# Complete Diagnosis Summary - Explorer External Access Issue **Date**: 2026-01-21 **Status**: ✅ **ROOT CAUSE IDENTIFIED** --- ## Executive Summary **Problem**: `explorer.d-bis.org` is not accessible externally (ERR_CONNECTION_TIMED_OUT) **Root Cause**: Port forwarding and firewall rules exist in UDM Pro Web UI but are **NOT active** in the firewall/NAT table **Solution**: Enable port forwarding rules and verify firewall allow rules in UDM Pro Web UI --- ## Complete Path Analysis ### ✅ Working Components 1. **DNS**: ✅ `explorer.d-bis.org` → `76.53.10.36` (correct) 2. **NPMplus**: ✅ Running, listening on ports 80/443 3. **NPMplus Config**: ✅ Proxy host configured correctly 4. **VMID 5000**: ✅ Operational, serving HTTP 200 5. **Proxmox Firewall**: ✅ Not blocking (disabled) 6. **Internal Path**: ✅ Working (NPMplus → VMID 5000 = HTTP 200) ### ❌ Broken Components 1. **UDM Pro Port Forwarding**: ❌ Rules NOT active in NAT table 2. **UDM Pro Firewall**: ❌ No allow rules for 192.168.11.166 --- ## Diagnosis Results ### Port Forwarding (NAT Table) ``` Status: ❌ NOT ACTIVE Issue: No DNAT rules found for 76.53.10.36:80/443 ``` ### Firewall Rules ``` Status: ❌ MISSING Issue: No ACCEPT rules found for 192.168.11.166:80/443 ``` --- ## Fix Required ### Critical Actions: 1. **Enable Port Forwarding Rules** - UDM Pro Web UI → Settings → Firewall & Security → Port Forwarding - Enable rules for 76.53.10.36:80/443 - Save and wait 30 seconds 2. **Verify Firewall Allow Rules** - UDM Pro Web UI → Settings → Firewall & Security → Firewall Rules - Ensure "Allow Port Forward..." rules exist - Move allow rules to top of list - Save and wait 30 seconds --- ## Expected Results After Fix - ✅ NAT table will show DNAT rules for 76.53.10.36 - ✅ Firewall will show ACCEPT rules for 192.168.11.166 - ✅ External access will work (HTTP 200) - ✅ `explorer.d-bis.org` will be accessible --- ## Verification Commands After making changes, verify: ```bash # SSH to UDM Pro ssh OQmQuS@192.168.11.1 # Check NAT rules (should show DNAT now) sudo iptables -t nat -L PREROUTING -n -v | grep "76.53.10.36" # Check firewall rules (should show ACCEPT now) sudo iptables -L FORWARD -n -v | grep "192.168.11.166" # Test external access curl -v http://76.53.10.36 curl -v https://explorer.d-bis.org ``` --- ## Files Created 1. `UDM_PRO_DIAGNOSIS_REPORT.md` - Complete diagnosis report 2. `UDM_PRO_FIX_REQUIRED.md` - Detailed fix instructions 3. `UDM_PRO_COMPLETE_DIAGNOSIS.sh` - Diagnosis script 4. `COMPLETE_DIAGNOSIS_SUMMARY.md` - This summary --- **Status**: ✅ **DIAGNOSIS COMPLETE - FIX REQUIRED IN UDM PRO WEB UI**