# Network Connectivity Issue - NPMplus Not Reachable **Date**: 2026-01-21 **Issue**: NPMplus (192.168.11.166) not reachable from 192.168.11.4, but working internally --- ## Current Status ### ✅ Working: - Container is running - Ports 80/443 are listening inside container - Ping works (ICMP) - NPMplus responds from inside container ### ❌ Not Working: - TCP connections from 192.168.11.4 → 192.168.11.166:80/443 → Connection refused - This suggests a firewall or network policy blocking TCP --- ## Analysis **Connection Refused** (not timeout) typically means: 1. Service is not listening on that interface 2. Firewall is actively rejecting connections 3. Network policy is blocking TCP traffic Since: - ✅ Service IS listening (verified inside container) - ✅ Ping works (ICMP allowed) - ❌ TCP connections refused **Conclusion**: Firewall or network policy is blocking TCP traffic to 192.168.11.166 --- ## Possible Causes ### 1. Container Firewall - Container may have firewall rules blocking incoming connections - Check: `pct exec 10233 -- iptables -L -n -v` ### 2. Host Firewall - Proxmox host firewall may be blocking - Check: `iptables -L -n -v` on r630-01 ### 3. UDM Pro Firewall - UDM Pro may have rules blocking internal → internal TCP - Check firewall rules for internal network restrictions ### 4. Network Segmentation - VLAN or network policy may be blocking - Check network configuration --- ## Fix Steps ### Step 1: Check Container Firewall ```bash ssh root@r630-01 pct exec 10233 -- iptables -L -n -v ``` **If blocking rules found:** - Add allow rules for ports 80/443 - Or disable container firewall if not needed ### Step 2: Check Host Firewall ```bash ssh root@r630-01 iptables -L -n -v | grep 192.168.11.166 ``` **If blocking rules found:** - Add allow rules for 192.168.11.166:80/443 - Or adjust firewall policy ### Step 3: Check UDM Pro Internal Rules UDM Pro may have rules blocking internal → internal traffic: - Check firewall rules for Internal → Internal policies - Ensure TCP traffic is allowed between internal IPs --- ## Quick Test Test from different internal IP to see if it's specific to 192.168.11.4: ```bash # From another internal device curl -v http://192.168.11.166 -H "Host: explorer.d-bis.org" ``` --- ## Impact on External Access **Important**: Even if internal access doesn't work, **external access might still work** if: - Port forwarding rules are active - External → Internal firewall rules allow traffic - UDM Pro routes external traffic differently than internal traffic **The real test is external access from the internet.** --- ## Summary **Issue**: Internal access to NPMplus blocked (likely firewall) **Impact**: - ❌ Internal testing from 192.168.11.4 won't work - ❓ External access may still work (needs testing) **Next Steps**: 1. Check and fix firewall rules 2. **Test external access** (most important) 3. If external works, internal issue is separate --- **Status**: ⚠️ **INTERNAL ACCESS BLOCKED - TEST EXTERNAL ACCESS**