "$REPORT_FILE" echo " - Test from different network/location" >> "$REPORT_FILE" fi echo "" echo "==========================================" echo -e "${GREEN}Diagnosis Complete${NC}" echo "==========================================" echo "" echo "Report saved to: $REPORT_FILE" echo ""